t-base Security Architecture

This document was uploaded by one of our users. The uploader already confirmed that they had the permission to publish it. If you are author/publisher or own the copyright of this documents, please report to us by using this DMCA report form.

Simply click on the Download Book button.

Yes, Book downloads on Ebookily are 100% Free.

Sometimes the book is free on Amazon As well, so go ahead and hit "Search on Amazon"

Author(s): Trustonic
Edition: 2.0
Publisher: LAPSUS
Year: 2014

Language: English
Pages: 65
Tags: trustonic,t-base,security,architecture

1 Introduction
1.1 Scope of this document
1.2 Glossary and Abbreviations
2 2.1 2.2 Roles in the 2.2.1 Silicon Provider (SiP)
2.2.2 TEE Vendor - Trustonic
2.2.3 OEM
2.2.4 Device
2.2.5 Root - 2.2.6 Service Provider
2.3 Security Aspects
3 ARM TrustZone Enabled SoC
3.1 TrustZone Protection Controller (TZPC)
3.2 Secure Boot ROM
3.3 Secure RAM
4 Secure Boot Process
4.1 Chain of Trust
4.2 Boot Stages
4.2.1 Boot Stage 0 (BS0) – Load and Verify BS1
4.2.2 Boot Stage 1 (BS1) – Configure SoC and Load 4.2.3 Boot Stage 2 (BS2) – Start 5 5.1 Isolation
5.1.1 NWd - SWd Isolation
5.1.2 Intra SWd Isolation
5.2 Access Control
5.2.1 NWd to SWd Access Control
5.2.2 Intra SWd Access Control
5.3 5.4 TA Executables
5.4.1 Service Provider TA
5.4.2 System TA
5.5 Secure Objects
5.5.1 Overview
5.5.2 Secure Object Format
5.5.2.1 Secure Object Type
5.5.2.2 Secure Object Version
5.5.2.3 Secure Object Context
5.5.2.4 Secure Object Lifetime
5.5.2.5 Producer
6 Keys in the 6.1 Device Master Key K.Device.Fuse
6.2 Device Binding Keys
6.2.1 6.2.2 Root Transport Key – PkP.Root.Transport
6.2.3 PkP.Vendor.Receipt
6.2.4 PkP.Kph.Request
6.3 Authentication Keys
6.3.1 K.SoC.Auth
6.3.2 K.Root.Auth
6.3.3 K.SP.Auth
6.4 Session Keys for Content Management Sessions
6.5 Context Keys for Secure Object Protection
6.6 Service Provider TA Code Encryption Key
6.7 6.7.1 PuK.Vendor.TltSig
6.7.2 PrK.Vendor.TltSig
7 7.1 Content Management Operations Overview
7.1.1 Device Binding
7.1.2 Authentication Operations
7.1.3 Root Administrative Operations
7.1.4 Service Provider Administrative Operations
7.2 Content Management Session
7.3 Security States
7.3.1 Security State AUTH_NONE
7.3.2 Security State AUTH_SOC
7.3.3 Security State AUTH_ROOT
7.3.4 Security State AUTH_SP
7.3.5 Security State Transitions
7.4 Content Objects
7.5 Container Life Cycle States
7.5.1 Generic Container Life Cycle States
7.5.2 Root Container Life Cycle State Transitions
7.5.3 SP Container Life Cycle State Transitions
7.5.4 TA Container Life Cycle State Transitions
7.5.5 Implicit and Explicit Container Locks
7.6 Secure Objects
8 Content Management Operations
8.1 Device Binding
8.2 Root Operations
8.2.1 SOC AUTHENTICATION
8.2.2 ROOT AUTHENTICATION
8.2.3 ROOT REGISTER ACTIVATE
8.2.4 ROOT UNREGISTRATION
8.2.5 ROOT LOCK
8.2.6 ROOT UNLOCK
8.2.7 SP REGISTRATION
8.2.8 SP UNREGISTRATION
8.2.9 SP REGISTER ACTIVATE
8.2.10 SP LOCK BY ROOT
8.2.11 SP UNLOCK BY ROOT
8.3 Service Provider Operations
8.3.1 SP AUTHENTICATION
8.3.2 SP ACTIVATION
8.3.3 SP LOCK BY SP
8.3.4 SP UNLOCK BY SP
8.3.5 TA REGISTRATION
8.3.6 TA UNREGISTRATION
8.3.7 TA ACTIVATION
8.3.8 TA REGISTER ACTIVATE
8.3.9 TA LOCK
8.3.10 TA UNLOCK
8.3.11 TA PERSONALIZE