LCU14 BURLINGAME

Joakim Bech, Jens Wiklander and Pascal Brand, LCU14

LCU14-306: OP-TEE Future Enhancements

● Aim and problem● Interaction between TA and Cryptographic Services● Does not define how the services are implemented / data structures

● Current Status● LibTomCrypt is the cryptographic library in OP-TEE● End user may want to switch to ...

- OpenSSL - Using ARMv8-A cryptographic extensions - Dedicated cryptographic IP

● Enhancement● Define a low level API to easily switch from one implementation to another one.

Cryptographic Layer in OP-TEE

● Current Status● Internal API 1.0 is supported

● Enhancement● Add support for GP Internal API 1.1 released in June 2014● Main updates are:

- Elliptic Curve Digital Signature Algorithm (ECDSA) - Elliptic Curve Cryptography Cofactor Diffie-Hellman (ECDH) - Some errata with new error cause - Few deprecated features (object)

GlobalPlatform Internal Core API 1.1

● Current Status● File storage is implemented (using a daemon running normal world)● Data isn’t encrypted by default● No persistent storage

● Enhancement● Making Secure Storage … more secure

● Enable encryption by default● Key provisioning● Streaming to be taken into account● Replay Protected Memory Block (RPMB) support

Secure Storage

Secure World

Trusted Application

Normal World

TEE supplicant

Trusted OSLinux kernel

Secure monitor

RPMB

● Aim and problem● GlobalPlatform TEE Internal API defines support of the Clock● Secure clock will be needed in DRM use cases● Secure IP usage is specific to a given platform

● Current Status● Only based on REE using RPC NOT Secure!

● Enhancement● Enable clocks from both REE and Secure IP● Create a Time API to access the Secure IP● Fulfill TEE Internal API 1.1 requirements of maximum 15% deviation from real time

Secure Time

● Aim and problem● Memory footprint of the Trusted OS part is critical● OP-TEE enables all GlobalPlatform features by default

● Enhancement● Make it possible to select functionality at compile time

● All cryptographic algorithms are probably not needed …

● Some functionality may not be needed (Big Number arithmetic, ...)

Reduce Memory Footprint

● Aim● Enable multiple TA functions to be called at the same time

● Current Status● Threading model of the Trusted OS is ready, but not activated

● Enhancement● Will enable multiple-TA’s running in parallel

Multiple TA Support

● Aim● Trusted OS may run on embedded memory which is small

● Enhancement● Paging the Trusted OS would solve memory constraint

● some parts would never be paged out (mmu management,...)

● some parts could be paged in DDR (secured or encrypted)

Paging

● Aim● Make OP-TEE aware of PSCI functions.

● Current Status● OP-TEE aware of: CPU_ON, CPU_OFF,

CPU_SUSPEND and CPU_RESUME (as stubbed functions)

● ARM-Trusted-Firmware handles● Implemented: PSCI_VERSION, AFFINITY_INFO

● Not implemented: MIGRATE, MIGRATE_INFO_TYPE,

MIGRATE_INFO_UP_CPU, SYSTEM_OFF and SYSTEM_RESET

PSCI - Power State Coordination Interface

● Aim and problem● Already exists in normal world (user space and kernel)● To avoid attack like return-to-libc-attack for example● Make it random enough!

● Enhancement● This feature could be part of Trusted OS● Current limitations

● We use pre-defined virtual addresses● Trusted Applications are currently statically linked

ASLR - Address Space Layout Randomization

● GlobalPlatform Trusted UI 1.1● API to display content and capture input

in a secure manner.

● User-mode TEE● For early Trusted Applications development and debug● Avoid the need for having a full TrustZone platform

● Support for OP-TEE in QEMU● Virtualization team have patches enabling

TrustZone functionality

Other Potential Enhancements

More about Linaro Connect: connect.linaro.org Linaro members: www.linaro.org/membersMore about Linaro: www.linaro.org/about/