LVC20-302 Enable UEFI Secure Boot using OP-TEE as Secure Partition

  • Session Files
  • Session Abstract

    UEFI Secure boot is a verification mechanism for ensuring that code launched by the device firmware is trusted and that each efi payload loaded is validated.
    According to the UEFI Spec these keys, certificates against which the images are verified are stored as Authenticated Variables in UEFI. UEFI Authenticated Variable is designed to provision and maintain the UEFI secure boot status.

    An authenticated variable implementation requires an isolated
    execution environment to do the authentication and update variables.
    Up to now using a secure flash for variable, implied disabling a
    Secure OS, since the mechanism for storing variables and running a Trusted OS is mutually exclusive.

    Management Mode (MM) is a generic term used to describe a secure isolated execution environment provided by the CPU and related silicon that is entered when the CPU detects a MMI.
    - For x86 systems, this can be implemented with System
    Management Mode (SMM).
    - For ARM systems, this can be implemented with TrustZone (TZ).

    So with Management Mode, we can say that core provides a
    Secure Partition kind of thing to run Secure Software.

    In this presentation we will discuss how on ARM based systems, OP-TEE provides a Secure Partition kind of environment to run software for saving authenticated variables

    Session Speakers

    Sahil Malhotra

    Embedded Software Engineer (NXP Semiconductors)

    Having a total experience of 7 years in Embedded Programming.<br /> Worked on various areas including PKCS#11, Arm TrustZone, OP-TEE, OpenSSL, Networking.

    Ilias Apalodimas

    Tech Lead (Linaro)

    Linux kernel developer with a taste for networking and performance

    comments powered by Disqus

    Recent Posts

    Other Posts

    Sign up. Receive Updates. Stay informed.

    Sign up to our mailing list to receive updates on the latest Linaro Connect news!