Aladdin Trusted Security Module (TSM)

Aladdin Trusted Security Module (TSM) developed by Aladdin R.D. company for architecture of ARM is means of a trusted boot of level of basic input-output system (BIOS) of the second class of protection.

2020: Inclusion in the Unified register of domestic software

On September 7, 2020 the Aladdin R.D. company, the Russian developer and solution provider for information security support, announced entering of Trusted Security Module into the Unified register of domestic software.

Means of a trusted boot of Trusted Security Module is the only thing for September, 2020 the solution on a trusted boot of the operating system on ARM processors.

TSM gives to an opportunity to use (to continue to use) the most element base where it is necessary to provide the high level of security. The solution is certified by FSTEC of Russia (No. 4155) on the 2nd class of trust and allows to apply TSM together with i.MX6 ARM processors as a part of devices and systems in the protected objects of KII of any level, in the state information systems (SIS) and information systems of personal data processing (ISPDN) of any level, with the classified information to the Top secret level.

2019

The FSTEC certificate of Russia hectare of TSM for The Entrusted Platform complex

The Aladdin R.D. company, the Russian developer and solution provider for information security support, announced on September 10, 2019 obtaining the certificate of conformity of FSTEC of Russia on means of a trusted boot of Trusted Security Module (TSM) for the hardware and software system "The Entrusted Platform" based on ARM processors. The technology and the product TSM are intended for developers and producers of the electronic equipment on ARM processors, system integrators.

Certificate of conformity No. 4155 issued by FSTEC of Russia certifies that TSM is means of a trusted boot and conforms to the requirements for security of information set in the documents "Requirements to Means of a Trusted Boot" and "A profile of protection of means of a trusted boot of level of basic input-output system of the second class of protection. IT.SDZ.UB2.PZ".

Trusted Security Module provides using ARM TrustZone technology credibility to the loaded OS and the software in systems constructed on i.MX6 ARM processors of NXP company.

The trust problem to import electronics is extremely relevant at present. Thanks to our development we will be able "to reflash" modern import ARM processors, loading into their TrustZone the Russian entrusted Secure OS with functions of "electronic lock" and providing a trusted boot, control of integrity both Secure OS, and any "guest" OS, data protection from NSD, leaks, distortions, interception, control of channels and methods of dissemination of the protected data and compliance to requirements of the Russian regulators in the field of cybersecurity" — the CEO of Aladdin R.D. company Sergey Gruzdev is sure.

TSM gives to an opportunity to use (to continue to use) element base, reliable and available at cost, where it is necessary to provide the high level of security. The received FSTEC certificate of Russia allows to apply TSM together with i.MX6 ARM processors as a part of devices and systems in the protected objects of KII of any level, in the state information systems (SIS) and information systems of personal data processing (ISPDN) of any level, with the classified information to the Top secret level.

Aladdin TSM is built in the protected Oniks08 tablet

On May 15, 2019 the company"Aladdin R.D.", Russian the developer and solution provider for providing information security, and NPF Ltd Dolomant", domestic manufacturer of computing means for severe conditions of operation, submitted the next version protected tablet Oniks08 with the built-in Aladdin TSM mean of the entrusted loading. In more detail here.

Description of technology and product Aladdin Trusted Security Module

First, Aladdin Trusted Security Module (TSM) is a sterilizations technology import ARM-processors the i.MX6 series of the company NXP/Freescale, allowing to replace the factory loader with own entrusted to load own implementation of Secure OS (TEE/Trusted Execution Environment) and to provide control over communications and processes, loading and interaction with any "guest" system (without entering of any changes into it or into the used applications).

Secondly, TSM is a licensed software product — Embedded TSM which includes:

• The module of a trusted boot implementing functions of the electronic lock, meeting * requirements of the Profile of FSTEC to means of a trusted boot of the BIOS level of the second class of protection (to a state secret with privacy degree "Top secret").
• The module of the entrusted input-output with display of the mode — safe/dangerous — the green/red frame around the screen brought directly out of TrustZone.
• The module CIPF and EDS*, the implementing set the Russian cryptoalgorithms and protocols, works as trastlt in the isolated entrusted TrustZone environment with the hardware entrusted storage of keys. At the same time all cryptographic functions are available to applications in "guest" OS through usual calls of pkcs#11 library.
• The module of centralized operation allowing to manage remotely using the JMS system (JaCarta Management System) keys and certificates, loading of trastlet it is safe to update processor "firmware", to load and analyze magazines of audit, etc.

* — for May, 2019 is in a certification process.

In general the TSM technology gives the chance:

• Use (to continue to use) modern, reliable and inexpensive element base where it is necessary to provide the high level of security, for example in the CUE, an APCS, for the navigation and communication equipment.
• "Reflash" modern import ARM-processors (so far only for i.MX6 line), loading into their TrustZone the Russian entrusted Secure OS with functions of the "electronic lock" providing:
  • Trusted boot, control of integrity both Secure OS, and any "guest" OS and all files of programs and data
  • Data protection from NSD, leaks, distortions, interception
  • Control of channels and methods of dissemination of the protected data
  • Use of the Russian cryptography (for applications it looks as crypto - the coprocessor)
  • Compliance to requirements of the Russian Regulators in the field of cybersecurity.

The technology and product are intended for developers and producers of the electronic equipment, system integrators.