| Gilles Peskine | 6c723a2 | 2020-04-17 16:57:52 +0200 | [diff] [blame^] | 1 | .. _architectures: |
| 2 | |
| 3 | Sample architectures |
| 4 | -------------------- |
| 5 | |
| 6 | This section describes some example architectures that can be used for |
| 7 | implementations of the interface described in this specification. This list is |
| 8 | not exhaustive and the section is entirely non-normative. |
| 9 | |
| 10 | Single-partition architecture |
| 11 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 12 | |
| 13 | In the single-partition architecture, there is no security boundary inside the system. The |
| 14 | application code can access all the system memory, including the memory used by |
| 15 | the cryptographic services described in this specification. Thus, the |
| 16 | architecture provides `no isolation <isolation>`. |
| 17 | |
| 18 | This architecture does not conform to the Arm *Platform Security Architecture |
| 19 | Security Model*. However, it is useful for providing cryptographic services |
| 20 | that use the same interface, even on devices that cannot support any security |
| 21 | boundary. So, while this architecture is not the primary design goal of the API |
| 22 | defined in the present specification, it is supported. |
| 23 | |
| 24 | The functions in this specification simply execute the underlying algorithmic |
| 25 | code. Security checks can be kept to a minimum, since the cryptoprocessor cannot |
| 26 | defend against a malicious application. Key import and export copy data inside |
| 27 | the same memory space. |
| 28 | |
| 29 | This architecture also describes a subset of some larger systems, where the |
| 30 | cryptographic services are implemented inside a high-security partition, |
| 31 | separate from the code of the main application, though it shares this |
| 32 | high-security partition with other platform security services. |
| 33 | |
| 34 | .. _isolated-cryptoprocessor: |
| 35 | |
| 36 | Cryptographic token and single-application processor |
| 37 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 38 | |
| 39 | This system is composed of two partitions: one is a cryptoprocessor and the |
| 40 | other partition runs an application. There is a security boundary between the |
| 41 | two partitions, so that the application cannot access the cryptoprocessor, |
| 42 | except through its public interface. Thus, the architecture provides |
| 43 | `cryptoprocessor isolation <isolation>`. The cryptoprocessor has |
| 44 | some non-volatile storage, a TRNG, and possibly, some cryptographic accelerators. |
| 45 | |
| 46 | There are a number of potential physical realizations: the cryptoprocessor might |
| 47 | be a separate chip, a separate processor on the same chip, or a logical |
| 48 | partition using a combination of hardware and software to provide the isolation. |
| 49 | These realizations are functionally equivalent in terms of the offered software |
| 50 | interface, but they would typically offer different levels of security |
| 51 | guarantees. |
| 52 | |
| 53 | The PSA crypto API in the application processor consists of a thin layer of code |
| 54 | that translates function calls to remote procedure calls in the cryptoprocessor. |
| 55 | All cryptographic computations are, therefore, performed inside the |
| 56 | cryptoprocessor. Non-volatile keys are stored inside the cryptoprocessor. |
| 57 | |
| 58 | Cryptoprocessor with no key storage |
| 59 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 60 | |
| 61 | As in the :title:`isolated-cryptoprocessor` architecture, this system |
| 62 | is also composed of two partitions separated by a security boundary and also |
| 63 | provides `cryptoprocessor isolation <isolation>`. |
| 64 | However, unlike the previous architecture, in this system, the cryptoprocessor |
| 65 | does not have any secure, persistent storage that could be used to store |
| 66 | application keys. |
| 67 | |
| 68 | If the cryptoprocessor is not capable of storing cryptographic material, then |
| 69 | there is little use for a separate cryptoprocessor, since all data would have to |
| 70 | be imported by the application. |
| 71 | |
| 72 | The cryptoprocessor can provide useful services if it is able to store at least |
| 73 | one key. This might be a hardware unique key that is burnt to one-time |
| 74 | programmable memory during the manufacturing of the device. This key can be used |
| 75 | for one or more purposes: |
| 76 | |
| 77 | - Encrypt and authenticate data stored in the application processor. |
| 78 | - Communicate with a paired device. |
| 79 | - Allow the application to perform operations with keys that are derived from |
| 80 | the hardware unique key. |
| 81 | |
| 82 | Multi-client cryptoprocessor |
| 83 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 84 | |
| 85 | This is an expanded variant of the `cryptographic token plus application |
| 86 | architecture <isolated-cryptoprocessor>`. In this |
| 87 | variant, the cryptoprocessor serves multiple applications that are mutually |
| 88 | untrustworthy. This architecture provides `caller |
| 89 | isolation <isolation>`. |
| 90 | |
| 91 | In this architecture, API calls are translated to remote procedure calls, which |
| 92 | encode the identity of the client application. The cryptoprocessor carefully |
| 93 | segments its internal storage to ensure that a client’s data is never leaked to |
| 94 | another client. |
| 95 | |
| 96 | Multi-cryptoprocessor architecture |
| 97 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 98 | |
| 99 | This system includes multiple cryptoprocessors. There are several reasons to |
| 100 | have multiple cryptoprocessors: |
| 101 | |
| 102 | - Different compromises between security and performance for different keys. |
| 103 | Typically, this means a cryptoprocessor that runs on the same hardware as the |
| 104 | main application and processes short-term secrets, a secure element or a |
| 105 | similar separate chip that retains long-term secrets. |
| 106 | - Independent provisioning of certain secrets. |
| 107 | - A combination of a non-removable cryptoprocessor and removable ones, for |
| 108 | example, a smartcard or HSM. |
| 109 | - Cryptoprocessors managed by different stakeholders who do not trust each |
| 110 | other. |
| 111 | |
| 112 | The keystore implementation needs to dispatch each request to the correct |
| 113 | processor. For example: |
| 114 | |
| 115 | - All requests involving a non-extractable key must be processed in the |
| 116 | cryptoprocessor that holds that key. |
| 117 | - Requests involving a persistent key must be processed in the cryptoprocessor |
| 118 | that corresponds to the key’s lifetime value. |
| 119 | - Requests involving a volatile key might target a cryptoprocessor based on |
| 120 | parameters supplied by the application, or based on considerations such as |
| 121 | performance inside the implementation. |