LVC20-302 Enable UEFI Secure Boot using OP-TEE as Secure Partition

Session Abstract

Slack channel for session LVC20-302: https://linaroconnect.slack.com/archives/C01BK3BKHA5

Description:
UEFI Secure boot is a verification mechanism for ensuring that code launched by the device firmware is trusted and that each efi payload loaded is validated.
According to the UEFI Spec these keys, certificates against which the images are verified are stored as Authenticated Variables in UEFI. UEFI Authenticated Variable is designed to provision and maintain the UEFI secure boot status.

An authenticated variable implementation requires an isolated
execution environment to do the authentication and update variables.
Up to now using a secure flash for variable, implied disabling a
Secure OS, since the mechanism for storing variables and running a Trusted OS is mutually exclusive.

Management Mode (MM) is a generic term used to describe a secure isolated execution environment provided by the CPU and related silicon that is entered when the CPU detects a MMI.
- For x86 systems, this can be implemented with System
Management Mode (SMM).
- For ARM systems, this can be implemented with TrustZone (TZ).

So with Management Mode, we can say that core provides a
Secure Partition kind of thing to run Secure Software.

In this presentation we will discuss how on ARM based systems, OP-TEE provides a Secure Partition kind of environment to run software for saving authenticated variables

Session Speakers

Sahil Malhotra

Lead Software Engineer (NXP)

Having a total experience of 7 years in Embedded Programming.<br /> Worked on various areas including PKCS#11, Arm TrustZone, OP-TEE, OpenSSL, Networking.

Ilias Apalodimas

Tech Lead (Linaro)

Linux kernel developer with a taste for networking and performance

comments powered by Disqus

Other Posts

Sign up. Receive Updates. Stay informed.

Sign up to our mailing list to receive updates on the latest Linaro Connect news!