Home Computer Science A Practical Guide to TPM 2.0
AMD Secure Technology™
The AMD Secure Processor™ (formerly known as the Platform Security Processor [PSP]) is a dedicated hardware security subsystem that runs independently from the platform's main core processors and is integrated into the SoC. It provides an isolated environment in which security-sensitive components can run without being affected by the software running as the main system workload. The PSP can execute system workloads as well as workloads provided by trusted third parties. Although system workloads are preinstalled and provide SoC-specific security services, the system administrator has complete control over whether and which third-party workloads are installed on the PSP. The PSP is made up of the following components:
• Dedicated 32-bit microcontroller (ARM with TrustZone technology)
• Isolated on-chip ROM and SRAM
• DRAM carved out via hardware barrier and encrypted
• Access to system memory and resources
• Secure off-chip NV storage access for firmware and data
• Platform-unique key material
• Hardware logic for secure control of CPU core boot
• Cryptographic coprocessor (CCP)
The PSP uses the ARM TrustZone architecture, as described in the section on ARM TrustZone, but there are some differences: rather than being a virtual core, the PSP is a physically disparate core integrated into the SoC that has dedicated SRAM and dedicated access to the CCP. The PSP provides the immutable hardware root of trust that can be used as the basis for optionally providing the chain of trust from the hardware up to the OS.
The CCP is made up of a random number generator (RNG), several engines to process standard cryptographic algorithms (AES, RSA, and others depending on processor model), and a key storage block. The key storage block contains two key storage areas: one dedicated to storing system keys that can be used by privileged software but that are never readable; and the other into which keys can be loaded, used, and evicted during normal operation by software running either on the PSP or on the main OS.
During boot, SoC-unique e-fused keys are distributed to the CCP system key storage block.
Hardware Validated Boot
Hardware Validated Boot (HVB) is an AMD-specific form of secure boot that roots the trust to hardware in an immutable PSP on-chip ROM and verifies the integrity of the system ROM firmware (BIOS). The PSP ROM contains the initial immutable PSP code. The PSP ROM validates a secure boot key and then uses the key to validate the PSP firmware, which it reads from system flash. The PSP firmware loads and starts the system application execution. The system manufacturer can choose whether the PSP validates the BIOS platform-initialization code. The PSP then initiates BIOS execution. The PSP completes its own initialization and enters steady state while the BIOS and OS finish booting on the x86. The platform manufacturer decides whether to implement UEFI secure boot. The platform manufacturer also decides what interfaces are provided for the user to select whether UEFI secure boot is enforced. In this way, the platform manufacturer decides when to terminate the chain of trust that was rooted in the immutable hardware.
Figure 22-3 shows the scope of HVB as it relates to the UEFI secure boot.
Figure 22-3. Hardware Validated Boot Overview
TPM on an AMD Platform
As a founding member of the Trusted Computing Group, AMD strives to support a wide range of options for the OEM and platform owner. To this end, platform manufacturers have several choices when integrating TPMs into AMD-based platforms. Platform manufacturers can continue to choose among the discrete TPM hardware options that are widely available; or the platform manufacturer can choose to integrate an AMDprovided TPM application as one of the system applications running on the PSP SWd. This firmware TPM utilizes the CCP for cryptographic processing.
SKINIT is the instruction that initiates the late launch CPU reinitialization to start the DRTM. SKINIT takes one parameter: the address of the Security Loader (SL) code. The SL must fit within 64KB of memory known as the Security Loader Block (SLB), which is protected from tampering and snooping. CPU microcode ensures that the CPU is reinitialized to a known state so that the developer can launch whatever SL code they need to run in the secured state. The SL is expected to validate and initialize a Security Kernel (SK) and then to transition control to the SK. The SKINIT instruction writes the contents of the SLB to an address that is redirected into the TPM via the _Hash_Init, _Hash_Start, and _Hash_End signals. These signals measure the contents of the SLB into PCR 17. Further details about the CPU characteristics that are validated and how the SKINIT instruction works are available in the AMD64 Architecture Programmer's Manual Volume 2: System Programming. 
This concludes a whirlwind overview of AMD Secure Technology™ that covers the high points of the introduction of an on-chip hardware root of trust into AMD SoCs. More information can be found on AMD's web site: amd.com/en-us/innovations/ software-technologies/security.
|< Prev||CONTENTS||Next >|