Runtime firmware product lines using TPM2.0

Runtime firmware product lines enable the generation of unified firmware images, i.e., a single firmware with several features can be used on several models. The device itself decides whether to unlock a feature or not. However, an attacker could alter their model and upgrade it to a higher-level model. In this paper, we propose an approach for secure runtime firmware product lines. Unified firmware images can be provisioned to a whole series of products while preventing unauthorized feature activation. Our approach is based on a Trusted Platform Module (TPM) 2.0, acting as security anchor using several new TPM 2.0 functionalities. The feasibility is shown in a proof-of-concept implementation.