On implementing trusted boot for embedded systems

This paper presents an implementation of trusted boot for embedded systems. While in PCs the trusted computing hardware functionality is spread over CPU, memory controller hub (MCH), IO controller hub (ICH) and Trusted Platform Module (TPM), for embedded systems it is desirable to integrate the whole functionality in one system on chip. Our implementation is a two-processor design with LEON3 open source soft cores (SPARC V8 instruction set), coupled over an AHB interface. One of the processors acts as application processor, the other one as 'secure' coprocessor. The application processor is synthesized with a boot ROM as static root of trust for measurement. The 'secure' coprocessor runs TPM frmware and enables the application processor to boot and run different software while sealing corresponding keys and other secrets to the respective software identity (computed as hash value). We evaluate the design in a Virtex5 FPGA with respect to different measures like resource consumption, code sizes and start times. The 'trusted boot' functionality is realised with a boot time increase of around 25% for a Linux system.