Session Abstract

Protecting key confidentiality is essential for many kernel security use-cases such as disk encryption, file encryption and protecting the integrity of file metadata. Trusted and encrypted keys provides a mechanism to export keys to user-space for storage as an encrypted blob and for the user-space to later reload them onto Linux keyring without the user-space knowing the encryption key. The existing Trusted Keys implementation relied on a TPM device but what if you are working on a system without one?

This session will introduce a Trusted Keys implementation which relies on a much simpler trusted application running in a Trusted Execution Environment (TEE) for sealing and unsealing of Trusted Keys using a hardware unique key provided by the TEE.

Session Speakers

Sumit Garg

Software Engineer (Linaro)

Currently working as part of Support and Solutions team, Linaro. Responsible for activities related to platform security like OP-TEE, trusted firmware, boot-loaders etc. Also responsible for tool-chain support activities.

Contributed in various open source projects like OP-TEE, TF-A, u-boot, edk2, Linux etc.

Apart form technical stuff, I have keen interest in sports like badminton, table tennis, chess etc.