I. Overview
1. Purpose
(1) Ownership
Only the OEM or its authorized firmware can be run
(2) Integrity
Static Integrity: Integrity detection
Dynamic integrity: Closed hardware and software environment
(3) Confidentiality
Non-authorized content not to peep
(4) Reliability
Data sources can be verified
Data sources can be traced
(5) Non-return resistance
One-way Version upgrade
2. Base Parts
(1) hash algorithm
Calculate the eigenvalues of information with irreversible and representational properties
(2) Encryption algorithm
Symmetric encryption: Add and decrypt the same secret key
Asymmetric encryption: Encryption and decryption keys are different
(3) Digital certificate
Authentication and Content Protection
(4) OTP
One-time programming device
(5) TrustZone
Run-time isolated two world
3. Basic Principles
(1) Ownership
The OTP is written to the OEM's public key hash, which guarantees that only the OEM's private key is signed by the firmware to be legitimate
(2) Static integrity
Verifying the legality of a certificate
Verifying the legitimacy of the firmware
(3) Dynamic integrity
Trustzone isolated Two World
(4) Non-return resistance
OTP-based firmware version
4. Hardware
5. Software
6. Participants
(1) Trust OS Provider
Trust OS Provider
Can sign a Content protection certificate to ensure that trust OS is not tampered with
(2) SIP provider
Trust Zone Kit
Root of Trust
(3) OEM
Consolidate rich OS and secure OS
(4) Other parties
TA providers
Second, Secure Boot
1. Basic
(1) Essential
The source of the chain of trust
(2) function
Verifying authenticity
Verify Integrity
Ensure the firmware is not rolled back
(3) divided into two stages
Sbromhw
Sbromsw
2. Process
3. SBROMHW
(1) Read TOC0 from external media
(2) Authenticity and integrity detection of certificates and SBROMHW in TOC0
(3) triggering the execution of SBROMSW
(4) Any step of the above step fails, then switch from secure state to Non-secure state, and enter the FEL mode under non-secure state
4. SBROMSW
(1) Burning of key keys
Rotpk
HUK
EK
(2) Authenticity and completeness detection of TOC1
Debug mode
Key
Scp
Secure OS
Non-secure Bootloader
Third, Secure OS
1. Purpose
(1) Essential
Non-essential
(2) function
Tee Environment isolated from
Provide security services
Authenticity and reliability Testing
(3) Existing implementations
<t-base-300:trustonic
2. Standardization
(1) GlobalPlatform defines several sets of APIs
TEE Client API
TEE Internal API
(2) Third-party TA can be run on different secure OS
3. Semiles
(1) What is Semeiles?
A specific implementation of secure OS
Compatible with GlobalPlatform standardized API
(2) services provided by Semeiles
Secure, isolated, and trusted execution environment
Digital Rights Management
Secure Payment Environment
(3) Semeiles architecture
Four, mass production
1. Key generation
Supports simultaneous generation of multiple machines
2. Key Management
Unified Build, Save
Unified distribution
Exchange encryption
Endogenous Code Collection
Support Online, offline mode
3. Key Burning
SBROMSW Phase Implementation
4. Certificate Generation Tool
5. Signature tool
6. Package TOC Tool
7. Burn and Write key process
Burn in a controlled environment
8. Burn Write FW process
Introduction to Security Systems