YoVDO

fTPM - A Software-Only Implementation of a TPM Chip

Offered By: USENIX via YouTube

Tags

USENIX Security Courses System Security Courses Threat Modeling Courses Firmware Development Courses ARM TrustZone Courses

Course Description

Overview

Explore a comprehensive presentation from USENIX Security '16 on fTPM, a software-only implementation of a TPM chip. Delve into the challenges of building trusted systems using commodity CPU architectures like ARM and Intel, and discover how to overcome these obstacles to create software systems with security guarantees comparable to dedicated trusted hardware. Learn about the design and implementation of a firmware-based TPM 2.0 (fTPM) leveraging ARM TrustZone, which serves as the reference implementation for millions of mobile devices. Gain insights into the mechanisms needed for fTPM that can be applied to develop more sophisticated trusted applications. Examine topics such as TPM 1.0 and 2.0, ARM TrustZone properties and limitations, high-level architecture, threat models, and solutions to challenges like long-running commands and dark periods. Conclude with a discussion on SGX limitations and participate in a Q&A session to deepen your understanding of this innovative approach to trusted computing.

Syllabus

Intro
Motivation
Big Problem
Research Question
Outline
TPM: 1.0
New in TPM 2.0
ARM TrustZone Properties
ARM TrustZone Limitations
High-Level architecture
Threat Model: What Threats are In-Scope?
ARM Eco-system Offers eMMC
Three Approaches
Problem: Long-Running Commands
Solution: Cooperative Checkpointing
Background: TPM Unseal
Problem: Dark Periods
Possible Attack during Dark Period
Solution: Dirty Bit
Dirty Bit Stops Attack
Methodology
Conclusions
Discussion of SGX Limitations
Questions?


Taught by

USENIX

Related Courses

Systems & Networks Seminar - Andrew Bauman - Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software
Paul G. Allen School via YouTube
Trusted Execution Environments - A Technical Overview of Intel SGX, Arm TrustZone, and RISC-V PMP
Linux Foundation via YouTube
Forging the USB Armory
44CON Information Security Conference via YouTube
RT-TEE - Real-time System Availability for Cyber-physical Systems using ARM TrustZone
IEEE via YouTube
Myth and Truth About Hypervisor-Based Kernel Protector - The Reason Why You Need Shadow-Box
Black Hat via YouTube