1. Startseite
  2. Blog
  3. Samsung Trusted Boot and TrustZone Integrity Management explained
Dezember 1, 2019

Samsung Trusted Boot and TrustZone Integrity Management explained

Joel Snyder

When you boot up any device, that jump from a powered-down processor to a device running trusted software requires hardware support. The old Basic Input/Output System (BIOS) of over 30 years ago didn’t provide any protections — it could barely get an operating system loaded. Since then, system vendors have been trying to build more security into the boot process. Industry-standard approaches such as Unified Extensible Firmware Interface (UEFI) have set the groundwork and created best practices.

Today, smartphones need that same protection. The Android community has specified some starting points, but device vendors, such as Samsung, have built on those to bring smartphone security to “enterprise-ready” levels.

The end goal is to make sure the smartphone is running trusted software. Two components helping ensure that are secure booting with Samsung Trusted Boot and kernel integrity checking through TrustZone-based Integrity Management Architecture (TIMA).

 

Boot-Time Protections

Secure boot is a common Android mechanism that is used to keep Android devices from booting unapproved software. Android devices, like most computers, have a very small ROM-based primary bootloader that is used to do basic hardware initialization, find a file system with more boot software, and then load and jump into that secondary boot software.

That secondary bootloader may load the Android operating system, or jump to another bootloader, depending on the selected hardware and software. By convention, the last bootloader before the operating system is usually called aboot.

An Android phone that has secure boot technology uses digital certificates to ensure that the software loaded before the operating system is trusted. This means that it is digitally signed — and cryptographically secured against tampering — by the device vendor. Thus, the primary bootloader doesn’t just find and run the secondary bootloader file; instead, it reads the secondary bootloader and verifies a digital signature to ensure it is untampered. If the verification fails, then the boot process stops.

Signature verification and tamper checking is a standard public key infrastructure (PKI) operation: The file being verified is hashed and the hash is signed with a public/private key pair. For Samsung devices, this public/private key pair is Samsung-controlled and goes through a chain of certificates to the Samsung Secure Boot Certificate, which is loaded as part of the hardware root of trust in the platform.

This means that a Samsung phone, for example, can’t run a Motorola secondary bootloader, because the file has not been signed by Samsung.

Each bootloader in the chain, all the way up to the operating system, is responsible for verifying that the software has been digitally signed and is tamper-free. Some device vendors allow the secure boot feature to be disabled, either for developers (who might need to load unsigned experimental software) or because they want to encourage hobbyists to run their own software and operating systems.

Secure boot ensures that the chain of bootloaders hasn’t been tampered with and is signed by a trusted authority — usually the device vendor. Samsung Knox adds an enhancement called Trusted Boot, which goes a step further by taking snapshots during the boot process and storing the results in the TrustZone Trusted Execution Environment (TEE).

The goal of Trusted Boot is to ensure that older, trusted bootloaders that might have security vulnerabilities in them can’t be used, as part of the Rollback Prevention process. As the system is booting, TrustZone Trustlets check the snapshots. If they determine that an older bootloader was used, certain security-critical operations can be blocked. The security enhancements provided by Trusted Boot helped Samsung Knox 3.2 earn “strong” ratings across 27 of 30 categories in Gartner’s May 2019 report, “Mobile OSs and Device Security: A Comparison of Platforms.”

 

Protecting Android

While these are necessary measures, the secure boot and Trusted Boot process stop once Android is running. Checking the integrity of Android itself is handled by a built-in Android feature called device mapper verity (dm-verity) that provides integrity checking at a very low level. Samsung’s version of dm-verity includes some enhancements that make it easier for carriers to patch Android on devices using firmware over-the-air updates.

Samsung smartphones go beyond the basic Android checks with a series of Samsung proprietary security features that add integrity checking to Android, known as TIMA.

Samsung’s TIMA runs inside the TrustZone TEE, which provides a wide variety of security services, including attestation, a trusted user interface, KeyStore, Client Certificate Management and two components that are part of the TIMA real-time protections: real-time kernel protection (RKP) and periodic kernel measurement (PKM).

Security professionals like to combine both active and passive security checks to catch malicious behaviors. PKM is a passive check: It is software that runs in the TrustZone TEE regardless if anything is trying to touch the Android kernel. PKM periodically checks the kernel to detect if code or data have been modified by malicious software. PKM also checks the integrity of key data structures used by SE for Android to detect attempts to disable those security checks.

RKP is an active security check designed to block tampering with the kernel. With RKP, critical kernel events are intercepted and inspected in the TrustZone TEE. Events that impact the kernel can be blocked or logged to indicate suspected tampering. Tamper alerts are available to mobile device management (MDM) and enterprise mobility management (EMM) software, which means that checking those logs is a key task for security-minded IT managers.

TIMA combines active and passive protections and runs within the protected world of the TrustZone TEE. RKP tries to block tampering; if something gets through or around RKP, then PKM can pick it up. In either case, when a security problem is detected, IT managers can see an alert in their MDM/EMM software and proactively take action.

With both passive and active integrity checks via TIMA and the TrustZone TEE, and Samsung’s Trusted Boot technologies, Android devices have a strong, hardware-assisted security setup to create easy-to-deploy and protected hardware for today’s enterprise.

See how Samsung’s Knox platform keeps your business secure from the chip up, or learn to secure tablets and optimize them to your specific business needs using Knox Configure.

Dies könnte Ihnen auch gefallen:
ZUM BLOG →
Knox for Business
Get to know the Knox Asset Intelligence Security Center
We are excited to announce the official launch of our Knox Asset Intelligence Security Center for all Samsung Knox customers.
April 9, 2024
News
Making license registration easier for Knox customers
If you’re a Knox customer, the days where you have to manually enter license keys in your Knox Admin Portal have come to an end.
April 8, 2024
Product Updates
Knox cloud service 24.04 release
Learn more about the latest features in the latest Knox cloud service release.
April 5, 2024
[Icon] schließen

Erste Schritte mit Samsung Knox

[Icon] Koffer
Sind Sie Fachhändler, Lösungsanbieter oder Serviceanbieter?

Werden Sie Knox Partner und bauen Sie Ihr Geschäft noch heute aus.

[Icon] Info

Wählen Sie ein Knox-Produkt aus, mit dem Sie beginnen möchten:

Paket-Komplettlösung
Knox Suite
Rebranding und Anpassung
Knox Configure
Schutz vor Betrug und Diebstahl
Knox Guard
Geräteschutz-Tarif
Samsung Care+ for Business
Sonstige Produkte und Leistungen

Erste Schritte mit

[Image] Knox Suite

Komplettlösung für Unternehmensmobilität.

  • Sichern Sie sich eine kostenlose 90-Tage-Testversion für bis zu 30 Geräte.
  • Eine vollständige Auswahl an Tools für die Sicherung, Bereitstellung, Verwaltung und Analyse der Geräte Ihres Unternehmens.
  • Testen Sie die leistungsstarken Funktionen der Knox Suite.

Knox Suite umfasst:

Knox Mobile Enrollment Kostenlos
Knox Manage
Knox E-FOTA
Knox Asset Intelligence
Knox Platform for Enterprise Kostenlos
Fernsupport für Knox
Knox Capture
Knox Authentication Manager

Erste Schritte mit

[Image] Knox Configure-Logo

Umbenennen und Anpassen Ihrer Samsung Geräte.

  • Sichern Sie sich eine kostenlose 90-Tage-Testversion für bis zu 30 Geräte.
  • Konfigurieren Sie mehrere Samsung Geräte gleichzeitig per Fernzugriff und passen sie die Geräte an Ihre persönlichen Bedürfnisse, damit sie sofort einsatzbereit sind.
  • Richten Sie Ihre Geräte für eine einmalige Bereitstellung ein, oder aktualisieren Sie sie so oft Sie möchten.

Erste Schritte mit

[Icon] Knox Guard-Logo

Betrugs- und Diebstahlschutz für Samsung Geräte.

  • Sichern Sie sich eine kostenlose 90-Tage-Testversion für bis zu 30 Geräte.
  • Geringere finanzielle Risiken und Schutz Ihrer Vermögenswerte durch Fernsteuerung von Samsung Geräten.
  • Testen Sie alle Funktionen von Knox Guard, einschließlich der SIM-Steuerung oder der Gerätesperrung.

Erste Schritte mit

[Image] Samsung Care Plus For Business-Logo

Geräteschutz-Tarife für Ihre Geräte von Samsung.

  • Verringern Sie Betriebsunterbrechungen mit schnellen Reparaturen und Austausch von Geräten. Wenden Sie sich zum Durchstarten an das Samsung Vertriebsteam.
  • Alle Informationen über die Abdeckung und Ihre Ansprüche an einem zentralen Ort einsehen.
  • Sie haben Samsung Care+ for Business bereits gekauft? Erstellen Sie ein Konto und aktivieren Sie einen Tarif über die Samsung Care+ for Business-Konsole.

Sonstige Produkte und Leistungen

[Image] Sonstige Logos

Moderne Lösungen für Ihre individuellen Ansprüche.

  • Profitieren Sie von effizientem technischen Support durch einen fest zugeordneten Kundenbetreuer mit Enterprise Tech Support.
  • Erstellen Sie maßgeschneiderte Geräte für Ihr Unternehmen mit dem Samsung Software Customization Service.
VERTRIEB KONTAKTIEREN