The ORWL tamper-proof computer comes with two secure microcontroller units (MCU), one on the mainboard (Maxim’s MAX32550) and one in the authentication key fob (STMicroelectronics’ ST54D). Design Shift, the company making it, explained in detail how these work to protect the system against tampering.
The Role Of The Secure MCUs
The two secure microcontrollers have multiple roles to ensure the system is protected, including a self-encrypted SSD, tamper-proof active mesh, key fob authentication, out of range lockdown, and off-grid backup.
The self-encrypted SSD automatically encrypts all of the stored data. The key is stored on the mainboard's secure MCU and is given to the SSD only after the users authenticate with their key fobs.
Perhaps the key selling point of the ORWL computer is its enveloping “active mesh,” which is the main physical feature of the system that protects against tampering. The active mesh protects the CPU, mainboard, and the secure MCU. The active mesh and the secure MCU work together, so if anyone tries to tamper with the mesh, the MCU wipes the decryption key for the SSD. This way nobody can get to the data through physical attacks.
The mainboard microcontroller authenticates the physical security key through an NFC connection, and then it monitors the range through a Bluetooth LE connection. The system automatically disconnects the user after the key fob is out of the range of BLE. When the key fob is out of range, the mainboard secure MCU disables the USB ports and puts the system into standby mode. The secure MCU will also cut the power to the Intel subsystem when the security key is out range and if the ORWL PC is moved around.
The secure MCU's battery will last several months. If the user does not replace it during this time, it will automatically destroy the encryption key.
Secure MCU Features
The team behind the ORWL computer said that although dedicated security appliances in the financial, medical, and defense industries have used secure microcontrollers, their tamper-proof computer is probably the only consumer PC to use them. A secure MCU is just like a regular MCU, but with some extra features to protect data from unauthorized access.
Much like ORWL’s own active mesh encasing, the secure microcontrollers also come with their own tamper-proof “conductive meshes,” called “die shields.” The die shield completely surrounds and protects the secure MCU against physical intrusion. The system will delete sensitive data if it detects tampering. Die shields also act as electromagnetic shields to protect against side-channel attacks.
The ORWL team revealed that its mainboard secure MCU is a Cortex M3 with the following security features:
- Die shield with self-erasing memory on tamper
- Hardware accelerators for cryptographic primitives
- Side channel protection for crypto operations
- True random number generator
- Six tamper sensors for monitoring the active mesh
- Temperature and voltage tamper monitors
The MCU in the physical security key used for user authentication is an ARM “Secure Core” that implements the secure element aspect of NFC and has its own die shield.
Secure MCU Trustworthiness
The OWRL team said that it couldn’t publish the full technical details of the two secure MCUs, because it seems no microcontroller company is willing to give them away without first signing an NDA. That means even if Design Shift gets the technical datasheets, it can’t make them public. However, the team said that there are other ways in which to verify the trustworthiness of the two chips.
Design Shift said that it has indeed entered an NDA with two microcontroller vendors, so it can at least verify itself that everything works as it should. It also noted that other parties could also enter NDAs with the MCU makers to receive the technical datasheets as well. However, this could get quite expensive, so Design Shift has hired Penumbra, a security company, to audit the security of ORWL. The company will make the audit details public when it’s finished.
The MCUs that ORWL uses are also widespread in the financial industry, which obviously has an incentive to ensure that the chips are secure and without any backdoors that could make their entire financial systems vulnerable to attacks. Because they're widely use, potential attackers may be looking at them for exploitation. These two things should help increase the trust in the security of ORWL’s microcontrollers.
The ORWL team said that it would try to make it as easy as possible for other developers to reprogram the MCUs or allow them to sign all firmware with their own keys. The company will release a dev kit soon with all the tools necessary to build and verify all of ORWL’s firmware.
Design Shift said that the most opaque part of the mainboard's secure MCU is the boot ROM firmware. However, Maxim, the maker of that MCU, agreed to sell it a version of it without any firmware.
This will require $20,000, which Design Shift said it’s willing to pay, but the hard part will be the development of an open source replacement firmware. For this reason, the company is asking the open source community for help. Once the replacement is complete, the custom secure MCU will be available to anyone to use, according to the company.