Firmware-based trusted platform module for arm processor architectures and trustzone security extensions

Assignee

• Microsoft Corporation · US

Inventors

• Stefan Thom · Snohomish, US
• Jeremiah Cox · Redmond, US
• David J. Linsley · Seattle, US
• Magnus Bo Gustaf Nyström · Bedford, US
• Himanshu Raj · Cupertino, US
• David Robinson · Seattle, US
• Stefan Saroiu · Redmond, US
• Rob Spiger · Seattle, US
• Alastair Wolman · Seattle, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2221/034
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.