In our previous Trusted Computing white paper, we discussed the importance of secure boot for Trusted Computing. After secure boot is implemented, our focus turns to hardware features built-in to the most popular defense and aerospace processor architectures to ensure the continued security of a trusted system during operation. Understanding these features, what they protect against, and how to effectively use them will enable embedded systems to operate securely even in the face of attacks. In most cases, some software has to be modified as well in order to take advantage of these hardware features. In a future white paper we will discuss the software aspect of maintaining system security during operation.
Because different processor architectures support different security features, this white paper considers some examples of those features. It’s important though to review your own specific platform’s architecture to determine which features are available and germane to your system’s unique requirements. Generally, the system integrator will want to use all of the security features that are available. Variables, such as cost, complexity, and the system’s security requirements and threat assessment, can influence the decision about which features will actually be implemented. Each individual program will have to review their program requirements and make the appropriate trade-off decision regarding security and cost, schedule, complexity. Discussions with commercial-off-the-shelf (COTS) hardware vendors at the earliest stages of system development can be of great help in making the right choices.
Download the 'Hardware Features for Maintaining Security During Operation' white paper to learn more about:
- Intel SGX and OS Guard
- NXP QorIQ Trust Architecture
- Arm TrustZone