This presentation and paper provides a DIY guide to using Trusted Computing on embedded devices. This is NOT an introduction or overview of Trusted Computing. We introduce a low-cost schematic using Atmel's CryptoModule (AT97SC3204T) and CryptoAuthentication (AT88SA102S) ICs, and release drivers for UEFI, U-Boot, and the Linux kernel. Using these ICs as a base, we demonstrate (and provide code!) ways anyone can use Trusted Computing concepts for embedded projects (Linux IMA, signed data exchange), most importantly, a secured bootstrap from ROM code to a userland application. We also demonstrate how the TPM can be used to encrypt and sign Ethernet frames. This is a response (and implementation of a well-known mitigation strategy) to attack vectors using various pre-boot environments such as UEFI, BIOS, Option ROM, and other bootloaders. By the end of the presentation, participants should understand how to use a TPM to secure their creative embedded projects. We plan on making "kits" with the components needed to make a TPM breakout, and giving away as many as we can afford to jump start your projects.
Teddy is a computer science researcher working for the USA with a focus on large-scale enterprise network modeling and simulation. He has a passion for security and CTF competitions.
David is currently employed as an incident responder with a strong interest in software engineering. He is a recent college graduate with a passion for cryptography, cryptanalysis and digital privacy.