Linaro Virtual Connect 2020

Arm® Firmware Framework for Armv8-A [1] describes a software architecture and interfaces that standardize isolation and communication between the various software components.
Depending on the framework configuration, OP-TEE can be deployed either as a Secure-EL1 Secure Partition managed by a Secure Partition Manager (SPM) executing at secure EL2, or can serve as an SPM for S-EL0 Secure Partitions.
In this session, we'll focus on the potential use cases for S-EL0 partitions, such as a basic set of Platform Security services (Crypto, Storage and Attestation), Standalone MM, or an existing set of TAs, managed by OP-TEE as the partition manager core.
We'll cover the design considerations and implementation choices made for an initial prototype, some of the challenges encountered and the status of the work in progress to support multiple types of partitions within a single standard framework in OP-TEE.

[1] https://developer.arm.com/docs/den0077/a

Security solutions are typically constructed from many different components. Some security features offer confidentiality and integrity protection, whilst others are there to make it harder for an attacker to launch an attack. Encrypted firmware is a security feature to make it harder for an attacker to reverse engineer the firmware, making it more difficult to identify exploitable bugs and to providing confidentiality protection for software IP.

This session will discuss various aspects of firmware encryption like: Who should own the secret key? What should be the key type either device unique or class wide key? How firmware encryption plays nicely with authentication? Along with this we will discuss my recent work to add support for loading encrypted payloads in TF-A and OP-TEE.

This session is about Arm's Secure Partition Manager (SPM) for A-class devices. The SPM is the reference open-source S-EL2 firmware implementation for the recently introduced Armv8.4-SecEL2 / Secure EL2 virtualization extensions. It is based on Google's Hafnium hypervisor now transitioned to trustedfirmware.org. It leverages the Platform Security Architecture Firmware Framework for A-class (PSA FF-A) specification. The presentation deals with brief history and use cases, SPM architecture, project status and plans.