More Related Content


Open Virtualization Project for ARM TrustZone

  1. Openvirtualization Project for ARM Trustzone Simply Secure
  2. Sierraware Software Suite  SierraTEE – TrustZone/GlobalPlatform TEE – True 64 bit TEE  SierraVisor: Bare Metal Hypervisor – Hypervisor for ARM – Paravirtualization for ARM11, A8, A9 – Hardware Virtualization for 64bit and 32bit SOCs. – Multi Core ready  SierraOS: Secure RTOS/uKernel – Small and Simple – POSIX compliant  DRM and Content Protection Toolkits: – Hardware accelerated media streaming and HDCP toolkit
  3. SierraTEE: TrustZone Environment ARM SOC Crypto Engine Secure Memory Secure External bus Secure Peripherals: Flash, Keyboard, Display Normal World OS (Android/uCOS/RTOS) Kernel Secure Driver Global Platform Client API Secure OS Dispatcher Kernel Monitor/Real Time Scheduler Media Playback with DRM Crypto Display File System DASM Services Mgr Trustlet Secure Tasks Global Platform Internal API Java Payment With Secure Input/Output
  4. Powerful, Purpose-built OS  Flexible with Neon and VFP – Fully shared mode – Supports both “Secure” or “Normal” world  Thwarts side channel attacks by protecting branch target buffers, TLBs, etc  Supports several interrupt models – FIQ & IRQ in dedicated secure cores – FIQ only mode when sharing cores – Interrupt routing from secure to non-secure world
  5. Simple, Small, Easy-to-Use  Image can fit in small on-chip ROM  Flexible scheduler: preemptive, cooperative  Supports asynchronous IPC  Stack overflow detection and profiling support  High performance architecture with zero copy device drivers, fast context switching and cache lock down
  6. Flexible Resource Control  Supports: – Queues – Binary semaphores – Counting semaphores – Recursive semaphores – Mutexes with priority inheritance – Efficient software timers
  7. Multi-core Ready: AMP/SMP Dedicated Cores for Secure and Normal World  Satisfies size and performance constrained designs  Ideally suited for high performance applications like media playback, transcoding Secure and Non-secure Kernels Share Cores  Provides maximum peak CPU bandwidth  Both secure and non-secure kernels can utilize all available cores ARM MP Core Core0 Core1 Core2 Core3 Normal World Secure World Open Virtualization ARM MP Core Normal World Secure World Open Virtualization Core0 Core1 Core2 Core3
  8.  Mixed mode architecture – Supports C, C++ and Java – Easy to integrate with Android and other mobile platforms  Can be customized to fit on resource- constrained platforms Portable, Small Footprint
  9. TrustZone/GlobalPlatform  Ready-to-use modules  Open Virtualization API is available for both Bootloader and Linux  Secure tasklets can perform key operations like decrypting OS images and upgrading firmware  Multiple modes of operation support both TrustZone enabled and normal processors
  10.  Easy to develop and integrate with platforms like Linux, Android & BSD  Written in C with GNU tools Supports Leading Platforms
  11. Security Starts from Boot  Secure perimeter starts with the bootloader  Users can continue to use their preferred bootloader  Security established before activating the bootloader – Keys, media and other assets are fully protected BootROM Open Virtualization OS Establish Security Perimeter Normal World Power On Secure BootTasklet Non Secure Bootloader OS Like Linux/BSD Secure Services
  12. Digital Rights Management  Open Virtualization enables DRM, secure payment, and secure WiFi – Crypto and integrated with Linux OCF – Secure keypad and display – Protected key and content storage, authenticated flash
  13. DRM Media Playback Secure WorldNormal World DRM Decrypt Audio/Video Decoding 2 5 Android DRM Framework DRM Plugin (OMA, PlayReady) 2 3 4 Input Source (Streaming/File) 1
  14. Trusted HDCP Architecture Android libstagefright WIFI Display HDCP API Controller & Session TEE Shared Queue Sierra Secure OS Crypto – RNG, RSA, AES, SHA256 Shared IPC Queue HDCP 2.0 SKE Locality Check Cipher AKE Session
  15. Secure Input  Android Java App • Secure World UI
  16. Applications 1. Headless Gateway  Secure transcoding prevents valuable content from being snooped 2. Residential Gateway  Secure BSSID and other network provisioning  Defend against hackers and intrusions
  17. Applications 1. Mobile Phones  Secure Payments  DRM Content protection  Isolate secure OS from normal world OS 2. IP Set-top-box, Media Players  DRM, Content Protection
  18. Professional Services  Porting software to unique processors  Integrating TEE and SierraVisor with applications  Developing drivers, encoders or apps  Extensive experience with ARM processors and kernel code  Android, Linux, BSD, and VxWorks development  Hardware & FPGA  Phased approach from planning and development to testing & certification  Carefully defined schedules and communication with customers to avoid surprises & delays Custom Services ARM Design Expertise Project Management
  19. Technical Support  Telephone and Email Support  Online technical documentation  Software updates for commercial products  Previews of upcoming releases  Ability to influence feature enhancements  Commitment to Quality – Service Level Agreement (SLA) details support response times and escalation levels
  20. Thank you!