D3.9: Study on the Impact of Trusted Computing on Identity and Identity Management

Title: MORE TRUSTED COMPUTING HARDWARE

More Trusted Computing Hardware

Intel LaGrande/TXT Technology

Intel currently develops a set of security enhancements to conventional computer hardware called La- Grande Technology [37]. It basically follows the same ideas as Microsoft’s NGSCB and thus probably is intended to become Microsoft’s target platform. LaGrande is a set of hardware capabilities that enables to run applications in isolated execution environments. This prevents other applications from unintended observation or compromise of data. An additional extension aims at the protection of input and output to provide a secure path from and to the user by encrypting the corresponding data streams. The system’s processor will offer features to realize a protected execution environment whereas the chipset will include mechanisms to enforce memory protection policies, protected channels from input and to output devices and an interface to the TPM device that serves as protected storage and provides platform attestation features. 

More information about LaGrande Technology can be found in [37] and at http://www.intel.com/technology/security/. 

AMD Pacifica/Presidio

Founded in 1969 and headquartered in Sunnyvale, California, USA, AMD (http://www.amd.com) develops and produces microprocessors, flash memory devices and low-power processor solutions for the computer, communications and consumer electronics industry. AMD is an Initial Promoter Member of the TCG. 

AMD develops a security and virtual machine architecture, called Pacifica [17, 105], to be integrated into their next generation processors. Basically this technology will enable a single computer to efficiently run several operating systems in parallel. Therefore a virtual machine monitor (VMM) or hypervisor software is needed to control the execution of the different operating systems and to manage the allocation of hardware resources. With Pacifica AMD provides hardware support for virtual machine architectures. In contrast to conventional VMM solutions which have to emulate the virtual computer in software, Pacifica allows a guest operating system to access the host system’s hardware directly which results in higher performance. 

Intel offers a similar technology, known as Vanderpool. Due to several design differences between AMD and Intel CPUs these technologies will not be compatible. 

Conventional VMM have to manage the virtual machines’ main memory in software. Usually this is realized by a table which enables the translation of virtual memory addresses into physical ones. In contrast to Intel, AMD integrates the system’s memory controller into the CPU core. Thus Presidio can do this translation in hardware which additionally increases the performance of virtual machines. 

Another problem arising from direct hardware access by virtual machines is that DMA enabled devices have the possibility to access the system’s main memory without using the CPU. To counterfeit this problem, the memory controller that is integrated into the CPU, has been enhanced by a feature called Device Exclusion Vector (DEV). 

Another difference between Intel’s Vanderpool Technology and AMD’s Pacifica is the support for TPM features to VMs. This enables verifiable startup of trusted software inside the VMs and a secure virtual computing environment. 

According to several presentations AMD works on a technology called Presidio which seems to be a security architecture for their next generation CPUs. It is presumably similar to Intel’s LaGrande Technology already described above. Actually information about this technology is barely available. 

ARM TrustZone

ARM (http://www.arm.com) develops and produces electronic devices for consumer entertainment, wireless and networking solutions including automotive, security and storage devices. ARM’s product portfolio includes RISC processors, embedded memories, peripherals and software and development tools. ARM is a Contributor Member of the TCG. 

TrustZone 

TrustZone [104, 52] is a set of security extensions integrated into ARM’s CPU cores that have been designed for mobile phones, PDAs or set top boxes. The TrustZone security solution consists of hardware extensions which provide a secure execution environment in parallel to the normal one. It includes secure software offering basic security services such as cryptography, safe storage and integrity checking. 

The basic idea behind TrustZone is the isolation of conventional non-secure applications from secure ones running in a protected trusted environment which can be switched with the normal runtime environment as required. This is handled by a software component called TrustZone Monitor which communicates with the conventional operating system and a secure kernel that provides the secure computing environment. ARM provides this secure kernel together with secure drivers, a secure boot loader and secure software services. These include identification and authentication of a platform, management features for identities, cryptographic keys and certificates as well as I/O access control, secure data storage, basic cryptography functions and code and integrity checking. 

Detailed information about TrustZone can be found in [104] and [52] or at http://www.arm.com/products/esd/trustzone_home.html.