cancel
Showing results for 
Search instead for 
Did you mean: 

How can we achieve a Root of Trust feature for insecure 32-bit ARM microcontrollers?

DPaul.3
Associate

I'm trying to enable secure boot for general purpose ARM microcontrollers. Based on my research, secure boot starts with a Root of Trust (ROT). Usually this ROT is hardware based, which means that the microcontroller should have a dedicated immutable memory region that stores the very first code that runs after voltage is applied to a microcontroller. This region, also called the BOOT ROM is critical for secure boot as it is the basis on which all later stages of firmware are authenticated.

Now, most microcontrollers that I have implemented in projects earlier do not have this ROT which is why I'm looking to make things secure using a cryptographic module that will act as a secure storage for both the BOOT ROM code and any additional keys for encryption, signing, authentication, etc.

The ST33 TPM seems to be a good fit. The TPM 2.0 specification states that the TPM can be used for CRTM (Core Root of Trust Measurement) by which I assume that I can still keep my bootloader code in whatever microcontroller I have even if it does not have an immutable BOOT ROM and the CRTM will be able to detect if the bootloader has been tampered with. So the question boils down to -

  1. The CRTM is code, so is it stored somewhere within the TPM and executed automatically at boot? Or should the CRTM itself be part of the immutable BOOT ROM code which again requires a separate immutable memory (in which case the TPM cannot execute any code, I'd assume)?
  2. Is the TPM not a solution for this at all? If no, how can I implement an external module(s) to achieve a hardware ROT feature for existing microcontrollers without messing with its original functionality.

Even though ST Microcontrollers are my main focus, I want this solution to be microcontroller agnostic and would like to implement the same architecture in every past project that I've made. I'm having trouble understanding the CRTM and how the TPM can work as a hardware ROT (as mentioned in many places) because all TPMs are interfaced using some protocol like LPC, I2C or SPI, which would mean that these peripherals must be activated on the microcontroller first (bootloader code) which makes this an inherently confusing chicken and egg situation.

10 REPLIES 10

Thank you Jocelyn for explanation. Is the HDP that you mentioned a proprietary feature of U5, similar to the "secure area" of H7? I don't have U5 and no plans to get it soon.

The ST wiki says that HDP stands for "hardware debug port", on STM32MP1?