Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
Slide 1 - http://www.pengutronix.de - 2017-10-23
OP-TEEUsing TrustZone to Protect Our Own Secrets
ELC Europe 2017, 23.10.2017
Marc Kleine-Budde <[email protected]>
ROM-Code
Bootloader
OP-TEE
Root File System
Kernel
Slide 3 - http://www.pengutronix.de - 2017-10-23
Overview
● ARM architecture overview
● ARM TrustZone
● Trusted Execution Environment
● Open Portable Trusted Execution Environment
Slide 4 - http://www.pengutronix.de - 2017-10-23
What is a TEE?
● Trusted Execution Environment● small OS-like environment● isolated from normal operating system (e.g. Linux) “rich OS”
● Allows Applications to execute, process, protect and store sensitive data
● Rich OS is often target of malware and attackers
● Design applications so that sensitive functionscan be offloaded to the TEE as Trusted Applications.
● API standardized by GlobalPlatform● TEE internal APIs for Trusted Application● communication interfaces between
rich OS Applications and Trusted Applications
Slide 5 - http://www.pengutronix.de - 2017-10-23
What is a TEE? (cont'd)
SE
TEE
Rich OS
SE
TEE
SE
RichOS
Security
Functionality
Slide 6 - http://www.pengutronix.de - 2017-10-23
ARM architecture
usr
AppAppApp
svc
OS
ARM SoC
Slide 7 - http://www.pengutronix.de - 2017-10-23
ARM architecture with TrustZone
usr
AppAppApp
svc
OS
ARM SoC
Non-Secure world
usr (secure state)
AppAppTrusted App
svc (secure state)
Trusted OS
Secure world
mon (secure state)
SecureMonitor
Slide 8 - http://www.pengutronix.de - 2017-10-23
ARM TrustZone in detail
Source: http://genode.org/documentation/articles/trustzone
Slide 9 - http://www.pengutronix.de - 2017-10-23
ARM TrustZone in detail (cont'd)
●
●
Slide 10 - http://www.pengutronix.de - 2017-10-23
What is OP-TEE?
● Started as closed source implementation by somemobile, telco and chip vendors
● Since 2015 Open Source (BSD license),owned and maintained by Linaro
● In 2017 the TEE driver went mainline with v4.12
● Small and simple TEE
● Relies on rich OS to schedule TEE
● Based on ARM TrustZone to provide isolation ofthe TEE from the rich OS in hardware
● Runs on ~20 platforms● 32 bit: ARMv7-A● 64 bit: ARMv8-A
Slide 11 - http://www.pengutronix.de - 2017-10-23
OP-TEE in detail
● The OP-TEE consists of three parts
● Normal World, User Mode● TEE client library● tee-supplicant
● Normal World, Priviledged Mode● Linux kernel TEE subsystem● Linux kernel TEE device driver
● Secure world, Priviledged Mode● Trusted OS (optee_os)
Slide 12 - http://www.pengutronix.de - 2017-10-23
OP-TEE architecture
usr
Native App
svc
ARM SoC
Non-Secure world
mon (secure state)
SecureMonitor
GlobalPlatformTEE Client API
TEESupplicant
Wrapper API(optional)
TEE Driver
Storage...
usr (secure state)
AppAppTrusted App
svc (secure state)
TEE core
Secure world
TEE functions/libs(crypto...)
HAL
GlobalPlatformTEE internal API
optee_client
optee_os
optee_linuxdriver
Source: https://www.linaro.org/blog/core-dump/op-tee-open-source-security-mass-market/
Slide 13 - http://www.pengutronix.de - 2017-10-23
Boot LoaderSoC
ROM-Code
Fuses
Boot Loader
Pubkey
Signature
Pubkey
Slide 14 - http://www.pengutronix.de - 2017-10-23
Demo Time!
Slide 15 - http://www.pengutronix.de - 2017-10-23
What's Missing?
● Protection of Directories● Prevents to move, delete and create files● There are already patches "directory integrity protection"
● Mainlining● Offline image creation via mkfs.ext4 and ima-evm-utils● blob drivers for imx6 crypto engine (CAAM)● blob drivers for mx25 crypto engine
● Support for other SoCs:● MX53● Other Vendors (Dokumentation?)
Slide 16 - http://www.pengutronix.de - 2017-10-23
Best Practices / Lessons Learned
● Development Keys in BSP
● Access t0 Production Keys via pkcs#11
● Some packages in two configuration variants (Development/Production):● bootloader● Kernel/InitRAMFS
● Regularly turn on more security features during integration
● Once activated, debugging (field returns) becomes a pain
● UBIFS with IMA/EVM doesn't like sudden power cuts
Slide 17 - http://www.pengutronix.de - 2017-10-23
Q & A
@marckleinebudde