fbpx

NEWS, EVENTS & BLOG

BLOG

What is a Trusted Platform Module (TPM)?

Press Office, VersaLogic Corporation, 01/06/21

The Best SBC for Secure Embedded Systems – Part 2

A few weeks ago, VersaLogic posted the first blog in the series The Best SBC for Secure Embedded Systems.  That blog covered reasons for being concerned with security, provided an overview of the various types of security measures, and delved deeper into processor-based security measures.  This month we’ll look at the hardware-based Trusted Platform Module (TPM).

Why is it needed?

As the number of edge connections and IoT deployments grow, so does the opportunity for hacking.

graphic of smart city applications
The internet has become a critical part of our everyday lives

 

TPM provides a hardware component that enables increased security when compared with software-only solutions.  Without TPM, systems boot and then execute whatever code is on a drive, putting the system and any connected systems at risk.   With TPM, the boot starts from a trusted source and each successive state is authenticated. Unauthorized code is not executed, regardless of how it found its way into the system.

graphic displaying an unsecure connection vs. a secure TPM connection
Risky, unauthenticated vs. TPM’s authenticated process

How is a Trusted Platform Module implemented?

There are three hardware means of implementing TPM and one software method.  A software method may sound at odds with the concept of establishing a hardware root of trust.  It is open to vulnerabilities; however, it is intended only as a software emulator for the building and testing of system prototypes (including TPM).  The table below shows the attributes of the hardware implementation methods.

TPM TypeAttributes
Discrete
  • Highest level of security
  • Discrete chip
Integrated
  • Next level of security
  • Incorporated into a chip that provides additional features
Firmware
  • Security dependent on trusted execution environment where code runs
  • Code running on main CPU, separate chip not required

 

For critical applications, such as those in aerospace and defense, automotive control, and industrial automation, the discrete TPM type is most suitable.  Firmware-based systems might be more suitable for applications such as an entertainment system.

 

intel apollo lake rugged embedded computercompact embedded computer with ECC memory

VersaLogic’s Harrier and Owl embedded computers are equipped with discrete TPM 2.0 protection

 

How does Trusted Platform Module Help?

There are several security issues that TPM is designed to solve:

Security IssueTPM contribution
Device AuthenticationHW root of trust based on cryptographic keys securely stored in TPM
Secure communicationIntegration with communications protocols such as OpenSSL
Data SecurityData encryption and securely stored cryptographic keys
Boot and Device IntegrityTrusted boot detects malware
Secure UpdatesHW root of trust secures SW and FW updates

 

Originally developed by the Trusted Computing Group, the TPM concept was standardized as ISO/IEC 11889 in 2009.  TPM has progressed through a number of revisions with versions 1.1 and 1.2 being widely adopted and has now reached revision 2.0.  This latest revision has been standardized as ISO/IEC11889:2015.

One of the enhancements of TPM 2.0 was to adopt a library approach.  Users can choose from the various elements of TPM functionality depending of the security requirements of their application.

For more information on TPM 2.0, the Trusted Computing Group has an informative briefing document that contains links to other resources.  Manufacturers of TPM devices such as Infineon are also another source of additional information.

 

rugged single board computer with Intel Kaby Lake processorrugged embedded server

VersaLogic’s PC/104 Lion and Grizzly Embedded Server are equipped with discrete TPM 2.0 protection

 

That’s where we’ll leave the security story for now.  Look out for the next piece in the security blog series covering remote access considerations and physical security.

 

Need additional Information?

Want to know more about VersaLogic’s range of products with TPM? Let’s start a conversation.