Secure System Design on Arm using Platform Root of Trust (PRoT).pdf

1、Secure System Design on Arm using PRoTSecuritySecure System Design on Arm using PRoTJose Marinho,ArmZachary Bobroff,AMIChain of trust,established from an immutable RoT.Immutable RoT(within PRoT)authenticates the first FW component.PRoTauthenticates the platform FW componentsHost FW auth additional m

2、ore complex FW stages.Secure IOMMU configuration at boot.Boot flow is platform-specific,allows for flexibility and innovation.Ecosystem collaborates to enable proven designs.Secure System Boot on ArmPRoTRoT Root of Trust|PRoT Platform Root of Trust|Host FW Host Processor Firmware|IOMMU Input-Output

3、Memory Management Unit|PCIe RC PCI Express Root Complex|CMA Component Measurement and Authentication|SPDM Security Protocol and Data Model|SatMC Satellite Management Controller|RTU Root of Trust for UpdateServer Base Manageability Requirements Enables subsystem interoperabilitySpecifies manageabilit

4、y design for Arm systemsBMC,SatMC,PRoTCollection of rules and design guidelinesUse-cases cover:ManageabilitySecurityThis is a work in progress for a future SBMRSystem Manageability on ArmRedfish EngineSoC Side-band InterfaceSystem InterfaceHost OS/Firmware(Application Processors)SoC Side-band Interf

5、ace LibraryShared Network ControllerIO Device Side-band interfacePlatform Elements InterfaceSensors,Fans,Power,.Other Managed I/O DevicesAdminOOB(Redfish)MCTP/PLDM over I3C(events/power/thermal/RAS)IMPDEFIMPDEFPCIe,SPI,I2C,other interfacesPCIe x16(Network)Monitor and Control SignalsUART(Serial over

6、LAN,Console,etc)JTAG(remote debug)PCIe x1 (Video,MCTP over PCIe VDM)USB (Keyboard,Mouse,Virtual Media)I2C/SMBus/Alert(IPMI SSIF)PCIe NIC(preferred)or USB NIC(Redfish HI)NC-SCI over RBT or MCTP(*)UART(OS Debug)PCIe devices(Networking,Storage,.)PCIeMCTP/PLDM(*)MCTP/PLDM(over I2C/I3C/PCIe)NVMeNVME-MI o