Paper 2014/464

Providing Root of Trust for ARM TrustZone using On-Chip SRAM

Shijun Zhao, Qianying Zhang, Guangyao Hu, Yu Qin, and Dengguo Feng

Abstract

We present the design, implementation and evaluation of the root of trust for the Trusted Execution Environment (TEE) provided by ARM TrustZone based on SRAM Physical Unclonable Functions (PUFs). We first implement a building block which provides the foundations for the root of trust: secure key storage and truly random source. The building block doesn't require on or off-chip secure non-volatile memory to store secrets, but provides a high-level security: resistance to physical attackers capable of controlling all external interfaces of the system on chip (SoC). Based on the building block, we build the root of trust consisting of seal/unseal primitives for secure services running in the TEE, and a software-only TPM service running in the TEE which provides rich TPM functionalities for the rich OS running in the normal world of TrustZone. The root of trust resists software attackers capable of compromising the entire rich OS. Besides, both the building block and the root of trust run on the powerful ARM processor. In one word, we leverage the SRAM PUF, commonly available on mobile devices, to achieve a low-cost, secure, and efficient design of the root of trust.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision.TrustED'14
DOI
10.1145/2666141.2666145
Keywords
TrustZoneTrusted Execution EnvironmentTPM ServiceRoot of TrustSRAM PUFs
Contact author(s)
zqyzsj @ gmail com
History
2014-11-04: last of 3 revisions
2014-06-17: received
See all versions
Short URL
https://ia.cr/2014/464
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/464,
      author = {Shijun Zhao and Qianying Zhang and Guangyao Hu and Yu Qin and Dengguo Feng},
      title = {Providing Root of Trust for ARM TrustZone using On-Chip SRAM},
      howpublished = {Cryptology ePrint Archive, Paper 2014/464},
      year = {2014},
      doi = {10.1145/2666141.2666145},
      note = {\url{https://eprint.iacr.org/2014/464}},
      url = {https://eprint.iacr.org/2014/464}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.