UEFI Secure boot is a verification mechanism for ensuring that code launched by the device firmware is trusted and that each efi payload loaded is validated.
According to the UEFI Spec these keys, certificates against which the images are verified are stored as Authenticated Variables in UEFI. UEFI Authenticated Variable is designed to provision and maintain the UEFI secure boot status.
An authenticated variable implementation requires an isolated
execution environment to do the authentication and update variables.
Up to now using a secure flash for variable, implied disabling a
Secure OS, since the mechanism for storing variables and running a Trusted OS is mutually exclusive.
Management Mode (MM) is a generic term used to describe a secure isolated execution environment provided by the CPU and related silicon that is entered when the CPU detects a MMI.
- For x86 systems, this can be implemented with System
Management Mode (SMM).
- For ARM systems, this can be implemented with TrustZone (TZ).
So with Management Mode, we can say that core provides a
Secure Partition kind of thing to run Secure Software.
In this presentation we will discuss how on ARM based systems, OP-TEE provides a Secure Partition kind of environment to run software for saving authenticated variables
Embedded Software Engineer (NXP Semiconductors)
Having a total experience of 7 years in Embedded Programming.<br /> Worked on various areas including PKCS#11, Arm TrustZone, OP-TEE, OpenSSL, Networking.
Tech Lead (Linaro)
Linux kernel developer with a taste for networking and performance