Introduction to Security Systems

I. Overview

1. Purpose

(1) Ownership

Only the OEM or its authorized firmware can be run

(2) Integrity

Static Integrity: Integrity detection

Dynamic integrity: Closed hardware and software environment

(3) Confidentiality

Non-authorized content not to peep

(4) Reliability

Data sources can be verified

Data sources can be traced

(5) Non-return resistance

One-way Version upgrade

2. Base Parts

(1) hash algorithm

Calculate the eigenvalues of information with irreversible and representational properties

(2) Encryption algorithm

Symmetric encryption: Add and decrypt the same secret key

Asymmetric encryption: Encryption and decryption keys are different

(3) Digital certificate

Authentication and Content Protection

(4) OTP

One-time programming device

(5) TrustZone

Run-time isolated two world

3. Basic Principles

(1) Ownership

The OTP is written to the OEM's public key hash, which guarantees that only the OEM's private key is signed by the firmware to be legitimate

(2) Static integrity

Verifying the legality of a certificate

Verifying the legitimacy of the firmware

(3) Dynamic integrity

Trustzone isolated Two World

(4) Non-return resistance

OTP-based firmware version

4. Hardware

5. Software

6. Participants

(1) Trust OS Provider

Trust OS Provider

Can sign a Content protection certificate to ensure that trust OS is not tampered with

(2) SIP provider

Trust Zone Kit

Root of Trust

(3) OEM

Consolidate rich OS and secure OS

(4) Other parties

TA providers

Second, Secure Boot

1. Basic

(1) Essential

The source of the chain of trust

(2) function

Verifying authenticity

Verify Integrity

Ensure the firmware is not rolled back

(3) divided into two stages

Sbromhw

Sbromsw

2. Process

3. SBROMHW

(1) Read TOC0 from external media

(2) Authenticity and integrity detection of certificates and SBROMHW in TOC0

(3) triggering the execution of SBROMSW

(4) Any step of the above step fails, then switch from secure state to Non-secure state, and enter the FEL mode under non-secure state

4. SBROMSW

(1) Burning of key keys

Rotpk

HUK

EK

(2) Authenticity and completeness detection of TOC1

Debug mode

Key

Scp

Secure OS

Non-secure Bootloader

Third, Secure OS

1. Purpose

(1) Essential

Non-essential

(2) function

Tee Environment isolated from

Provide security services

Authenticity and reliability Testing

(3) Existing implementations

<t-base-300:trustonic

2. Standardization

(1) GlobalPlatform defines several sets of APIs

TEE Client API

TEE Internal API

(2) Third-party TA can be run on different secure OS

3. Semiles

(1) What is Semeiles?

A specific implementation of secure OS

Compatible with GlobalPlatform standardized API

(2) services provided by Semeiles

Secure, isolated, and trusted execution environment

Digital Rights Management

Secure Payment Environment

(3) Semeiles architecture

Four, mass production

1. Key generation

Supports simultaneous generation of multiple machines

2. Key Management

Unified Build, Save

Unified distribution

Exchange encryption

Endogenous Code Collection

Support Online, offline mode

3. Key Burning

SBROMSW Phase Implementation

4. Certificate Generation Tool

5. Signature tool

6. Package TOC Tool

7. Burn and Write key process

Burn in a controlled environment

8. Burn Write FW process

Introduction to Security Systems