SlideShare uma empresa Scribd logo

LAS16 111 - Raspberry pi3, op-tee and jtag debugging

96Boards
96Boards

Raspberry pi3, op-tee and jtag debugging

Tecnologia
1 de 35
Baixar para ler offline
Trust What’s Next™ www.sequiturlabs.co m EASING ACCESS TO ARM TRUSTZONE – OP-TEE AND RASPBERRY PI 3 09/26/16 Presented by Sequitur Labs Inc.
2 OP-TEE on Raspberry Pi 3 1. Motivation 2. Anatomy of the Port 3. Kit Availability 4. Device security – Core concepts 5. TrustZone – “what it means” Presented by Sequitur Labs Inc. 2016
3 Motivation —Next-gen devices need foundational security —TrustZone and TEEs fast becoming standards for chip level security —Lack of widespread knowledge among maker community of TrustZone and TEEs —Only hardware and software pros can make security happen —Requires deep understanding of hardware and OS fundamentals —Problem: How to make security accessible? Presented by Sequitur Labs Inc. 2016
4 Motivation —RPi3: Economical board, $35 —Good support (BSP, online fora) —Quad Core Cortex-A53 V8a —Poked around startup code, looked like “some” TrustZone features might be present —Searched for JTAG, found multiplexor setup —Appeared as if OP-TEE port might be feasible Presented by Sequitur Labs Inc. 2016
5 Anatomy of the Port —Work done almost immediately following flurry of AARCH64 Raspberry Pi fora posts —64-bit (AARCH64) kernel —U-boot —Running NS, wrong mode —Boot “stubs”, setting cores to EL2, spin loop —64 bit runtime (Linaro/Ubuntu) —details in separate ppt titled “Anatomy of Port” Presented by Sequitur Labs Inc. 2016
6 Anatomy of the Port —Challenges —Effectively no data sheet; full hardware capability a bit of a mystery —Dive into source code; read stuff available online —Approach (details in appendix) —Modified boot stubs —Modified u-boot —Ported ARM Trusted Firmware (ATF) BL31 —Modified memory maps —Enabled startup debug; JTAG —Ported OP-TEE Presented by Sequitur Labs Inc. 2016
7 TrustZone on RPi 3: Details —Raspberry Pi 3 implements Cortex-A/V8a exceptions But —It does not implement the crypto acceleration instructions —Linux Device Tree Source (DTS) showed no indication of any security hardware IP —No TZPC, TZASC, GIC or other proprietary bus/fabric security control interfaces —No securable memory —IE., A53 core security state signals not propagated throughout the fabric. Conclusion —not-securable TrustZone implementation but GREAT for education, learning, Trusted Application development and debug. Presented by Sequitur Labs Inc. 2016
8 Kit Availabilty —Linaro repo build: Joakim Bech (busybox stack) —tftp download/boot —fat load —All AARCH64 —Sequitur Labs “GlobalPlatform TEE hackathon setup” —AARCH64 Linux —Raspbian/32 NW runtime —Virtualbox Ubuntu/Mint 17 Linux setup (includes all source) —RPi3 + Bus-blaster + Debug cable + uSD card (under $100) Presented by Sequitur Labs Inc. 2016
9 Kit Focus —Linux stack: —Pi3 in widespread prototype use —Great for development —Not a mobile device (phone) —OP-TEE: —Focus is bigger than mobile, it’s the other 90% of the market —Applications where trust is required apart from payment and DRM Presented by Sequitur Labs Inc. 2016
Trust What’s Next™ www.sequiturlabs.co m NEXT-GENERATION EMBEDDED SECURITY: KEY CONCEPTS
11 Problems of a Big Flat Space —Security must be designed in —Isolation enables protection —Create hard boundaries around assets that must be protected —At least two distinct domains: secure and non-secure —Resources —Functions —Without requiring an external “security chip” —Management plane —Enforcement controls —Boundary protections Crypto functions Credentials Memory Peripheral drivers Critical execution Data storage Presented by Sequitur Labs Inc. 2016
12 TrustZone is a Strategy —Cortex-A core security state is orthogonal to processor mode (USR, SVC) —Two security domains (states): secure, and non-secure —Physical security domains incorporate: —Memory: on and off chip RAM —Bus masters and slaves (IP) {SPI, I2C, QSPI, UART …} —Core resources: MMU, cache, interrupts —Core security state aligned with security domain —Much more than crypto … —Programmable (security features): —Provisioning —Secure boot*, secure updates —Secure peripherals (sensors, actuators)* —Cryptography (transaction or session) – eg., SSL or .. —Trusted controls * Implementation defined Presented by Sequitur Labs Inc. 2016
13 Enable Critical Foundational Security Features “Must have” security features for connected devices: —Separation, isolation and hardware roots of trust —Secure boot —Secure firmware updates —Authentication (encrypted and authenticated boot) —Key storage and management (including revocation), unlimited key storage (not a fixed number of “slots”). —Secure data storage Solutions must: —Address immediate security issues —Address future needs Presented by Sequitur Labs Inc. 2016
Trust What’s Next™ www.sequiturlabs.co m CORTEX-A SECURITY FUNDAMENTALS REVIEW Core state and signal propagation Secure v Not-Secure, Monitor Interrupt Routing
15 ARM® TrustZone® On-chip security enclave that provides hardware isolation and protection for sensitive material such as cryptographic keys, algorithms and data Same technology that secures —A billion+ devices —Samsung —BlackBerry —Nokia —Microsoft —Payment and bank terminals —Set top boxes —++ Terminology —TrustZone is hardware —Trusted Execution Environment (TEE) is software —Normal World / Rich OS / REE —Secure World / Secure OS / TEE —Secure Monitor —Trusted Application (TA) —Trusted Connector APIs —Trusted Application Manager (TAM) Presented by Sequitur Labs Inc. 2016
16 Cortex-A Review: Core State and Signal Propagation, Interrupts —ARM core propagates security state to bus fabric (matrix32, matrix64) —Bus masters, slaves and RAM must enforce master/slave security state relationship —Non-secure master cannot access secure slave, eg., Linux (non-secure) cannot access AES or cryptographic keys —TrustZone/Secure World: “like a 2nd virtual, secure CPU” —Banked registers + MMU (sctlr, ttbr0/ttbr1 …); ie., MMU, page tables, physical and virtual addresses unique to secure and non-secure worlds respectively. —2 Interrupt lines: FIQ (fast interrupt) and IRQ (interrupt). —By convention, FIQ is “owned” by secure world Presented by Sequitur Labs Inc. 2016
17 Cortex-A Review: Security Configuration —ARM core resets into secure state —Preparation of secure and non-secure peripherals done by boot firmware prior to “non secure handoff”. —SCR: secure configuration register —security state, interrupt routing (ie., FIQ forcing). —NS = 0  “secure” —NS = 1  “NOT secure” —FIQ and IRQ, delivered to current world (== 0) or forced to monitor (==1) and not maskable from that (NS-state) world. —Interrupts (FIQ and IRQ) are routed to VBAR-NS, VBAR-S or MVBAR (non-secure, secure and monitor vector base address register handlers) according to SCR.{F,I,NS} bits. —SCR is not accessible from normal world (does not exist)Presented by Sequitur Labs Inc. 2016
18 Cortex-A Review: Monitor Mode (or EL3) —Implicitly secure regardless of SCR.NS —Execution/address space always secure, ie., when in monitor mode and NS=1 and MMU enabled, address translation is via Secure ttbr0/ttbr1. —But, as above, read/write ttbr0/ttbr1 accesses NON-secure ttbr0/ttbr1 instances. —i.e., always secure, NS selects Secure or Non-Secure banked registers. —Monitor mode code, Keep It Simple (KISS): “pass through between worlds” and “context switch”. Presented by Sequitur Labs Inc. 2016
Trust What’s Next™ www.sequiturlabs.co m GETTING STARTED WITH OP- TEE Planning and Requirements Definition Writing Trusted Applications
21 OP-TEE APIs TEE Internal Core API — The Internal API is the API that is exposed to the TAs running in the secure world. The TEE Internal API consists of four major parts: — Trusted Storage API for Data and Keys — Cryptographic Operations API — Time API — Arithmetical API OP-TEE implements Global Platform compliant APIs: TEE Client API — Communications API for connecting Client Applications running in a rich operating environment with TAs running inside OP-TEE (ie Linux) Presented by Sequitur Labs Inc. 2016
22 TEE Client API —The mechanism to interact with Trusted Applications in the TEE —Standardized —Compliance tested —Application independent —Say how messages are passed, not what they mean —Implementation independent —The same regardless of how the TEE is implemented —The same regardless of the communications mechanism to the TEE —Efficient —Capable of zero copy operation if TEE uses correct interface —Blocking —Simple, easy to understand, programming model for modern operating systems —Easy to use Presented by Sequitur Labs Inc. 2016
23 TEE Client API: Error Handling —Most routines return a return code of type TEEC_RESULT —Many standard values —TEEC_SUCCESS = 0 always means success —Routines which communicate with the TEE/TA also return error origin indicating where error occurred —TEEC_ORIGIN_API TEE Client API implementation —TEEC_ORIGIN_COMMS Communications between REE and TEE —TEEC_ORIGIN_TEE Shared TEE code outside the TA —TEEC_ORIGIN_TRUSTED_APP Trusted Application defined Presented by Sequitur Labs Inc. 2016
24 TEE Client API: Key Concepts —Context: Connection from REE to OP-TEE. —Session: Connection from REE app to OP-TEE TA. —Command: Unit of Communication from REE app to TA. —Shared Memory: Shared buffers allocated by Client API or by REE app and managed by OP- TEE driver Presented by Sequitur Labs Inc. 2016
25 TEE Client API: TEE Context —Connection to a TEE is represented as a TEEC_Context —Connect using TEEC_InitializeContext —Disconnect using TEEC_FinalizeContext —Always use NULL as the TEE name Presented by Sequitur Labs Inc. 2016
26 TEE Client API: Trusted Application Sessions —Can connect to one or more Trusted Applications in a TEE —Identified by a TEEC_Context —Represented by a TEEC_Session object —Connect using TEEC_OpenSession —Disconnect using TEEC_CloseSession —TA is identified by a UUID —Specifies the login method and associated data —Can supply an operation and parameters —Can be cancellable Presented by Sequitur Labs Inc. 2016
27 TEE Client API: Commands —Commands identified by a 32-bit integer —Trusted Applications define the meaning of all commands —One command means different things to different TAs —Client API does not limit command meaning in any way —Commands are always blocking —Optional support for cancellation via multi-threading —Commands are sent to the TA along with up to four parameters —Parameters are combined into a single structure: an Operation —Parameters can be of three types – IN, INOUT, OUT —All parameters are optional —TEEC_InvokeCommand Presented by Sequitur Labs Inc. 2016
28 Debug —Trusted Application/secure world: —JTAG, only if “secure JTAG” is enabled —DMSG/IMSG/EMSG, ~printf —TEE Client (Linux): —Linux native code; via object or library (.o, .a, .so) —gdb —printf Presented by Sequitur Labs Inc. 2016
29 Naming: Universally Unique ID (UUID) —A UUID is effectively unique if randomly generated —128 bits —Normally written in a standard format: —123e4567-e89b-12d3-a456- 426655440000 —Every Trusted Application is identified by a UUID —UUIDs are defined by RFC 4122 —Five formats, only two are important —Random UUID has 122 bits of randomness —Derived from a SHA-1 hash value —Impersonation is possible —Nothing to stop two Trusted Applications using the same UUID —Provable UUID ownership scheme in Administration Framework (see later) Presented by Sequitur Labs Inc. 2016
30 Operation and Parameter Types —Represented as a C structure: typedef struct { uint32_t started; uint32_t paramTypes; TEEC_Parameter params[4]; <Implementation-Defined Type> imp; } TEEC_Operation; —paramTypes is a combination of the types of the four parameters —Built using TEEC_PARAMS_TYPE macro —Parameter Types —IN: Values passed to the TA —OUT: Values Returned by the TA —INOUT: Values passed to the TA and returned Presented by Sequitur Labs Inc. 2016
31 Memory Management —Memory shared between client and TA is _not secure_ (by definition) —Can use memory allocated by any mechanism —No need for any copies — User of the interface allocates all memory directly —It is clear who owns all areas of memory — User is responsible for freeing all memory —The person who allocates it must free it — Only one API routine allocates memory —TEEC_AllocateSharedMemory Client Application Trusted Application Operation Starts Operation Completes Client Application owns the buffer Client Application owns the buffer Trusted Application owns the buffer Memory Ownership Presented by Sequitur Labs Inc. 2016
32 Memory References All buffers are represented as memory references typedef struct { void* buffer; size_t size; } TEEC_TempMemoryReference; Note: References can overlap May or may not work depending on — Represents a reference to a user supplied buffer — Shared only for the length of the call — On input size is number of valid bytes — On output size is number of valid bytes — For output buffers can set size to 0 and get back required size Temporary — Represents a reference to part of a region of shared memory — Memory is shared for the lifetime of the shared memory structure — Multiple references can refer to the same shared memory region. typedef struct { TEEC_SharedMemory* parent; size_t size; size_t offset; } TEEC_RegisteredMemoryReference Registered Presented by Sequitur Labs Inc. 2016
33 Multi-threading —Most operations are thread safe —The exceptions are creation and deletion of objects —Only a problem if the same object is used —The effect of writing to the same buffer from multiple TAs is confusing —Can invoke two commands simultaneously on the same TA in the same session —The TEE implementation must ensure this does not cause problems —Can access multiple TAs in the same TEE simultaneously Presented by Sequitur Labs Inc. 2016
34 Cancellation —TA may make commands cancellable —Does not have to —May choose to ignore cancellation —Cancellation requires a multi-threaded environment —Thread blocking in TA call —Second thread to cancel operation —Set started to “0” in operation structure — Cancel operation by calling TEEC_CancelOperation —Must be same Operation structure —Original call may: —Complete normally —Complete with some error —Complete with the TEEC_ERROR_CANCEL error code Presented by Sequitur Labs Inc. 2016
35 Hello World (1 of 2) —The TA is assumed to prepend “Hello ” to the supplied argument string —Error handling has been omitted for simplicity —It should just shut everything down again and exit —Comments have been omitted TEEC_Context context; TEEC_Session session; TEEC_Operation operation; TEEC_Result result; char *output[50]; result = TEEC_InitializeContext(NULL, &context); if (result != TEEC_SUCCESS) goto cleanup; result = TEEC_OpenSession(&context, &session, &uuid, TEEC_LOGIN_PUBLIC, NULL, NULL, NULL); if (result != TEEC_SUCCESS) goto cleanup1; Presented by Sequitur Labs Inc. 2016
36 Hello World (2 of 2) operation.paramTypes = TEEC_PARAM_TYPES( TEEC_MEMREF_TEMP_INPUT, TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE, TEEC_NONE); operation.params[0].tmpref.buffer = “World”; operation.params[0].tmpref.size = 5; operation.params[1].tmpref.buffer = output; operation.params[1].tmpref.size = sizeof(output); result = TEEC_InvokeCommand(&session, 12345, &operation, NULL); If (result != TEEC_SUCCESS) goto cleanup2; printf(“%*sn”, operation.params[1].tmpref.size, output); Presented by Sequitur Labs Inc. 2016

Recomendados

TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
Linaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
Linaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
LAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEE
Linaro
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
Linaro
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
Yannick Gicquel
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
Linaro
 

Recomendados

TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
Linaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
Linaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
LAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEE
Linaro
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
Linaro
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
Yannick Gicquel
 
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARMSFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
SFO15-205: OP-TEE Content Decryption with Microsoft PlayReady on ARM
Linaro
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
Linaro
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
Linaro
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEE
Linaro
 
RISC-V Boot Process: One Step at a Time
RISC-V Boot Process: One Step at a TimeRISC-V Boot Process: One Step at a Time
RISC-V Boot Process: One Step at a Time
Atish Patra
 
linux device driver
linux device driverlinux device driver
linux device driver
Rahul Batra
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted Firmware
Linaro
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
Linaro
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE
Linaro
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRM
Linaro
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
Linaro
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
Linaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
Linaro
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
Satpal Parmar
 
U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0
GlobalLogic Ukraine
 
LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted Firmware
Linaro
 
Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)
Thomas Petazzoni
 
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
Linaro
 
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET Journal
 
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
sequi_inc
 

Mais conteúdo relacionado

Mais procurados

Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
Linaro
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
Linaro
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEE
Linaro
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE
Linaro
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRM
Linaro
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
Linaro
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
Linaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
Linaro
 
Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)
Thomas Petazzoni
 
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
Linaro
 

Mais procurados (20)

Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEE
 
RISC-V Boot Process: One Step at a Time
RISC-V Boot Process: One Step at a TimeRISC-V Boot Process: One Step at a Time
RISC-V Boot Process: One Step at a Time
 
linux device driver
linux device driverlinux device driver
linux device driver
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted Firmware
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRM
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
 
U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0U-boot and Android Verified Boot 2.0
U-boot and Android Verified Boot 2.0
 
LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted Firmware
 
Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)
 
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
 

Semelhante a LAS16 111 - Raspberry pi3, op-tee and jtag debugging

Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Ramesh Nagappan
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
Lancope, Inc.
 
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortEuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
Cristofaro Mune
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
LF Events
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
csandit
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
Rod Soto
 

Semelhante a LAS16 111 - Raspberry pi3, op-tee and jtag debugging (20)

IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
IRJET- Public Key Infrastructure (PKI) Understanding for Vxworks RTOS using A...
 
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
Industrial Control Systems Security - A Perspective on Product Design (Sequi,...
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
 
Test Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysisTest Execution Infrastructure for IoT Quality analysis
Test Execution Infrastructure for IoT Quality analysis
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
 
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls shortEuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
EuskalHack 2017 - Secure initialization of TEEs: when secure boot falls short
 
Kernel security of Systems
Kernel security of SystemsKernel security of Systems
Kernel security of Systems
 
Hardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxHardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/Linux
 
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
zkStudyClub: Zero-Knowledge Proofs Security, in Practice [JP Aumasson, Taurus]
 
Security and functional safety
Security and functional safetySecurity and functional safety
Security and functional safety
 
Proving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEsProving the Security of Low-Level Software Components & TEEs
Proving the Security of Low-Level Software Components & TEEs
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
CNS UNIT-VI.pptx
CNS UNIT-VI.pptxCNS UNIT-VI.pptx
CNS UNIT-VI.pptx
 
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi ItaliaSerie dei nuovi processori Xeon Scalabili - Yashi Italia
Serie dei nuovi processori Xeon Scalabili - Yashi Italia
 
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADARITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
RITA SECURE COMMUNICATION PROTOCOL: APPLICATION TO SCADA
 
Automated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gposAutomated prevention of ransomware with machine learning and gpos
Automated prevention of ransomware with machine learning and gpos
 
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOsSPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
SPO2-T11_Automated-Prevention-of-Ransomware-with-Machine-Learning-and-GPOs
 
HiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationHiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentation
 

Mais de 96Boards

Mais de 96Boards (7)

OpenHours Bootloaders and Secure Firmware
OpenHours Bootloaders and Secure FirmwareOpenHours Bootloaders and Secure Firmware
OpenHours Bootloaders and Secure Firmware
 
UCSD Hard Hackathon 2017 Photo Gallery
UCSD Hard Hackathon 2017 Photo GalleryUCSD Hard Hackathon 2017 Photo Gallery
UCSD Hard Hackathon 2017 Photo Gallery
 
ST on 96Boards OpenHours - System level ESD protection
ST on 96Boards OpenHours - System level ESD protectionST on 96Boards OpenHours - System level ESD protection
ST on 96Boards OpenHours - System level ESD protection
 
LAS16 310 - Introducing the first 96Boards tv platform - Poplar by hisilicon
LAS16 310 - Introducing the first 96Boards tv platform - Poplar by hisiliconLAS16 310 - Introducing the first 96Boards tv platform - Poplar by hisilicon
LAS16 310 - Introducing the first 96Boards tv platform - Poplar by hisilicon
 
LAS16 109 - The status quo and the future of 96Boards
LAS16 109 - The status quo and the future of 96BoardsLAS16 109 - The status quo and the future of 96Boards
LAS16 109 - The status quo and the future of 96Boards
 
LAS16 100 K1 - Keynote George Grey
LAS16 100 K1 - Keynote George GreyLAS16 100 K1 - Keynote George Grey
LAS16 100 K1 - Keynote George Grey
 
Dragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshowDragon board 410c workshop - slideshow
Dragon board 410c workshop - slideshow
 

Último

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Principled Technologies
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Último (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

LAS16 111 - Raspberry pi3, op-tee and jtag debugging

  • 1. Trust What’s Next™ www.sequiturlabs.co m EASING ACCESS TO ARM TRUSTZONE – OP-TEE AND RASPBERRY PI 3 09/26/16 Presented by Sequitur Labs Inc.
  • 2. 2 OP-TEE on Raspberry Pi 3 1. Motivation 2. Anatomy of the Port 3. Kit Availability 4. Device security – Core concepts 5. TrustZone – “what it means” Presented by Sequitur Labs Inc. 2016
  • 3. 3 Motivation —Next-gen devices need foundational security —TrustZone and TEEs fast becoming standards for chip level security —Lack of widespread knowledge among maker community of TrustZone and TEEs —Only hardware and software pros can make security happen —Requires deep understanding of hardware and OS fundamentals —Problem: How to make security accessible? Presented by Sequitur Labs Inc. 2016
  • 4. 4 Motivation —RPi3: Economical board, $35 —Good support (BSP, online fora) —Quad Core Cortex-A53 V8a —Poked around startup code, looked like “some” TrustZone features might be present —Searched for JTAG, found multiplexor setup —Appeared as if OP-TEE port might be feasible Presented by Sequitur Labs Inc. 2016
  • 5. 5 Anatomy of the Port —Work done almost immediately following flurry of AARCH64 Raspberry Pi fora posts —64-bit (AARCH64) kernel —U-boot —Running NS, wrong mode —Boot “stubs”, setting cores to EL2, spin loop —64 bit runtime (Linaro/Ubuntu) —details in separate ppt titled “Anatomy of Port” Presented by Sequitur Labs Inc. 2016
  • 6. 6 Anatomy of the Port —Challenges —Effectively no data sheet; full hardware capability a bit of a mystery —Dive into source code; read stuff available online —Approach (details in appendix) —Modified boot stubs —Modified u-boot —Ported ARM Trusted Firmware (ATF) BL31 —Modified memory maps —Enabled startup debug; JTAG —Ported OP-TEE Presented by Sequitur Labs Inc. 2016
  • 7. 7 TrustZone on RPi 3: Details —Raspberry Pi 3 implements Cortex-A/V8a exceptions But —It does not implement the crypto acceleration instructions —Linux Device Tree Source (DTS) showed no indication of any security hardware IP —No TZPC, TZASC, GIC or other proprietary bus/fabric security control interfaces —No securable memory —IE., A53 core security state signals not propagated throughout the fabric. Conclusion —not-securable TrustZone implementation but GREAT for education, learning, Trusted Application development and debug. Presented by Sequitur Labs Inc. 2016
  • 8. 8 Kit Availabilty —Linaro repo build: Joakim Bech (busybox stack) —tftp download/boot —fat load —All AARCH64 —Sequitur Labs “GlobalPlatform TEE hackathon setup” —AARCH64 Linux —Raspbian/32 NW runtime —Virtualbox Ubuntu/Mint 17 Linux setup (includes all source) —RPi3 + Bus-blaster + Debug cable + uSD card (under $100) Presented by Sequitur Labs Inc. 2016
  • 9. 9 Kit Focus —Linux stack: —Pi3 in widespread prototype use —Great for development —Not a mobile device (phone) —OP-TEE: —Focus is bigger than mobile, it’s the other 90% of the market —Applications where trust is required apart from payment and DRM Presented by Sequitur Labs Inc. 2016
  • 11. 11 Problems of a Big Flat Space —Security must be designed in —Isolation enables protection —Create hard boundaries around assets that must be protected —At least two distinct domains: secure and non-secure —Resources —Functions —Without requiring an external “security chip” —Management plane —Enforcement controls —Boundary protections Crypto functions Credentials Memory Peripheral drivers Critical execution Data storage Presented by Sequitur Labs Inc. 2016
  • 12. 12 TrustZone is a Strategy —Cortex-A core security state is orthogonal to processor mode (USR, SVC) —Two security domains (states): secure, and non-secure —Physical security domains incorporate: —Memory: on and off chip RAM —Bus masters and slaves (IP) {SPI, I2C, QSPI, UART …} —Core resources: MMU, cache, interrupts —Core security state aligned with security domain —Much more than crypto … —Programmable (security features): —Provisioning —Secure boot*, secure updates —Secure peripherals (sensors, actuators)* —Cryptography (transaction or session) – eg., SSL or .. —Trusted controls * Implementation defined Presented by Sequitur Labs Inc. 2016
  • 13. 13 Enable Critical Foundational Security Features “Must have” security features for connected devices: —Separation, isolation and hardware roots of trust —Secure boot —Secure firmware updates —Authentication (encrypted and authenticated boot) —Key storage and management (including revocation), unlimited key storage (not a fixed number of “slots”). —Secure data storage Solutions must: —Address immediate security issues —Address future needs Presented by Sequitur Labs Inc. 2016
  • 14. Trust What’s Next™ www.sequiturlabs.co m CORTEX-A SECURITY FUNDAMENTALS REVIEW Core state and signal propagation Secure v Not-Secure, Monitor Interrupt Routing
  • 15. 15 ARM® TrustZone® On-chip security enclave that provides hardware isolation and protection for sensitive material such as cryptographic keys, algorithms and data Same technology that secures —A billion+ devices —Samsung —BlackBerry —Nokia —Microsoft —Payment and bank terminals —Set top boxes —++ Terminology —TrustZone is hardware —Trusted Execution Environment (TEE) is software —Normal World / Rich OS / REE —Secure World / Secure OS / TEE —Secure Monitor —Trusted Application (TA) —Trusted Connector APIs —Trusted Application Manager (TAM) Presented by Sequitur Labs Inc. 2016
  • 16. 16 Cortex-A Review: Core State and Signal Propagation, Interrupts —ARM core propagates security state to bus fabric (matrix32, matrix64) —Bus masters, slaves and RAM must enforce master/slave security state relationship —Non-secure master cannot access secure slave, eg., Linux (non-secure) cannot access AES or cryptographic keys —TrustZone/Secure World: “like a 2nd virtual, secure CPU” —Banked registers + MMU (sctlr, ttbr0/ttbr1 …); ie., MMU, page tables, physical and virtual addresses unique to secure and non-secure worlds respectively. —2 Interrupt lines: FIQ (fast interrupt) and IRQ (interrupt). —By convention, FIQ is “owned” by secure world Presented by Sequitur Labs Inc. 2016
  • 17. 17 Cortex-A Review: Security Configuration —ARM core resets into secure state —Preparation of secure and non-secure peripherals done by boot firmware prior to “non secure handoff”. —SCR: secure configuration register —security state, interrupt routing (ie., FIQ forcing). —NS = 0  “secure” —NS = 1  “NOT secure” —FIQ and IRQ, delivered to current world (== 0) or forced to monitor (==1) and not maskable from that (NS-state) world. —Interrupts (FIQ and IRQ) are routed to VBAR-NS, VBAR-S or MVBAR (non-secure, secure and monitor vector base address register handlers) according to SCR.{F,I,NS} bits. —SCR is not accessible from normal world (does not exist)Presented by Sequitur Labs Inc. 2016
  • 18. 18 Cortex-A Review: Monitor Mode (or EL3) —Implicitly secure regardless of SCR.NS —Execution/address space always secure, ie., when in monitor mode and NS=1 and MMU enabled, address translation is via Secure ttbr0/ttbr1. —But, as above, read/write ttbr0/ttbr1 accesses NON-secure ttbr0/ttbr1 instances. —i.e., always secure, NS selects Secure or Non-Secure banked registers. —Monitor mode code, Keep It Simple (KISS): “pass through between worlds” and “context switch”. Presented by Sequitur Labs Inc. 2016
  • 19. Trust What’s Next™ www.sequiturlabs.co m GETTING STARTED WITH OP- TEE Planning and Requirements Definition Writing Trusted Applications
  • 20. 21 OP-TEE APIs TEE Internal Core API — The Internal API is the API that is exposed to the TAs running in the secure world. The TEE Internal API consists of four major parts: — Trusted Storage API for Data and Keys — Cryptographic Operations API — Time API — Arithmetical API OP-TEE implements Global Platform compliant APIs: TEE Client API — Communications API for connecting Client Applications running in a rich operating environment with TAs running inside OP-TEE (ie Linux) Presented by Sequitur Labs Inc. 2016
  • 21. 22 TEE Client API —The mechanism to interact with Trusted Applications in the TEE —Standardized —Compliance tested —Application independent —Say how messages are passed, not what they mean —Implementation independent —The same regardless of how the TEE is implemented —The same regardless of the communications mechanism to the TEE —Efficient —Capable of zero copy operation if TEE uses correct interface —Blocking —Simple, easy to understand, programming model for modern operating systems —Easy to use Presented by Sequitur Labs Inc. 2016
  • 22. 23 TEE Client API: Error Handling —Most routines return a return code of type TEEC_RESULT —Many standard values —TEEC_SUCCESS = 0 always means success —Routines which communicate with the TEE/TA also return error origin indicating where error occurred —TEEC_ORIGIN_API TEE Client API implementation —TEEC_ORIGIN_COMMS Communications between REE and TEE —TEEC_ORIGIN_TEE Shared TEE code outside the TA —TEEC_ORIGIN_TRUSTED_APP Trusted Application defined Presented by Sequitur Labs Inc. 2016
  • 23. 24 TEE Client API: Key Concepts —Context: Connection from REE to OP-TEE. —Session: Connection from REE app to OP-TEE TA. —Command: Unit of Communication from REE app to TA. —Shared Memory: Shared buffers allocated by Client API or by REE app and managed by OP- TEE driver Presented by Sequitur Labs Inc. 2016
  • 24. 25 TEE Client API: TEE Context —Connection to a TEE is represented as a TEEC_Context —Connect using TEEC_InitializeContext —Disconnect using TEEC_FinalizeContext —Always use NULL as the TEE name Presented by Sequitur Labs Inc. 2016
  • 25. 26 TEE Client API: Trusted Application Sessions —Can connect to one or more Trusted Applications in a TEE —Identified by a TEEC_Context —Represented by a TEEC_Session object —Connect using TEEC_OpenSession —Disconnect using TEEC_CloseSession —TA is identified by a UUID —Specifies the login method and associated data —Can supply an operation and parameters —Can be cancellable Presented by Sequitur Labs Inc. 2016
  • 26. 27 TEE Client API: Commands —Commands identified by a 32-bit integer —Trusted Applications define the meaning of all commands —One command means different things to different TAs —Client API does not limit command meaning in any way —Commands are always blocking —Optional support for cancellation via multi-threading —Commands are sent to the TA along with up to four parameters —Parameters are combined into a single structure: an Operation —Parameters can be of three types – IN, INOUT, OUT —All parameters are optional —TEEC_InvokeCommand Presented by Sequitur Labs Inc. 2016
  • 27. 28 Debug —Trusted Application/secure world: —JTAG, only if “secure JTAG” is enabled —DMSG/IMSG/EMSG, ~printf —TEE Client (Linux): —Linux native code; via object or library (.o, .a, .so) —gdb —printf Presented by Sequitur Labs Inc. 2016
  • 28. 29 Naming: Universally Unique ID (UUID) —A UUID is effectively unique if randomly generated —128 bits —Normally written in a standard format: —123e4567-e89b-12d3-a456- 426655440000 —Every Trusted Application is identified by a UUID —UUIDs are defined by RFC 4122 —Five formats, only two are important —Random UUID has 122 bits of randomness —Derived from a SHA-1 hash value —Impersonation is possible —Nothing to stop two Trusted Applications using the same UUID —Provable UUID ownership scheme in Administration Framework (see later) Presented by Sequitur Labs Inc. 2016
  • 29. 30 Operation and Parameter Types —Represented as a C structure: typedef struct { uint32_t started; uint32_t paramTypes; TEEC_Parameter params[4]; <Implementation-Defined Type> imp; } TEEC_Operation; —paramTypes is a combination of the types of the four parameters —Built using TEEC_PARAMS_TYPE macro —Parameter Types —IN: Values passed to the TA —OUT: Values Returned by the TA —INOUT: Values passed to the TA and returned Presented by Sequitur Labs Inc. 2016
  • 30. 31 Memory Management —Memory shared between client and TA is _not secure_ (by definition) —Can use memory allocated by any mechanism —No need for any copies — User of the interface allocates all memory directly —It is clear who owns all areas of memory — User is responsible for freeing all memory —The person who allocates it must free it — Only one API routine allocates memory —TEEC_AllocateSharedMemory Client Application Trusted Application Operation Starts Operation Completes Client Application owns the buffer Client Application owns the buffer Trusted Application owns the buffer Memory Ownership Presented by Sequitur Labs Inc. 2016
  • 31. 32 Memory References All buffers are represented as memory references typedef struct { void* buffer; size_t size; } TEEC_TempMemoryReference; Note: References can overlap May or may not work depending on — Represents a reference to a user supplied buffer — Shared only for the length of the call — On input size is number of valid bytes — On output size is number of valid bytes — For output buffers can set size to 0 and get back required size Temporary — Represents a reference to part of a region of shared memory — Memory is shared for the lifetime of the shared memory structure — Multiple references can refer to the same shared memory region. typedef struct { TEEC_SharedMemory* parent; size_t size; size_t offset; } TEEC_RegisteredMemoryReference Registered Presented by Sequitur Labs Inc. 2016
  • 32. 33 Multi-threading —Most operations are thread safe —The exceptions are creation and deletion of objects —Only a problem if the same object is used —The effect of writing to the same buffer from multiple TAs is confusing —Can invoke two commands simultaneously on the same TA in the same session —The TEE implementation must ensure this does not cause problems —Can access multiple TAs in the same TEE simultaneously Presented by Sequitur Labs Inc. 2016
  • 33. 34 Cancellation —TA may make commands cancellable —Does not have to —May choose to ignore cancellation —Cancellation requires a multi-threaded environment —Thread blocking in TA call —Second thread to cancel operation —Set started to “0” in operation structure — Cancel operation by calling TEEC_CancelOperation —Must be same Operation structure —Original call may: —Complete normally —Complete with some error —Complete with the TEEC_ERROR_CANCEL error code Presented by Sequitur Labs Inc. 2016
  • 34. 35 Hello World (1 of 2) —The TA is assumed to prepend “Hello ” to the supplied argument string —Error handling has been omitted for simplicity —It should just shut everything down again and exit —Comments have been omitted TEEC_Context context; TEEC_Session session; TEEC_Operation operation; TEEC_Result result; char *output[50]; result = TEEC_InitializeContext(NULL, &context); if (result != TEEC_SUCCESS) goto cleanup; result = TEEC_OpenSession(&context, &session, &uuid, TEEC_LOGIN_PUBLIC, NULL, NULL, NULL); if (result != TEEC_SUCCESS) goto cleanup1; Presented by Sequitur Labs Inc. 2016
  • 35. 36 Hello World (2 of 2) operation.paramTypes = TEEC_PARAM_TYPES( TEEC_MEMREF_TEMP_INPUT, TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE, TEEC_NONE); operation.params[0].tmpref.buffer = “World”; operation.params[0].tmpref.size = 5; operation.params[1].tmpref.buffer = output; operation.params[1].tmpref.size = sizeof(output); result = TEEC_InvokeCommand(&session, 12345, &operation, NULL); If (result != TEEC_SUCCESS) goto cleanup2; printf(“%*sn”, operation.params[1].tmpref.size, output); Presented by Sequitur Labs Inc. 2016