*PLEASE NOTE: ALL SESSION TIMES ARE LISTED IN UTC by default*
We recommend changing the setting to your local timezone by going to the "Timezone" drop down menu on the right side of this page
***You will not be able to view any session streaming links unless you are REGISTERED and LOGGED in to Sched.***Register at connect.linaro.org and you will receive an invite from Sched.com to login.
Arm® Firmware Framework for Armv8-A [1] describes a software architecture and interfaces that standardize isolation and communication between the various software components. Depending on the framework configuration, OP-TEE can be deployed either as a Secure-EL1 Secure Partition managed by a Secure Partition Manager (SPM) executing at secure EL2, or can serve as an SPM for S-EL0 Secure Partitions. In this session, we'll focus on the potential use cases for S-EL0 partitions, such as a basic set of Platform Security services (Crypto, Storage and Attestation), Standalone MM, or an existing set of TAs, managed by OP-TEE as the partition manager core. We'll cover the design considerations and implementation choices made for an initial prototype, some of the challenges encountered and the status of the work in progress to support multiple types of partitions within a single standard framework in OP-TEE.
Miklos is a software engineer at Arm focusing on security. He has been working with embedded software for over 10 years in environments ranging from telecom core network nodes to server blades and IoT devices. He is a maintainer of Trusted Firmware M open source project and has lately... Read More →
Parsec is the Platform Abstraction for Security, an open-source initiative that aims to create simple, standardised, ergonomic software interfaces for interacting with hardware-backed security features on any platform in any programming language. Parsec has now been accepted by the Cloud Native Compute Foundation as a sandbox project, which makes this the ideal time to learn how to contribute - and there is plenty to do! This developer-focused session will provide an overview of the Parsec architecture and its long-term vision, along with a guided tour of the code base, and some pointers for getting started.
Paul Howard is a Principal System Solutions Architect in the Architecture and Technology group at Arm, based in Cambridge, UK. Paul joined Arm in 2018 from a software engineering background. His focus at Arm is on better-together stories for hardware and software across cloud, edge... Read More →
Hugues is a Senior Software Engineer at Arm. Hugues started Software very low down the stack, writing drivers and firmware for microcontrollers for Mbed OS and Trusted Firmware M. Thinking that safer languages are the future of Systems Programming, he has worked on improving the support... Read More →
Security solutions are typically constructed from many different components. Some security features offer confidentiality and integrity protection, whilst others are there to make it harder for an attacker to launch an attack. Encrypted firmware is a security feature to make it harder for an attacker to reverse engineer the firmware, making it more difficult to identify exploitable bugs and to providing confidentiality protection for software IP.
This session will discuss various aspects of firmware encryption like: Who should own the secret key? What should be the key type either device unique or class wide key? How firmware encryption plays nicely with authentication? Along with this we will discuss my recent work to add support for loading encrypted payloads in TF-A and OP-TEE.
Sumit works as a Senior Engineer in Linaro. He has contributed to various FOSS projects like Linux (maintainer/reviewer for different sub-systems/drivers), U-Boot, OP-TEE, Trusted Firmware (TF-A) and more. Sumit's other areas of interest includes toolchains and embedded Linux distributions... Read More →
Slack channel for session LVC20-302: https://linaroconnect.slack.com/archives/C01BK3BKHA5
Description: UEFI Secure boot is a verification mechanism for ensuring that code launched by the device firmware is trusted and that each efi payload loaded is validated. According to the UEFI Spec these keys, certificates against which the images are verified are stored as Authenticated Variables in UEFI. UEFI Authenticated Variable is designed to provision and maintain the UEFI secure boot status.
An authenticated variable implementation requires an isolated execution environment to do the authentication and update variables. Up to now using a secure flash for variable, implied disabling a Secure OS, since the mechanism for storing variables and running a Trusted OS is mutually exclusive.
Management Mode (MM) is a generic term used to describe a secure isolated execution environment provided by the CPU and related silicon that is entered when the CPU detects a MMI. - For x86 systems, this can be implemented with System Management Mode (SMM). - For ARM systems, this can be implemented with TrustZone (TZ).
So with Management Mode, we can say that core provides a Secure Partition kind of thing to run Secure Software.
In this presentation we will discuss how on ARM based systems, OP-TEE provides a Secure Partition kind of environment to run software for saving authenticated variables
This session is about Arm's Secure Partition Manager (SPM) for A-class devices. The SPM is the reference open-source S-EL2 firmware implementation for the recently introduced Armv8.4-SecEL2 / Secure EL2 virtualization extensions. It is based on Google's Hafnium hypervisor now transitioned to trustedfirmware.org. It leverages the Platform Security Architecture Firmware Framework for A-class (PSA FF-A) specification. The presentation deals with brief history and use cases, SPM architecture, project status and plans.
Olivier has 17 years experience in low-level embedded software and security starting with OMAP Boot ROM development and validation at TI, connectivity and modem firmware development at Intel, to TEE OS development at Trustonic. He's now working for Arm's Open Source Software group... Read More →