Arm Community
Arm Community
  • Site
  • User
  • Site
  • Search
  • User
  • Groups
    • Arm Research
    • DesignStart
    • Education Hub
    • Graphics and Gaming
    • High Performance Computing
    • Innovation
    • Multimedia
    • Open Source Software and Platforms
    • Physical
    • Processors
    • Security
    • System
    • Software Tools
    • TrustZone for Armv8-M
    • 中文社区
  • Blog
    • Announcements
    • Artificial Intelligence
    • Automotive
    • Healthcare
    • HPC
    • Infrastructure
    • Innovation
    • Internet of Things
    • Machine Learning
    • Mobile
    • Smart Homes
    • Wearables
  • Forums
    • All developer forums
    • IP Product forums
    • Tool & Software forums
  • Support
    • Open a support case
    • Documentation
    • Downloads
    • Training
    • Arm Approved program
    • Arm Design Reviews
  • Community Help
  • More
  • Cancel
TrustZone for Armv8-M
  • Developer Community
  • IP Products
  • Processors
  • TrustZone for Armv8-M
  • Jump...
  • Cancel
TrustZone for Armv8-M
TrustZone for Armv8-M blog Anchoring TrustZone with SRAM PUF
  • Blog
  • Forum
  • Videos & Files
  • Members
  • Mentions
  • Sub-Groups
  • Tags
  • Jump...
  • Cancel
  • New
TrustZone for Armv8-M requires membership for participation - click to join
More blogs in TrustZone for Armv8-M
  • TrustZone for Armv8-M blog

Tags
  • Arm Community Partner
  • SRAM
  • Security
  • TrustZone for Armv8-M
  • Partner Product
  • TrustZone
  • Internet of Things (IoT)
Actions
  • RSS
  • More
  • Cancel
Related blog posts
Related forum threads

Anchoring TrustZone with SRAM PUF

Marten van Hulst
Marten van Hulst
April 23, 2019

Securing IoT devices throughout their lifecycle is gaining more attention as the risks and penalty of compromise increase rapidly. To support this development, Arm has released TrustZone security extensions for Cortex-M: the Armv8-M architecture. TrustZone enables separation of processes and isolation of critical resources and brings the necessary hardware support for this to M-class CPU-based IoT devices. Let's take a look at how SRAM PUF, enabled through software, is a powerful addition to the security features offered by TrustZone.

PSA and SRAM PUF

In an earlier blog we discussed how an SoC that is designed using Platform Security Architecture (PSA) guidelines can benefit from a strong physical root of trust that is immutable and intrinsic to the device. In this case, SRAM PUF (Physical Unclonable Function) provides the trust- and root key anchor for the device security. The main advantages of this approach are:

  • No need to store crypto keys in the plain – keys are extracted on a need-basis only
  • Entropy from the silicon provides strong random crypto keys, unique to the device
  • Only standard, digital components are needed (SRAM, typically on-chip)
  • Key provisioning and management are simplified, lowering TCO (Total Cost of Ownership)

Fundamentally, the approach uses the fact that every chip is unique, resulting in device-specific behavior of SRAM memory during power-up. This provides a device-unique pattern, or “silicon fingerprint”, that is impossible to clone or predict, and serves as a basis for secure key generation and storage. Please refer to the Intrinsic ID website for more information.

TrustZone-M and Root Key Protection

TrustZone components such as TZMA, TZPC and TZASC provide a basis to build a TEE, which is used to separate processes and prevent unauthorized access to resources such as crypto engines, protected memory regions, etc. Since this essentially constitutes a barrier between security domains, some security concerns can be only partially addressed. In particular, protecting secrets such as root keys typically relies on storing these in a secure flash region. It is well known that this protection has its limits, since physical attacks have been reported that allow the read-out of even protected flash.

In a recent blog, the Role of Physical Security in IoT, the growing need to address these physical attack threats is explained. As the “easier,” software-level attacks are becoming harder by virtue of protection mechanisms such as TrustZone, attackers will naturally look for other ways to compromise a system including physical attacks. Furthermore, while these physical attacks were once the exclusive domain of advanced hackers, technology advancements will inevitably result in more advanced, and more broadly available, tools over time.

SRAM PUF to the Rescue

The good news is that SRAM PUF technology can address these concerns. SRAM PUF can be implemented in two ways: via hardware (RTL design-in) or via software.

A hardware implementation is a good option when architecting a new chip. By integrating RTL and instantiating an SRAM, a secure storage capability is added that can be used to handle sensitive key material and directly feed this into a crypto engine. Good examples of recently announced products that integrate both SRAM PUF and TrustZone are LPC55S6x and i.MXRT600

When the design is already fixed, or silicon already exists, a software implementation is a feasible approach. This implementation makes use of a region of an existing SRAM structure that is dedicated to the PUF through TrustZone mechanisms. This is interesting if you think about it: by embedding a software library into the boot image, every chip is able to extract its own unique secret root key using the exact same code. Since the software code itself contains no secrets, it is sufficient to protect this code from modification – typically part of the secure boot flow. The software itself lives in the secure world and can be called from the normal, non-secure world, but the root key and secrets that are generated stay within the secure world.

Several products have been announced recently using this type of integration, including a Tyrion IIoT Gateway device and Nexell IoT device for medical and automotive.

At the 2018 TechCon event Intrinsic ID partnered with Nuvoton to demonstrate a software implementation on the M2351, and more recently we ported the PUF software to the MUSCA-A development platform. Expect to see more information on this in this community and at upcoming arm events.

Embedding SRAM PUF in TrustZone

Regarding a software implementation, the picture below gives a high-level overview of the concepts discussed. The SRAM PUF software is part of the secure world, typically protected by secure boot. It has access to an SRAM region to “store” – or, more precisely, extract – its secrets as required. The normal world can access the PUF functionality through a controlled interface that prevents direct access to secret keys.

 Embedding SRAM PUF in TrustZone

Conclusion

SRAM PUF can be used as a TrustZone-complementary component to protect the root credentials. It is possible to do this either in hardware by integrating RTL IP, or in software by integrating the software code in the boot flow.

When implementing SRAM PUF in software, integrity of the software code needs to be safeguarded. The TrustZone architecture provides the necessary hooks to protect the software, separation and secure boot mechanism. This offers a cost-effective way to harden the device against current and future threats. Most importantly, it enables deployment on pre-existing silicon.

Simply put, TrustZone protects the integrity of the SRAM PUF software via secure boot, and in turn, the SRAM PUF software provides strong root key storage without the need to store secrets in flash or fuses.

Visit Intrinsic ID website

Anonymous
Parents
  • BigPhatDaveUK
    Offline BigPhatDaveUK over 1 year ago

    Very interested I nthe port of SRAM PUF s/w to Musca-A. Any update when we can expect more news?

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
Comment
  • BigPhatDaveUK
    Offline BigPhatDaveUK over 1 year ago

    Very interested I nthe port of SRAM PUF s/w to Musca-A. Any update when we can expect more news?

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
Children
  • Marten van Hulst
    Offline Marten van Hulst over 1 year ago in reply to BigPhatDaveUK

    Thanks for your interest. The MUSCA port has been done. You can contact me directly for more information.

    • Cancel
    • Up 0 Down
    • Reply
    • More
    • Cancel
TrustZone for Armv8-M blog
  • Silicon Labs’ multiprotocol Series 2 wireless platform adds cutting-edge security

    Kobus Marneweck
    Kobus Marneweck
    Read more about Silicon Labs Arm Cortex-M33 based low-power wireless family with support for Bluetooth 5.1, Zigbee 3.0 and Thread.
    • April 25, 2019
  • Anchoring TrustZone with SRAM PUF

    Marten van Hulst
    Marten van Hulst
    Let's take a look at how SRAM PUF, enabled through software, is a powerful addition to the security features offered by Arm TrustZone.
    • April 23, 2019
  • STMicroelectronics enhances STM32 portfolio security with new Arm TrustZone-enabled chips

    Kobus Marneweck
    Kobus Marneweck
    The first ST product family to incorporate TrustZone technology for Arm Cortex-M processors, making possible system-wide software security and a new level of trust for embedded devices.
    • October 16, 2018