Products combine to boost PED, phone security
Nov 9, 2007 — by Eric Brown — from the LinuxDevices Archive — 1 viewsAn embedded security software vendor and an embedded virtualization platform provider are jointly marketing an integrated stack aimed at both PIN entry devices (PEDs) and mobile phones. The stack comprises Trusted Logic's “Security Module” running on a virtual processor under Trango's Hypervisor.
Trusted Logic is notable for having helped ARM develop TrustZone, the pre-boot security hardware available to ARM core licensees as an add-on. Trusted Logic's own TL Security Module works with any ARM core, it claims, including those with our without TrustZone hardware. The Module includes a small, highly secure OS intended to host security-criticial applications, along with a secure IPC (inter-process communications) channel to rich OSes such as Linux and Windows CE.
Trusted Logic TL Security Module architecture
(Click to enlarge)
Trango's Hypervisor, meanwhile, comprises a 20KB microkernel capable of hosting two or more guest OSes on a single processor core. Guest OSes run in CPU user mode, rather than protected mode, for added security compared to solutions from other virtualization vendors, the company claims. The Trango Hypervisor is shipping on ARM, PPC, and MIPS architectures, and was previously used alongside Linux in a MIPS-based PIN entry device.
Combined Trango/Trusted Logic stack architecture
When used together, the companies claim their products offer total security, a small footprint, and reduced costs — characteristics they hope will encourage the combined stack's use in low-cost consumer devices like mobile phones.
According to Trango, virtualization reduces the cost of PEDs without compromising the demanding certification requirements of security standards such as the Payment Card Industry PIN Entry Device (PCI-PED) specification and EMV specifications. PIN entry processes are said to run in their own execution environment, fully partitioned from Linux or Windows CE, which can simultaneously display consumer messaging, news, weather, or advertising.
Trusted Logic claims to have invented the security module concept, introducing the first such product in 2004. CEO Dominique Bolignano stated, “Trango Hypervisor enhances the TL Security Module by enabling a number of isolated execution environments, thus offering the combined benefits of security and multi-core chips on a lower cost, single core chip.”
Availability
No information was provided on the pricing or availability of the combined Trango/Trusted Logic stack. Trango's Hypervisor is available now on ARM9, and expected to ship early next year on ARM11.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.