The EVITA project, funded by the EU, has developed a set of guidelines that details the design, verification and prototyping of a range of security architectures for automotive ECUs.

SHE 由HIS 提出（HIS 是个工作组）

the Secure Hardware Extension (SHE) specification developed by Escrypt for Audi and BMW via the HIS Working Group

The HIS consortium was founded in 2004 and consists of members from Audi, BMW, Daimler, Porsche, and Volkswagen to address activities and develop common standards related to automotive manufacturing. In 2006, HIS published a document describing the requirements for an HIS Security Module standard that incorporated mechanisms for error detection, authorization, and authenticity. This was further developed by ESCRYPT in partnership with OEMs Audi and BMW, and semiconductor vendors, such as Freescale (now NXP) into an open standard, publicly released in April 2009.

The resulting SHE specification outlines how a secure zone can be created within any ECU via an on-chip extension within a Microcontroller Unit (MCU), providing cryptographic services at the application layer, and isolating the storage of secret keys from the remainder of the MCU’s resources. Although the standard originated within the German automotive industry at the OEM level, it has since become an open standard accepted at the global level.

SHE is one of the earliest examples of automotive-grade connected module hardening and quickly grew to become a standard requirement by OEMs on a global basis. It was primarily built for securing cryptographic key material against software attacks, but cannot really be used to protect communications (such as V2X). As such, it has served as a basis for later HSM standards (such as EVITA). Today, modern automotive HSMs leverage functionalities from SHE, TPM and smartcards.

参考:

https://argus-sec.com/hersteller-initiative-software-his-security-hardware-extension-she/

https://st.inf.tu-dresden.de/files/teaching/ws08/ase/07_ASE_WS_2008-09_NormenStandardsEmpfehlungen_31_HIS_Praesentation_2007_v13.pdf

https://www.sasol.com/sites/sasol/files/content/files/10.9%20SAR-SAF-RPR-0001%20Construction%20Sector%20SHE%20specifications.pdf

Hersteller Initiative Software (HIS) Security Hardware Extension (SHE)

TPM 由TCG 提出

Another standards organization is the Trusted Computing Group (TCG), which claims to provide open, interoperable and international standards for trusted computing. One specification released by this organization is their Trusted Platform Module (TPM)—published as ISO/IEC 11889 Parts 1-4. Like the SHE specification, TPM supports secure keys for authentication and encryption functions.

通用标准（CC）是全球公认的标准/认证（ISO / IEC 15408）

实施方案

TrustZone

a kind of HSM

ARM® developed its TrustZone® security infrastructure, which has been integrated into microcontrollers and microprocessors from various manufacturers,

uboot和tee关系

带ATF的芯片,通常的上电启动流程是：

BOOTROM—>PL（PreLoader）—>ATF—>optee—>uboot—>OS

ATF可以不需要走BL1/BL2阶段load optee/uboot镜像到内存了

make的时候传入RESET_TO_BL31=1

参考：https://blog.csdn.net/chenying126/article/details/78638944

https://www.pianshen.com/article/391857483/

ATF（ARM Trusted firmware）

https://blog.csdn.net/weixin_44124323/article/details/110758865

ATF是可选项，可以略过ATF，直接加载uboot。

The first is passing execution to a payload directly and the second one is passing to the BL3-1 code before a payload.

However, you need to enable Trusted Firmware if you want to run Linux because it expects to work with PSCI.

SMC指令 SMC (Secure Monitor Call) instruction

SMC是TrustZone的一部分。通过SMC指令进入到TrustZone

Trustzone vs TEE

ARM中TrustZone技术可用于实现TEE。参考： http://www.arm.com/zh/products/processors/technologies/trustzone/index.php

OP-TEE是ST和Linaro合作开发的TEE开源实现。参考： http://www.linaro.org/blog/core-dump/op-tee-open-source-security-mass-market/

Trustzone vs ATF

Trustzone支持ATF的硬件。ATF是软件。

Trustzone：支持ATF的硬件。ATF是软件。
TrustZone是一种架构，它对ARM的扩展,其实只是增加了一条指令,一个配置状态位,以及一个新的有别于核心态和用户态的安全态。

TrustZone 是一种在控制器中实现的硬件机制

ATF is an ARMv8 open source framework to use Trustzone to boots a Secure payload and a Non trusted firmware (e.g., U-Boot, etc.) in the Secure world and the Normal world respectively.

TEE vs ATF

AFT 包含了TEE内容。

　　bl2 + bl31 + bl32 + bl33

　　bl32=optee-os

　　bl33=u-boot

trustzone vs HSM

trustzone是HSM的一种

HSM vs SHE

SHE: 是HIS制定的标准，“安全硬件扩展”。旨在将秘钥的控制从软件领域移到硬件领域。如TPM芯片等。

SHE是HSM的基础，SHE是针对汽车领域的密钥存储，硬件加解密算法的芯片模块。

TPM vs HSM

TPM：通常是硬件chip，用于单机授权验证。常见, 固定于PC电脑主板中.
HSM：除chip 外，还有支撑的软件，可以扩展为网络上存取验证。

Trusted Platform Modules

A Trusted Platform Module (TPM) is a hardware chip on the computer’s motherboard that stores cryptographic keys used for encryption. Many laptop computers include a TPM, but if the system doesn’t include it, it is not feasible to add one. Once enabled, the Trusted Platform Module provides full disk encryption capabilities. It becomes the "root of trust" for the system to provide integrity and authentication to the boot process. It keeps hard drives locked/sealed until the system completes a system verification, or authentication check.

The TPM includes a unique RSA key burned into it, which is used for asymmetric encryption. Additionally, it can generate, store, and protect other keys used in the encryption and decryption process.

Hardware Security Modules

A hardware security module (HSM) is a security device you can add to a system to manage, generate, and securely store cryptographic keys.

High performance HSMs are external devices connected to a network using TCP/IP. Smaller HSMs come as expansion cards you install within a server, or as devices you plug into computer ports.

One of the noteworthy differences between the two is that HSMs are removable or external devices. In comparison, a TPM is a chip embedded into the motherboard. You can easily add an HSM to a system or a network, but if a system didn’t ship with a TPM, it’s not feasible to add one later. Both provide secure encryption capabilities by storing and using RSA keys.

Source: https://blogs.getcertifiedgetahead.com/tpm-hsm-hardware-encryption-devices/

TPM (Trusted Platform Module) and HSM (Hardware Security Module) are considered as cryptoprocessor.

They are similar, and TPMs can actually be used as rudimentary HSMs and keep private keys secure, though conventional HSMs are focused on performance and key storage space,

where as TPMs are only designed to keep a few values (PCRs) and a single key in memory and don't put much effort into performance (cf. the 1 request/second on the SSL example)

HSM:

是SHE, TPM的演进

KMS:

KMS (Key Management System) is a newer technology than both TPM and HSM. Key management systems are more modern implementations of cryptographic security and can operate across multiple platforms like cloud and hybrid environments. Things start to get complicated because each cloud service generally handles security in their own unique way, so if you use two unrelated vendors for specific applications or services, then you would have to have specific HSM standards for each.

KMS seeks to manage multiple environments from a single solution, especially in a cloud setup. This means that companies can enjoy benefits of the cloud, such as scaling and redundancy, while still enjoying the security that is required to operate successfully.

KMS also has its limitations, especially where multiple cloud providers are a requirement for companies to operate. There are other technologies available such as AWS CloudHSM, which does a lot of control functions such as scaling and management of your cloud services while keeping everything secure.

缩写词

SHE: Secure Hardware Extension

TPM：Trusted Platform Module

HSM：hardware Secure module

Hersteller Initiative Software (HIS) Hersteller是德语，Manufacturer的意思。

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/IT小白/article/detail/381690

信息安全 - uboot, TEE, ATF, trustzone, SHE，HSM, HIS, Evita, ISO 21434, CC认证(Common Criteria)_evita 标准

标准、规范的时间线

组织标准

Evita

SHE 由HIS 提出 （HIS 是个工作组）