Maciej Pijanowski

TwPM project aims to increase the trustworthiness of the TPM module (hence the TwPM), by providing the open-source firmware implementation for the TPM device, compliant to the TCG PC Client Specification.

Trusted Platform Modules (TPM) enable measured boot and support verified boot, Dynamic Root of Trust for Measurement, and other security features. Currently, the market is dominated by the TPMs based on chips from large silicon vendors. The common characteristic of these modules is the proprietary firmware implementation.

This presentation will outline the project's goals, design, current challenges, and status. The goal is also to gather a community around this project and exchange ideas on the subject.

In the ARM world, Secure Boot is typically a BootROM feature, which allows for verification of the loaded binaries (firmware, bootloader, Linux kernel) prior executing it. The main idea is to prevent the untrusted code from running on our platform. The general approach is similar across vendors, but there is no standardization in this area.

During this talk we will review the Secure Boot features in ARM SoCs from some of the most popular vendors. Not only will we analyze the Secure Boot presence or its features, but we will also focus on the tools and documentation availability. It is a known fact that often such documentation requires a signed NDA with an SoC vendor, which makes it difficult to use by regular users.