Explore a comprehensive presentation from USENIX Security '16 on fTPM, a software-only implementation of a TPM chip. Delve into the challenges of building trusted systems using commodity CPU architectures like ARM and Intel, and discover how to overcome these obstacles to create software systems with security guarantees comparable to dedicated trusted hardware. Learn about the design and implementation of a firmware-based TPM 2.0 (fTPM) leveraging ARM TrustZone, which serves as the reference implementation for millions of mobile devices. Gain insights into the mechanisms needed for fTPM that can be applied to develop more sophisticated trusted applications. Examine topics such as TPM 1.0 and 2.0, ARM TrustZone properties and limitations, high-level architecture, threat models, and solutions to challenges like long-running commands and dark periods. Conclude with a discussion on SGX limitations and participate in a Q&A session to deepen your understanding of this innovative approach to trusted computing.
Overview
Syllabus
Intro
Motivation
Big Problem
Research Question
Outline
TPM: 1.0
New in TPM 2.0
ARM TrustZone Properties
ARM TrustZone Limitations
High-Level architecture
Threat Model: What Threats are In-Scope?
ARM Eco-system Offers eMMC
Three Approaches
Problem: Long-Running Commands
Solution: Cooperative Checkpointing
Background: TPM Unseal
Problem: Dark Periods
Possible Attack during Dark Period
Solution: Dirty Bit
Dirty Bit Stops Attack
Methodology
Conclusions
Discussion of SGX Limitations
Questions?
Taught by
USENIX
