President and Chairman of Trusted Computing Group (TCG), Dr. Joerg Borchert, shares the news regarding TCG’s first ever CodeGen Developer Challenge. TCG enables secure computing through its member-driven work groups, and covers embedded systems, networks, storage, infrastructure, and cloud security. This blog was first posted on TCG’s website.
The winner of the first ever Trusted Computing Group (TCG) CodeGen Developer Challenge has been crowned, with two exciting solutions from Leonardo DRZ’s team taking the top prize.
The CodeGen Developer Challenge brought together developers from across the industry to participate in the event and create software solutions that embodied the theme, “Pervasive Security and Application of TCG standards in software and hardware development”. The winning team consisted of Njegos Nincic and Jeff Morgan from Leonardo DRZ, who developed two possible solutions to secure the software booting process.
The week-long CodeGen Developer Challenge provided an opportunity for brilliant talents to create a functional prototype built off a TCG standard. Bringing together peers who share the same passion for digital technology and innovation, each team was given a dedicated TCG mentor who was on hand virtually throughout the event.
With the cyber skills shortage and training gap being a prominent issue in the industry, the CodeGen Developer Challenge helped to unite people in learning, exploring, and developing new software designs.
The winning innovation
The winning team developed two possible solutions to add an extra layer of security when verifying the state of data storage. One solution used existing TCG technologies, such as Opal and the TPM, while the other was a potential extension to the TCG Storage Core specification.
Firmware/software corruption mitigation has become increasingly important in both commercial and military applications. Permanent Denial of Service attacks are an increasing concern in these sectors, as they render the system unbootable. A UEFI Secure Boot enabled system will fail to boot if the bootloader is altered or compromised, which is why verification and authentication are so important with the threat of cyberattacks growing in frequency and complexity.
The winner’s system can help a wide range of applications beyond the commercial and military sectors. Using TCG technologies, an extra security protocol is added to check and recover the storage of data. For the potential extension of the TCG Opal SSC specification Nincic and Morgan suggested adding two new commands: Setup Recovery and Toggle Recovery. These commands would add another process to help measure data and enable recovery of the system if needed. This ensures stricter security authentication protocols suitable for critical applications that need additional protection and the extra confidence in secure confidential data.
The winners were presented with $5,000 following their great efforts in creating software solutions that embody Pervasive Security and utilize TCG standards. They have also been invited to present their comments to TCG’s Storage Work Group.
The industry relies on collaboration and unification of different sectors to constantly innovate and find new solutions that enable security. Coming together to learn and educate each other is how the industry will continue to evolve, and no one company or person can do it alone.