SlideShare uma empresa Scribd logo

HKG18-212 - Trusted Firmware M: Introduction

Linaro
Linaro

Trusted Firmware is a set of foundational software components that implement security services for secure platforms, including a trusted execution environment, secure function invocation, secure device initialization and setup, and trusted boot. Trusted Firmware for A-profile systems (TF-A) is a mature open source project, while Trusted Firmware M (TF-M) builds on TF-A for M-profile devices in a more constrained manner. The Platform Security Architecture (PSA) provides standard interfaces to build secure systems, and Trusted Firmware implements PSA. TF-M development includes aligning with PSA, supporting Arm platforms and IP, and taking third-party contributions through a new open governance model hosted by Linaro

Tecnologia
1 de 22
Baixar para ler offline
Non-Confidential © Arm 2018 Linaro Connect – Hong Kong March 2018 Trusted Firmware Central Engineering - Open Source Software James King
Non-Confidential © Arm 20182 • What is Trusted Firmware? What is new? • What is PSA? • Open Source Project • Learn More • Q & A Contents
Non-Confidential © Arm 20183 It is a set of foundational software components which implement the services required for a secure platform: • Reference software for partners to build on which creates a trusted execution environment • Secure Function invocation (Software Interface to TrustZone) • Secure Device Initialisation and Setup • Trusted Boot (image verification derived from RoT) • PSA Compliance (more on this later) What is Trusted Firmware?
Non-Confidential © Arm 20184 This Reference Software is designed to be: • Ported to applicable SoCs to ensure they provide the system security offered by the hardware – Minimise Production Effort • A standardisation of how secure services get invoked to allow for more portable secure software integrations – Ease Software Integration • A standardisation of how hardware functions to support security get invoked (to optimally address vulnerabilities) – Security by Scale What is Trusted Firmware? (cont’d)
Non-Confidential © Arm 20185 Trusted Firmware for A-profile systems (TF-A) • Mature Open Source Project • v0.2 went public in October 2013 ( http://connect.linaro.org/resource/lca14/lca14-102-adopting-arm-trusted-firmware/) • Well established collaboration model • Security Incident Handling • Security and MISRA hardened (and ongoing hardening) • Used in most production Armv8-A systems • Trusted Boot Support • Integrated with main TEEs and secure software solutions This is not new!
Non-Confidential © Arm 20186 Reference boot flows • For all Armv8-A systems • AArch64 & AArch32 support • Armv7-A systems support Open Source at GitHub • BSD License • Contributors welcome (DCO) Latest release = v1.5 • RAS (SPM, SDEI, EHF) support • Secure Partitions initial support • PSCI v1.1 & SMCCC v1.1 support • Dynamic Configuration Phase 1 • BL2 optional execution at EL3 Trusted Firmware A 2nd level Boot Loader (BL2) loads all 3rd level images 1st level Boot Loader (BL1) loads 2nd level image Loading RESET RESET https://github.com/ARM-software/arm-trusted-firmware SCMI
Non-Confidential © Arm 20187 TF-M builds on TF-A terminology & principles to create a unified approach for secure device software: • Isolated secure and non-secure execution environments • Methods to invoke secure services from non-secure apps • Trusted device initialisation and trusted boot mechanisms Albeit more honed to the M-profile device eco-system • Aimed at more constrained devices, thus more configurability • Different mechanism for TrustZone isolation • Much more fragmented OS and software eco-system Trusted Firmware M (TF-M) is new!
Non-Confidential © Arm 20188 TF-M provides a good starting point for secure software implementations now, but there is lots more to do… TF-M is the start of a journey
Non-Confidential © Arm 20189 What is PSA? Relevant to all segments – but starting with IoT
Non-Confidential © Arm 201810 Platform Security Architecture for simpler IoT security A recipe for building secure systems from analysis to implementation Analyse • Threat models and security analyses Architec t • Firmware architectur e & hardware specificati ons Implem ent • Source code & hardware IP PSA documents Enabling products & contributions
Non-Confidential © Arm 201811 Threat Models and Security Analyses https://pages.arm.com/psa-resources.html
Non-Confidential © Arm 201812 PSA Firmware Framework Concepts • Secure Partition Manager (SPM) – provides the boot, isolation and IPC services to the SPE • Partition – the unit of execution • Secure function – a set of related APIs invoked through secure IPC • Trusted function – a secure function that Non secure partition Application firmware OS libraries OS kernel Secure partition Secure function Secure function Trusted partition Trusted function Trusted function Secure Partition Manager Secure IPC Secure isolation Secure debug Isolation boundary Secure Processing Environment Non-secure Processing environment Secure partition Secure function Secure function
Non-Confidential © Arm 201813 PSA - Standardized interfaces PSA specifies interfaces to decouple components • Enables reuse of components in other device platforms • Reduces integration effort PSA provides an architectural specification • Hardware, firmware and process requirements and interfaces • Partners can provide alternative implementations Trusted Firmware is example PSA software Secure Functio ns Secure partition API Core Trusted Firmware (SPM) Boot firmware Root of Trust keys Platform hardware Non-secure processing environment Secure processing environment Application(s) RTOS SecureIPC Secure hardware requirements TBSA Armv8-M Trusted Function s PSA APIs
Non-Confidential © Arm 201814 1. Align with the PSA specifications by the time they make public release 1. Standardised APIs for crypto, attestation, secure storage, IPC, hardware RoT, audit logging, debug control, etc 2. Full SPM and IPC to isolate many secure functions and their interactions 3. Device initialisation, Trusted boot and firmware update 4. Many build configurations to support from most constrained to most secure 2. Support Arm development platforms and IP 1. Musca test-chip, SDK-20x FPGA on MPS2/3, AEMv8-M/IoT-kit FVP 2. V8-M system IP, Arm Cryptocell, Arm CryptoIsland 3. Support and enable contributions 1. Partner SoCs and systems 2. Software integrations – secure services, RTOSes, secure-OSes All in a public open source project (Back to) Trusted Firmware M - Plans Musca
Non-Confidential © Arm 201815 • Trusted Firmware for A-profile Arm SoCs has been publicly available as free open source software for many years at https://github.com/ARM-software/arm-trusted-firmware • This software has received contributions from many partners and is very widely used across the eco-system • Now that partners depend on this firmware (or have expectations of depending on TF-M) it has been requested that this open source software been moved to an open governance model • While developed as reference code by Arm, it is designed to provide common functionality across all the partnership SoCs and products. • Enable the whole ecosystem to participate and steer the direction of the project. Open Governance Trusted Firmware
Non-Confidential © Arm 201816 Linaro is forming a new division to host open-governance open source software projects • Projects are operated independently from the main Linaro organisation • Each project has own board, committees, funding, URLs, etc • This division is contracted to provide services such as IT infrastructure, finance, legal, marketing and engineering – as requested by the project • Project membership equally open to Linaro members and non-members • For each project: • Board members – kept between viable minimum and project maximum • General members Get to steer strategy and investment plans for the project Linaro Community Projects Division
Non-Confidential © Arm 201817
Non-Confidential © Arm 201818 Infrastructure is live now https://git.trustedfirmware.org/ • Public GiT containing TF-A and TF-M master codebases https://review.trustedfirmware.org • Public Gerrit review server for patch submissions and review https://issues.trustedfirmware.org/ • Public phabricator ticket server for bugs and change requests to be raised Codebase includes maintainer files and contribution guidelines TF-M ready to take contributions there now TF-A will transition from GitHub contributions over next few months
Non-Confidential © Arm 201819 Get Involved Platinum, General and Community memberships available • Linaro and Arm presenting details to potential members • Take partial ownership of a project you depend on • Ensure your dependencies are maintained and continually validated • Your Board in the CI farm • Your Software Tests in the CI suite • Reduce internal maintainership costs by pushing generic features you need • Help ensure that the open source community supports Trusted Firmware interfaces and features Contact board@trustedfirmware.org for more information
Non-Confidential © Arm 201820 Deep dive presentations around TF-M this afternoon • 2pm – 5pm in Berlin (Session Room II) 1. Trusted Firmware M : Core and Partition Manager (Miklos Balint) 2. Trusted Firmware M : Secure Storage (Ashutosh Singh) 3. Trusted Firmware M : Trusted Boot (Tamas Ban) Hacking in the LITE room to integrate TF-M and Zephyr for Arm v8-M platforms Learn More
Non-Confidential © Arm 201821 • Ask now (or after the presentation) • Come to the LITE hacking room and find a TF engineer • Email board@trustedfirmware.org or james.king@arm.com
Non-Confidential © Arm 2018222222 Thank You! Danke! Merci! 谢谢 ! ありがとう ! Gracias! Kiitos!

Recomendados

LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLinaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEELinaro
 
Q4.11: Introduction to eMMC
Q4.11: Introduction to eMMCQ4.11: Introduction to eMMC
Q4.11: Introduction to eMMCLinaro
 
Linux Kernel MMC Storage driver Overview
Linux Kernel MMC Storage driver OverviewLinux Kernel MMC Storage driver Overview
Linux Kernel MMC Storage driver OverviewRajKumar Rampelli
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLinaro
 
Qemu Pcie
Qemu PcieQemu Pcie
Qemu PcieThe Linux Foundation
 
Linux Porting
Linux PortingLinux Porting
Linux PortingChamp Yen
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro
 

Recomendados

LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLinaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEELinaro
 
Q4.11: Introduction to eMMC
Q4.11: Introduction to eMMCQ4.11: Introduction to eMMC
Q4.11: Introduction to eMMCLinaro
 
Linux Kernel MMC Storage driver Overview
Linux Kernel MMC Storage driver OverviewLinux Kernel MMC Storage driver Overview
Linux Kernel MMC Storage driver OverviewRajKumar Rampelli
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLinaro
 
Qemu Pcie
Qemu PcieQemu Pcie
Qemu PcieThe Linux Foundation
 
Linux Porting
Linux PortingLinux Porting
Linux PortingChamp Yen
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureRyo Jin
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Yannick Gicquel
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Linaro
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLinaro
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityLinaro
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
eMMC 5.0 Total IP Solution
eMMC 5.0 Total IP SolutioneMMC 5.0 Total IP Solution
eMMC 5.0 Total IP SolutionArasan Chip Systems
 
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...Anne Nicolas
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 
ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!Mr. Vengineer
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuArm
 
Introduction to open_sbi
Introduction to open_sbiIntroduction to open_sbi
Introduction to open_sbiNylon
 
X / DRM (Direct Rendering Manager) Architectural Overview
X / DRM (Direct Rendering Manager) Architectural OverviewX / DRM (Direct Rendering Manager) Architectural Overview
X / DRM (Direct Rendering Manager) Architectural OverviewMoriyoshi Koizumi
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
 
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)Linaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
 
eMMC Embedded Multimedia Card overview
eMMC Embedded Multimedia Card overvieweMMC Embedded Multimedia Card overview
eMMC Embedded Multimedia Card overviewVijayGESYS
 
Qemu Introduction
Qemu IntroductionQemu Introduction
Qemu IntroductionChiawei Wang
 
PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoTDuncan Purves
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 

Mais conteúdo relacionado

Mais procurados

Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureRyo Jin
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Yannick Gicquel
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Linaro
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLinaro
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityLinaro
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...Anne Nicolas
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 
ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!Mr. Vengineer
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuArm
 
Introduction to open_sbi
Introduction to open_sbiIntroduction to open_sbi
Introduction to open_sbiNylon
 
X / DRM (Direct Rendering Manager) Architectural Overview
X / DRM (Direct Rendering Manager) Architectural OverviewX / DRM (Direct Rendering Manager) Architectural Overview
X / DRM (Direct Rendering Manager) Architectural OverviewMoriyoshi Koizumi
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
 
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)Linaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
 
eMMC Embedded Multimedia Card overview
eMMC Embedded Multimedia Card overvieweMMC Embedded Multimedia Card overview
eMMC Embedded Multimedia Card overviewVijayGESYS
 

Mais procurados (20)

Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit Architecture
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
 
eMMC 5.0 Total IP Solution
eMMC 5.0 Total IP SolutioneMMC 5.0 Total IP Solution
eMMC 5.0 Total IP Solution
 
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...
Kernel Recipes 2018 - Overview of SD/eMMC, their high speed modes and Linux s...
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
 
ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
 
Software development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiuSoftware development in ar mv8 m architecture - yiu
Software development in ar mv8 m architecture - yiu
 
Introduction to open_sbi
Introduction to open_sbiIntroduction to open_sbi
Introduction to open_sbi
 
X / DRM (Direct Rendering Manager) Architectural Overview
X / DRM (Direct Rendering Manager) Architectural OverviewX / DRM (Direct Rendering Manager) Architectural Overview
X / DRM (Direct Rendering Manager) Architectural Overview
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
 
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)SFO15-TR9: PSCI, ACPI (and UEFI to boot)
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
 
eMMC Embedded Multimedia Card overview
eMMC Embedded Multimedia Card overvieweMMC Embedded Multimedia Card overview
eMMC Embedded Multimedia Card overview
 
Qemu Introduction
Qemu IntroductionQemu Introduction
Qemu Introduction
 

Semelhante a HKG18-212 - Trusted Firmware M: Introduction

PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoTDuncan Purves
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...AAnt87
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfibramax
 
A practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platformsA practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platformsArm
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT SecurityHannes Tschofenig
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
 
LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLinaro
 
F5 Networks: миграция c Microsoft TMG
F5 Networks: миграция c Microsoft TMGF5 Networks: миграция c Microsoft TMG
F5 Networks: миграция c Microsoft TMGDmitry Tikhovich
 
devops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptxdevops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptxDeepakgupta273447
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Qualcomm Developer Network
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021lior mazor
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdWeaveworks
 
Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of playChris Simmonds
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth Pilli
 
Pivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookPivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookVMware Tanzu
 
mbed Connect Asia 2016 Intro to mbed OS
mbed Connect Asia 2016 Intro to mbed OSmbed Connect Asia 2016 Intro to mbed OS
mbed Connect Asia 2016 Intro to mbed OSarmmbed
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Yoshitake Kobayashi
 

Semelhante a HKG18-212 - Trusted Firmware M: Introduction (20)

PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoT
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
 
A practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platformsA practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platforms
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT Security
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devices
 
F5 Networks: миграция c Microsoft TMG
F5 Networks: миграция c Microsoft TMGF5 Networks: миграция c Microsoft TMG
F5 Networks: миграция c Microsoft TMG
 
devops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptxdevops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptx
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
 
Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of play
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
 
Pivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookPivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First Look
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
 
mbed Connect Asia 2016 Intro to mbed OS
mbed Connect Asia 2016 Intro to mbed OSmbed Connect Asia 2016 Intro to mbed OS
mbed Connect Asia 2016 Intro to mbed OS
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
 

Mais de Linaro

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloLinaro
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaLinaro
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraLinaro
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaLinaro
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018Linaro
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018Linaro
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...Linaro
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Linaro
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Linaro
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteLinaro
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopLinaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allLinaro
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorLinaro
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMULinaro
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MLinaro
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation Linaro
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootLinaro
 

Mais de Linaro (20)

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
 

Último

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Último (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

HKG18-212 - Trusted Firmware M: Introduction

  • 1. Non-Confidential © Arm 2018 Linaro Connect – Hong Kong March 2018 Trusted Firmware Central Engineering - Open Source Software James King
  • 2. Non-Confidential © Arm 20182 • What is Trusted Firmware? What is new? • What is PSA? • Open Source Project • Learn More • Q & A Contents
  • 3. Non-Confidential © Arm 20183 It is a set of foundational software components which implement the services required for a secure platform: • Reference software for partners to build on which creates a trusted execution environment • Secure Function invocation (Software Interface to TrustZone) • Secure Device Initialisation and Setup • Trusted Boot (image verification derived from RoT) • PSA Compliance (more on this later) What is Trusted Firmware?
  • 4. Non-Confidential © Arm 20184 This Reference Software is designed to be: • Ported to applicable SoCs to ensure they provide the system security offered by the hardware – Minimise Production Effort • A standardisation of how secure services get invoked to allow for more portable secure software integrations – Ease Software Integration • A standardisation of how hardware functions to support security get invoked (to optimally address vulnerabilities) – Security by Scale What is Trusted Firmware? (cont’d)
  • 5. Non-Confidential © Arm 20185 Trusted Firmware for A-profile systems (TF-A) • Mature Open Source Project • v0.2 went public in October 2013 ( http://connect.linaro.org/resource/lca14/lca14-102-adopting-arm-trusted-firmware/) • Well established collaboration model • Security Incident Handling • Security and MISRA hardened (and ongoing hardening) • Used in most production Armv8-A systems • Trusted Boot Support • Integrated with main TEEs and secure software solutions This is not new!
  • 6. Non-Confidential © Arm 20186 Reference boot flows • For all Armv8-A systems • AArch64 & AArch32 support • Armv7-A systems support Open Source at GitHub • BSD License • Contributors welcome (DCO) Latest release = v1.5 • RAS (SPM, SDEI, EHF) support • Secure Partitions initial support • PSCI v1.1 & SMCCC v1.1 support • Dynamic Configuration Phase 1 • BL2 optional execution at EL3 Trusted Firmware A 2nd level Boot Loader (BL2) loads all 3rd level images 1st level Boot Loader (BL1) loads 2nd level image Loading RESET RESET https://github.com/ARM-software/arm-trusted-firmware SCMI
  • 7. Non-Confidential © Arm 20187 TF-M builds on TF-A terminology & principles to create a unified approach for secure device software: • Isolated secure and non-secure execution environments • Methods to invoke secure services from non-secure apps • Trusted device initialisation and trusted boot mechanisms Albeit more honed to the M-profile device eco-system • Aimed at more constrained devices, thus more configurability • Different mechanism for TrustZone isolation • Much more fragmented OS and software eco-system Trusted Firmware M (TF-M) is new!
  • 8. Non-Confidential © Arm 20188 TF-M provides a good starting point for secure software implementations now, but there is lots more to do… TF-M is the start of a journey
  • 9. Non-Confidential © Arm 20189 What is PSA? Relevant to all segments – but starting with IoT
  • 10. Non-Confidential © Arm 201810 Platform Security Architecture for simpler IoT security A recipe for building secure systems from analysis to implementation Analyse • Threat models and security analyses Architec t • Firmware architectur e & hardware specificati ons Implem ent • Source code & hardware IP PSA documents Enabling products & contributions
  • 11. Non-Confidential © Arm 201811 Threat Models and Security Analyses https://pages.arm.com/psa-resources.html
  • 12. Non-Confidential © Arm 201812 PSA Firmware Framework Concepts • Secure Partition Manager (SPM) – provides the boot, isolation and IPC services to the SPE • Partition – the unit of execution • Secure function – a set of related APIs invoked through secure IPC • Trusted function – a secure function that Non secure partition Application firmware OS libraries OS kernel Secure partition Secure function Secure function Trusted partition Trusted function Trusted function Secure Partition Manager Secure IPC Secure isolation Secure debug Isolation boundary Secure Processing Environment Non-secure Processing environment Secure partition Secure function Secure function
  • 13. Non-Confidential © Arm 201813 PSA - Standardized interfaces PSA specifies interfaces to decouple components • Enables reuse of components in other device platforms • Reduces integration effort PSA provides an architectural specification • Hardware, firmware and process requirements and interfaces • Partners can provide alternative implementations Trusted Firmware is example PSA software Secure Functio ns Secure partition API Core Trusted Firmware (SPM) Boot firmware Root of Trust keys Platform hardware Non-secure processing environment Secure processing environment Application(s) RTOS SecureIPC Secure hardware requirements TBSA Armv8-M Trusted Function s PSA APIs
  • 14. Non-Confidential © Arm 201814 1. Align with the PSA specifications by the time they make public release 1. Standardised APIs for crypto, attestation, secure storage, IPC, hardware RoT, audit logging, debug control, etc 2. Full SPM and IPC to isolate many secure functions and their interactions 3. Device initialisation, Trusted boot and firmware update 4. Many build configurations to support from most constrained to most secure 2. Support Arm development platforms and IP 1. Musca test-chip, SDK-20x FPGA on MPS2/3, AEMv8-M/IoT-kit FVP 2. V8-M system IP, Arm Cryptocell, Arm CryptoIsland 3. Support and enable contributions 1. Partner SoCs and systems 2. Software integrations – secure services, RTOSes, secure-OSes All in a public open source project (Back to) Trusted Firmware M - Plans Musca
  • 15. Non-Confidential © Arm 201815 • Trusted Firmware for A-profile Arm SoCs has been publicly available as free open source software for many years at https://github.com/ARM-software/arm-trusted-firmware • This software has received contributions from many partners and is very widely used across the eco-system • Now that partners depend on this firmware (or have expectations of depending on TF-M) it has been requested that this open source software been moved to an open governance model • While developed as reference code by Arm, it is designed to provide common functionality across all the partnership SoCs and products. • Enable the whole ecosystem to participate and steer the direction of the project. Open Governance Trusted Firmware
  • 16. Non-Confidential © Arm 201816 Linaro is forming a new division to host open-governance open source software projects • Projects are operated independently from the main Linaro organisation • Each project has own board, committees, funding, URLs, etc • This division is contracted to provide services such as IT infrastructure, finance, legal, marketing and engineering – as requested by the project • Project membership equally open to Linaro members and non-members • For each project: • Board members – kept between viable minimum and project maximum • General members Get to steer strategy and investment plans for the project Linaro Community Projects Division
  • 18. Non-Confidential © Arm 201818 Infrastructure is live now https://git.trustedfirmware.org/ • Public GiT containing TF-A and TF-M master codebases https://review.trustedfirmware.org • Public Gerrit review server for patch submissions and review https://issues.trustedfirmware.org/ • Public phabricator ticket server for bugs and change requests to be raised Codebase includes maintainer files and contribution guidelines TF-M ready to take contributions there now TF-A will transition from GitHub contributions over next few months
  • 19. Non-Confidential © Arm 201819 Get Involved Platinum, General and Community memberships available • Linaro and Arm presenting details to potential members • Take partial ownership of a project you depend on • Ensure your dependencies are maintained and continually validated • Your Board in the CI farm • Your Software Tests in the CI suite • Reduce internal maintainership costs by pushing generic features you need • Help ensure that the open source community supports Trusted Firmware interfaces and features Contact board@trustedfirmware.org for more information
  • 20. Non-Confidential © Arm 201820 Deep dive presentations around TF-M this afternoon • 2pm – 5pm in Berlin (Session Room II) 1. Trusted Firmware M : Core and Partition Manager (Miklos Balint) 2. Trusted Firmware M : Secure Storage (Ashutosh Singh) 3. Trusted Firmware M : Trusted Boot (Tamas Ban) Hacking in the LITE room to integrate TF-M and Zephyr for Arm v8-M platforms Learn More
  • 21. Non-Confidential © Arm 201821 • Ask now (or after the presentation) • Come to the LITE hacking room and find a TF engineer • Email board@trustedfirmware.org or james.king@arm.com
  • 22. Non-Confidential © Arm 2018222222 Thank You! Danke! Merci! 谢谢 ! ありがとう ! Gracias! Kiitos!