PKCS#11 in OP-TEE

Session Speakers

Ruchika Gupta

(Linaro)

Etienne Carrière

(Linaro)

Vesa Jääskeläinen

(Vaisala)

Victor Chong

(Linaro)

Use of HSM’s in embedded/IoT products is not very common as it costs money but there is a need to provide secure storage for private keys in HSM. These may be needed for managing device identity, secure updates, TLS connections etc. OP-TEE can function as a HSM to provide secure storage and handle secrets. The PKCS#11 standard defines a platform-independent API which helps software to use, create, modify and delete cryptographic objects, without ever exposing those objects to the application’s memory. In this demo, we demonstrate how secrets can be generated and stored in OP-TEE based HSM using standard PKCS#11 interface. We also would demo the compatibility of the implementation with available PKCS#11 plugins/engines in openssl and openssh. Further, we would demo a few ways by which we test the implementation. Demo steps are available in this document - https://drive.google.com/file/d/1reMnNWEHv6yKK41uymSa-ilPbdA0ny5y/view?usp=sharing

/resources/lvc21/lvc21-215/

comments powered by Disqus

Other Posts

Sign up. Receive Updates. Stay informed.

Sign up to our mailing list to receive updates on the latest Linaro Connect news!