SlideShare a Scribd company logo

OP-TEE 101: An Introduction to Trusted Execution and OP-TEE

Linaro
Linaro

Smart connected devices such as mobile phones, tablets and Digital TVs are required to handle data with strong security and confidentiality requirements. A “Trusted Execution Environment” (TEE) provides an environment for processing data securely, protected from normal platform applications. This talk is intended as an introduction to Trusted Execution, and the open-source Trusted Execution Environment OP-TEE in particular. It introduces the GlobalPlatform TEE Specifications, explains how Trusted Execution is implemented by ARM TrustZone and OP-TEE, and outlines how trusted boot software manages the secure boot of an ARM platform. Finally, it gives some pointers on how to get started with OP-TEE.

Technology
1 of 56
Download to read offline
Presented by Date Event OP-TEE 101 A Gentle Introduction to Trusted Execution and OP-TEE Russell Wayman BKK16-110 March 7, 2016 Linaro Connect BKK16
What Does This Talk Cover? ● Why Trusted Execution and What is it? ○ Introduces Trusted Execution and GlobalPlatform Standards. ○ Provides information on key concepts and architecture. ● Why OP-TEE and What is it? ○ An Open-source Portable Trusted Execution Environment. ● How does OP-TEE work? ○ ARM TrustZone and OP-TEE Design. ● How to get Started with OP-TEE? ● Where to go for more information?
● Russell Wayman ● Project Manager, Member Services, Linaro: ○ Project Manager for the ARM, STMicroelectronics and Qualcomm Landing Teams. Previously I worked for STMicroelectronics as a Software Development Manager, managing projects in Development Tools, Operating Systems, Security Drivers and Boot Tools. Who am I?
Outline ● Trusted Execution and GlobalPlatform TEE Specifications ● ARM TrustZone® ● OP-TEE ● Trusted Boot ● Getting Started with OP-TEE
Security for Smart Connected Devices Smart connected devices: ● Smartphones, tablets, digital TV systems... ● For: Social, business, purchases, media… Need to protect: ● Bank details and passwords, ● Personal data, photos and video streams, ● Authorised access to mobile networks and online services, ● Paid-for multimedia content in line with digital rights.
Trusted Execution Environment ● An Isolated Execution Environment. ● Runs alongside a “Rich OS” e.g. Android, Ubuntu. ● Provides a higher level of security than the Rich OS. ● Provides trusted services to applications in Rich OS. A Trusted Execution Environment is intended primarily to secure against software attacks or “shack attacks” (low budget hardware attacks). Providing security against tampering and physical attack requires a “Secure Element” such as a Smartcard or Crypto IC.
GlobalPlatform and History of TEE ● ○ Created in 1999 to standardize smart card infrastructure. ○ A non-profit consortium with 130+ members. ○ Develops the standards for secure mobile platforms: ■ Cards, Devices and Systems. ○ Publishes TEE Specifications. ○ Runs TEE Compliance Program and Certification Scheme. ● Key TEE Specifications published: ○ TEE Client API Specification v1.0 July 2010, ○ TEE Internal API Specification v1.0 Dec 2011, ■ Internal Core API v1.1 June 2014.
Architecture of Platform with TEE Hardware Platform Rich OS (REE) TEE Client API Trusted OS Components TEE Internal APIs TEE Comm Agent Trusted Drivers Trusted Core Framework Hardware-secured resources Rich OS Application Environment Trusted Execution Environment Client Applications Trusted Applications
TEE Client API: Key Concepts Context: Connection from CA to the Trusted OS. Session: Connection from CA to TA. Command: Unit of Communication from CA to TA. Shared Memory: Shared buffers allocated by Client API or by CA and registered. Context Rich OS (REE) TEE Client API Trusted OS TEE Internal APIs Client Application (CA) Trusted Application (TA)Session Command Shared Memory
TEE Client API: Functions Client API Functions (TEEC_xxx): InitializeContext, FinalizeContext RegisterSharedMemory, AllocateSharedMemory, ReleaseSharedMemory OpenSession, CloseSession InvokeCommand, RequestCancellation Context Session Command Shared Memory
TEE Client API: Principles ● Blocking functions. ● Can use from multiple concurrent threads. ● Can request cancellation, ○ From another thread! ● Client-side memory allocation, ○ Pointers not opaque handles. ● Source-level portability but not binary-level, ○ So need to recompile for a different Trusted OS. Context Session Command Shared Memory
Trusted Application APIs required to... ● Communicate with Client Application and other Trusted Applications, ● Store data: in heap and secure file system, ● Get the time from system and real-time clocks, ● Use cryptographic operations, ● Get a PIN or login details from a User, ● Communicate with a Secure Element, ● Connect securely to services over the internet.
Trusted Application and TEE APIs Trusted OS TEE Internal APIs Trusted Application Entry Points: Create Destroy OpenSession CloseSession InvokeCommand TEE Core API: Trusted Storage Time Cryptographic Arithmetical Property Access Cancellation Support Memory Management Other TEE APIs: Trusted User Interface API Secure Element API Sockets API
TEE Core API (TEE_xxx functions) Trusted Storage Time Cryptographic Arithmetical Property Access Cancellation Support Memory Management
TEE Core API (TEE_xxx functions) Trusted Storage Create/Open/Close/… TransientObject or PersistentObject Time GetSystemTime/TAPersistentTime/REETime... Cryptographic Cryptographic Functions: Message Digest, Symmetric Cipher, MAC, Authenticated Encryption, Asymmetric Encryption and Decryption, Key Derivation, Random Data Generation Arithmetical Big Integer operations: Conversion, Logical, Basic Arithmetic, Modular Arithmetic... Property Access GetPropertyAs[String, Bool, u32…] , Enumeration... (Configuration Properties associated with TA, Client and TEE) Cancellation Support GetCancellationFlag, MaskCancellation... Memory Management Malloc, Realloc, Free, MemMove...
Other TEE APIs (TEE_xxx functions) Trusted User Interface API Create Message Box, PIN Screen, Login Screen Secure Element API Query the available Readers, Query the Secure Elements, Exchange Data with the SEs Sockets API Include basic network client functionality in a Trusted Application. Supports: UDP/TCP/IP, TLS
Other TEE APIs (TEE_xxx functions) Trusted User Interface API Create Message Box, PIN Screen, Login Screen TUICheckTextFormat, TUIGetScreenInfo, TUIInitSession/CloseSession TUIDisplayScreen Secure Element API Query the available Readers, Query the Secure Elements, Exchange Data with the SEs SEServiceOpen, GetReaders… SEReaderOpenSession... SESessionOpenChannel… SEChannelTransmit… Sockets API Include basic network client functionality in a Trusted Application. Supports: UDP/TCP/IP, TLS open, close, send, recv, error, ioctl
GlobalPlatform: What’s Next? specifications under development: ● TEE Administration Framework, ○ Online and offline methods for installation, update and removal of security domains and Trusted Applications, ● Trusted UI API v1.1, ● TEE Fingerprint Biometry API.
Outline ● Trusted Execution and GlobalPlatform TEE Specifications ● ARM TrustZone® ● OP-TEE ● Trusted Boot ● Getting Started with OP-TEE
ARM Four-Compartment Security Model User mode/System mode. Running processes are isolated from each other by the OS and the MMU. Allows multiple virtual OSs. Each VM isolated from others. Bus masters can be virtualized through System MMU. TrustZone® extensions. System can be physically partitioned into Normal world and Secure world. Physically separate ICs. Offering tamper-proof secured processing and storage. ARM SecurCore™ Processors Normal World Hypervisor Mode Trusted World Secure Elements
ARM TrustZone® 1 CPU Ether- net MMC USB GPU Graph- ics GPIO UART I2C System Bus I-Cache D-Cache RAM L2-Cache Interrupt Controller Timer Security Configuration Register 0 CPU Ether- net MMC USB GPU Graph- ics GPIO UART I2C System Bus I-Cache D-Cache RAM L2-Cache Interrupt Controller Timer Security Configuration Register Partitions SoC into Normal World and Secure World Non-Secure (NS) bit (bit 0) in the Secure Configuration Register in CP15 Normal World Secure World
ARM TrustZone® ● Partitions SoC into Normal World and Secure World. ● CPUs can timeslice between worlds. ● Hardware logic in the bus fabric enforces separation. ● Security-aware debug infrastructure. ● 2004: Introduced in the ARMv6Z architecture. ● 2007: Part of the ARMv7 architecture specification. ● 2013: ARMv8-A architecture introduced changes e.g EL3. ● 2015: ARMv8-M extends TrustZone to the Cortex-M.
ARM TrustZone® : CPU Architecture ● Extra processor execution level: ● EL3 (ARMv8 - Monitor mode in ARMv7). ● SMC instruction causes entry to EL3: ● Secure Monitor Call, ● Vectors execution to a defined location. ● Monitor Software runs at EL3: ● Manages switch between worlds, setting/clearing SCR bit 0. CPU System Bus I-Cache D-Cache Timer Security Configuration Register
ARM TrustZone® : Memory System ● MMUs provide 2 virtual address spaces: ● Code in Secure World can access either address space. ● TLB entries tagged to identify world that entered the data. ● Caches hold data from both states: ● Tag bit to record the world of the transaction. CPU System Bus I-Cache D-Cache RAM L2-Cache Interrupt Controller Timer Security Configuration Register
ARM TrustZone® : System-on-Chip ● Address space partitioning into Secure/Non-secure regions: ● TrustZone Memory Adaptor for on-chip SRAM, ● TrustZone Address Space Controller for off-chip RAM. ● Secure peripherals: ● TrustZone Protection Controller supports run-time switching of security state for peripherals on APB bus. CPU Ether- net MMC USB GPU Graph- ics GPIO UART I2C System Bus I-Cache D-Cache RAM L2-Cache Interrupt Controller Timer Security Configuration Register
● Provides hardware foundation for Trusted Execution. ● No guarantee: Trusted OS software must be written correctly! ● Could theoretically run full feature-rich OS in Secure World. ● In practice, Secure world software much simpler/smaller: ○Simple: Reduced complexity means less chance of errors, ○Small: Keep key Secure-world resources in on-chip RAM. ●Trusted OS can separate Trusted Applications using MMU. ●Peripherals can be switched into Secure World ○ e.g. for input of PIN or Login details. ARM TrustZone® and Trusted OS
Outline ● Trusted Execution and GlobalPlatform TEE Specifications ● ARM TrustZone® ● OP-TEE ● Trusted Boot ● Getting Started with OP-TEE
OP-TEE: Why an Open Source TEE? ● Provides a shared basis for product TEE developments. ○ Collaboration and consolidation not re-invention/fragmentation. ○ OP-TEE has BSD 2-clause license (GPLv2 for Linux driver, test suite). ● Provides a full example for research and education. ○ Historically hard to learn about Trusted Environments. ● Can be included in reference platform deliveries. ● More eyes on security-critical code! There are commercial Trusted OS products e.g. from Trustonic and Sierraware, why an Open Source one?
History of OP-TEE 2008 2009 2010 2013 2014 2015 OP-TEE Linaro becomes owner of OP-TEE. GlobalPlatform certified.
OP-TEE: What’s Implemented? Client API v1.0 Internal Core API v1.1 ● Internal Client API ● Property Access ● Cancellation Support ● Memory Management ● Trusted Storage ● Time ● Cryptographic ● Arithmetical Trusted UI API v1.1 Secure Element API v1.0 Sockets API v1.0 Not Yet Not Yet
OP-TEE: What’s Implemented? Client API v1.0 Internal Core API v1.1 ● Internal Client API ● Property Access ● Cancellation Support ● Memory Management ● Trusted Storage ● Time ● Cryptographic ● Arithmetical Trusted UI API v1.1 Secure Element API v1.0 Sockets API v1.0 Targets Supported: ARMv7-A ● Allwinner A80 ● ST’s Cannes board (b2120 / b2020) ● Texas Instruments DRA746 ● QEMU ● Freescale: FSL i.MX6 UltraLite EVK Board ● Freescale: FSL ls1021a ARMv8-A ● 96Boards HiKey (HiSilicon Kirin 620) ● ARM Juno board ● MediaTek MT8173 EVB Board ● FVP, Foundation and Fast Models Not Yet Not Yet
OP-TEE: Architecture Client App Dynamic Trusted App Generic TEE API (ioctl) TEE Client API OP-TEE Trusted OS TEE Internal APIs Client App Normal World Secure World tee- supplicant Dynamic Trusted App User Kernel TEE subsystem OP-TEE Msg SMC call Static Trusted App OP-TEE driver
OP-TEE: Linux Kernel Subsystem Client App Generic TEE API (ioctl) TEE Client API Client App Normal World tee- supplicant User KernelTEE subsystem OP-TEE driver ● TEE subsystem: ○ Manages Shared Memory, ○ Provides generic API as ioctl. ● tee-supplicant: ○ Helper process for TEE. ● OP-TEE driver: ○ Forwards command from the Clients to OP-TEE, ○ Manages RPC requests from OP- TEE to the supplicant. For more details, please read optee_design.md at GitHub. OP-TEE Msg SMC call
OP-TEE: Managing Trusted Apps Dynamic Trusted App OP-TEE Trusted OS TEE Internal APIs Secure World Dynamic Trusted App User KernelStatic Trusted App ● Trusted Apps: ○ Static: run in kernel mode, ○ Dynamic: run in user mode: ■ Stored in File System, ■ Loaded by OP-TEE ● Using tee_supplicant. ● MMU L1 Translation tables: ○ Large: 4GiB for OP-TEE kernel, ○ Small tables: 32MiB: ■ TA Virtual Memory, ■ One per thread. OP-TEE Msg SMC call
OP-TEE: Communication & Scheduling Dynamic Trusted App OP-TEE Trusted OS TEE Internal APIs Dynamic Trusted App User KernelStatic Trusted App ● Entry into secure world from SMC (or FIQ arriving). ● Command arriving → Allocated to thread (if available), TA context set up and called; ○ If supplicant needed, RPC is started and thread suspended. ● Return to normal world on task completion, RPC (or IRQ arriving). Secure World OP-TEE Msg SMC call
OP-TEE: Trusted Storage Normal World Secure World tee- supplicant Trusted App TEE driver RPC call Linux File System ● Implements GP Trusted Storage PersistentObject functions. ● TEE File System encrypts data: ○ Secure Storage Key (per device), ○ File Encryption Key (per file). ● Data stored in Linux File System ○ Managed by tee_supplicant. For more details, please read secure_storage.md at GitHub. Trusted Storage API TEE File Ops Interface TEE File System REE File Ops Interface Key manager RPMB Coming Soon! Replay Protected Memory Block
OP-TEE: Paging ● OP-TEE uses ~256KiB RAM for kernel memory: ○ SRAM is normally somewhere between 64-256KiB. ● Running in TrustZone protected DRAM is one option, ○ But may prefer SRAM for security and performance reasons. ● OP-TEE’s pager supports on-demand paging of read-only parts using virtual memory: ○ DRAM is used as backing store, ○ Each page integrity-protected using SHA-256 hash. For more details, please read optee_design.md at GitHub.
OP-TEE: Cryptographic Libraries ● Default cryptographic software library in OP-TEE is LibTomCrypt. ● TEE Cryptographic Operations API makes it easier to add support for other cryptographic engines (both software and hardware). ○ The system calls use a struct crypto_ops which assigns function pointers to the actual implementations. ● Some algorithms may be disabled at compile time if they are not needed, in order to reduce the size of the OP-TEE image and reduce its memory usage. For more details, please read crypto.md at GitHub.
OP-TEE: What’s Next? ● Ongoing: ○ Upstream OP-TEE’s Linux kernel driver, ○ Enhance Secure Storage: ■ Block-based, roll-back handling, address performance issues, ○ Replay Protected Memory Block (RPMB): ■ Tiny (~128KiB) block in eMMC for data storage, ○ GP Test Suite v1.1 Support ● Planned: ○ GlobalPlatform Trusted UI v1.1, ○ Paged Trusted Application.
Outline ● Trusted Execution and GlobalPlatform TEE Specifications ● ARM TrustZone® ● OP-TEE ● Trusted Boot ● Getting Started with OP-TEE
Hardware Platform Flash Bootloader Trusted Boot ROM SoC Bootloader Secure OS BootNormal World Bootloader Normal World OS System Running Reset Starts with trusted bootloader in ROM. Each component must authenticate the next stage. Public Key for the root of trust programmed into OTP on-chip memory.
ARM Trusted Firmware ● An open-source reference implementation of firmware for ARMv8 Platforms, providing trusted boot and runtime services. ● Provided as part of Linaro ARM Platforms releases for Juno and ARM FVP (Fixed Virtual Platform) models. ● OP-TEE is compatible with ARM Trusted Firmware: ○ OP-TEE dispatcher officially merged in ARM-TF, ○ Currently a fork due to lack of support for parsing OP-TEE header in ARM-TF. ● OP-TEE team works with ARM to ensure everything is working! ○ IRQ / FIQ model for OP-TEE and ARM-TF was designed together.
Outline ● Trusted Execution and GlobalPlatform TEE Specifications ● ARM TrustZone® ● OP-TEE ● Trusted Boot ● Getting Started with OP-TEE ● Further Information
Getting Started with OP-TEE and $ sudo apt-get install android-tools-fastboot autoconf bison cscope curl flex gdisk libc6:i386 libfdt-dev libglib2.0-dev libpixman-1-dev libstdc++6:i386 libz1:i386 netcat python-crypto python-serial uuid-dev xz-utils zlib1g-dev $ sudo apt-get install ccache $ mkdir -p $HOME/devel/optee $ cd $HOME/devel/optee $ repo init -u https://github.com/OP-TEE/manifest.git -m default.xml $ repo sync $ cd $HOME/devel/optee/build $ make toolchains $ make all run Fetch the Prerequisites Fetch the Repos Build and run! For more details, please read README at GitHub
Getting Started: Running OP-TEE Type: c on QEMU command line
Type: modprobe optee_armtz tee-supplicant& on serial console command line
Type: xtest on serial console command line
OP-TEE Test suite (xtest) is running!
The End Questions?
Further Information ● GlobalPlatform TEE Specifications ● ARM Trusted Base System Architecture ● OP-TEE ● ARM Trusted Firmware
GlobalPlatform TEE Specifications 1. TEE Systems Architecture v1.0 – explains the hardware and software architectures behind the TEE. December 2011. 2. TEE Client API Specification v1.0 – enables communication between applications running in a Rich OS and trusted applications residing in the TEE. July 2010. 3. TEE Internal Core API Specification v1.1 – enables trusted applications within a TEE to perform the general operations of a security application, such as cryptography, secure storage, communication and general tasks, such as timekeeping and memory management. June 2014. [1.0 in December 2011]. 4. TEE Secure Element API Specification v1.1 – allows trusted applications to directly communicate with a SE, rather than through a client application. July 2015. 5. TEE Sockets API Specification v1.0 – specifies standards to enable trusted applications to directly make use of internet protocol interfaces, rather than send packets to a client application for internet transfer. June 2015 6. Trusted User Interface API Specification v1.0 – allows a trusted application to securely display text and graphics, and ask the user to perform an action ranging from navigation to entry of an associated PIN- or Password-backed ID. June 2013. 7. TEE TA Debug Specification v1.0 – enables the debugging of GlobalPlatform compliant TEEs. February 2014. 8. TEE Protection Profile v1.2 – facilitates the Common Criteria evaluation of TEEs. November 2014. See: http://www.globalplatform.org/specificationsdevice.asp
ARM Trusted Base System Architecture ● ARM Document RM DEN0007 ○ Available under NDA from ARM ● Describes the requirements for a Trusted ARM SoC: ○ To meet OMTP and Global Platform “Boundary 1” specifications ○ Covers: CPU, Caches, Interrupt Control, Debug, On-chip Boot ROM, Trusted RAM, Interconnect, Non- volatile memory, Watchdog timers, Clock source, Random number generator entropy source, User input, Power management, Boot Process CPUs must be at least Level 1 Standard Configuration, including TrustZone extensions… Cache accesses from one world must not be able to read, write or modify a line from a different world… The interrupt controller must support at least eight non-secure Software Generated Interrupts and eight secure SGIs… Trusted Base System must always boot from On- chip Boot ROM… Trusted RAM area for use by the Trusted OS and Applications, minimum size…
OP-TEE on GitHub ● In GitHub: See https://github.com/OP-TEE ● README at https://github.com/OP-TEE/optee_os/blob/master/README.md ● Documentation at: https://github.com/OP-TEE/optee_os/tree/master/documentation ● Mail the team at: mailto:op-tee@linaro.org
Presentations on OP-TEE (1/2) LCU14-103: How to create and run Trusted Applications on OP-TEE https://www.youtube.com/watch?v=6fmwhqrOmpc (Video) http://www.slideshare.net/linaroorg/lcu14103-how-to-create-and-run-trusted-applications-on-optee?related=4 (Slides) LCU14:107: OP-TEE on ARMv8 http://www.slideshare.net/linaroorg/lcu14-107-optee-on-ar-mv8?related=5 (Slides) LCU14-302: OP-TEE Porting and Future Enhancements https://www.youtube.com/watch?v=QgaGJow7hws (Video) http://www.slideshare.net/linaroorg/lcu14-302-how-to-port-optee-to-another-platform?related=3 (Slides Porting) http://www.slideshare.net/linaroorg/lcu14-306-optee-future-enhancements?related=2 (Slides: Future Enhancements) HKG15-303: Secure Playback Using OP-TEE https://www.youtube.com/watch?v=WJS5ygNGaO8 (Video) HKG15-307: OP-TEE paging https://www.youtube.com/watch?v=hCYjlBPxEbY (Video) http://www.slideshare.net/linaroorg/hkg15307-optee-paging (Slides)
Presentations on OP-TEE (2/2) HKG15-311: OP-TEE for Beginners and Porting Review https://www.youtube.com/watch?v=Fksx4-bpHRY (Video) http://www.slideshare.net/linaroorg/hkg15311-optee-for-beginners-and-porting-review (Slides) HKG15-505: Power Management Interactions with OP-TEE and Trusted Firmware https://www.youtube.com/watch?v=hQ2ITjHZY4s (Video) http://www.slideshare.net/linaroorg/hkg15-505-power-management-interactions-with-optee-repaired (Slides) SFO15-200: Linux kernel generic TEE driver https://www.youtube.com/watch?v=BhLndLUQamM (Video) http://www.slideshare.net/linaroorg/sfo15200-linux-kernel-generic-tee-driver (Slides) SFO15-205: OP-TEE Content with Microsoft PlayReady on ARM TrustZone https://www.youtube.com/watch?v=defbtpsw6h8 (Video) http://www.slideshare.net/linaroorg/sfo15205-optee-content-decryption-with-microsoft-playready-on-arm-53111683 (Slides) SFO15-503 Secure Storage in OP-TEE https://www.youtube.com/watch?v=pChEdObYLRM (Video) http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee?related=1 (Slides)
ARM Trusted Firmware User Guide on GitHub: https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/user-guide.md LCU13 An Introduction to ARM Trusted Firmware https://www.youtube.com/watch?v=q32BEMMxmfw (Video) http://www.slideshare.net/linaroorg/arm-trusted-firmareforarmv8alcu13 (Slides) LCU13: ARM Trusted Firmware Deep Dive http://www.slideshare.net/linaroorg/trusted-firmware-deepdivev10 (Slides) LCU14-500: ARM Trusted Firmware Roadmap and Progress https://www.youtube.com/watch?v=je0_-yYgKdc (Video) http://www.slideshare.net/linaroorg/lcu14-500-arm-trusted-firmware (Slides) LCA14-102: Adopting ARM Trusted Firmware https://www.youtube.com/watch?v=h98jBQrxxKg (Video) http://www.slideshare.net/linaroorg/lca14-102-adoptingarmtrustedfirmware (Slides) HKG15-502: ARM Trusted Firmware Evolution https://www.youtube.com/watch?v=l2Mv-R9lMPs (Video) http://www.slideshare.net/linaroorg/hkg15502-arm-trusted-firmware-evolution (Slides) SFO15-101: Security requirements on ARM v8-A boot architecture https://www.youtube.com/watch?v=q5nF9tSrak4 (Video) http://www.slideshare.net/linaroorg/sfo15101-security-requirements-on-armv8a-boot-architecture (Slides)

Recommended

Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
 
Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Linaro
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverLinaro
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEELinaro
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1Linaro
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityLinaro
 

Recommended

Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
 
Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Linaro
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverLinaro
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEELinaro
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1Linaro
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityLinaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEELinaro
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELinaro
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLinaro
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Yannick Gicquel
 
LCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure frameworkLCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure frameworkLinaro
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE Linaro
 
OPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialOPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialDalton Valadares
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMLinaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debuggingLAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debugging96Boards
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLinaro
 
LAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELinaro
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMLinaro
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE Linaro
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader Emertxe Information Technologies Pvt Ltd
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Linaro
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidKan-Han (John) Lu
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentationCHIACHE lee
 
Trusted Computing security _platform.ppt
Trusted Computing security _platform.pptTrusted Computing security _platform.ppt
Trusted Computing security _platform.pptnaghamallella
 

More Related Content

What's hot

HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEELinaro
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELinaro
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLinaro
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Yannick Gicquel
 
LCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure frameworkLCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure frameworkLinaro
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE Linaro
 
OPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialOPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialDalton Valadares
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMLinaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debuggingLAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debugging96Boards
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLinaro
 
LAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELinaro
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMLinaro
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE Linaro
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Linaro
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidKan-Han (John) Lu
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
 

What's hot (20)

HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEE
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
 
LCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure frameworkLCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure framework
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
 
OPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialOPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build Tutorial
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debuggingLAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted Firmware
 
LAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEE
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRM
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_
 
ARM: Trusted Zone on Android
ARM: Trusted Zone on AndroidARM: Trusted Zone on Android
ARM: Trusted Zone on Android
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 

Similar to OP-TEE 101: An Introduction to Trusted Execution and OP-TEE

Thesis presentation
Thesis presentationThesis presentation
Thesis presentationCHIACHE lee
 
Trusted Computing security _platform.ppt
Trusted Computing security _platform.pptTrusted Computing security _platform.ppt
Trusted Computing security _platform.pptnaghamallella
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsLinaro
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Riscure
 
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortEuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortCristofaro Mune
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overviewSajid Marwat
 
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi ItaliaSerie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi ItaliaYashi Italia
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuArm
 
Smart Printing Technical Presentation
Smart Printing Technical PresentationSmart Printing Technical Presentation
Smart Printing Technical PresentationJohnTileyITQ
 
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoCWesley Li
 
RISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiRISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiKuniyasu Suzaki
 
Trustzone secure os tee for mips
Trustzone secure os tee for mipsTrustzone secure os tee for mips
Trustzone secure os tee for mipsSierraware
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V International
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebula Project
 
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...Dmytro Korzhevin
 

Similar to OP-TEE 101: An Introduction to Trusted Execution and OP-TEE (20)

Thesis presentation
Thesis presentationThesis presentation
Thesis presentation
 
Trusted Computing security _platform.ppt
Trusted Computing security _platform.pptTrusted Computing security _platform.ppt
Trusted Computing security _platform.ppt
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
 
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortEuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overview
 
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi ItaliaSerie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
 
Secure Your Encryption with HSM
Secure Your Encryption with HSMSecure Your Encryption with HSM
Secure Your Encryption with HSM
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
 
Smart Printing Technical Presentation
Smart Printing Technical PresentationSmart Printing Technical Presentation
Smart Printing Technical Presentation
 
Security Consideration for Set-top box SoC
Security Consideration for Set-top box SoCSecurity Consideration for Set-top box SoC
Security Consideration for Set-top box SoC
 
RISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzakiRISC-V-Day-Tokyo2018-suzaki
RISC-V-Day-Tokyo2018-suzaki
 
Trustzone secure os tee for mips
Trustzone secure os tee for mipsTrustzone secure os tee for mips
Trustzone secure os tee for mips
 
Secure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-VSecure IoT Firmware for RISC-V
Secure IoT Firmware for RISC-V
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
 
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
OpenNebulaConf2019 - Crytek: A Video gaming Edge Implementation "on the shoul...
 
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
OpenNebulaConf 2019 - Crytek: A Video gaming Edge Implementation "on the shou...
 

More from Linaro

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloLinaro
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaLinaro
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraLinaro
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaLinaro
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018Linaro
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018Linaro
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...Linaro
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Linaro
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Linaro
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteLinaro
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopLinaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allLinaro
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorLinaro
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMULinaro
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MLinaro
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation Linaro
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootLinaro
 

More from Linaro (20)

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 

OP-TEE 101: An Introduction to Trusted Execution and OP-TEE

  • 1. Presented by Date Event OP-TEE 101 A Gentle Introduction to Trusted Execution and OP-TEE Russell Wayman BKK16-110 March 7, 2016 Linaro Connect BKK16
  • 2. What Does This Talk Cover? ● Why Trusted Execution and What is it? ○ Introduces Trusted Execution and GlobalPlatform Standards. ○ Provides information on key concepts and architecture. ● Why OP-TEE and What is it? ○ An Open-source Portable Trusted Execution Environment. ● How does OP-TEE work? ○ ARM TrustZone and OP-TEE Design. ● How to get Started with OP-TEE? ● Where to go for more information?
  • 3. ● Russell Wayman ● Project Manager, Member Services, Linaro: ○ Project Manager for the ARM, STMicroelectronics and Qualcomm Landing Teams. Previously I worked for STMicroelectronics as a Software Development Manager, managing projects in Development Tools, Operating Systems, Security Drivers and Boot Tools. Who am I?
  • 4. Outline ● Trusted Execution and GlobalPlatform TEE Specifications ● ARM TrustZone® ● OP-TEE ● Trusted Boot ● Getting Started with OP-TEE
  • 5. Security for Smart Connected Devices Smart connected devices: ● Smartphones, tablets, digital TV systems... ● For: Social, business, purchases, media… Need to protect: ● Bank details and passwords, ● Personal data, photos and video streams, ● Authorised access to mobile networks and online services, ● Paid-for multimedia content in line with digital rights.
  • 6. Trusted Execution Environment ● An Isolated Execution Environment. ● Runs alongside a “Rich OS” e.g. Android, Ubuntu. ● Provides a higher level of security than the Rich OS. ● Provides trusted services to applications in Rich OS. A Trusted Execution Environment is intended primarily to secure against software attacks or “shack attacks” (low budget hardware attacks). Providing security against tampering and physical attack requires a “Secure Element” such as a Smartcard or Crypto IC.
  • 7. GlobalPlatform and History of TEE ● ○ Created in 1999 to standardize smart card infrastructure. ○ A non-profit consortium with 130+ members. ○ Develops the standards for secure mobile platforms: ■ Cards, Devices and Systems. ○ Publishes TEE Specifications. ○ Runs TEE Compliance Program and Certification Scheme. ● Key TEE Specifications published: ○ TEE Client API Specification v1.0 July 2010, ○ TEE Internal API Specification v1.0 Dec 2011, ■ Internal Core API v1.1 June 2014.
  • 8. Architecture of Platform with TEE Hardware Platform Rich OS (REE) TEE Client API Trusted OS Components TEE Internal APIs TEE Comm Agent Trusted Drivers Trusted Core Framework Hardware-secured resources Rich OS Application Environment Trusted Execution Environment Client Applications Trusted Applications
  • 9. TEE Client API: Key Concepts Context: Connection from CA to the Trusted OS. Session: Connection from CA to TA. Command: Unit of Communication from CA to TA. Shared Memory: Shared buffers allocated by Client API or by CA and registered. Context Rich OS (REE) TEE Client API Trusted OS TEE Internal APIs Client Application (CA) Trusted Application (TA)Session Command Shared Memory
  • 10. TEE Client API: Functions Client API Functions (TEEC_xxx): InitializeContext, FinalizeContext RegisterSharedMemory, AllocateSharedMemory, ReleaseSharedMemory OpenSession, CloseSession InvokeCommand, RequestCancellation Context Session Command Shared Memory
  • 11. TEE Client API: Principles ● Blocking functions. ● Can use from multiple concurrent threads. ● Can request cancellation, ○ From another thread! ● Client-side memory allocation, ○ Pointers not opaque handles. ● Source-level portability but not binary-level, ○ So need to recompile for a different Trusted OS. Context Session Command Shared Memory
  • 12. Trusted Application APIs required to... ● Communicate with Client Application and other Trusted Applications, ● Store data: in heap and secure file system, ● Get the time from system and real-time clocks, ● Use cryptographic operations, ● Get a PIN or login details from a User, ● Communicate with a Secure Element, ● Connect securely to services over the internet.
  • 13. Trusted Application and TEE APIs Trusted OS TEE Internal APIs Trusted Application Entry Points: Create Destroy OpenSession CloseSession InvokeCommand TEE Core API: Trusted Storage Time Cryptographic Arithmetical Property Access Cancellation Support Memory Management Other TEE APIs: Trusted User Interface API Secure Element API Sockets API
  • 14. TEE Core API (TEE_xxx functions) Trusted Storage Time Cryptographic Arithmetical Property Access Cancellation Support Memory Management
  • 15. TEE Core API (TEE_xxx functions) Trusted Storage Create/Open/Close/… TransientObject or PersistentObject Time GetSystemTime/TAPersistentTime/REETime... Cryptographic Cryptographic Functions: Message Digest, Symmetric Cipher, MAC, Authenticated Encryption, Asymmetric Encryption and Decryption, Key Derivation, Random Data Generation Arithmetical Big Integer operations: Conversion, Logical, Basic Arithmetic, Modular Arithmetic... Property Access GetPropertyAs[String, Bool, u32…] , Enumeration... (Configuration Properties associated with TA, Client and TEE) Cancellation Support GetCancellationFlag, MaskCancellation... Memory Management Malloc, Realloc, Free, MemMove...
  • 16. Other TEE APIs (TEE_xxx functions) Trusted User Interface API Create Message Box, PIN Screen, Login Screen Secure Element API Query the available Readers, Query the Secure Elements, Exchange Data with the SEs Sockets API Include basic network client functionality in a Trusted Application. Supports: UDP/TCP/IP, TLS
  • 17. Other TEE APIs (TEE_xxx functions) Trusted User Interface API Create Message Box, PIN Screen, Login Screen TUICheckTextFormat, TUIGetScreenInfo, TUIInitSession/CloseSession TUIDisplayScreen Secure Element API Query the available Readers, Query the Secure Elements, Exchange Data with the SEs SEServiceOpen, GetReaders… SEReaderOpenSession... SESessionOpenChannel… SEChannelTransmit… Sockets API Include basic network client functionality in a Trusted Application. Supports: UDP/TCP/IP, TLS open, close, send, recv, error, ioctl
  • 18. GlobalPlatform: What’s Next? specifications under development: ● TEE Administration Framework, ○ Online and offline methods for installation, update and removal of security domains and Trusted Applications, ● Trusted UI API v1.1, ● TEE Fingerprint Biometry API.
  • 19. Outline ● Trusted Execution and GlobalPlatform TEE Specifications ● ARM TrustZone® ● OP-TEE ● Trusted Boot ● Getting Started with OP-TEE
  • 20. ARM Four-Compartment Security Model User mode/System mode. Running processes are isolated from each other by the OS and the MMU. Allows multiple virtual OSs. Each VM isolated from others. Bus masters can be virtualized through System MMU. TrustZone® extensions. System can be physically partitioned into Normal world and Secure world. Physically separate ICs. Offering tamper-proof secured processing and storage. ARM SecurCore™ Processors Normal World Hypervisor Mode Trusted World Secure Elements
  • 21. ARM TrustZone® 1 CPU Ether- net MMC USB GPU Graph- ics GPIO UART I2C System Bus I-Cache D-Cache RAM L2-Cache Interrupt Controller Timer Security Configuration Register 0 CPU Ether- net MMC USB GPU Graph- ics GPIO UART I2C System Bus I-Cache D-Cache RAM L2-Cache Interrupt Controller Timer Security Configuration Register Partitions SoC into Normal World and Secure World Non-Secure (NS) bit (bit 0) in the Secure Configuration Register in CP15 Normal World Secure World
  • 22. ARM TrustZone® ● Partitions SoC into Normal World and Secure World. ● CPUs can timeslice between worlds. ● Hardware logic in the bus fabric enforces separation. ● Security-aware debug infrastructure. ● 2004: Introduced in the ARMv6Z architecture. ● 2007: Part of the ARMv7 architecture specification. ● 2013: ARMv8-A architecture introduced changes e.g EL3. ● 2015: ARMv8-M extends TrustZone to the Cortex-M.
  • 23. ARM TrustZone® : CPU Architecture ● Extra processor execution level: ● EL3 (ARMv8 - Monitor mode in ARMv7). ● SMC instruction causes entry to EL3: ● Secure Monitor Call, ● Vectors execution to a defined location. ● Monitor Software runs at EL3: ● Manages switch between worlds, setting/clearing SCR bit 0. CPU System Bus I-Cache D-Cache Timer Security Configuration Register
  • 24. ARM TrustZone® : Memory System ● MMUs provide 2 virtual address spaces: ● Code in Secure World can access either address space. ● TLB entries tagged to identify world that entered the data. ● Caches hold data from both states: ● Tag bit to record the world of the transaction. CPU System Bus I-Cache D-Cache RAM L2-Cache Interrupt Controller Timer Security Configuration Register
  • 25. ARM TrustZone® : System-on-Chip ● Address space partitioning into Secure/Non-secure regions: ● TrustZone Memory Adaptor for on-chip SRAM, ● TrustZone Address Space Controller for off-chip RAM. ● Secure peripherals: ● TrustZone Protection Controller supports run-time switching of security state for peripherals on APB bus. CPU Ether- net MMC USB GPU Graph- ics GPIO UART I2C System Bus I-Cache D-Cache RAM L2-Cache Interrupt Controller Timer Security Configuration Register
  • 26. ● Provides hardware foundation for Trusted Execution. ● No guarantee: Trusted OS software must be written correctly! ● Could theoretically run full feature-rich OS in Secure World. ● In practice, Secure world software much simpler/smaller: ○Simple: Reduced complexity means less chance of errors, ○Small: Keep key Secure-world resources in on-chip RAM. ●Trusted OS can separate Trusted Applications using MMU. ●Peripherals can be switched into Secure World ○ e.g. for input of PIN or Login details. ARM TrustZone® and Trusted OS
  • 27. Outline ● Trusted Execution and GlobalPlatform TEE Specifications ● ARM TrustZone® ● OP-TEE ● Trusted Boot ● Getting Started with OP-TEE
  • 28. OP-TEE: Why an Open Source TEE? ● Provides a shared basis for product TEE developments. ○ Collaboration and consolidation not re-invention/fragmentation. ○ OP-TEE has BSD 2-clause license (GPLv2 for Linux driver, test suite). ● Provides a full example for research and education. ○ Historically hard to learn about Trusted Environments. ● Can be included in reference platform deliveries. ● More eyes on security-critical code! There are commercial Trusted OS products e.g. from Trustonic and Sierraware, why an Open Source one?
  • 29. History of OP-TEE 2008 2009 2010 2013 2014 2015 OP-TEE Linaro becomes owner of OP-TEE. GlobalPlatform certified.
  • 30. OP-TEE: What’s Implemented? Client API v1.0 Internal Core API v1.1 ● Internal Client API ● Property Access ● Cancellation Support ● Memory Management ● Trusted Storage ● Time ● Cryptographic ● Arithmetical Trusted UI API v1.1 Secure Element API v1.0 Sockets API v1.0 Not Yet Not Yet
  • 31. OP-TEE: What’s Implemented? Client API v1.0 Internal Core API v1.1 ● Internal Client API ● Property Access ● Cancellation Support ● Memory Management ● Trusted Storage ● Time ● Cryptographic ● Arithmetical Trusted UI API v1.1 Secure Element API v1.0 Sockets API v1.0 Targets Supported: ARMv7-A ● Allwinner A80 ● ST’s Cannes board (b2120 / b2020) ● Texas Instruments DRA746 ● QEMU ● Freescale: FSL i.MX6 UltraLite EVK Board ● Freescale: FSL ls1021a ARMv8-A ● 96Boards HiKey (HiSilicon Kirin 620) ● ARM Juno board ● MediaTek MT8173 EVB Board ● FVP, Foundation and Fast Models Not Yet Not Yet
  • 32. OP-TEE: Architecture Client App Dynamic Trusted App Generic TEE API (ioctl) TEE Client API OP-TEE Trusted OS TEE Internal APIs Client App Normal World Secure World tee- supplicant Dynamic Trusted App User Kernel TEE subsystem OP-TEE Msg SMC call Static Trusted App OP-TEE driver
  • 33. OP-TEE: Linux Kernel Subsystem Client App Generic TEE API (ioctl) TEE Client API Client App Normal World tee- supplicant User KernelTEE subsystem OP-TEE driver ● TEE subsystem: ○ Manages Shared Memory, ○ Provides generic API as ioctl. ● tee-supplicant: ○ Helper process for TEE. ● OP-TEE driver: ○ Forwards command from the Clients to OP-TEE, ○ Manages RPC requests from OP- TEE to the supplicant. For more details, please read optee_design.md at GitHub. OP-TEE Msg SMC call
  • 34. OP-TEE: Managing Trusted Apps Dynamic Trusted App OP-TEE Trusted OS TEE Internal APIs Secure World Dynamic Trusted App User KernelStatic Trusted App ● Trusted Apps: ○ Static: run in kernel mode, ○ Dynamic: run in user mode: ■ Stored in File System, ■ Loaded by OP-TEE ● Using tee_supplicant. ● MMU L1 Translation tables: ○ Large: 4GiB for OP-TEE kernel, ○ Small tables: 32MiB: ■ TA Virtual Memory, ■ One per thread. OP-TEE Msg SMC call
  • 35. OP-TEE: Communication & Scheduling Dynamic Trusted App OP-TEE Trusted OS TEE Internal APIs Dynamic Trusted App User KernelStatic Trusted App ● Entry into secure world from SMC (or FIQ arriving). ● Command arriving → Allocated to thread (if available), TA context set up and called; ○ If supplicant needed, RPC is started and thread suspended. ● Return to normal world on task completion, RPC (or IRQ arriving). Secure World OP-TEE Msg SMC call
  • 36. OP-TEE: Trusted Storage Normal World Secure World tee- supplicant Trusted App TEE driver RPC call Linux File System ● Implements GP Trusted Storage PersistentObject functions. ● TEE File System encrypts data: ○ Secure Storage Key (per device), ○ File Encryption Key (per file). ● Data stored in Linux File System ○ Managed by tee_supplicant. For more details, please read secure_storage.md at GitHub. Trusted Storage API TEE File Ops Interface TEE File System REE File Ops Interface Key manager RPMB Coming Soon! Replay Protected Memory Block
  • 37. OP-TEE: Paging ● OP-TEE uses ~256KiB RAM for kernel memory: ○ SRAM is normally somewhere between 64-256KiB. ● Running in TrustZone protected DRAM is one option, ○ But may prefer SRAM for security and performance reasons. ● OP-TEE’s pager supports on-demand paging of read-only parts using virtual memory: ○ DRAM is used as backing store, ○ Each page integrity-protected using SHA-256 hash. For more details, please read optee_design.md at GitHub.
  • 38. OP-TEE: Cryptographic Libraries ● Default cryptographic software library in OP-TEE is LibTomCrypt. ● TEE Cryptographic Operations API makes it easier to add support for other cryptographic engines (both software and hardware). ○ The system calls use a struct crypto_ops which assigns function pointers to the actual implementations. ● Some algorithms may be disabled at compile time if they are not needed, in order to reduce the size of the OP-TEE image and reduce its memory usage. For more details, please read crypto.md at GitHub.
  • 39. OP-TEE: What’s Next? ● Ongoing: ○ Upstream OP-TEE’s Linux kernel driver, ○ Enhance Secure Storage: ■ Block-based, roll-back handling, address performance issues, ○ Replay Protected Memory Block (RPMB): ■ Tiny (~128KiB) block in eMMC for data storage, ○ GP Test Suite v1.1 Support ● Planned: ○ GlobalPlatform Trusted UI v1.1, ○ Paged Trusted Application.
  • 40. Outline ● Trusted Execution and GlobalPlatform TEE Specifications ● ARM TrustZone® ● OP-TEE ● Trusted Boot ● Getting Started with OP-TEE
  • 41. Hardware Platform Flash Bootloader Trusted Boot ROM SoC Bootloader Secure OS BootNormal World Bootloader Normal World OS System Running Reset Starts with trusted bootloader in ROM. Each component must authenticate the next stage. Public Key for the root of trust programmed into OTP on-chip memory.
  • 42. ARM Trusted Firmware ● An open-source reference implementation of firmware for ARMv8 Platforms, providing trusted boot and runtime services. ● Provided as part of Linaro ARM Platforms releases for Juno and ARM FVP (Fixed Virtual Platform) models. ● OP-TEE is compatible with ARM Trusted Firmware: ○ OP-TEE dispatcher officially merged in ARM-TF, ○ Currently a fork due to lack of support for parsing OP-TEE header in ARM-TF. ● OP-TEE team works with ARM to ensure everything is working! ○ IRQ / FIQ model for OP-TEE and ARM-TF was designed together.
  • 43. Outline ● Trusted Execution and GlobalPlatform TEE Specifications ● ARM TrustZone® ● OP-TEE ● Trusted Boot ● Getting Started with OP-TEE ● Further Information
  • 44. Getting Started with OP-TEE and $ sudo apt-get install android-tools-fastboot autoconf bison cscope curl flex gdisk libc6:i386 libfdt-dev libglib2.0-dev libpixman-1-dev libstdc++6:i386 libz1:i386 netcat python-crypto python-serial uuid-dev xz-utils zlib1g-dev $ sudo apt-get install ccache $ mkdir -p $HOME/devel/optee $ cd $HOME/devel/optee $ repo init -u https://github.com/OP-TEE/manifest.git -m default.xml $ repo sync $ cd $HOME/devel/optee/build $ make toolchains $ make all run Fetch the Prerequisites Fetch the Repos Build and run! For more details, please read README at GitHub
  • 45. Getting Started: Running OP-TEE Type: c on QEMU command line
  • 48. OP-TEE Test suite (xtest) is running!
  • 50. Further Information ● GlobalPlatform TEE Specifications ● ARM Trusted Base System Architecture ● OP-TEE ● ARM Trusted Firmware
  • 51. GlobalPlatform TEE Specifications 1. TEE Systems Architecture v1.0 – explains the hardware and software architectures behind the TEE. December 2011. 2. TEE Client API Specification v1.0 – enables communication between applications running in a Rich OS and trusted applications residing in the TEE. July 2010. 3. TEE Internal Core API Specification v1.1 – enables trusted applications within a TEE to perform the general operations of a security application, such as cryptography, secure storage, communication and general tasks, such as timekeeping and memory management. June 2014. [1.0 in December 2011]. 4. TEE Secure Element API Specification v1.1 – allows trusted applications to directly communicate with a SE, rather than through a client application. July 2015. 5. TEE Sockets API Specification v1.0 – specifies standards to enable trusted applications to directly make use of internet protocol interfaces, rather than send packets to a client application for internet transfer. June 2015 6. Trusted User Interface API Specification v1.0 – allows a trusted application to securely display text and graphics, and ask the user to perform an action ranging from navigation to entry of an associated PIN- or Password-backed ID. June 2013. 7. TEE TA Debug Specification v1.0 – enables the debugging of GlobalPlatform compliant TEEs. February 2014. 8. TEE Protection Profile v1.2 – facilitates the Common Criteria evaluation of TEEs. November 2014. See: http://www.globalplatform.org/specificationsdevice.asp
  • 52. ARM Trusted Base System Architecture ● ARM Document RM DEN0007 ○ Available under NDA from ARM ● Describes the requirements for a Trusted ARM SoC: ○ To meet OMTP and Global Platform “Boundary 1” specifications ○ Covers: CPU, Caches, Interrupt Control, Debug, On-chip Boot ROM, Trusted RAM, Interconnect, Non- volatile memory, Watchdog timers, Clock source, Random number generator entropy source, User input, Power management, Boot Process CPUs must be at least Level 1 Standard Configuration, including TrustZone extensions… Cache accesses from one world must not be able to read, write or modify a line from a different world… The interrupt controller must support at least eight non-secure Software Generated Interrupts and eight secure SGIs… Trusted Base System must always boot from On- chip Boot ROM… Trusted RAM area for use by the Trusted OS and Applications, minimum size…
  • 53. OP-TEE on GitHub ● In GitHub: See https://github.com/OP-TEE ● README at https://github.com/OP-TEE/optee_os/blob/master/README.md ● Documentation at: https://github.com/OP-TEE/optee_os/tree/master/documentation ● Mail the team at: mailto:op-tee@linaro.org
  • 54. Presentations on OP-TEE (1/2) LCU14-103: How to create and run Trusted Applications on OP-TEE https://www.youtube.com/watch?v=6fmwhqrOmpc (Video) http://www.slideshare.net/linaroorg/lcu14103-how-to-create-and-run-trusted-applications-on-optee?related=4 (Slides) LCU14:107: OP-TEE on ARMv8 http://www.slideshare.net/linaroorg/lcu14-107-optee-on-ar-mv8?related=5 (Slides) LCU14-302: OP-TEE Porting and Future Enhancements https://www.youtube.com/watch?v=QgaGJow7hws (Video) http://www.slideshare.net/linaroorg/lcu14-302-how-to-port-optee-to-another-platform?related=3 (Slides Porting) http://www.slideshare.net/linaroorg/lcu14-306-optee-future-enhancements?related=2 (Slides: Future Enhancements) HKG15-303: Secure Playback Using OP-TEE https://www.youtube.com/watch?v=WJS5ygNGaO8 (Video) HKG15-307: OP-TEE paging https://www.youtube.com/watch?v=hCYjlBPxEbY (Video) http://www.slideshare.net/linaroorg/hkg15307-optee-paging (Slides)
  • 55. Presentations on OP-TEE (2/2) HKG15-311: OP-TEE for Beginners and Porting Review https://www.youtube.com/watch?v=Fksx4-bpHRY (Video) http://www.slideshare.net/linaroorg/hkg15311-optee-for-beginners-and-porting-review (Slides) HKG15-505: Power Management Interactions with OP-TEE and Trusted Firmware https://www.youtube.com/watch?v=hQ2ITjHZY4s (Video) http://www.slideshare.net/linaroorg/hkg15-505-power-management-interactions-with-optee-repaired (Slides) SFO15-200: Linux kernel generic TEE driver https://www.youtube.com/watch?v=BhLndLUQamM (Video) http://www.slideshare.net/linaroorg/sfo15200-linux-kernel-generic-tee-driver (Slides) SFO15-205: OP-TEE Content with Microsoft PlayReady on ARM TrustZone https://www.youtube.com/watch?v=defbtpsw6h8 (Video) http://www.slideshare.net/linaroorg/sfo15205-optee-content-decryption-with-microsoft-playready-on-arm-53111683 (Slides) SFO15-503 Secure Storage in OP-TEE https://www.youtube.com/watch?v=pChEdObYLRM (Video) http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee?related=1 (Slides)
  • 56. ARM Trusted Firmware User Guide on GitHub: https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/user-guide.md LCU13 An Introduction to ARM Trusted Firmware https://www.youtube.com/watch?v=q32BEMMxmfw (Video) http://www.slideshare.net/linaroorg/arm-trusted-firmareforarmv8alcu13 (Slides) LCU13: ARM Trusted Firmware Deep Dive http://www.slideshare.net/linaroorg/trusted-firmware-deepdivev10 (Slides) LCU14-500: ARM Trusted Firmware Roadmap and Progress https://www.youtube.com/watch?v=je0_-yYgKdc (Video) http://www.slideshare.net/linaroorg/lcu14-500-arm-trusted-firmware (Slides) LCA14-102: Adopting ARM Trusted Firmware https://www.youtube.com/watch?v=h98jBQrxxKg (Video) http://www.slideshare.net/linaroorg/lca14-102-adoptingarmtrustedfirmware (Slides) HKG15-502: ARM Trusted Firmware Evolution https://www.youtube.com/watch?v=l2Mv-R9lMPs (Video) http://www.slideshare.net/linaroorg/hkg15502-arm-trusted-firmware-evolution (Slides) SFO15-101: Security requirements on ARM v8-A boot architecture https://www.youtube.com/watch?v=q5nF9tSrak4 (Video) http://www.slideshare.net/linaroorg/sfo15101-security-requirements-on-armv8a-boot-architecture (Slides)