We recommend changing the setting to your local timezone by going to the "Timezone" drop down menu on the right side of this page

***You will not be able to view any session streaming links unless you are REGISTERED and LOGGED in to Sched.***Register at connect.linaro.org and you will receive an invite from Sched.com to login.

Back To Schedule
Thursday, September 24 • 3:45pm - 4:10pm
LVC20-302 Enable UEFI Secure Boot using OP-TEE as Secure Partition

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Slack channel for session LVC20-302: https://linaroconnect.slack.com/archives/C01BK3BKHA5

UEFI Secure boot is a verification mechanism for ensuring that code launched by the device firmware is trusted and that each efi payload loaded is validated.
According to the UEFI Spec these keys, certificates against which the images are verified are stored as Authenticated Variables in UEFI. UEFI Authenticated Variable is designed to provision and maintain the UEFI secure boot status.

An authenticated variable implementation requires an isolated
execution environment to do the authentication and update variables.
Up to now using a secure flash for variable, implied disabling a
Secure OS, since the mechanism for storing variables and running a Trusted OS is mutually exclusive.

Management Mode (MM) is a generic term used to describe a secure isolated execution environment provided by the CPU and related silicon that is entered when the CPU detects a MMI.
- For x86 systems, this can be implemented with System
Management Mode (SMM).
- For ARM systems, this can be implemented with TrustZone (TZ).

So with Management Mode, we can say that core provides a
Secure Partition kind of thing to run Secure Software.

In this presentation we will discuss how on ARM based systems, OP-TEE provides a Secure Partition kind of environment to run software for saving authenticated variables

avatar for Sahil Malhotra

Sahil Malhotra

Lead Software Engineer, NXP
Having a total experience of 7 years in Embedded Programming. Worked on various areas including PKCS#11, Arm TrustZone, OP-TEE, OpenSSL, Networking.
avatar for Ilias Apalodimas

Ilias Apalodimas

Principal engineer, Linaro
Linux kernel developer with a taste for networking and performance

Thursday September 24, 2020 3:45pm - 4:10pm UTC
[Track 1] IoT/Edge/Embedded