The Importance of a Hardware Root of Trust for Smartphones
In today’s connected world, smartphones have become an integral part of our daily lives, serving as personal assistants, communication devices, and gateways to the digital world. This is no different for government workers – be they in an office setting or in the field. As such, the security of these devices is paramount. One of the foundational elements of smartphone security is the hardware root of trust (RoT). This is especially true for government use-cases. Fidelity of communications must be protected and treated as sacrosanct. Below, I explore the critical role of a hardware root of trust in ensuring the security and integrity of smartphones, delving into its technical aspects and benefits.
Understanding Hardware Root of Trust
A hardware root of trust is a secure, immutable foundation upon which all other security mechanisms of a device are built. It is typically embedded within the device’s hardware and is responsible for performing critical security functions such as signed boot security, cryptographic key management, and attestation.
Trusted Platform Module (TPM)
The TPM is a widely adopted Hardware RoT. It is a dedicated microcontroller that provides cryptographic functions, secure storage, and hardware-based security features.
TPMs are commonly found in laptops, desktops, and servers. They play a crucial role in cryptographic boot processes, disk encryption, and key management.
For example, during boot-up, the TPM verifies the integrity of the system firmware and OS, ensuring that only trusted code executes, in PureBoot on Purism devices you additionally have control your own cryptography and sign the first bit loaded into the CPU, providing a root of trust that avoids the issue recently faced by Crowdstrike.
Some SoCs (System-on-Chips) incorporate platform-specific HWRoT features directly into their design.
These features include secure enclaves, hardware-accelerated cryptographic engines, and tamper-resistant memory.
For instance, mobile devices often integrate hardware-based secure elements for secure payment transactions and device authentication. With the Liberty Phone or Librem 5 phone by Purism it is possible to utilize the SmartCard reader with a separate hardware token to secure a device or communications.
Secure Boot
Secure boot is a process that ensures that a device boots using only software that is trusted by the device manufacturer. The hardware root of trust plays a crucial role in this process by storing cryptographic keys and verifying the integrity of the bootloader and operating system before they are executed. This prevents unauthorized or malicious software from being loaded during the boot process, thereby protecting the device from rootkits and other low-level attacks. Purism takes a different approach by removing the required (and exploited) requirement by device manufacturers, and puts you in control of your own keys, therefore security.
Please see a related Purism Blog article relating to Purism PureBoot technology and it’s relative immunity from certain attacks.
Cryptographic Key Management
The hardware root of trust securely generates, stores, and manages cryptographic keys used for various security functions. These keys are used for encrypting data, authenticating users, and securing communications. By storing these keys in a secure hardware module, the risk of key extraction and misuse is significantly reduced.
Purism eliminates centralized signing keys. You, or your IT team are in full control of your own signing keys, not any other party – especially commercial vendors.
Attestation
Attestation is the process of verifying the integrity and authenticity of the software running on a device. The hardware root of trust can generate cryptographic proofs that attest to the state of the device’s software. This allows external parties, such as network administrators or service providers, to verify that the device is running trusted software and has not been tampered with.
Attestation policies can be easily incorporated under your control directly or with Purism’s developmental assistance where you still retain cryptographic generation and full control.
Technical Benefits of Hardware Root of Trust
The implementation of a hardware root of trust in smartphones offers several technical benefits that enhance the overall security posture of the device.
Resistance to Physical Attacks
A hardware root of trust is designed to be resistant to physical attacks. It is typically implemented as a secure enclave or a dedicated security chip that is isolated from the main processor. This isolation makes it difficult for attackers to access or tamper with the root of trust, even if they have physical access to the device.
Purism Liberty Phone features an isolated chip and features electronics Made in America.
Purism also provides for physical “kill switches” on the device which will be the subject of another blog article shortly.
Protection Against Firmware Attacks
Firmware attacks are a significant threat to smartphone security, as they can compromise the device at a low level. The hardware root of trust mitigates this risk by verifying the integrity of the firmware before it is executed. Any unauthorized changes to the firmware are detected and prevented from running, ensuring that the device remains secure.
Continuous Security Updates
The dynamic nature of cybersecurity threats necessitates continuous updates to security mechanisms. A programmable hardware root of trust allows for the deployment of security updates and new cryptographic algorithms without requiring hardware changes. This ensures that the device can adapt to evolving threats and maintain a high level of security over its lifespan.
Government Use Cases:
Military and Intelligence Agencies:
Traditionally, most US Federal Government agencies concerned with Information Assurance (IA) at high levels have insisted on hardware-based encryption for classified communications. Recent efforts highlighting separated, three-zone architectures (Red/Black/Grey) underscore the importance of the hardware, where it’s manufactured and related supply chain concerns.
Anecdotally, while working for a large, US-based OEM on Commercial Solutions for Classified (CSfC) Capability Package solutions, the government pointed out specifically that it was not enough to have a HW ASIC (with Random Number Generator with very high entropy, etc.). It was required that this chip be manufactured specifically in the United States.
Purism’s Made in The USA Electronics and secure supply chain offer great benefits over alternative approaches and can be viewed as a secure platform by which governments can create tailored/bespoke offerings.
Civilian Agencies:
Agencies handling sensitive information—such as healthcare, law enforcement, and emergency services—require secure mobile communication.
A hardware root of trust better ensures that data remains confidential and tamper-proof. This is especially important when protecting Personally Identifiable Information (PII) as well as related metadata.
The fact of the matter is that while so-called “tactical applications” receive a great deal of attention in mobility circles, mundane and everyday tasks such as Personal Information Management (PIM) represent the large majority of smartphone compute tasks for the everyday knowledge worker. There are also many more knowledge workers across both DoD and CIV than field “operators.”
Summary
In conclusion, a hardware root of trust is a fundamental component of smartphone security for very high assurance levels. By providing a secure foundation for critical security functions such as secure boot, cryptographic key management, and attestation, it ensures the integrity and authenticity of the device’s software. The technical benefits of a hardware root of trust, including resistance to physical and firmware attacks and support for continuous security updates, make it an indispensable element in the design of secure smartphones. As the digital landscape continues to evolve, the importance of a robust hardware root of trust will only grow, safeguarding our devices and the sensitive information they hold.
Purism’s Role
As a US-based Original Equipment Manufacturer (OEM), Purism is able to control just about all elements of manufacture – on US soil. As such, the platform is very attractive to government agencies wishing to compose a tailored device for discreet use-cases. More broadly, the platform is perfect as a Commercial Off the Shelf (COTS) offering with a secure foundation upon which to rely for a multitude of applications – all free of traditional big tech bloatware and eavesdropping.
More information can be found on Purism’s Government Mobility page or contact [email protected] directly.