After checking multiple suppliers and reading about HW secure elements, I would like to understand the use of this type of electronic components.
Maybe I´m wrong, but it seems a HW secure element provides a Root of Trust for a certain data. This is, the HW Secure Element assures that, for example, a private key, will only be known by the secure element itself. Is this correct?
Now, thinking about a system where a SoC generates automatically a private key and stores it in a Trust Zone, wouldn´t this be similar to a HW secure element?
Is there an alternative to HW Secure Element in a SoC?
Best Answer
Yes, generally there is a combination of private keying material and security hardware to use it. In a set-top-box for example they will use a signed boot image that is first pre-authenticated on the SoC by a security processor, using the private key stored in e-fuse.
The system is designed to be anti-tamper, that is, robust to various kinds of crypto analytic attacks. For example, it’s impossible to read the secure keying material directly once it’s programmed, only the secure processor can use it.
It’s not really possible to make a secure system with private keying unless there is some level of physical security for the keying material and low-level control over the boot-up process. Each stage of booting is a vulnerability point, so it’s important to maintain a chain of trust from stage to stage.