Towards Update-Proof Sealing: Challenges for Trusted Computing in M³

Sealing is a Trusted Computing concept in which applications store their sensitive data securely using encryption, such that only the same application running on the same Trusted Computing Base (TCB) is able to decrypt it again. This property, by design, renders sealed data inaccessible whenever the code of the application or parts of the TCB (such as the underlying operating system) is changed.

While this is advantageous in terms of preventing manipulation by an adversary, it also results in data loss when a component of the system is updated by the vendor. The objective of this research project was to identify solutions to this update-problem and to assess their feasibility for M³ systems.

The presentation will cover various architectures specified by the Trusted Computing Group and their application to M³ to establish a Root of Trust. Furthermore, possible ways of implementing Sealing in M³ and solutions to the update-problem are discussed.