fTPM: A Software-only Implementation of a TPM Chip

Himanshu Raj; Stefan Saroiu; Alec Wolman; Ronald Aigner; Jeremiah Cox; Paul England; Chris Fenner; Kinshuman Kinshumann; Jork Loeser; Dennis Mattoon; Magnus Nystrom; David Robinson; Rob Spiger; Stefan Thom; David Wooten

fTPM: A Software-only Implementation of a TPM Chip

Himanshu Raj ,
Stefan Saroiu ,
Alec Wolman ,
Ronald Aigner ,
Jeremiah Cox ,
Paul England ,
Chris Fenner ,
Kinshuman Kinshumann ,
Jork Loeser ,
Dennis Mattoon ,
Magnus Nystrom ,
David Robinson ,
Rob Spiger ,
Stefan Thom ,
David Wooten

USENIX Security | August 2016

Commodity CPU architectures, such as ARM and Intel CPUs, have started to offer trusted computing features in their CPUs aimed at displacing dedicated trusted hardware. Unfortunately, these CPU architectures raise serious challenges to building trusted systems because they omit providing secure resources outside the CPU perimeter.

This paper shows how to overcome these challenges to build software systems with security guarantees similar to those of dedicated trusted hardware. We present the design and implementation of a firmware-based TPM 2.0 (fTPM) leveraging ARM TrustZone. Our fTPM is the reference implementation of a TPM 2.0 used in millions of mobile devices. We also describe a set of mechanisms
needed for the fTPM that can be useful for building more sophisticated trusted applications beyond just a TPM.