Thursday, March 28, 2024
HomeWhite papersTPM processors for embedded systems security

TPM processors for embedded system security

4
(1)

Sandro Mascetti CEO of MAS Elettronica, defines TPM, explains its features, and draws attention to how critical implementation is in systems.

Information security is one of the areas of several concerns today, both in the corporate and private sectors.

Through every type of device, from smartphones to computers to smart machines, the entire network exchanges an increasing amount of data and information on a daily basis.

Within this considerable amount is also confidential or sensitive data, which is why every connected device (even the least important) plays a role and has an impact on network security.

Therefore, it is important that effective security systems are in place in order to ensure a safe environment.

This is where the Trusted Platform Module (TPM) comes in, and through its use, information stored on the device can be encrypted and made indecipherable by anyone without the permissions to access it.

What is a Trusted Platform Module?

In an effort to ensure a secure environment and a high-security root of trust, TPM modules are used.

The TPM consisting of a cryptographic processor that is installed on the embedded device and is in charge of performing operations such as:

  • Communicate with the CPU via SPI (Serial Peripheral Interface) which is a serial communication system between a microcontroller and other integrated circuits or between multiple microcontrollers.
  • Communicate with the CPU through I2C (Inter Integrated Circuit), a two-wire serial communication system used between integrated circuits.

These two communication systems can be used indifferently for serial communication.

In addition, the TPM must perform, as mentioned, cryptographic operations and functions but also key and certificate management.

This module is designed to provide basic hardware security based on Trusted Computing Group (TCG) standards and is compatible with various operating systems such as Windows and Linux.

What is a TPM for?

Simply put, the purpose of the TPM is to confirm that, within a device, its operating system and firmware always have the normal conditions and are tamper-free.

The TPM provides integrity to embedded systems and is generally implemented with the CPU so that it can be added to any device.

The most common TPM hardware security functions verify the contents of each item during the boot process of the embedded device.

During this process, the loaded boot code (which is included in the preloader, bootloader, and kernel) is executed and can be used to communicate with the TPM to verify the integrity of the next element.

In practice, already in the initial stages the correct startup is verified and illicit intrusions are prevented, so in case the TPM detects an anomaly or change it blocks the loading of risky data or sw.

Over the years, TPM has become in common use on embedded devices because of its main advantages:

  • Key management (Generation, storage and restriction of use)
  • TPM is deployed with unique burned RSA key for most operations
  • TPM hardware private key calculation
What TPM does

Using a TPM module, one can create and store cryptographic keys (wrapping or binding) that can be decrypted only by the TPM itself.

Such a module can be used, for example, for two-factor authentication with a unique RSA ( asymmetric encryption algorithm) key.

The Trusted Platform Module is comparable to a safe that can provide greater security than software.

The characteristics of TPM modules

As one would expect, the TPM has also undergone updates and improvements over the years.

However, each module should always ensure basic functions such as:

  • Generation of pseudo-random numbers generated by a deterministic algorithm that produces a certain sequence
  • Generation and storage of cryptographic keys (RSA);
  • Encryption and decryption of information with RSA;

The module must have nonvolatile memory for continuous maintenance of data such as the identity of the TPM and must be accessible to the module owner, or by entities authorized by the module owner, for secure storage of data.

TPM version 2.0

The TPM upgrade maintains encryption integrity and provides greater flexibility.

The latest algorithms are supported, and because of this, performance is significantly better. TCG standards are always referenced for new algorithms, and staying within this scope, TPM 2.0 also complies with the international standard ISO/IEC 11889:2015.

TPM and MAS Electronics

Data security a is an aspect that has become part of the paradigms of Industry 4.0, so all of MAS Elettronica 's CPUs such as, for example, Aurora IMX8M Plus, Anita IMX8M Nano, and Frida SBC IMX8M are equipped with a TPM 2.0 module.

For further information click here

How interesting did you find this article?

Average rating 4 / 5. Number of ratings: 1

No ratings yet! Be the first to rate this item.

Register on Elettronica TECHtoo !
Here are the exclusive benefits for registered users:
- FREE Electronic Lab Collection Ed. 1
- FREE subscription to Elettronica AV magazine
- receipt of real-time updates
- ability to review and comment on articles
SIGN UP NOW!

LATEST NEWS

PARTNER

MARKET

SOCIAL

IN EVIDENCE

Register on Elettronica TECHtoo !
Here are the exclusive benefits for registered users:
- FREE Electronic Lab Collection Ed. 1
- FREE subscription to Elettronica AV magazine
- receipt of real-time updates
- ability to review and comment on articles
SIGN UP NOW!