logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 8375221 B1

PDFFull Text
Date of Patent:
Feb. 12, 2013

Filed:

Jul. 29, 2011

Firmware-based trusted platform module for arm processor architectures and trustzone security extensions

Applicants:

Stefan Thom, Snohomish, WA (US);

Jeremiah Cox, Redmond, WA (US);

David Linsley, Seattle, WA (US);

Magnus Nystrom, Sammamish, WA (US);

Himanshu Raj, Issaquah, WA (US);

David Robinson, Seattle, WA (US);

Stefan Saroiu, Redmond, WA (US);

Rob Spiger, Seattle, WA (US);

Alastair Wolman, Seattle, WA (US);

Inventors:

Stefan Thom, Snohomish, WA (US);

Jeremiah Cox, Redmond, WA (US);

David Linsley, Seattle, WA (US);

Magnus Nystrom, Sammamish, WA (US);

Himanshu Raj, Issaquah, WA (US);

David Robinson, Seattle, WA (US);

Stefan Saroiu, Redmond, WA (US);

Rob Spiger, Seattle, WA (US);

Alastair Wolman, Seattle, WA (US);

Assignee:

Microsoft Corporation, Redmond, WA (US);

Attorneys:

Lyon & Harr, LLP

Mark A. Watson

Primary Examiner:

Techane Gregiso

Int. Cl.
CPC ...
G06F 11/30 (2006.01); G06F 7/04 (2006.01);
U.S. Cl.
CPC ...
Abstract

A 'Firmware-Based TPM' or 'fTPM' ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

Find Patent Forward Citations

Loading…