Secrets are undiscoverable: The Freescale Trust Architecture provides a write-only storage area that is only accessible by components of the SoC Trust Architecture, such as the hardware-based cryptography and boot subsystems. This storage area is used to secure cryptography private keys and other “secrets” so that they cannot be discovered (short of destroying the chip and attempting to read the molecular state of the storage area via scanning electron microscope), but are readily usable by the SoC itself.
Hardware and software can always be verified: Given that the configuration of the hardware and software are known to the SoC and verifiable via its secrets, the system is capable of continuously monitoring both hardware and software for unauthorized modifications. This provides a means of ensuring that the hardware and software comprising the system has not been tampered with.
Attempts to compromise the system are prevented: Other advanced features designed to protect the secrets of the system include the ability to zero-out all secrets if the computing platform is physically tampered with, operated out of voltage, temperature or AC power frequency ranges in attempts to compromise the SoC. The cryptographic subsystem also provides for timing equalization to prevent attempts to “guess” the algorithms via careful analysis of cryptographic processing times.
But how do we know that a system's built around these six tenants really is tamper-proof? As always, proving a negative is really not readily possible. It’s the equivalent of trying to prove that the airbags in your car will go off if you drive into a brick wall. We all expect that they will, but how do we prove that short of totaling our new Tesla Model S? The same is true of tamper-proof computing. We can’t prove it is tamper-proof, only prove that it is not if and when at some point in the future someone figures out how to get around the six tenants we’ve set out herein. But do we really require proof to use the clearly advantageous capabilities of a tamper-proof computing system? Clearly, as with the air bags in our modern vehicles, it’s better to have and trust that they will work, rather than not have them at all. As more and more tamper-proof computing platforms are deployed, time will surely indicate that having them in place is better than not, and that the value they deliver in thwarting cybercrime is both measurable and significant.[1] Most of the major publicly known breaches (Target, Home Depot, etc.) could have been prevented had this technology existed, as they all required that the systems be tampered with to achieve the criminal objective.