Skip to main content

2.6. Hardware Watchdog

2.6. Hardware Watchdog

There is a class of malware that holds a device hostage and does not allow it to reboot to prevent updates from being applied. This can be a significant problem because it allows a fleet of devices to be held hostage for ransom.

A solution to this problem is a watchdog timer implemented in a protected environment, such as a Trusted Platform Module (TPM), as described in Section 43.3 of [TCGarch]. If the watchdog does not receive regular and fresh Attestation Results regarding the system's health, then it forces a reboot.

Attester: The device that should be protected from being held hostage for a long period of time.

Relying Party: A watchdog capable of triggering a procedure that resets a device into a known, good operational state.

Last updated on