What is the Root of Trust?
PSA Certified explains the Root of Trust (RoT) as, “…the foundational security component of a connected device. While precise definitions can vary considerably, a RoT can be described as a set of implicitly trusted functions that the rest of the system or device can use to ensure security; it is the foundation on which a device maker can build their ‘tower of trust’.”1 The numbers of Internet of Things (IoT) devices coming online is rapidly increasing, as is the likelihood that IoT devices will be exposed to remote software cyberattacks and hacks where the threat actor is physically present. IoT devices that lack adequate security create opportunities for cyberattackers and hackers to brick devices, take over devices to form botnets, introduce unauthorized code, steal data, or commit other malicious acts.
The RoT can provide essential trusted functions such as trusted boot, cryptography, attestation, and secure storage. One of the most basic uses of a RoT is to keep private crypto keys (encrypted data) confidential, protected by hardware mechanisms, and away from the system software that is easier to compromise. The RoT’s secure storage and crypto functions should be able to handle the keys and trusted processing necessary for authentication of the device, verifying claims, and encrypting or decrypting data.
A RoT also provides an important function when a device is switched on. Before the device software and other system software start to run, the device needs to boot and establish the software running is authentic and has not been tampered with. This process is known as “trusted boot”, and it is one of the essential functions of a well-designed RoT.
PSA Certified’s PSA Root of Trust (PSA-RoT) was developed specifically for IoT devices. PSA-RoT security functions include:
- Initialization. A secure initialization process ensures the authenticity and integrity of the firmware and prevents firmware installation from unknown sources.
- Software isolation. Isolation between secure and non-secure processing environments and between PSA-RoT and other executable code prevents outside software from tampering with protected assets.
- Secure storage. Protects the confidentiality and integrity of assets by preventing access.
- Firmware update. Verifies the integrity and authenticity of updates before they’re executed, preventing installation of obsolete or external firmware.
- Secure state. Enters a secure state upon initialization errors or software failure detection—before any exposure of sensitive data—and ensures the correct operation of security functions, protects against programmer errors and the violation of best practices, controls access to services, and prevents exploitation of abnormal situations.
- Cryptography. Uses state-of-the-art cryptographic algorithms to protect assets based on recommendations from national security agencies or academia, preventing the exploitation of cryptographic weaknesses.
- Attestation. Reports on the identity, firmware measurements and runtime state of the device in order to mitigate impersonation via cryptographic proof of identity.
- Audit. Maintains log of security events and allows access and analysis of these logs for authorized users.
- Debug. Restricts access to debug features by unauthorized users.
1 PSA Certified, 2020, “What is a Root of Trust?”