| Julian Hall | e76ade8 | 2020-11-25 03:07:21 +0100 | [diff] [blame] | 1 | What are trusted services? |
| 2 | ========================== |
| 3 | |
| 4 | The term 'trusted service' is used as a general name for a class of application that runs in an isolated |
| 5 | processing environment. Other applications rely on trusted services to perform security related operations in |
| 6 | a way that avoids exposing secret data beyond the isolation boundary of the environment. The word 'trusted' |
| 7 | does not imply anything inherently trustworthy about a service application but rather that other applications |
| 8 | put trust in the service. Meeting those trust obligations relies on a range of hardware and firmware |
| 9 | implemented security measures. |
| 10 | |
| 11 | The Arm architecture, in combination with standard firmware, provides a range of isolated processing environments |
| 12 | that offer hardware-backed protection against various classes of attack. Because of their strong security |
| 13 | properties, these environments are suitable for running applications that have access to valuable assets |
| 14 | such as keys or sensitive user data. The goal of the Trusted Services project is to provide a framework in |
| 15 | which security related services may be developed, tested and easily deployed to run in any of the supported |
| 16 | environments. A core set of trusted services are implemented to provide basic device security functions such |
| 17 | as cryptography and secure storage. |
| 18 | |
| 19 | Example isolated processing environments are: |
| 20 | |
| 21 | - **Secure partitions** - secure world VMs managed by a secure partition manager |
| 22 | - **Trusted applications** - application environments managed by a TEE |
| 23 | - **Integrated microcontroller** - a secondary MCU used as a secure enclave |
| 24 | |
| 25 | Typical problems solved by trusted services |
| 26 | ------------------------------------------- |
| 27 | |
| 28 | The following are examples of how trusted services can solve common device security problems. |
| 29 | |
| 30 | |
| 31 | Protecting IoT device identity |
| 32 | '''''''''''''''''''''''''''''' |
| 33 | |
| 34 | During the provisioning process, an IoT device is assigned a secure identity that consists of a public/private |
| 35 | key pair and a CA signed certificate that includes the public key. The device is also provisioned with the |
| 36 | public key corresponding to the cloud service that it will operate with. The provisioned material is used |
| 37 | whenever a device connects to the cloud during the authentication process. To prevent the possibility |
| 38 | of device cloning or unauthorized transfer to a different cloud service, all provisioned material must be |
| 39 | held in secure storage and access to the private key must be prevented. To achieve this, the certificate |
| 40 | verification and nonce signing performed during the TLS handshake is performed by the Crypto trusted service |
| 41 | that performs the operations without exposing the private key. |
| 42 | |
| 43 | |
| 44 | Protecting Software Updates |
| 45 | ''''''''''''''''''''''''''' |
| 46 | |
| 47 | To ensure that software updates applied to a device originate from a legitimate source, update packages are |
| 48 | signed. A signed package will include a signature block that includes a hash of the package contents within |
| 49 | the signed data. During the update process, a device will verify the signature using a provisioned public key |
| 50 | that corresponds to the signing key used by the update originator. By holding the public key in secure storage |
| 51 | and performing the signature verification using the Crypto service, unauthorized modification of the update |
| 52 | source is prevented. |
| 53 | |
| 54 | |
| 55 | Secure Logging |
| 56 | '''''''''''''' |
| 57 | |
| 58 | A managed IoT device will often be configured by an installation engineer who has physical access to the |
| 59 | device. To allow a cloud operator to audit configuration changes, it is necessary to keep a log of |
| 60 | configuration steps performed by the installation engineer. To avoid the possibility of fraudulent |
| 61 | modification of the audit log, a device signs log data using a device unique key-pair. The public key |
| 62 | corresponding to the signing private key may be retrieved by the cloud operator to allow the log to |
| 63 | be verified. To protect the signing key, the Crypto service is used for signing log records. |
| 64 | |
| 65 | -------------------- |
| 66 | |
| 67 | *Copyright (c) 2020-2021, Arm Limited and Contributors. All rights reserved.* |
| 68 | |
| 69 | SPDX-License-Identifier: BSD-3-Clause |