What is Measurement and Attestation Roots (MARS)?

How can I protect embedded devices in a network?
Regardless of the sector, contemporary networks encompass hundreds or even thousands of interconnected technologies. Devices vary in dimensions and capabilities, leading to the improbable existence of a one-size-fits-all security solution. This diversity presents a symphony of opportunities for would-be attackers, who can exploit these devices to wreak chaos within a network and seize access to confidential and possibly valuable data.

Organizations within critical industries must rely on the general ecosystem to implement strong measures as they cannot do so directly. From within this ecosystem comes Measurement and Attestation Roots (MARS).

What is MARS?
MARS, or Measurement and Attestation Roots, is a security architecture that integrates a physically segregated set of safeguarded domains, thereby enhancing the defense capabilities of device functionalities.

MARS has been designed to carry out similar processes to a Trusted Platform Module (TPM), implemented directly into hardware without the need for a discrete chip or processor modes.

When would I need to use MARS?
When it comes to enhancing security measures for devices, most operators and manufacturers would consider a TPM as the foundation of trust. But for embedded devices this may be impractical or expensive, with the RoT often larger than the host it would be attached to. For these devices, there’s MARS.

What sort of devices does MARS protect?
Any embedded devices within a connected ecosystem can benefit from MARS when you are looking to establish a protected, trusted digital ecosystem.

MARS can be integrated into all types of device designs where a TPM is impractical or unfeasible.

How does MARS work?
MARS fortifies trust by enhancing a device’s ability to measure and attest its integrity. In response to the escalating need for security across diverse sectors, MARS allows manufacturers and operators to define protection by which logic is directly embedded into hardware, all the while maintaining isolation from the host processor environment. MARS provides devices with fundamental functions such as hashing, signing, and key derivation, thereby providing the essential security attributes of identity, measurement storage, and measurement reporting. These functions contribute to the validation of a device’s health and integrity under the MARS specification, aiding users to accurately gauge its trustworthiness and reducing the potential threat landscape.

Compact enough to be fashioned as a state machine surrounding a cryptographic accelerator or connected to an internal bus, MARS’s design bestows manufacturers and operators with an expanded array of options for crafting fitting security solutions. The outcome is a solution capable of delivering enhanced security without having to break the bank.

Where can I find more information on MARS?

Interested in an overview of the solutions for other devices? See What is a Root of Trust?

Interested in other solutions that secure smaller devices and components? See DICE.

Interested in solutions that secure larger devices? See TPM.



Membership in the Trusted Computing Group is your key to participating with fellow industry stakeholders in the quest to develop and promote trusted computing technologies.

Join Now

Trusted Computing

Standards-based Trusted Computing technologies developed by TCG members now are deployed in enterprise systems, storage systems, networks, embedded systems, and mobile devices and can help secure cloud computing and virtualized systems.

Read more


Trusted Computing Group announced that its TPM 2.0 (Trusted Platform Module) Library Specification was approved as a formal international standard under ISO/IEC (the International Organization for Standardization and the International Electrotechnical Commission). TCG has 90+ specifications and guidance documents to help build a trusted computing environment.

Read More