Root of Trust

RidgeRun Platform Security Manual RidgeRun documentation is currently under development. Check back soon to get the full details of RidgeRun's support for this platform. Kindly Contact RidgeRun OR send an email to support@ridgerun.com if you have any inquiries.

⟵ ⟶

RidgeRun Platform Security Manual

Table of Contents [Sticky]

• Introduction
  • General Overview
  • Basic Concepts
• Platform Security
  • Root of Trust
  • Secure Boot
  • Trusted Execution Environment(TEE)
  • Trusted Platform Module(TPM)
  • Key Management Systems (Keyring)
  • Measured Boot and Integrity Measurement Architecture (IMA)
  • Disk Encryption
  • Over-the-Air updates (OTA)
  • Kiosk Modes
• Getting Started
  • Platform Support
  • Secure Boot
  • Trusted Execution Environment(TEE)
    • NVIDIA Jetson
  • Disk Encryption
    • NVIDIA Jetson
  • Over-the-Air
    • Main providers
    • NVIDIA Jetson
  • Kiosk Modes
• Contact Us
• Sponsor your Favorite Feature

Root of Trust

Plenty of techniques in embedded system security consist in verifying software modules or drivers against cryptographic keys so that the system can be sure that they can executed without risk. In order to determine whether a particular piece of software can be trusted, the base system must know against what to verify the software, and this is where the concept of Root of Trust comes in.

The Root of Trust can be defined as the backbone of a system's security trustworthiness. This definition can be taken because it will be used as the point of comparison for the verification process that determines whether a module can be trusted or not.

This root needs to be immutable and tamper-resistant to ensure that the system will remain secure and trustable over time. For this reason, the Root of trust of a system is usually provided by hardware (using cryptographic chips) or firmware (like a bootloader), using techniques such as fuse burning.

It is important to keep this in mind since defining the Root of Trust of a System is often a one-time, irreversible process. This means that if the user commits a mistake when programming the Root of Trust this will affect other security measures that are implemented in the future and leave the system in an unusable state. For example, if Secure Boot is implemented in the system, the system will boot only if the software is correctly signed with the cryptographic key expected by the system, if the Root of Trust was set up to the incorrect key or if the key burned in the system is lost it won't be possible to use the system again.

In the case of NVIDIA Jetson, the Root of Trust is often given by the fuses, which are blown up during the key burning. These fuses are placed inside the SoC chipset and cannot be restored after burning.

As an example of a hardware Root of Trust you can see the EdgeLock Secure Enclave, which provides a silicon-level Root of trust in NXP's SoCs such as the i.MX95, to which you can see a block diagram below.

⟵ ⟶