85 - Hardware in Security

Hardware is the last line of defense

If the hardware is compromised all software mechanisms become useless

System-Level Solutions

TPM - Trusted Platform Module

Based on different root of trust components and well-defined interactions among them
Current: TPM2.0

Root Of Trust

Component that must ALWAYS behave as expected, as its misbehaviour cannot be detected
Basic building block of a chain of trust

TEE - Trusted Execution Environment

Secure area of an SoC that guarantees code and data protection. Minimal security, mostly required by low-end closed embedded systems such as IoT or OS-less "bare-metal" solutions.

Architecture-Level Solutions

MPU - Memory Protection Unit

More and more commonly adopted.

  • Each memoery page can be read, written or executed ONLY by a select few tasks or processes.
  • Access rights to these operations are decided by the kernel which has the privileges
  • Addresses sent to the memory are automatically processed by MPU without kernel intervention
    MPU Violation

    MPU access or integrity violations cause immediate task abortion

Security-Oriented Components

Custom special components for performing security-specific operations,

  • Cyphers
  • Smart/SIM Cards
  • Secure storage devices
  • Random Number Generators

Hardware-Based Proprietary Solutions

  • Intel vPro
  • AMD Secure Technology
  • ARM TrustZone
  • MS BitLocker
  • Synopsys DesignWare tRoot
  • Apple Secure Enclave
  • ...

Open Security Platforms

Platforms designed for security, packed with features like accelerators for cryptography, anti-tampering and secure boot processes

Built-in Security Features

Present in most modern processors and microcontrollers, introduced for safety

Trusted Hardware

Hardware that can be trusted to perform as it should, with high resilience to tampering and other forms of attack with hardware as an attack vector

86 - Built-in Security Features

Interactive Graph