公开(公告)号：US08375221B1

公开(公告)日：2013-02-12

申请号：US13193945

申请日：2011-07-29

申请人： Stefan Thom ,  Jeremiah Cox ,  David Linsley ,  Magnus Nystrom ,  Himanshu Raj ,  David Robinson ,  Stefan Saroiu ,  Rob Spiger ,  Alastair Wolman

发明人： Stefan Thom ,  Jeremiah Cox ,  David Linsley ,  Magnus Nystrom ,  Himanshu Raj ,  David Robinson ,  Stefan Saroiu ,  Rob Spiger ,  Alastair Wolman

IPC分类号： G06F11/30 ,  G06F7/04

CPC分类号： G06F21/552 ,  G06F21/46 ,  G06F21/57 ,  G06F21/572 ,  G06F21/575 ,  G06F21/71 ,  G06F21/74 ,  G06F2221/034

摘要： A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

摘要翻译： 基于固件的TPM或fTPM确保安全代码执行被隔离，以防止各种潜在的安全漏洞。 与传统的基于硬件的可信平台模块（TPM）不同，在不使用专用安全处理器硬件或硅片的情况下实现隔离。 通常，通过从系统固件或固件可访问的存储器或存储器读取fTPM并将其放置在设备的只读受保护的存储器中，fTPM首先在前OS引导环境中实例化。 一旦实例化，fTPM就能实现执行隔离，以确保执行安全的代码。 更具体地说，将fTPM放置到受保护的只读存储器中，以使设备能够使用诸如ARM®架构的TrustZone™扩展和安全原语（或类似的处理器架构）之类的硬件，从而使基于这种架构的设备提供 基于固件的TPM中的安全执行隔离，而不需要对现有设备进行硬件修改。

公开(公告)号：US20130031374A1

公开(公告)日：2013-01-31

申请号：US13193945

申请日：2011-07-29

申请人： Stefan Thom ,  Jeremiah Cox ,  David Linsley ,  Magnus Nystrom ,  Himanshu Raj ,  David Robinson ,  Stefan Saroiu ,  Rob Spiger ,  Alastair Wolman

发明人： Stefan Thom ,  Jeremiah Cox ,  David Linsley ,  Magnus Nystrom ,  Himanshu Raj ,  David Robinson ,  Stefan Saroiu ,  Rob Spiger ,  Alastair Wolman

IPC分类号： G06F21/00

CPC分类号： G06F21/552 ,  G06F21/46 ,  G06F21/57 ,  G06F21/572 ,  G06F21/575 ,  G06F21/71 ,  G06F21/74 ,  G06F2221/034

摘要： A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

摘要翻译： 基于固件的TPM或fTPM确保安全代码执行被隔离，以防止各种潜在的安全漏洞。 与传统的基于硬件的可信平台模块（TPM）不同，在不使用专用安全处理器硬件或硅片的情况下实现隔离。 通常，通过从系统固件或固件可访问的存储器或存储器读取fTPM并将其放置在设备的只读受保护的存储器中，fTPM首先在前OS引导环境中实例化。 一旦实例化，fTPM就能实现执行隔离，以确保执行安全的代码。 更具体地说，将fTPM放置到受保护的只读存储器中，以使设备能够使用诸如ARM®架构的TrustZone™扩展和安全原语（或类似的处理器架构）之类的硬件，从而使基于这种架构的设备提供 基于固件的TPM中的安全执行隔离，而不需要对现有设备进行硬件修改。