The security of embedded systems and IoT devices often depends on how well cryptographic secrets are protected. Mako Server and Xedge, both built on the Barracuda App Server, include a software-based Trusted Platform Module (softTPM) that manages sensitive key material without requiring dedicated hardware.
The softTPM is designed to provide security properties similar to those of a physical TPM when properly configured. It supports robust encryption and integrity mechanisms while simplifying system design by removing the need for an external TPM chip. The implementation focuses exclusively on Elliptic Curve Cryptography (ECC), allowing it to concentrate on a modern and widely adopted cryptographic foundation.
To protect its internal MasterKey material, the softTPM uses white box cryptography techniques to obscure how secrets are represented and derived within the executable. This approach is based on established industry knowledge about the practical challenges of extracting secrets from compiled binaries and is intended to significantly raise the bar for real-world attackers.
This document provides a high level overview of the softTPM and explains how to initialize it correctly using C code, with the goal of helping you deploy the system in a secure and well understood manner.
Refer to the softTPM API for details on using the TPM in Lua.
The softTPM design in the Mako Server and Xedge does not rely on embedding a single static secret directly in the binary. Instead, it derives two related MasterKey values at runtime using a combination of embedded key material and controlled execution logic in both C code and Lua code. One MasterKey value is shared across devices, while the other can be made device-specific when device-specific input is available.
White box cryptography is used as a protective layer around the embedded key material that participates in this derivation process. The purpose of this approach is not to expose a fixed cryptographic key, but to obscure how the final MasterKeys are constructed and to make direct extraction through static analysis impractical. This design shifts the security focus away from protecting a single constant value and toward protecting the derivation process itself.
Any secret implemented purely in software can, given enough time, skill, and resources, be extracted. In practice, the important question is not whether extraction is possible, but whether it is feasible at an acceptable cost. The softTPM design in the Barracuda App Server intentionally raises this cost by avoiding direct storage of secrets and by deriving MasterKeys through a combination of C code, white box techniques, and Lua based logic.
This design makes simple static analysis ineffective, including binary string searches and disassembly. As a result, an attacker is pushed toward runtime analysis and instrumentation, which requires significantly more effort and expertise. To defend against these attacks, the executable must be explicitly hardened at runtime.
The available hardening mechanisms and guidance on how to deploy the softTPM correctly are described in a dedicated document available to customers using the full Barracuda App Server SDK. Customers deploying the softTPM in environments where runtime analysis is a concern are encouraged to contact Real Time Logic using the support information provided in the software license agreement.
Both the Mako Server and Xedge use a primary secret embedded in the executable, along with optional additional secrets that can be supplied during initialization. From this input, the softTPM derives two MasterKey values. One MasterKey is shared across all devices, while the other can be made unique to each device.
The device unique MasterKey requires that a device specific identifier or secret is provided when the softTPM is initialized. When such input is available, the softTPM computes a Device Derived Unique Identifier (DDUI). This enables functions such as ba.tpm.uniquekey() and ensures that generated private keys are unique to each device.
Embedding secrets in software is always a cat-and-mouse game. However, by applying practical White-Box Cryptography techniques, Mako Server and Xedge effectively raise the bar against attackers. The MasterKey transformation is simple but devastatingly effective against professional threats.