Mechanism for Secure Storage without a Trusted Execution Environment for Low/Mid Automotive Segments 2021-01-0145

Increasing adoption of connected vehicles has led the vehicle manufacturers to deal with security issues in a vehicle-embedded system. In order to secure the security critical instructions/operations such as security functions, cryptographic credentials in a connected embedded system Arm Trustzone Technology is widely used in automotive embedded system across Cockpit, ADAS, V2X, etc. The Arm Trustzone technology protects the security critical operations by executing them in a trusted execution environment (TEE) parallelly by isolating them through hardware from classic rich execution environment (REE) using the shared hardware resources by protecting the confidentiality and integrity of the system. The Arm Trustzone technology uses secure configuration register (SCR) to switch between secure and non-secure worlds by providing two execution environments with different privileges through secure monitor call (SMC) and arm trusted firmware (ATF) across the resources e.g., memory, interrupts, peripherals etc. with different exception levels (EL). The enhanced security provided by Arm Trustzone technology is biased by resource constraints to the operations running in the REE when the resource isolation switches to the TEE through SCR. Hence, for the limited resource embedded automotive cockpits the driver assisting functions such as navigation system, which are running, in the REE gets void of resources due to the TEE, which in turn affects the functional safety of the overall driving system. Here, in order to eliminate the ambiguity between security and safety for the limited resource automotive cockpits where the addition of TEE is cannot be done, an efficient secure storage system is proposed without TEE in Arm Trustzone technology. The proposed approach stores the RPMB (Replay Protected Memory Block) key in the specialized memory of Arm Trustzone Technology during the vehicle provisioning with its encrypted version stored in the RPMB block of MMC. During the Harman secured boot loader based booting of the cockpit system, the derived key is generated from this key after decryption, and the application data based operations are executed in kernel space through an introduced secure storage kernel module in kernel, thereby providing the secured storage of the security critical operations in the Arm Trustzone Technology without TEE.