2.3 Explain hardware assurance best practices

• Hardware root of trust:

• TPM: generates/stores cryptographic keys; full disk encryption; keeps hardware locked until authentication is complete; motherboard-embedded chip

• HSM: manage/generate/store cryptographic keys; removeable/external device

• eFuse: manufacturer can change circuits on a chip while it is in operation

• UEFI: secure boot (only signed apps used at boot; OS needs recognised key to boot)

• Trusted foundry: DoD program to secure supply chain of hardware for military

• Secure processing:

  • Trusted execution: assures OS trust using TPM; prevents system/BIOS code corruption or platform configuration modification from stealing sensitive data (Intel)

  • Secure enclave: separately booted microkernel to store private decryption keys; apps never have direct access to the keys (Apple)

  • Processor security extensions: core can switch to secure state (only trusted code can run; can access secure memory; strict security state entry control) (ARM)

  • Atomic execution: cannot be interrupted by other threads; thread locking; shared data is always valid => thread safety

• Anti-tamper: unusual screws/bolts; secure cryptoprocessors; zeroise when tampered; chips can't be accessed externally; fracture when interfered

• Self-encrypting drive: user password to decrypt media; encrypt as data is written and decrypt as data is retrieved; encryption is invisible to user (can't be turned off)

• Trusted firmware updates: copy images from non-secure to secure memory; image identification/authentication (Intel)

• Measured boot and attestation: object signature hashes are recorded in TPM (measured boot); host reliably authenticates hardware/software config to remote server to determine level of trust in platform (remote attestation)

• Bus encryption: encrypted instructions in data bus; executed by cryptoprocessor