op tee using trustzone to protect our own secrets
play

OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code - PowerPoint PPT Presentation

Jul 04, 2023 •865 likes •1.06k views

OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File System ELC Europe 2017, 23.10.2017 Marc Kleine-Budde <mkl@pengutronix.de> Slide 1 - http://www.pengutronix.de - 2017-10-23 Overview ARM

  1. OP-TEE Using TrustZone to Protect Our Own Secrets ROM-Code Bootloader OP-TEE Kernel Root File System ELC Europe 2017, 23.10.2017 Marc Kleine-Budde <mkl@pengutronix.de> Slide 1 - http://www.pengutronix.de - 2017-10-23

  2. Overview ARM architecture overview ● ARM TrustZone ● Trusted Execution Environment ● Open Portable Trusted Execution Environment ● Slide 3 - http://www.pengutronix.de - 2017-10-23

  3. What is a TEE? T rusted E xecution E nvironment ● ● small OS-like environment ● isolated from normal operating system (e.g. Linux) “rich OS” Allows Applications to execute, process, protect and store sensitive data ● Rich OS is often target of malware and attackers ● Design applications so that sensitive functions ● can be offloaded to the TEE as Trusted Applications. API standardized by GlobalPlatform ● ● TEE internal APIs for Trusted Application ● communication interfaces between rich OS Applications and Trusted Applications Slide 4 - http://www.pengutronix.de - 2017-10-23

  4. What is a TEE? (cont'd) Functionality Rich Rich OS OS TEE TEE SE SE SE Security Slide 5 - http://www.pengutronix.de - 2017-10-23

  5. ARM architecture usr App App App svc OS ARM SoC Slide 6 - http://www.pengutronix.de - 2017-10-23

  6. ARM architecture with TrustZone Normal world Secure world usr usr (secure state) App App App App App Trusted App svc svc (secure state) OS Trusted OS mon (secure state) Secure Monitor ARM SoC Slide 7 - http://www.pengutronix.de - 2017-10-23

  7. ARM architecture with TrustZone (cont'd) Provides a complete “virtual system” for secure computing ● Divide hardware and software into separate partitions (“worlds”) ● ● one is trusted (“secure world”) ● the other not (“Normal world”) Limited and tightly defined ways to get from one world to the other ● → secure monitor Slide 8 - http://www.pengutronix.de - 2017-10-23

  8. ARM TrustZone in detail Source: http://genode.org/documentation/articles/trustzone Slide 9 - http://www.pengutronix.de - 2017-10-23

  9. ARM TrustZone in detail (cont'd) Security Extensions to ARM processors ● Supported by ● ● ARM1176 ● Cortex-A series (ARMv7-A, ARMv8-A) ● ARMv8-M System-wide hardware isolation ● ● SRAM ● DRAM ● CPU configuration registers ● peripherals SoC design has impact on practical usefulness of security features ● Slide 10 - http://www.pengutronix.de - 2017-10-23

  10. ARM TrustZone switching worlds Secure World entry ● ● Hardware-controlled ● automatic ● partly configurable Reset ● By exception ● Reset ● CPU always starts secure Secure ● Secure Monitor Call ● SMC #n instruction hardware software ● analogous to Supervisor Call (SVC) ● always handled in Secure World Non-Secure ● IRQ, FIQ, Data abort ● configurable (by secure software) Non-Secure World entry ● ● Software-controlled ● Typically ● set SCR.NS ● return from execption Slide 11 - http://www.pengutronix.de - 2017-10-23

  11. What is OP-TEE? Started as closed source implementation by some ● mobile, telco and chip vendors Since 2015 Open Source (BSD license), ● owned and maintained by Linaro In 2017 the TEE driver went mainline with v4.12 ● Small and simple TEE ● Relies on rich OS to schedule TEE ● Based on ARM TrustZone to provide isolation of ● the TEE from the rich OS in hardware Runs on ~20 platforms ● ● 32 bit: ARMv7-A ● 64 bit: ARMv8-A Slide 12 - http://www.pengutronix.de - 2017-10-23

  12. OP-TEE architecture Non-Secure world Secure world usr Native App usr (secure state) Wrapper API App App optee_client (optional) Trusted App optee_os TEE GlobalPlatform Supplicant TEE Client API GlobalPlatform TEE internal API svc mon (secure state) svc (secure state) Secure TEE functions/libs TEE Driver TEE core Monitor (crypto...) HAL Storage... optee_linuxdriver ARM SoC Source: https://www.linaro.org/blog/core-dump/op-tee-open-source-security-mass-market/ Slide 13 - http://www.pengutronix.de - 2017-10-23

  13. OP-TEE in detail The OP-TEE consists of three parts ● Normal World, User Mode ● ● TEE client library ● tee-supplicant ● file system access ● access to shared resources Normal World, Priviledged Mode ● ● Linux kernel TEE subsystem ● Linux kernel TEE device driver Secure world, Priviledged Mode ● ● Trusted OS (optee_os) TEE contains public key ● Trusted Applications are singed and can be ● loaded from the Normal World into the TEE Slide 14 - http://www.pengutronix.de - 2017-10-23

  14. OP-TEE - Trusted Boot ARMv7-A: i.MX6 SoC ROM- Fuses Code Pubkey Signature Boot Loader For details on trusted boot see my talk from OP-TEE ELCE 2016. incl. Pubkey Slide 15 - http://www.pengutronix.de - 2017-10-23

  15. OP-TEE - Boot sequence in ARMv7-A: i.MX6 Non-Secure world Secure world Reset ROM-Code load/check bootloader bootloader (barebox) load/check TEE kernel, DTB, initrd Return from exeption Kernel TEE initialize and run initialize and run SMC #n request TEE - Perform secure service secure service Return from exeption Slide 16 - http://www.pengutronix.de - 2017-10-23

  16. Observations & What's Missing? Better SoC support ● ● more SRAM ● TrustZone support missing in some peripherals TrustZone: From my (limited) point of view: ● ● The concept of moving peripherals into Secure World is “complicated” on todays SoCs. ● Think about turning off the clock of the Secure World's I2C, PWM or Ethernet Controller. Support for existing private key storages ● ● inside the Linux kernel ● opengpg/ssh ● TPM build system feels Android centric ● make use more use of DT ● convert config #ifdef to kconfig ● Slide 17 - http://www.pengutronix.de - 2017-10-23

  17. Summary TEE – Trusted Execution Environment ● ● Set of APIs to split applications into normal and secure part TrustZone ● ● Security extension for ARM processors to partition one SoC into Normal and Secure World ● Practical usefulness depends on SoC design OP-TEE – Open Platform TEE ● ● Implements TEE on ARM using TrustZone Slide 18 - http://www.pengutronix.de - 2017-10-23

  18. Q & A @marckleinebudde Slide 19 - http://www.pengutronix.de - 2017-10-23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook we all have secrets and these secrets matter to us thats what makes them secrets software should keep our secrets some secrets are awful

1k views • 75 slides
Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to

Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to

NAHPXXJI6KNA Book ^ Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to describe. It typically does not price an excessive amount of. It is extremely difficult to leave it before

260 views • 3 slides
Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an

Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an

XUECRQXNRXVS Book Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an remarkable book which i have ever go through. It can be writter in simple terms and not difficult to

343 views • 3 slides
Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a

Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a

Seven Secrets to Building a Successful Business Introductions The Seven Secrets to Building a Successful Business The Essential Tools Incredible Offer!!! Todays Agenda Just for attending you get Copy of the Presentation Link to the

698 views • 56 slides
Presentation Secrets Presentation Secrets Filesize: 3.61 MB Reviews Reviews This is basically

Presentation Secrets Presentation Secrets Filesize: 3.61 MB Reviews Reviews This is basically

NHHOGOEDX28F PDF Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 3.61 MB Reviews Reviews This is basically the greatest pdf i have got go through right up until now. It normally fails to cost excessive. Once you

397 views • 3 slides
Competition Law Strategies: - Protect Your Brand - - Protect Your Retail Partners - - Protect

Competition Law Strategies: - Protect Your Brand - - Protect Your Retail Partners - - Protect

Competition Law Strategies: - Protect Your Brand - - Protect Your Retail Partners - - Protect Your Revenue - Brussels, Geneva Luxury Law New York Summit David Hull 14 November 2018

461 views • 19 slides
1 Secrets to Successful Retreat Planning Your Questions/Goals What are some of your best camp

1 Secrets to Successful Retreat Planning Your Questions/Goals What are some of your best camp

Welcome Secrets to Successful Retreat Planning Secrets to Successful Retreat Planning Be still and know that I am God Psalm 46:10 Secrets to Successful Retreat Planning Welcome Introduction (Leave w/everything you need to create your

465 views • 12 slides
The secrets of WFM Call Centre Helper conference 2 nd April 2019 John Casey Ccplanning

The secrets of WFM Call Centre Helper conference 2 nd April 2019 John Casey Ccplanning

The secrets of WFM Call Centre Helper conference 2 nd April 2019 John Casey Ccplanning John.Casey@ccplanning.net The secrets of WFM Making Resource Planning real The secrets of WFM Top Tip The secrets of WFM Principles of WFM These

467 views • 21 slides
Business Secrets Of Steve Jobs Presentation Secrets And Innovation Secrets All In One Book

Business Secrets Of Steve Jobs Presentation Secrets And Innovation Secrets All In One Book

Business Secrets Of Steve Jobs Presentation Secrets And Innovation Secrets All In One Book Ebook Bundle Gallo Carmine.pdf Business Secrets Of Steve Jobs Presentation Secrets And Innovation Secrets All In One Book Ebook Bundle Gallo Carmine

1.07k views • 51 slides
TOP SECRET CONFIDENTIAL 1 TOP SECRET WITCHCRAFT SECRETS CONFIDENTIAL 2 Witchcraft Secrets

TOP SECRET CONFIDENTIAL 1 TOP SECRET WITCHCRAFT SECRETS CONFIDENTIAL 2 Witchcraft Secrets

TOP SECRET CONFIDENTIAL 1 TOP SECRET WITCHCRAFT SECRETS CONFIDENTIAL 2 Witchcraft Secrets ...from a reverse-engineer Alyssa Rosenzweig Starswirls First Law Magic can neither be created nor destroyed 4 Starswirls First Law

1.23k views • 54 slides
Firefox Security Sid Stamm &lt;sid@mozilla.com&gt; Browser as a Protector Protect Site

Firefox Security Sid Stamm &lt;sid@mozilla.com&gt; Browser as a Protector Protect Site

Firefox Security Sid Stamm &lt;sid@mozilla.com&gt; Browser as a Protector Protect Site Content Safe Platform Third-Party Features Keeping your Secrets Content Restrictions Content Security Policy Content Restrictions Document

560 views • 43 slides
ITS ALL ABOUT YOUR SURVIVAL HEALTH INSURANCE Doctors protect your life, you protect your

ITS ALL ABOUT YOUR SURVIVAL HEALTH INSURANCE Doctors protect your life, you protect your

ITS ALL ABOUT YOUR SURVIVAL HEALTH INSURANCE Doctors protect your life, you protect your investments. I&amp;I will protect your Survival! PRESENTATION Policy that suits every pocket any medical emergency. Medi-claim, Accidental Death,

65 views • 3 slides
PRESENTATION SECRETS BY ALEXEI KAPTEREV DOWNLOAD EBOOK : PRESENTATION SECRETS BY ALEXEI KAPTEREV

PRESENTATION SECRETS BY ALEXEI KAPTEREV DOWNLOAD EBOOK : PRESENTATION SECRETS BY ALEXEI KAPTEREV

Read Online and Download Ebook PRESENTATION SECRETS BY ALEXEI KAPTEREV DOWNLOAD EBOOK : PRESENTATION SECRETS BY ALEXEI KAPTEREV PDF Click link bellow and free register to download ebook: PRESENTATION SECRETS BY ALEXEI KAPTEREV DOWNLOAD FROM

470 views • 7 slides
regpg safely store server secrets Tony Finch &lt;fanf2@cam.ac.uk&gt;

regpg safely store server secrets Tony Finch &lt;fanf2@cam.ac.uk&gt;

regpg safely store server secrets Tony Finch &lt;fanf2@cam.ac.uk&gt; &lt;gitmaster@uis.cam.ac.uk&gt; Network Systems (RNB 1N52) Tuesday 21st November 2017 University Information Services agenda Context Demo secrets? keys server?

703 views • 30 slides
The Presentation Secrets of Steve Jobs: How to be The Presentation Secrets of Steve Jobs: How to

The Presentation Secrets of Steve Jobs: How to be The Presentation Secrets of Steve Jobs: How to

GG2I4UUHYZDS Book The Presentation Secrets of Steve Jobs: How to be Insanely Great in... The Presentation Secrets of Steve Jobs: How to be The Presentation Secrets of Steve Jobs: How to be Insanely Great in Front of Any Audience Insanely

71 views • 3 slides
Distributing Secrets Securely ? Presented by Simo Sorce Red Hat, Inc. Flock 2015 Historically

Distributing Secrets Securely ? Presented by Simo Sorce Red Hat, Inc. Flock 2015 Historically

Distributing Secrets Securely ? Presented by Simo Sorce Red Hat, Inc. Flock 2015 Historically Monolithic applications on single servers potentially hooked to a central authentication system. Idm Distributing Secrets ? Containers it's

557 views • 29 slides
Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric

Boomerang: Exploiting the Semantic Gap in Trusted Execution Environments Aravind Machiry , Eric Gustafson, Chad Spensky, Chris Salls, Nick Stephens, Ruoyu Wang, Antonio Bianchi, Yung Ryn Choe, Christopher Kruegel, and Giovanni Vigna Sandia

1.1k views • 51 slides
Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel

Enarx Protection for data in use Mike Bursell Office of the CTO https://enarx.io Nathaniel McCallum Sr. Principal Engineer Trusted Execution Environments Trusted Execution Environments Host TEE TEE is a protected area within the host,

1.05k views • 22 slides
Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic

Trusted Execution Environments on Mobile Devices ACM CCS 2013 tutorial Jan-Erik Ekberg, Trustonic Kari Kostiainen, ETH Zurich N. Asokan, University of Helsinki and Aalto University What is a TEE? Processor, memory, storage, peripherals

1.23k views • 112 slides
! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected

! Apps Apps RAM ! Ring 0 - 2 OS / Hypervisor OS / Hypervisor Remote Attestation Protected

Keystone : An Open Framework for Architecting Trusted Execution Environments Dayeol Lee , David Kohlbrenner, Shweta Shinde, Krste Asanovic, Dawn Song Dept. of Electrical Engineering and Computer Sciences University of California, Berkeley

599 views • 30 slides
Updates from the RISC-V TEE Group Nick Kossifidis &lt;mick@ics.forth.gr&gt; Security-related

Updates from the RISC-V TEE Group Nick Kossifidis &lt;mick@ics.forth.gr&gt; Security-related

Updates from the RISC-V TEE Group Nick Kossifidis &lt;mick@ics.forth.gr&gt; Security-related RISC-V Task Groups 2 About the TEE Task Group One of the most popular groups (112 registered members) Regular conference calls / mailing list

675 views • 13 slides
Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel

Finding 1-Day Vulnerabilities in Trusted Applications using Selective Symbolic Execution Marcel Busch , Kalle Dirsch 2020-02-23 Friedrich-Alexander-University Erlangen-Nrnberg, Germany BAR20 BAR20 Motivation How secure are

352 views • 16 slides
Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August

Unearthing the TrustedCore A Critical Review on Huaweis Trusted Execution Environment August 11, 2020 Marcel Busch , Johannes Westphal, Tilo Mller Friedrich-Alexander-University Erlangen-Nrnberg, Germany Motivation TEEs are the backbone

696 views • 35 slides
https://ggle.io/3K3w McIntyre Tee Shirts For Is your childs McIntyre t-shirt too small,

https://ggle.io/3K3w McIntyre Tee Shirts For Is your childs McIntyre t-shirt too small,

https://ggle.io/3K3w McIntyre Tee Shirts For Is your childs McIntyre t-shirt too small, description: https://ggle.io/3DVI ripped, torn or missing? Would you like to show your McIntyre school spirit at school events or when volunteering?

527 views • 19 slides

More recommend