Hardware Root of Trust for Linux Based Edge Gateway

Abstract: Linux-based Edge Gateways that connects hundreds or maybe thousands of IoT devices, are exposed to various threats and cyber-attacks from the internet. These attacks form a considerable risk targeting the privacy and confidentiality of IoT devices throughout their gateways. Many researches and studies have been conducted to alleviate such a problem. One of the solutions can be achieved by building a root of trust based on a hardware module such as Trusted Platform Module (TPM) or software like Trusted Execution Environment (TEE). In this work, we provide a solution to the problem by enabling Hardware Root of Trust (HRoT) using TPM on a product from HMS Industrial Network AB known as GWen board, a Linux-based embedded system, used as gateway to connect IoT devices. We describe a method that uses the processor of the GWen (i.e. Zynq-7020 FPGA SoC) to enable secure boot. Besides, we provide a method to enable the TPM chip mounted on the GWen (i.e. SLB 9670 TPM 2.0) using TPM Software Stack TSS 2.0. We demonstrated, in detail, various use-cases using the TPM on GWen including cryptographic keys generation, secure key storage and key usage for different cryptographic operations. Furthermore, we conducted an analysis to the adopted solution by inspecting the latency of TPM commands on the GWen gateway. According to the high restrictions of TPM 2.0 specifications and based on our results, adding the TPM 2.0 to the IoT gateway GWen will enhance the security of its Linux distribution and will makes it possible to securely identify and authenticate the gateway on the network based on its secret keys that are stored securely inside its TPM.