Protecting key confidentiality is essential for many kernel security use-cases such as disk encryption, file encryption and protecting the integrity of file metadata. Trusted and encrypted keys provides a mechanism to export keys to user-space for storage as an encrypted blob and for the user-space to later reload them onto Linux keyring without the user-space knowing the encryption key. The existing Trusted Keys implementation relied on a TPM device but what if you are working on a system without one?
This session will introduce a Trusted Keys implementation which relies on a much simpler trusted application running in a Trusted Execution Environment (TEE) for sealing and unsealing of Trusted Keys using a hardware unique key provided by the TEE.
Software Engineer (Linaro)
Currently working as part of Support and Solutions team, Linaro. Responsible for activities related to platform security like OP-TEE, trusted firmware, boot-loaders etc. Also responsible for tool-chain support activities.
Contributed in various open source projects like OP-TEE, TF-A, u-boot, edk2, Linux etc.
Apart form technical stuff, I have keen interest in sports like badminton, table tennis, chess etc.