With the expansion of data centers, cloud computing and the Internet of Things (“IoT”), ensuring trust in the supply chain has become more important than ever. From the sourcing of components used in manufacturing and platform assembly all the way through the distribution and logistics of the final product, a trusted supply chain (“TSC”) can be established based on trusted hardware and standards developed by the Trusted Computing Group (“TCG”). This article intends to describe the incentives to help prioritize supply chain trust as a major organization issue and to explain the use of a hardware (“HW”) Root of Trust (“RoT”) to establish a trusted supply chain.
Incentive for Supply Chain Trust
In today’s diverse manufacturing, logistics and just-in-time (“JIT”) inventory environment, assurance of a device’s origin and subsequent history has become a critical challenge. Remote deployment and provisioning should also provide assurance in the supply chain. This assurance has the added benefit of reduced reliance on physically tracking devices through the supply chain as well as reduced cost and service time.
Companies that need further convincing should do a quick search to see how easy it is to find incidents of major hacking of the supply chain and the use of counterfeit, substituted and sometimes malicious components. One of the more recent incidents impacted as many as 300 companies, so this is not a potential problem. It is real.
Figure 1 shows vulnerable points in the supply chain and the benefits of adding trustworthy elements. There are many opportunities for malicious acts to occur in the supply chain before end users even turn on their new equipment. Such attacks should concern every company regardless of their size or market focus. Military organizations are well aware of the significance of the problem.
An internal report produced by the U.S. Joint Chiefs of Staff Directorate for Intelligence, J-2, states, “Cyber security officials are concerned that … computers and handheld devices could introduce compromised hardware into the Defense Department supply chain, posing cyber espionage risks, said officials familiar with the report.”
Another article in Supply Chain Magazine, “The Supply Chain Silent Threat – Cyber Attack,”  provides a 30-year history of cyberattacks. These efforts are not new.
Published in 2015, the U.S. Department of Defense (“DOD”) published a three-page interim rule to the Defense Federal Acquisition Regulation Supplement (“DFARS”) that gave government contractors a deadline of December 31, 2017 to implement the requirements of the National Institute of Standards and Technology’s (“NIST”) Special Publication (“SP”) 800-171 to deal with cybersecurity threats. Section 252.246-7007, “Contractor Counterfeit Electronic Part Detection and Avoidance System”  specifically addresses “design, operation, and maintenance of systems to detect and avoid counterfeit electronic parts and suspect counterfeit electronic parts.”
The Trust Solution
Assurances of a device’s origin helps establish the foundation for a trusted supply chain. TCG’s initial Trusted Platform Module (“TPM”) standard defined a hardware root of trust or “HRoT.” More recently, TPM 2.0, now International Organization for Standardization (“ISO”) standard (ISO 11889) as well, created a library specification to describe all the commands/features that could be implemented and might be needed in a variety of platforms including embedded systems.
In the TPM, the Endorsement Key (“EK”) is a permanent (with some exceptions) key that is uniquely associated with a specific TPM. It provides assertions about the TPM but no assertions about the platform. A TPM EK can “certify” other TPM/platform keys created by the owner or users. In addition, a TPM also has Platform Configuration Registers (“PCRs”), Attestation ID Keys, Signature Keys and Encryption Keys for verifying access and protecting data.
Figure 2 shows how the TPM provides the HRoT. The TPM EK certificate and a platform certificate are used to establish the documentation for the platform. The TPM’s EK certificate is signed by the TPM Vendor. Then the Platform Manufacturer (“PM”) attaches the TPM to a platform where the EK is bound to the platform to provide a platform-specific key.
The platform certificate created by the platform manufacturer attributes asset information about the platform and the Root of Trust for Measurement (“RTM”) binding it to the TPM. The value of the measurements is proportional to the trust in the RTM provided by the platform manufacturer.
Finally, the supply chain obtains proof of assertions to verify platform and EK certificate signatures as well as to verify the EK certificate bound to that platform.
Implementing a Trusted Supply Chain
Building on the TPM general architecture, Figure 3 shows the steps for the documentation for the RoT, which continues through the supply chain until it gets to the final owner where an information technology (“IT”) expert uses tools available on open source to verify platform signatures, EK certificates and other trust confirming tasks.
Based on the previous chain that was established in the lifecycle of the system, Figure 4 shows how the appliance certificates are generated. Generating the chain of trust starts with the TPM creating the EK for each TPM and establishing the hardware root of trust. Next, the platform manufacturer permanently mounts the TPM onto the platform and creates the platform certificate and binds it to the EK.
Then a Signing Service provides a platform certificate that cryptographically binds the platform to the EK. Finally, the System Integrator creates an appliance certificate and binds it to the platform certificate. At the end of the process, the end user benefits from the ability to trace the appliance to credible HRoT for establishing technology provider accountability as well as transparency.
The chain of trust process is important and essential to provide total traceability and a HRoT based on the TPM. It enables component-level traceability for platforms and systems to mitigate the risk of counterfeit electronic parts while conforming to DFARS Supplement 246.870-2.
The trusted supply chain also provides an end-user Auto Verify tool that identifies certain system changes from the time of manufacturing to the time of first boot. The “As-Built” data report and Auto Verify tool offers customers confidence in the authenticity of their systems.
Traceability in the supply chain includes platform certificates with component level traceability supported by an “as built” report generated from the factories, a statement of conformance attesting to the authenticity of the system and finally the customer web portal that downloads the files with a link sent regarding access details to the files/certificates.
Figure 5 shows how the various trust items flow through the TSC process from initial generation, signed and then downloaded so the customer can use the tool to verify it.
The Auto Verify tool collects data on all the components in the system, not just the TPM, providing Platform Certificate Validation as well as Direct Platform Components Validation. The components could include a laptop with some drives, memory, processors and more. The first time the customer powers up, the tool checks for any changes in that hardware comparing what the customer received to what was shipped from the original design manufacturer (“ODM”).
System-level traceability is based on a hardware root of trust for each system and starts with the HRoT provided by the TPM on the motherboard. In addition, software tools deployed during the manufacturing flow at the ODM capture system information as well as the TPM certificate (including public EK). A unique X.509 platform certificate for each system is generated and signed using Platform Manufacturer Certificate Authority. This attests that the purchased system is the specific system built by expected manufacturer. To aid in the process, the Platform Certification Tool (PCVT_TPM20) is available on GitHub. Figure 6 shows how data from original and as delivered platform “snapshots” are identified and displayed.
With the knowledge of the problem and availability of a well-developed solution, what should the concerned reader do? The Steps to Establishing Supply Chain Trust Side Bar identifies a four-step process to move from today’s unknown position to a trusted supply chain. Got Trust?
Product tampering and unauthorized substitutions can occur anywhere in the supply chain. To prevent product tampering, a Trusted Supply Chain is based on a hardware Root of Trust established by using the Trusted Computing Group’s Trusted Platform Module standard. Through the various manufacturing and assembly phase and distribution logistics, end-user verifiable component authenticity backs up and builds on the hardware Root of Trust. When a system is ultimately in the hands of the end user, an Auto-Verify tool validates the system components using Platform Certificate Verification for TPM/Platform authentication. The tool provides traceability, accountability, assurance and security to the user and is designed to be a straightforward and easy-to-implement process that establishes trust in the supply chain and mitigates the potential for cyberattacks due to supply chain tampering.
Side Bar: Steps to Establishing Supply Chain Trust
Step 1 Immediately: evaluate your company’s supply chain for its IT components
Step 2 Within the next three months: identify IT components that have supply chain risk and determine if there is an opportunity to incorporate TSC supply chain
Step 3 Within the next six months: implement a secure supply chain based upon the TPM
Step 4 For future purchases: consider platforms that incorporate Lenovo models with the Intel Transparent Supply Chain Certification Tools for TPM 2.0 Support
Intel provides these materials as-is, with no express or implied warranties.
All products, dates, and figures specified are preliminary, based on current expectations, and are subject to change without notice.
Intel, processors, chipsets, and desktop boards may contain design defects or errors known as errata, which may cause the product to deviate from published specifications. Current characterized errata are available on request.
Intel technologies' features and benefits depend on system configuration and may require enabled hardware, software or service activation. Performance varies depending on system configuration. No product or component can be absolutely secure. Check with your system manufacturer or retailer or learn more at http://intel.com.
Some results have been estimated or simulated using internal Intel analysis or architecture simulation or modeling, and provided to you for informational purposes. Any differences in your system hardware, software or configuration may affect your actual performance.
Intel and the Intel logo are trademarks of Intel Corporation in the United States and other countries.
*Other names and brands may be claimed as the property of others.
© Intel Corporation
Tom Dodson is a Supply Chain Security Architect with more than 20 years’ experience in the Boards and Systems Manufacturing and Supply Chain business area. Tom started out his career at Intel as a manufacturing quality engineer working with third party ODM manufacturers and suppliers worldwide that produce products for Intel. Five years ago Tom began working on the Trusted Supply Chain program with TCG Contributor Advisor Monty Wiseman. One of the areas that was of particular interest was the need to be able to show providence in the components used by the factories during manufacturing. With his 15 years of manufacturing and supply chain experience, Tom worked with Monty to develop an implementation of a Trusted Supply Chain at Intel. Tom has worked with TCG IWG members to incorporate Trusted Supply Chain requirements into Platform Certificate specifications. Tom has presented the Trusted Supply Chain concepts at RSA and NIST conferences, policies and procedures that have been outlined in the Trusted Supply Chain.