AI
Saturday, November 27, 2004 10:27:01 AM
The ultimate goal: Trusted Execution
This ARM Whitepaper states the following relating to TCG functions in the "TrustZone" architecture.
http://www.iqmagazineonline.com/magazine/pdf/v_3_4_pdf/Pg18_24_custZone_Secur.pdf
"...The Trusted Platform Module, or TPM, provides the basis for propagating security throughout the system. The TPM enables authentication of the platform’s secure state to third-party applications via a ‘tree of trust’. This concept relies on having isolated code, outside of the standard operating system, that can be assigned a guaranteed level of security. This is the basis for TrustZone’s operation, which can be leveraged to implement software instantiations of TPMs..."
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Definition of “software instantiation”:
http://searchsmallbizit.techtarget.com/sDefinition/0,,sid44_gci212355,00.html
In programming, instantiation is the creation of a real instance or particular realization of an abstraction or template such as a class of objects or a computer process. To instantiate is to create such an instance by, for example, defining one particular variation of object within a class, giving it a name, and locating it in some physical place.
(1) In object-oriented programming, some writers say that you instantiate a class to create an object, a concrete instance of the class. The object is an executable file that you can run in a computer.
(2) In the object-oriented programming language, Java, the object that you instantiate from a class is, confusingly enough, called a class instead of an object. In other words, using Java, you instantiate a class to create a specific class that is also an executable file you can run in a computer.
(3) In approaches to data modeling and programming prior to object-oriented programming, one usage of instantiate was to make a real (data-filled) object from an abstract object as you would do by creating an entry in a database table (which, when empty, can be thought of as a kind of class template for the objects to be filled in).
---------------------------------------------------------------------------------------------
This above clearly indicates that the TPM functionality of the "TrustZone" security extension is done via a TCG applet or discrete TPM virtualization with the protected resources of the “TrustZone” architecture... in other words, the TPM function in “TrustZone” is not a discrete TPM but an executable which must, obviously, be executing in a secure execution mode processor - like TrustZone - and have access to non volitile storage for protection of the keys, etc. Based on the whitepaper TrustZone supports an appropriate set of resources which supports a virtual TPM.
I contacted the company with a question along the above assertions, including questions how the above relates to the PC space, and received the following answers:
From Steven Sprague:
”…Trusted execution is the ultimate goal. It will not be possible to satisfy all of the trust needs of computing platforms without it.
In order to enable trusted execution you need to have a client environment that will run a trusted program and a server network to manage the distribution and maintenance of those applications. We support the concept that mobile devices will be self contained for trusted execution on a single chip and we are supporting the standards in that direction.
This is very similar to the Embassy concepts and put us in a great position. We will continue to promote our embassy infrastructure both as silicon libraries and the rest of the client server trust system. We agree with MS, Intel, AMD that the PC platform will require the TPM the processor and the OS to provide a trusted execution container.
We hope to provide many of the other pieces but time will tell as to how much MS bites off and then we expect to be one of the key service providers.
The goal in the early days is to build brand and distribution and relationships and then market share so that we can long term be a key service provider for the complete trust system.
This leverages the 150 million dollars that was invested in embassy over the years and we will continue to be in a strong position technically and politically in the TCG
Steven
During the recent ARM Developers Conference (October 19-21, 2004) Wave presented in a public session:
http://www.rtcgroup.com/arm/conferencesessions.php?a=no
Trusted Computing - The Parallel Universe
Presented by Wave Systems, Lark M. Allen
Trusted computing will provide a key building block for the ‘parallel universe’ where user’s identities can be proven, digital products can be protected from alteration and theft, platforms configurations can be authenticated as 'trustworthy', and devices are highly resistant to being hijacked. This session begins with an overview of the Trusted Platform Module and the standards group that defines it, the Trusted Computing Group. It will explain TCG’s approach on new hardware security specifications and the associated trust infrastructures for PCs, cell phones, PDAs, and other devices. ARM's TrustZone architecture, supporting TCG functions, will be discussed as a solution to enabling new secure client applications including network access, user 'vaults', client based micro-transactions, protected downloads, platform configuration security, and high value Internet shopping transactions.
The following chart – provided by an attendee - was shown in this public presentation. I understand that this is one of the possible ways the industry might be going. We can only hope…
This ARM Whitepaper states the following relating to TCG functions in the "TrustZone" architecture.
http://www.iqmagazineonline.com/magazine/pdf/v_3_4_pdf/Pg18_24_custZone_Secur.pdf
"...The Trusted Platform Module, or TPM, provides the basis for propagating security throughout the system. The TPM enables authentication of the platform’s secure state to third-party applications via a ‘tree of trust’. This concept relies on having isolated code, outside of the standard operating system, that can be assigned a guaranteed level of security. This is the basis for TrustZone’s operation, which can be leveraged to implement software instantiations of TPMs..."
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Definition of “software instantiation”:
http://searchsmallbizit.techtarget.com/sDefinition/0,,sid44_gci212355,00.html
In programming, instantiation is the creation of a real instance or particular realization of an abstraction or template such as a class of objects or a computer process. To instantiate is to create such an instance by, for example, defining one particular variation of object within a class, giving it a name, and locating it in some physical place.
(1) In object-oriented programming, some writers say that you instantiate a class to create an object, a concrete instance of the class. The object is an executable file that you can run in a computer.
(2) In the object-oriented programming language, Java, the object that you instantiate from a class is, confusingly enough, called a class instead of an object. In other words, using Java, you instantiate a class to create a specific class that is also an executable file you can run in a computer.
(3) In approaches to data modeling and programming prior to object-oriented programming, one usage of instantiate was to make a real (data-filled) object from an abstract object as you would do by creating an entry in a database table (which, when empty, can be thought of as a kind of class template for the objects to be filled in).
---------------------------------------------------------------------------------------------
This above clearly indicates that the TPM functionality of the "TrustZone" security extension is done via a TCG applet or discrete TPM virtualization with the protected resources of the “TrustZone” architecture... in other words, the TPM function in “TrustZone” is not a discrete TPM but an executable which must, obviously, be executing in a secure execution mode processor - like TrustZone - and have access to non volitile storage for protection of the keys, etc. Based on the whitepaper TrustZone supports an appropriate set of resources which supports a virtual TPM.
I contacted the company with a question along the above assertions, including questions how the above relates to the PC space, and received the following answers:
From Steven Sprague:
”…Trusted execution is the ultimate goal. It will not be possible to satisfy all of the trust needs of computing platforms without it.
In order to enable trusted execution you need to have a client environment that will run a trusted program and a server network to manage the distribution and maintenance of those applications. We support the concept that mobile devices will be self contained for trusted execution on a single chip and we are supporting the standards in that direction.
This is very similar to the Embassy concepts and put us in a great position. We will continue to promote our embassy infrastructure both as silicon libraries and the rest of the client server trust system. We agree with MS, Intel, AMD that the PC platform will require the TPM the processor and the OS to provide a trusted execution container.
We hope to provide many of the other pieces but time will tell as to how much MS bites off and then we expect to be one of the key service providers.
The goal in the early days is to build brand and distribution and relationships and then market share so that we can long term be a key service provider for the complete trust system.
This leverages the 150 million dollars that was invested in embassy over the years and we will continue to be in a strong position technically and politically in the TCG
Steven
During the recent ARM Developers Conference (October 19-21, 2004) Wave presented in a public session:
http://www.rtcgroup.com/arm/conferencesessions.php?a=no
Trusted Computing - The Parallel Universe
Presented by Wave Systems, Lark M. Allen
Trusted computing will provide a key building block for the ‘parallel universe’ where user’s identities can be proven, digital products can be protected from alteration and theft, platforms configurations can be authenticated as 'trustworthy', and devices are highly resistant to being hijacked. This session begins with an overview of the Trusted Platform Module and the standards group that defines it, the Trusted Computing Group. It will explain TCG’s approach on new hardware security specifications and the associated trust infrastructures for PCs, cell phones, PDAs, and other devices. ARM's TrustZone architecture, supporting TCG functions, will be discussed as a solution to enabling new secure client applications including network access, user 'vaults', client based micro-transactions, protected downloads, platform configuration security, and high value Internet shopping transactions.
The following chart – provided by an attendee - was shown in this public presentation. I understand that this is one of the possible ways the industry might be going. We can only hope…
Join the InvestorsHub Community
Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.
