A trust anchor can be implemented in either software or hardware; the choice calls for a trade-off between the complexity and level of assurance. Compared to software-based trust, tamper-resistant hardware provides better trust performance, as it provides a RoT with the secured storage of secrets. Hardware-based trust consumes less power (IIC-IISF), which is an important consideration for resource-constrained environments. These benefits, however, come at the cost of complexities in managing firmware and crypto library updates. Hardware-based security is more rigid, and often involves static implementation. In some instances, due to a lack of update capability, hardware vulnerabilities may last throughout the life of the device. In recent years, innovations in trusted computing have significantly addressed some of these limitations.
Software...