On a device it’s not uncommon to share power domains between secure and non-secure side, for example between a TEE and Linux kernel. With that comes some challenges that needs to be taken care of and that is the theme for this presentation. We’ve identified a couple of challenges when it comes to power management and security. One case is when sharing power resources (clock, power domains, ...) between secure and non-secure devices. Another is to make a proper shutdown and boot-up sequence (CPU on/off etc) and finally there has been some concerns regarding the latency when communicating with PSCI. In this session we would like to highlight those and discuss what the short and long term plans are.

Read more

Benchmark and profiling are two newly developed features in OP-TEE. In this session we will cover what has been done and what is left to do and a bit about how it has been implemented.

Read more

Device Tree is well established in the Linux kernel. But since there could be other bootloader(s) and firmware components involved that needs to configure the hardware and thereby also needs to update the Device Tree blobs before passing it to Linux kernel. Therefore we are looking for a well established way for firmware to also make use and modify the Device Tree blobs before handing them over to Linux kernel. With this BoF session we would like to get started a gather ideas etc.

Read more

The SKS/KeyGen2 project is about establishing an security architecture, provisioning and management scheme for cryptographic keys targeting a wide variety of applications including on-line banking, payments, e-government access, and enterprise login. A TEE (possibly aided by a local security processor) is a core component of the envisioned architecture. In order to enable easy enrollment, a browser-based provisioning protocol is another core component. Since a cryptographic key (unlike a file), usually represents a relationship to a remote party which also typically imply a policy for "their" keys, the system supports key ACLs which through an OS/TEE layer governs which applications a key may be used with. A consequence of this arrangement is that cryptographic keys become first-class OS objects like files. The protocol and basic key store is already running as an application which is used for testing and evaluation. What's missing is the OS/TEE/Browser integration, something which requires a set of rather different

Read more

Since the presentation back in 2015 (SFO15), there has been functionality added, like RPMB and there has also been some changes in general to the secure storage code. This presentation will summarize what has been happening and will also talk about what’s left to do.

Read more

ARM Trusted Firmware has established itself as a key part of the ARMv8-A software stack. Broadening its applicability across all segments, from embedded to enterprise, is challenging. This session discusses the latest developments, including extension into the 32-bit space.

Read more

In this session we will learn about what has been done to get Android Widevine to run OP-TEE.

Read more

This presentation will give an overview of the suite of reference security solutions developed by LHG. The solutions all have OPTEE as the secure OS running on ARM TrustZone integrated with DRMs such as Microsoft PlayReady and Google Widevine on both Linux and Android platforms. The secure video path implementation strives to use common elements across Linux and Android based solutions.

Read more

Heads up on what ARM are doing with the new ARMv8-M architecture from a software perspective.

Read more

ARM TrustZone is a critical technology for securing IoT devices and systems. But awareness of TrustZone and its benefits lags within the maker community as well as among enterprises. The first step to solving this problem is lowering the cost of access. Sequitur Labs and Linaro have joined forces to address this problem by making a port of OP-TEE available on the Raspberry Pi 3. The presentation covers the value of TrustZone for securing IoT and how customers can learn more through this joint effort. Embedded systems security remains a challenge for many developers. Awareness of mature, proven technologies such as ARM TrustZone is very low among the Maker community as well as among enterprises. As a result this foundational technology is largely being ignored as a security solution. Sequitur Labs and Linaro have taken an innovative approach combining an Open Source solution – OP-TEE with Raspberry Pi 3. The Raspberry Pi 3 is one of the world’s most popular platforms among device makers. Its value as an educational tool for learning about embedded systems development is proven. Sequitur Labs have also enabled bare metal debugging via JTag on the Pi 3 enhancing the value of the Pi 3 as an educational tool for embedded systems development. The presentation will focus on * ARM v8a architecture and instruction set * ARM Trusted Firmware * TrustZone and OP-TEE basics * JTAG and bare metal debugging the Raspberry Pi 3

Read more
Page 1 of 41234