This chapter finally gets to the bottom—pretty much literally—of many of our discussions about trust, in that without a root of trust in hardware, our search for trust in computing is likely to be fruitless, as we have seen. For more details of the mechanisms that provide the underlying components, Ross Anderson's Security Engineering: A Guide to Building Dependable Distributed Systems¹ is the canonical work in the field, and it is strongly recommended that readers turn to it for further reference. Rather than attempt a survey of many different types of hardware and how they relate to trust, we look at the two key sets of properties that hardware may enforce or strengthen and then at what happens if hardware components are compromised. Our final section explores how hardware can help systems to impose and enforce boundaries, as we apply our understanding of hardware and isolation to trust and trusted computing bases (TCBs) explicitly and consider the opportunities that present themselves for explicit trust relationships around trusted execution environments (TEEs).

Properties of Hardware and Trust

There are two properties of hardware components that we have identified as important to our quest for understanding trust: isolation and root of trust. We have considered both to some degree earlier in the book; here, we will look at how hardware components provide them.