Chip, device and firmware developers now have a standardised way to load and manage firmware – combining the secure operating system applications and data – in a secure and isolated area of a device’s SoC.
Existing Secure Elements (SEs) – such as SIMs, smart cards, smart microSDs and USB tokens – are stand-alone tamper-resistant hardware platforms, developed as different form factors for different use cases. They are capable of securely hosting multiple applications and their confidential and cryptographic data, addressing the requirements of different business implementations and market needs. The ability to integrate a tamper-resistant hardware platform in a SoC offers a new universal form factor to host and execute secure digital services, while supporting the high level of security and tamper-resistance achieved by today’s Secure Elements.
“Integration of a tamper-resistant platform is a recent feature of SoC technology, which brings new opportunities and challenges,” comments Gil Bernabeu, Technical Director at GlobalPlatform. “For example, with these new SoCs, data in the secure memory may not remain when the device is switched off, so a standardised mechanism is needed to securely re-load the sensitive data when the device restarts. In parallel, the tamper-resistant platform in a SoC must meet the required security levels and offer the same security services as today’s SEs to provide standardised services to service providers.”
To overcome these challenges, GlobalPlatform has published two freely-available documents:
Open Firmware Loader (OFL) – standardises how firmware can be loaded and managed in the tamper-resistant hardware platform.
Virtual Primary Platform (VPP) – defines the security services running on the tamper-resistant platform, called a Virtual Primary Platform (VPP). The VPP creates a standardised ‘virtual’ version of the hardware platform that allows developers to build secure solutions and deploy them across variety of products.
“The market came to us because of our long history of SE and application management,” adds Kevin Gillick, Executive Director at GlobalPlatform. “GlobalPlatform has decades of experience in standardising the functionality and security of OSs to offer interoperability and a high level of protection. To achieve a similar level of security for integrated secure elements as that offered by existing SEs, we have relied on the expertise and contributions of our members and are now engaging with other industry bodies such as ETSI for deployment in the telecommunication industry as an evolution of SIM cards. We believe that this technology will bring value to both manufacturers and service providers, creating new opportunities for device connectivity like 5G and NB-IoT, device design and secure service management.”