Hardware Root of Trust

A Secure Enclave or Trusted Execution Environment (TEE) is a secure, isolated area within a main processor (CPU/SoC). It uses hardware-enforced access controls to protect code and data from the main operating system and other software, even with root privileges. Key mechanisms:

• Memory Isolation: Encrypted and partitioned memory, accessible only by the enclave.
• Secure Boot & Attestation: Verifies enclave integrity upon launch and can generate attestation reports (e.g., Intel SGX attestation, ARM TrustZone).
• Sealed Storage: Encrypts data with a key tied to the enclave's identity and platform state, ensuring it can only be decrypted by the same enclave on the same trusted platform.

These are the foundational processes initiated by the HRoT during secure boot.

• Root of Trust for Measurement (RTM): The immutable first instruction executed (e.g., CPU microcode or a CRTM - Core Root of Trust for Measurement in the BIOS). It is inherently trusted and begins the chain of trust by measuring the next component in the boot sequence.
• Root of Trust for Reporting (RTR): The trusted component (typically within the TPM) that can reliably report the measurements stored in the PCRs. It uses a non-migratable Attestation Identity Key (AIK) to sign these reports, providing cryptographic proof of the system's state to a remote party.

Secure Boot is a security standard that ensures a device boots using only software that is cryptographically signed by an authorized party. The HRoT is central to this process:

1. The Hardware Root of Trust stores the public keys of trusted signers (e.g., Microsoft, hardware OEM) in immutable firmware (UEFI).
2. At each stage (UEFI → Bootloader → OS Kernel), the cryptographic signature of the next component is verified against these trusted keys.
3. If any signature is invalid, the boot process halts, preventing malware from loading at the firmware or bootloader level. This protects against bootkits and rootkits.

A core function of an HRoT is to provide a cryptographically strong, hardware-bound identity for the device.

• Endorsement Key (EK): A unique, non-migratable RSA key pair burned into the TPM at manufacture. It provides a permanent identity for the device.
• Device Identifier Composition Engine (DICE): A layered hardware/software architecture that derives a unique secret key for each layer of firmware/software based on measurements of the previous layer. This chains trust and creates compartmentalized identities, limiting the blast radius of a compromise in one layer.
• Physically Unclonable Function (PUF): A circuit that exploits microscopic manufacturing variations to create a unique, non-storable 'fingerprint' for the chip. This fingerprint seeds key generation, meaning the key exists only when the chip is powered, offering extreme resistance to physical extraction.

Remote Attestation is a cryptographic protocol where a trusted verifier can check the integrity and configuration of a remote hardware platform (the attester).

• Process: The attester generates a cryptographically signed report of its current state (e.g., boot measurements, loaded software). This report is signed by a key rooted in the HRoT (TPM).
• Verification: The verifier checks this signature and compares the measurements against a known-good policy.
• Critical Use: Enables zero-trust architectures, secure cloud provisioning, and confidential computing by proving a system is in a known-safe state.

A Silicon Root of Trust refers to a hardware root of trust that is physically fabricated into the silicon of a System-on-a-Chip (SoC) or CPU, making it immutable from the point of manufacture.

• Highest Assurance: The cryptographic keys and firmware are embedded during chip fabrication, making them extremely resistant to physical and software attacks.

• Examples: Apple's Secure Enclave, Google's Titan M2 chip, and AMD's Platform Security Processor (PSP).

• Function: Manages device-specific secrets, enables secure boot, and provides the foundation for all other security features on the device.