Chris McConnell is Engineering Manager for the Intel Key Generation Facility.
In today’s digital age, the security of a supply chain is crucial to ensuring that systems are configured as expected and any changes can be captured and validated. Intel Tiber Transparent Supply Chain helps device owners verify that the devices they receive from the OEM are secure and have not been tampered with. In addition, owners can check that the device configurations are kept up-to-date throughout the lifecycle of the device.
OEM / ODM Roles
The Original Equipment Manufacturer (OEM) specifies the device’s configuration for components such as memory, storage drives, Wi-Fi, Ethernet, and GPU. The Original Design Manufacturer (ODM) builds according to the build configuration. Intel Tiber Transparent Supply Chain provides manufacturing tools run at the factory by the ODM to capture system configuration data before it leaves the factory. This data is then uploaded to the Intel Key Generation Facility, where the data is signed using the OEM signing key. Details are captured below. The snapshot gathered when the device is manufactured is the first stage in providing supply chain visibility.
Let’s look at a typical enterprise laptop as an example. Intel Tiber Transparent Supply Chain records data from the following components:
- Trusted Platform Module
- Endorsement key certificate serial number
- Platform Configuration Registers
- Firmware version
- BIOS version
- System
- Baseboard
- Chassis
- Processor
- Memory
- Power supply and battery
Each component supplies the following data:
- Serial number
- Manufacturer
- Model
- Version
- Revision
- Manufacturer ID
Verification Tools
Devices enabled by Intel Tiber Transparent Supply Chain can be verified by the end user using the Verify Tool and Auto-Verify Tool provided by Intel. These tools verify that the system configuration matches the signed data from the OEM/ODM factory and show any differences between the device’s state at manufacturing and its current state. This helps customers catch any devices that have been tampered with below-the-OS before they are distributed to their employees.
Lifecycle Updates
During a device’s lifecycle, there may be components replaced (more RAM, larger SSD) or new firmware received for feature and security updates (BIOS, microcode). The Verify tool can capture these authorized changes and generate a “delta” file, which is then signed by the same Intel Key Generation Facility that signed the original manufacturing information. These delta certificates can be used to verify authorized changes to the system and identify any unauthorized changes that could potentially compromise the device.
Four Key Ingredients for Supply Chain Trust at the Hardware Layer
The security of a supply chain is as crucial as the quality of the products it delivers. The key ingredients that form a secure hardware supply chain include:
- Hardware Root of Trust (HRoT): Establishing a hardware root of trust begins with the Trusted Platform Module (TPM), a standard developed by the Trusted Computing Group (TCG). TPM 2.0, as defined by the International Organization for Standardization (ISO 11889), provides a secure processor that can generate and store cryptographic keys to protect information. The TPM also utilizes an immutable Endorsement Key (EK), which is a unique identifier for each TPM. The TPM EK provides the cryptographic binding of the platform serial number and the TPM to establish the HRoT.
- Platform Certificate: This is a signed manifest by the equipment manufacturer that contains the TPM Endorsement Key, and platform components, which attribute asset information and cryptographically binds the device to the TPM. The platform certificate is a testament to the device's origin and is a critical component in the chain of trust allowing for traceability from the manufacturer to the end user. It helps ensure that the platform components can be verified as authentic and unaltered through the supply chain.
- End-User Verification Tools: To attest to a trusted hardware supply chain, end user verification tools are required to run on the platform. The Auto-Verify tool, for example, reads the component information in the platform certificate and identifies any system changes from the time of manufacturing. The Customer Web Portal allows users to access the signed platform certificates and “As-Built” data reports, providing confidence in the authenticity of their systems.
- Compliance Regulations: A trusted supply chain must adhere to rigorous security standards and government regulations. The chain of trust processes should satisfy the requirements of the Defense Federal Acquisition Regulation Supplement (DFARS), which helps mitigate the risk of counterfeit electronic parts. This compliance is a demonstration of the supply chain’s integrity and reliability.
Utilizing Cryptography to Help Verify the Transparent Supply Chain Data
All Transparent Supply Chain data is cryptographically signed by the Intel Key Generation Facility using the OEM signing key. This signing helps ensure data integrity for the end user. The public key OEM signer is used by Intel Tiber Transparent Supply Chain to verify the platform data signature. Any modification to the data will result in the signature verification failing by the tools and alerting the end user.
In summary, a transparent supply chain is built on a robust hardware root of trust, coupled with data collection at the OEM/ODM manufacturing stage utilizing Intel Tiber Transparent Supply Chain. The chain is deemed verified when the device is received and maintained using cryptographic primitives designed to ensure the device and its platform data have not been altered. This process provides comprehensive traceability and transparent verification services, empowering end users with the tools they need to verify device integrity at the hardware level.
To learn more, visit intel.com/tsc.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.