LCU13: Deep Dive into ARM Trusted Firmware
Resource: LCU13
Name: Deep Dive into ARM Trusted Firmware
Date: 31-10-2013
Speaker: Dan Handley / Charles Garcia-Tobin
LCU14 302- How to port OP-TEE to another platformLinaro
LCU14 302- How to port OP-TEE to another platform
---------------------------------------------------
Speaker: Joakim Bech, Jens Wiklander and Pascal Brand
Date: September 17, 2014
---------------------------------------------------
★ Session Summary ★
OP-TEE (Open Portable Trusted Execution Environment) is the source code for the TEE in Linux using the ARM Trustzone technology. This component meets the Global Platform TEE System Architecture specification. Most of the code is generic. However, a number of platform specific characteristics are addressed, such as memory layout or board specific hardware IP. In this session, you can learn the steps to follow to port OP-TEE for your armv7 platform, as the ones that have been defined when porting OP-TEE to A80 (SWG-77). OP-TEE to the Allwinner A80 platform
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137748
Google Event: https://plus.google.com/u/0/events/cnd044lmnid6jcoj1a9svlhmkj0
Video: https://www.youtube.com/watch?v=QgaGJow7hws&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-302
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
HKG15-311: OP-TEE for Beginners and Porting Review
---------------------------------------------------
Speaker: Victor Chong
Date: February 11, 2015
---------------------------------------------------
★ Session Summary ★
Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome.
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250816
Video: https://www.youtube.com/watch?v=Fksx4-bpHRY
Etherpad: http://pad.linaro.org/p/hkg15-311
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
LCU14-107: OP-TEE on ARMv8
---------------------------------------------------
Speaker: Jens Wiklander
Date: September 15, 2014
---------------------------------------------------
★ Session Summary ★
SWG is porting OP-TEE to ARMv8 using Fixed Virtual Platform. Initially OP-TEE is running secure world in aarch32 mode, but with the normal world code running in aarch64 mode. Since ARMv8 uses ARM Trusted Firmware we have patched it with an OP-TEE dispatcher to be able to communicate between secure and normal world.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137710
Google Event: https://plus.google.com/u/0/events/c0ef114n77bhgbns9vb85g9n6ak
Presentation: http://www.slideshare.net/linaroorg/lcu14-107-optee-on-ar-mv8
Video: https://www.youtube.com/watch?v=JViplz-ah9M&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-107
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
Session ID: SFO17-304
Session Name: Demystifying Security Root of Trust Approaches for IoT/Embedded
- SFO17-304
Speaker: Suresh Marisetty
Track: LHG,LITE,Security
★ Session Summary ★
The current trend of IoT market segment is expected to enable and deploy about 50 billion connected devices by year 2020. IoT devices will be deployed across the board to cater to multiple use cases like Home/building Automation, Automotive, a highly fragmented embedded segment: gateways, set top boxes, security cameras, industrial automation, digital signage, healthcare, etc. This trend will bring about a great challenge of securing the connected end point IoT devices from a myriad of physical and remote attacks ex: DDOS Mirai botnet launched through IoT devices like digital cameras and DVR players
Problem Statement: Each use cases has its own IoT device constraints like: Cost, Power, Performance, memory footprint, security objectives, etc. The fundamental basis for any secure IoT and Embedded solution is the Root of Trust (RoT), which provides assurance of the integrity of the system software from: boot and runtime firmware, to OS loader, to the Kernel, to the user Applications. This poses a serious issue and challenges the one-size fits all RoT solution model.
ARM has taken on this challenge head on to come up with a microcontroller security architecture solution that caters to the various IoT devices constraints, by offering ARM Cortex-M family of processors. ARM’s flexible and scalable architecture solution will allow an OEM or Silicon partner to adapt the base security architecture and to extend it in a seamless way. This caters to the requirements of different market segments through add-on hardware, firmware and software security enhancements.
The session will present the ARM’s base security system and software architecture based on the upcoming Cortex V8M solution that will provide a hardware and firmware assisted Trust Zone based Security RoT aka TBSA-M for a range of markets, to include the highly constrained IoT devices. Furthermore, the session will discuss about how the base RoT capability can be extended in a seamless way with additional hardware assisted mechanisms to offer high levels of functionality and/or robustness for less constrained IoT devises with options like TBSA-M+, TBSA-HSM and platform level security software abstraction framework to decouple the chosen RoT capability for various OSes and the Cloud security frameworks.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-304/
Presentation:
Video: https://www.youtube.com/watch?v=aIwmRXFOshs
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
This introduces the linaro OP-TEE project in the context of the Automotive Grade Linux distribution. This TEE is today considered as a potential key element to provides some security enforcement in the scope of Software OTA for the AGL distribution.
This brief slides set was presented during AGL Face to Face Technical Meeting 25 – 27 May, Vannes, France
The U-Boot is an "Universal Bootloader" ("Das U-Boot") is a monitor program that is under GPL. This production quality boot-loader is used as default boot loader by several board vendors. It is easily portable and easy to port and to debug by supporting PPC, ARM, MIPS, x86,m68k, NIOS, Microblaze architectures. Here is a presentation that introduces U-Boot.
LCU13: Deep Dive into ARM Trusted Firmware
Resource: LCU13
Name: Deep Dive into ARM Trusted Firmware
Date: 31-10-2013
Speaker: Dan Handley / Charles Garcia-Tobin
LCU14 302- How to port OP-TEE to another platformLinaro
LCU14 302- How to port OP-TEE to another platform
---------------------------------------------------
Speaker: Joakim Bech, Jens Wiklander and Pascal Brand
Date: September 17, 2014
---------------------------------------------------
★ Session Summary ★
OP-TEE (Open Portable Trusted Execution Environment) is the source code for the TEE in Linux using the ARM Trustzone technology. This component meets the Global Platform TEE System Architecture specification. Most of the code is generic. However, a number of platform specific characteristics are addressed, such as memory layout or board specific hardware IP. In this session, you can learn the steps to follow to port OP-TEE for your armv7 platform, as the ones that have been defined when porting OP-TEE to A80 (SWG-77). OP-TEE to the Allwinner A80 platform
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137748
Google Event: https://plus.google.com/u/0/events/cnd044lmnid6jcoj1a9svlhmkj0
Video: https://www.youtube.com/watch?v=QgaGJow7hws&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-302
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
HKG15-311: OP-TEE for Beginners and Porting Review
---------------------------------------------------
Speaker: Victor Chong
Date: February 11, 2015
---------------------------------------------------
★ Session Summary ★
Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome.
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250816
Video: https://www.youtube.com/watch?v=Fksx4-bpHRY
Etherpad: http://pad.linaro.org/p/hkg15-311
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
LCU14-107: OP-TEE on ARMv8
---------------------------------------------------
Speaker: Jens Wiklander
Date: September 15, 2014
---------------------------------------------------
★ Session Summary ★
SWG is porting OP-TEE to ARMv8 using Fixed Virtual Platform. Initially OP-TEE is running secure world in aarch32 mode, but with the normal world code running in aarch64 mode. Since ARMv8 uses ARM Trusted Firmware we have patched it with an OP-TEE dispatcher to be able to communicate between secure and normal world.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137710
Google Event: https://plus.google.com/u/0/events/c0ef114n77bhgbns9vb85g9n6ak
Presentation: http://www.slideshare.net/linaroorg/lcu14-107-optee-on-ar-mv8
Video: https://www.youtube.com/watch?v=JViplz-ah9M&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-107
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
Session ID: SFO17-304
Session Name: Demystifying Security Root of Trust Approaches for IoT/Embedded
- SFO17-304
Speaker: Suresh Marisetty
Track: LHG,LITE,Security
★ Session Summary ★
The current trend of IoT market segment is expected to enable and deploy about 50 billion connected devices by year 2020. IoT devices will be deployed across the board to cater to multiple use cases like Home/building Automation, Automotive, a highly fragmented embedded segment: gateways, set top boxes, security cameras, industrial automation, digital signage, healthcare, etc. This trend will bring about a great challenge of securing the connected end point IoT devices from a myriad of physical and remote attacks ex: DDOS Mirai botnet launched through IoT devices like digital cameras and DVR players
Problem Statement: Each use cases has its own IoT device constraints like: Cost, Power, Performance, memory footprint, security objectives, etc. The fundamental basis for any secure IoT and Embedded solution is the Root of Trust (RoT), which provides assurance of the integrity of the system software from: boot and runtime firmware, to OS loader, to the Kernel, to the user Applications. This poses a serious issue and challenges the one-size fits all RoT solution model.
ARM has taken on this challenge head on to come up with a microcontroller security architecture solution that caters to the various IoT devices constraints, by offering ARM Cortex-M family of processors. ARM’s flexible and scalable architecture solution will allow an OEM or Silicon partner to adapt the base security architecture and to extend it in a seamless way. This caters to the requirements of different market segments through add-on hardware, firmware and software security enhancements.
The session will present the ARM’s base security system and software architecture based on the upcoming Cortex V8M solution that will provide a hardware and firmware assisted Trust Zone based Security RoT aka TBSA-M for a range of markets, to include the highly constrained IoT devices. Furthermore, the session will discuss about how the base RoT capability can be extended in a seamless way with additional hardware assisted mechanisms to offer high levels of functionality and/or robustness for less constrained IoT devises with options like TBSA-M+, TBSA-HSM and platform level security software abstraction framework to decouple the chosen RoT capability for various OSes and the Cloud security frameworks.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-304/
Presentation:
Video: https://www.youtube.com/watch?v=aIwmRXFOshs
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
This introduces the linaro OP-TEE project in the context of the Automotive Grade Linux distribution. This TEE is today considered as a potential key element to provides some security enforcement in the scope of Software OTA for the AGL distribution.
This brief slides set was presented during AGL Face to Face Technical Meeting 25 – 27 May, Vannes, France
The U-Boot is an "Universal Bootloader" ("Das U-Boot") is a monitor program that is under GPL. This production quality boot-loader is used as default boot loader by several board vendors. It is easily portable and easy to port and to debug by supporting PPC, ARM, MIPS, x86,m68k, NIOS, Microblaze architectures. Here is a presentation that introduces U-Boot.
LCU13: An Introduction to ARM Trusted FirmwareLinaro
Resource: LCU13
Name: An Introduction to ARM Trusted Firmware
Date: 28-10-2013
Speaker: Andrew Thoelke
Video: http://www.youtube.com/watch?v=q32BEMMxmfw
The second part of Linux Internals covers system calls, process subsystem and inter process communication mechanisms. Understanding these services provided by Linux are essential for embedded systems engineer.
The conversion of the ARM Linux kernel over to the Device Tree as the mechanism to describe the hardware has been a significant change for ARM kernel developers. Nowadays, all developers porting the Linux kernel on new ARM platforms, either new SOCs or new boards, have to work with the Device Tree. Based on practical examples, this talk intends to provide a ""getting started guide"" for newcomers in the Device Tree world: what is the Device Tree? How is it written and compiled? How do the bootloader and kernel interact? How are Device Tree bindings written and documented? What are the best practices for writing Device Trees and their bindings?
Video available at https://www.youtube.com/watch?v=m_NyYEBxfn8.
Agenda:
In this session, Shmulik Ladkani discusses the kernel's net_device abstraction, its interfaces, and how net-devices interact with the network stack. The talk covers many of the software network devices that exist in the Linux kernel, the functionalities they provide and some interesting use cases.
Speaker:
Shmulik Ladkani is a Tech Lead at Ravello Systems.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
51966 coffees and billions of forwarded packets later, with millions of homes running his software, Shmulik left his position as Jungo’s lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud service. He's now focused around virtualization systems, network virtualization and SDN.
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Speakers:
Date: September 29, 2016
★ Session Description ★
ARM Trusted Firmware has established itself as a key part of the ARMv8-A software stack. Broadening its applicability across all segments, from embedded to enterprise, is challenging. This session discusses the latest developments, including extension into the 32-bit space.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-402
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-402/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
U-Boot, a boot loader for Embedded boards based on PowerPC, ARM, MIPS and several other processors, which can be installed in a boot ROM and used to initialize and test the hardware or to download and run application
code.
TEE - kernel support is now upstream. What this means for open source securityLinaro
TEE security infrastructure is now upstream in the Linux kernel, thanks to the hard work of many people in the ARM open source ecosystem. In this upcoming webinar, Joakim Bech and Jens Wiklander of the Linaro Security Working Group explain:
‣ Why upstream Linux kernel driver support is an important milestone.
‣ The relationship with specifications such as GlobalPlatform.
‣ A recap of the design principles for the TEE driver.
‣ How to get involved with TEE development.
This webinar is based on the work of the Linaro Security Working Group. Their work helps Linaro achieve its mission of providing upstream open source support for the ARM ecosystem. The webinar will be of interest to developers and engineering managers who would like the latest status on TEE support in Linux, particularly those looking to develop secure applications with e.g. OP-TEE. It’s also a great case study for those interested in the challenges of Linux kernel upstreaming. There will be the opportunity to ask questions before, during and after the webinar.
🎙 Speakers:
Joakim Bech, Security Working Group Tech Lead, Linaro
Jens Wiklander, Security Working Group Engineer & Upstream Driver Author, Linaro
🎯 Moderator:
Bill Fletcher, EMEA Field Engineering, Linaro
✨ Register here
http://linaro.co/webinar01
For more information on...
On Linaro - Leading Collaboration in the ARM Ecosystem - linaro.org
On OP-TEE - the TEE in Linux using the ARM® TrustZone® technology op-tee.org
----------------------------------------------
Videos & Presentation
--
Introduction to OP-TEE
--
A great introduction to OP-TEE security written from the standpoint of Automotive Grade Linux. It's only 13 slides with some great diagrams explaining trusted execution, secure boot and isolation.
#Automotive #AGL #OP-TEE #Linux
https://www.slideshare.net/YannickGicquel/introduction-to-optee-26-may-2016
--
OP-TEE for Beginners and Porting Review
--
Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome.
#TrustedApplication #Trustzone
http://connect.linaro.org/resource/hkg15/hkg15-311-op-tee-for-beginners-and-porting-review/
Have a quick overview of most of the embedded linux components and their details. How ti build Embedded Linux Hardware & Software, and developing Embedded Products
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
Speaker: Bill Fletcher
Date: September 24, 2015
★ Session Description ★
An introductory session of a system-level overview at Power State Coordination
- Focus on ARMv8
- Goes top-down from ACPI
- A demo based on the current code in qemu
- The specifications are very dynamic - what’s onging for ACPI and PSCI
★ Resources ★
Video: https://www.youtube.com/watch?v=vXzPdpaZVto
Presentation: http://www.slideshare.net/linaroorg/sfo15tr9-psci-acpi-and-uefi-to-boot
Etherpad: pad.linaro.org/p/sfo15-tr9
Pathable: https://sfo15.pathable.com/meetings/303087
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
Smart connected devices such as mobile phones, tablets and Digital TVs are required to handle data with strong security and confidentiality requirements. A “Trusted Execution Environment” (TEE) provides an environment for processing data securely, protected from normal platform applications. This talk is intended as an introduction to Trusted Execution, and the open-source Trusted Execution Environment OP-TEE in particular. It introduces the GlobalPlatform TEE Specifications, explains how Trusted Execution is implemented by ARM TrustZone and OP-TEE, and outlines how trusted boot software manages the secure boot of an ARM platform. Finally, it gives some pointers on how to get started with OP-TEE.
"Session ID: BUD17-400
Session Name: Secure Data Path with OPTEE - BUD17-400
Speaker: Mark Gregotski
Track: LHG
★ Session Summary ★
LHG is using the ION-based secure memory allocator integrated with OPTEE as the basis for secure data path processing pipeline. LHG is following the W3C EME protocol and supporting Content Decryption Modules (CDMs) from Widevine and PlayReady.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-400/
Presentation: https://www.slideshare.net/linaroorg/bud17400-secure-data-path-with-optee
Video: https://youtu.be/6JdzsWZq4Ls
---------------------------------------------------
★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary
---------------------------------------------------
Keyword: LHG, secure-data, OPTEE
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
This presentation is about U-Boot: the most popular open source, primary boot loader used in embedded devices, as well as it's mechanisms and features.
The respective talk was held by Sam Protsenko (Software Engineer, Consultant, GlobalLogic) at GlobalLogic Mykolaiv Embedded TechTalk #1 on May 25, 2018.
Internet of Tiny Linux (IoTL): Episode IV - SFO17-100Linaro
Session ID: SFO17-100
Session Name: Internet of Tiny Linux (IoTL): Episode IV - SFO17-100
Speaker: Nicolas Pitre
Track: LITE
★ Session Summary ★
This is a discussion on various methods, from low hanging fruits to more
daring approaches, being put forward to reduce the size of Linux kernel
and user space binaries to make them suitable for very small IoT
applications. Latest results in terms of effectiveness and upstream
acceptance will be discussed. Spoiler Alert: With luck, a tiny demo
might be thrown in!
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-100/
Presentation:
Video: https://www.youtube.com/watch?v=mqkIMfYLiz4
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
Using SoC Vendor HALs in the Zephyr Project - SFO17-112Linaro
Session ID: SFO17-112
Session Name: Using SoC Vendor HALs in the Zephyr Project - SFO17-112
Speaker: Maureen Helm
Track: LITE
★ Session Summary ★
The Zephyr OS is a small, scalable RTOS that supports a wide variety of SoCs, many of which have existing HALs provided by the SoC vendors, especially in the ARM Cortex-M world. These HALs provide peripheral register definitions and in many cases, include bare metal peripheral drivers. Rather than reinventing the wheel, the Zephyr Project decided to proactively reuse these vendor HALs whenever possible. This session will cover how and why the Zephyr Project uses SoC vendor HALs, what are the common problems, and how to address them.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-112/
Presentation:
Video: https://www.youtube.com/watch?v=hHcnw4xu_Mo
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/102696
LCU13: An Introduction to ARM Trusted FirmwareLinaro
Resource: LCU13
Name: An Introduction to ARM Trusted Firmware
Date: 28-10-2013
Speaker: Andrew Thoelke
Video: http://www.youtube.com/watch?v=q32BEMMxmfw
The second part of Linux Internals covers system calls, process subsystem and inter process communication mechanisms. Understanding these services provided by Linux are essential for embedded systems engineer.
The conversion of the ARM Linux kernel over to the Device Tree as the mechanism to describe the hardware has been a significant change for ARM kernel developers. Nowadays, all developers porting the Linux kernel on new ARM platforms, either new SOCs or new boards, have to work with the Device Tree. Based on practical examples, this talk intends to provide a ""getting started guide"" for newcomers in the Device Tree world: what is the Device Tree? How is it written and compiled? How do the bootloader and kernel interact? How are Device Tree bindings written and documented? What are the best practices for writing Device Trees and their bindings?
Video available at https://www.youtube.com/watch?v=m_NyYEBxfn8.
Agenda:
In this session, Shmulik Ladkani discusses the kernel's net_device abstraction, its interfaces, and how net-devices interact with the network stack. The talk covers many of the software network devices that exist in the Linux kernel, the functionalities they provide and some interesting use cases.
Speaker:
Shmulik Ladkani is a Tech Lead at Ravello Systems.
Shmulik started his career at Jungo (acquired by NDS/Cisco) implementing residential gateway software, focusing on embedded Linux, Linux kernel, networking and hardware/software integration.
51966 coffees and billions of forwarded packets later, with millions of homes running his software, Shmulik left his position as Jungo’s lead architect and joined Ravello Systems (acquired by Oracle) as tech lead, developing a virtual data center as a cloud service. He's now focused around virtualization systems, network virtualization and SDN.
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Speakers:
Date: September 29, 2016
★ Session Description ★
ARM Trusted Firmware has established itself as a key part of the ARMv8-A software stack. Broadening its applicability across all segments, from embedded to enterprise, is challenging. This session discusses the latest developments, including extension into the 32-bit space.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-402
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-402/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
U-Boot, a boot loader for Embedded boards based on PowerPC, ARM, MIPS and several other processors, which can be installed in a boot ROM and used to initialize and test the hardware or to download and run application
code.
TEE - kernel support is now upstream. What this means for open source securityLinaro
TEE security infrastructure is now upstream in the Linux kernel, thanks to the hard work of many people in the ARM open source ecosystem. In this upcoming webinar, Joakim Bech and Jens Wiklander of the Linaro Security Working Group explain:
‣ Why upstream Linux kernel driver support is an important milestone.
‣ The relationship with specifications such as GlobalPlatform.
‣ A recap of the design principles for the TEE driver.
‣ How to get involved with TEE development.
This webinar is based on the work of the Linaro Security Working Group. Their work helps Linaro achieve its mission of providing upstream open source support for the ARM ecosystem. The webinar will be of interest to developers and engineering managers who would like the latest status on TEE support in Linux, particularly those looking to develop secure applications with e.g. OP-TEE. It’s also a great case study for those interested in the challenges of Linux kernel upstreaming. There will be the opportunity to ask questions before, during and after the webinar.
🎙 Speakers:
Joakim Bech, Security Working Group Tech Lead, Linaro
Jens Wiklander, Security Working Group Engineer & Upstream Driver Author, Linaro
🎯 Moderator:
Bill Fletcher, EMEA Field Engineering, Linaro
✨ Register here
http://linaro.co/webinar01
For more information on...
On Linaro - Leading Collaboration in the ARM Ecosystem - linaro.org
On OP-TEE - the TEE in Linux using the ARM® TrustZone® technology op-tee.org
----------------------------------------------
Videos & Presentation
--
Introduction to OP-TEE
--
A great introduction to OP-TEE security written from the standpoint of Automotive Grade Linux. It's only 13 slides with some great diagrams explaining trusted execution, secure boot and isolation.
#Automotive #AGL #OP-TEE #Linux
https://www.slideshare.net/YannickGicquel/introduction-to-optee-26-may-2016
--
OP-TEE for Beginners and Porting Review
--
Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome.
#TrustedApplication #Trustzone
http://connect.linaro.org/resource/hkg15/hkg15-311-op-tee-for-beginners-and-porting-review/
Have a quick overview of most of the embedded linux components and their details. How ti build Embedded Linux Hardware & Software, and developing Embedded Products
SFO15-TR9: PSCI, ACPI (and UEFI to boot)
Speaker: Bill Fletcher
Date: September 24, 2015
★ Session Description ★
An introductory session of a system-level overview at Power State Coordination
- Focus on ARMv8
- Goes top-down from ACPI
- A demo based on the current code in qemu
- The specifications are very dynamic - what’s onging for ACPI and PSCI
★ Resources ★
Video: https://www.youtube.com/watch?v=vXzPdpaZVto
Presentation: http://www.slideshare.net/linaroorg/sfo15tr9-psci-acpi-and-uefi-to-boot
Etherpad: pad.linaro.org/p/sfo15-tr9
Pathable: https://sfo15.pathable.com/meetings/303087
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
Smart connected devices such as mobile phones, tablets and Digital TVs are required to handle data with strong security and confidentiality requirements. A “Trusted Execution Environment” (TEE) provides an environment for processing data securely, protected from normal platform applications. This talk is intended as an introduction to Trusted Execution, and the open-source Trusted Execution Environment OP-TEE in particular. It introduces the GlobalPlatform TEE Specifications, explains how Trusted Execution is implemented by ARM TrustZone and OP-TEE, and outlines how trusted boot software manages the secure boot of an ARM platform. Finally, it gives some pointers on how to get started with OP-TEE.
"Session ID: BUD17-400
Session Name: Secure Data Path with OPTEE - BUD17-400
Speaker: Mark Gregotski
Track: LHG
★ Session Summary ★
LHG is using the ION-based secure memory allocator integrated with OPTEE as the basis for secure data path processing pipeline. LHG is following the W3C EME protocol and supporting Content Decryption Modules (CDMs) from Widevine and PlayReady.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-400/
Presentation: https://www.slideshare.net/linaroorg/bud17400-secure-data-path-with-optee
Video: https://youtu.be/6JdzsWZq4Ls
---------------------------------------------------
★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary
---------------------------------------------------
Keyword: LHG, secure-data, OPTEE
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
This presentation is about U-Boot: the most popular open source, primary boot loader used in embedded devices, as well as it's mechanisms and features.
The respective talk was held by Sam Protsenko (Software Engineer, Consultant, GlobalLogic) at GlobalLogic Mykolaiv Embedded TechTalk #1 on May 25, 2018.
Internet of Tiny Linux (IoTL): Episode IV - SFO17-100Linaro
Session ID: SFO17-100
Session Name: Internet of Tiny Linux (IoTL): Episode IV - SFO17-100
Speaker: Nicolas Pitre
Track: LITE
★ Session Summary ★
This is a discussion on various methods, from low hanging fruits to more
daring approaches, being put forward to reduce the size of Linux kernel
and user space binaries to make them suitable for very small IoT
applications. Latest results in terms of effectiveness and upstream
acceptance will be discussed. Spoiler Alert: With luck, a tiny demo
might be thrown in!
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-100/
Presentation:
Video: https://www.youtube.com/watch?v=mqkIMfYLiz4
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
Using SoC Vendor HALs in the Zephyr Project - SFO17-112Linaro
Session ID: SFO17-112
Session Name: Using SoC Vendor HALs in the Zephyr Project - SFO17-112
Speaker: Maureen Helm
Track: LITE
★ Session Summary ★
The Zephyr OS is a small, scalable RTOS that supports a wide variety of SoCs, many of which have existing HALs provided by the SoC vendors, especially in the ARM Cortex-M world. These HALs provide peripheral register definitions and in many cases, include bare metal peripheral drivers. Rather than reinventing the wheel, the Zephyr Project decided to proactively reuse these vendor HALs whenever possible. This session will cover how and why the Zephyr Project uses SoC vendor HALs, what are the common problems, and how to address them.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-112/
Presentation:
Video: https://www.youtube.com/watch?v=hHcnw4xu_Mo
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/102696
"Session ID: SFO17-102
Session Name: Deploy STM32 family on Zephyr - SFO17-102
Speaker: Erwan Gouriou
Track: LITE
★ Session Summary ★
Objects:
-Quick intro on STM32 offer
-Strategy used to minimize code and maintenance effort and break silos
-Status on supported drivers
Slides:
-STM32 families and SoCs (highlight number of refs (>900) and need for mutualization)
-SoC naming conventions
-ST boards
-STM32Cube
-Initial deployment in Zephyr
-STM32Cube introduction and introduction in Zephyr
*HAL vs LL
*Information conveyed by CMSIS files
-Driver deployment strategy
*CMSIS (generic defines)
*LL/HAL
-Simplification brought by driver init code and pinmux generated by Device tree
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-102/
Presentation:
Video:
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
Preventing Linux in your car from killing you: The L4Re Open Source Microviso...Linaro
Session ID: SFO17-416
Session Name: Preventing Linux in your car from killing you: The L4Re Open Source Microvisor System. - SFO17-416
Speaker: Michael Hohmuth
Track: LITE
★ Session Summary ★
The uptake of Linux in modern cars is on the rise. It is very hard to make
Linux safe enough for safety assessors. Thus far the industry has used a
proprietary layer of safety certifiable system software that in addition to
running mission critical applications also allows running Linux safely in
virtual machines. Can that layer be open source as well ? Without compromising
on safety and security certifiability ? This session presents L4Re - an open
source project that ticks a lot of boxes in order to let Linux be what it's
good at while providing the safety that the Auto world demands.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-416/
Presentation:
Video:
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
New Zephyr features: LWM2M / FOTA Framework - SFO17-113Linaro
Session ID: SFO17-113
Session Name: New Zephyr features: LWM2M / FOTA Framework - SFO17-113
Speaker: Marti Bolivar - David Brown - Ricardo Salveti - Mike Scott
Track: LTD
★ Session Summary ★
Zephyr is changing at an alarming pace and we would like to provide some insights to a few of the areas we have been working. MCUBOOT Secure bootloader integration, FOTA, DeviceTree and LWM2M enabling secure client to cloud capabilities
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-113/
Presentation:
Video: https://www.youtube.com/watch?v=VOv0-d5T99o
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
Session ID: SFO17-108
Session Name: BSD Sockets API in Zephyr RTOS - SFO17-108
Speaker: Paul Sokolovsky
Track: LITE
★ Session Summary ★
Zephyr 1.9 features initial implementation of BSD Sockets compatible API. This session surveys reasons to add it, requirements, details of implementation and results achieved. Known issues and future work are also discussed.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/sfo17/sfo17-108/
Presentation:
Video:
---------------------------------------------------
★ Event Details ★
Linaro Connect San Francisco 2017 (SFO17)
25-29 September 2017
Hyatt Regency San Francisco Airport
---------------------------------------------------
Keyword:
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
Elc Europe 2020 : u-boot- porting and maintaining a bootloader for a multimed...Neil Armstrong
Porting and maintaining Linux for a Multimedia SoC is one thing (already very complex), but without a proper Bootloader, how would we do ? For the last 4 Years, we were pushing Upstream Linux support for the Amlogic Multimedia SoCs with very well-known Single Board Computers like Odroid-C2, Libre Computer Le Potato, Khadas VIMs... but a key point was missing until 2 years ago: a clean Bootloader. We only relied on the Vendor Bootloader, but it quickly became an issue for various reasons: - was complex to rebuild - even more complex to enhance and fix - did some weird and quirkly hardware enablement before linux - was confusing because the vendor Bootloader behavior changed over time So we implemented an all-most complete U-Boot support for these Amlogic SoCs, including HDMI video support and support Android AOSP boot. And a big bonus appeared: we got UEFI support for free ! Neil will go through all the development process, what we achieved, the remaining work and how U-Boot maintenance and code quality evolved over time.
XPDDS17: EFI Secure Boot, Shim and Xen: Current Status and Developments - Da...The Linux Foundation
The EFI secure boot is a protocol to verify authenticity of loaded and executed PE binary. Usually it is a second stage bootloader, e.g. GRUB2, or an OS kernel. The shim is an extension to the EFI secure boot which makes whole authentication process more flexible. The presentation will deal with the most important aspects of EFI secure boot and shim. Additionally, it will discuss how Xen hypervisor boot process can be protected with EFI secure boot and shim. However, this does not mean that everything is done and work out of the box. So, in the end it will be shown what is done to make EFI secure boot and shim usable when you boot Xen using GRUB2.
This presentation is about verified boot and its role in keeping devices and personal data safe. There are examples of chain of trust in boot on various SoCs (particularly, those with Android BSP), a role of AVB 2.0 and TEE, and AVB 2.0 integration with U-boot.
The talk was delivered by Igor Opaniuk (Senior Software Engineer, Consultant, GlobalLogic) at GlobalLogic Embedded Career Day #2 on February 10, 2018.
More about GlobalLogic Embedded Career Day #2: https://www.globallogic.com/ua/events/globallogic-kyiv-embedded-career-day-2-materials
Secure enclaves are becoming a popular way to separate and protect sensitive code and data from other processes running on a system. A FIPS 140-2 validated cryptographic software module is currently required to run power-on self tests when loaded, but security of the module can be taken one step further by validating the module inside a secure enclave, such as Intel SGX.
wolfSSL has been working on FIPS 140-2 validating the wolfCrypt library running inside an Intel SGX enclave. This session will discuss the advantages, challenges, and process of FIPS 140-2 validating a cryptographic software module inside Intel SGX and how the same process could be applied to other secure enclave environments.
Linux firmware for iRMC controller on Fujitsu Primergy serversVladimir Shakhov
Integrated Remote Management Controller aka iRMC (http://manuals.ts.fujitsu.com/file/11470/irmc-s4-ug-en.pdf) is a special-purpose ARM board, included in every Fujitsu Primergy server and actually running on GNU/Linux. Digging into the process of creation of iRMC firmware, significantly based on FOSS components, including Linux kernel, busybox, glibc, net-snmp and many others. Lecture covering technical details how its working, how to use OpenSource components together with propiertary code.
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
In Kubernetes stellen wir Anwendungen als Instanz eines vordefinierten Container-Images bereit, dessen Eigenschaften deklarativ konfiguriert werden. Dies erleichtert die Automatisierung und Reproduzierbarkeit von Deployments, was wiederum das Betriebsrisiko verringert. Was wäre, wenn wir diese Eigenschaften auf die Serverprovisionierung ausweiten und das Betriebssystem selbst wie eine Anwendung in Kubernetes behandeln würden? Was wäre, wenn wir, anstatt Allzweck-Distributionen an unsere Bedürfnisse anzupassen, unseren Ansatz, wie ein “Cloud-Native” Betriebssystem funktionieren soll, von Grund auf überdenken würden? Unter Anwendung der gleichen Erwartungen, die wir an die Handhabung von Kubernetes-Anwendungen haben, präsentieren wir einen alternativen Ansatz für die Bereitstellung, Konfiguration und Lebenszyklusverwaltung des Betriebssystems. Mithilfe einer strikten Trennung von Betriebssystem und Anwendungen zeigen wir, wie ein wartbares, unveränderliches, imagebasiertes Betriebssystem erstellt werden kann. Und indem wir dieses Konzept erweitern, machen wir Provisionierunged problemlos und automatische Updates risikoarm. In diesem Vortrag werden wir auch einige der neuesten Entwicklungen zu Betriebssystemen behandeln und über das etablierte Konzept eines Container-Linux hinausgehen, hin zu einer Zukunft, die auf composable images Images mit systemd-sysext und einem generischen Modell für Image-baiserte Linux-Architekturen basiert.
Build your own Embedded Linux Kernel by understanding it source code organization, compilation ecosystem and compiling it for a custom target.
Similar to Secure Boot on ARM systems – Building a complete Chain of Trust upon existing industry standards using open-source firmware - SFO17-201 (20)
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloLinaro
Short
The growing amount of data captured by sensors and the real time constraints imply that not only big data analytics but also Machine Learning (ML) inference shall be executed at the edge. The multiple options for neural network acceleration in Arm-based platforms provide an unprecedented opportunity for new intelligent devices. It also raises the risk of fragmentation and duplication of efforts when multiple frameworks shall support multiple accelerators.
Andrea Gallo, Linaro VP of Segment Groups, will summarise the existing NN frameworks, accelerator solutions, and will describe the efforts underway in the Arm ecosystem.
Abstract
The dramatically growing amount of data captured by sensors and the ever more stringent requirements for latency and real time constraints are paving the way for edge computing, and this implies that not only big data analytics but also Machine Learning (ML) inference shall be executed at the edge. The multiple options for neural network acceleration in recent Arm-based platforms provides an unprecedented opportunity for new intelligent devices with ML inference. It also raises the risk of fragmentation and duplication of efforts when multiple frameworks shall support multiple accelerators.
Andrea Gallo, Linaro VP of Segment Groups, will summarise the existing NN frameworks, model description formats, accelerator solutions, low cost development boards and will describe the efforts underway to identify the best technologies to improve the consolidation and enable the competitive innovative advantage from all vendors.
Audience
The session will be useful for executives to engineers. Executives will gain a deeper understanding of the issues and opportunities. Engineers at NN acceleration IP design houses will take away ideas for how to collaborate in the open source community on their area of expertise, how to evaluate the performance and accelerate multiple NN frameworks without modifying them for each new IP, whether it be targeting edge computing gateways, smart devices or simple microcontrollers.
Benefits to the Ecosystem
The AI deep learning neural network ecosystem is starting just now and it has similar implications with open source as GPU and video accelerators had in the early days with user space drivers, binary blobs, proprietary APIs and all possible ways to protect their IPs. The session will outline a proposal for a collaborative ecosystem effort to create a common framework to manage multiple NN accelerators while at the same time avoiding to modify deep learning frameworks with multiple forks.
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraLinaro
Talk Title: Huawei’s requirements for the ARM based HPC solution readiness
Talk Abstract:
A high level review of a wide range of requirements to architect an ARM based competitive HPC solution is provided. The review combines both Industry and Huawei’s unique views with the intend to communicate openly not only the alignment and support in ongoing efforts carried over by other ARM key players but to brief on the areas of differentiation that Huawei is investing towards the research, development and deployment of homegrown ARM based HPC solution(s).
Speaker: Joshua Mora
Speaker Bio:
20 years of experience in research and development of both software and hardware for high performance computing. Currently leading the architecture definition and development of ARM based HPC solutions, both hardware and software, all the way to the applications (ie. turnkey HPC solutions for different compute intensive markets where ARM will succeed !!).
Bud17 113: distribution ci using qemu and open qaLinaro
“Delivering a well working distribution is hard. There are a lot of different hardware platforms that need to be verified and the software stack is in a big flux during development phases. In rolling releases, this gets even worse, as nothing ever stands still. The only sane answer to that problem are working Continuous Integration tests. The SUSE way to check whether any change breaks normal distribution behavior is OpenQA. Using OpenQA we can automatically run tests that hard working QA people did manually in the old days. That way we have fast enough turnaround times to find and reject breaking changes This session shows how OpenQA works, what pitfalls we had to make ARM work with OpenQA and what we’re doing to improve it for ARM specific use cases.”
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018Linaro
Speaker: Renato Golin
Speaker Bio:
He started programming in the late 80's in C for PCs after a few years playing with 8-bit computers, but he only started programming professionally in the late 90's during the .com bubble. After many years working on Internet's back-end, he moved to UK and worked a few years on bioinformatics at EBI before joining ARM, where he worked on the DS-5 debugger and on the EDG-to-LLVM bridge, where he became the LLVM Tech Lead. Recently, he worked with large clusters and big data at HPCC before moving to Linaro.
Talk Title: OpenHPC Automation with Ansible
Talk Abstract: "In order to test OpenHPC packages and components and to use it as a
platform to benchmark HPC applications, Linaro is developing an automated deployment strategy, using Ansible, Mr-Provisioner and Jenkins, to install the
OS, OpenHPC and prepare the environment on varied architectures (Arm, x86). This work is meant to replace the existing ageing Bash-based recipes upstream while still keeping the documents intact. Our aim is to make it easier to vary hardware configuration, allow for different provisioning techniques and mix internal infrastructure logic to different labs, while still using the same recipes. We hope this will help more people use OpenHPC with a better out-of-the-box experience and with more robust results"
HPC network stack on ARM - Linaro HPC Workshop 2018Linaro
Speaker: Pavel Shamis
Company: Arm
Speaker Bio:
"Pavel is a Principal Research Engineer at ARM with over 16 years of experience in development HPC solutions. His work is focused on co-design software and hardware building blocks for high-performance interconnect technologies, development communication middleware and novel programming models. Prior to joining ARM, he spent five years at Oak Ridge National Laboratory (ORNL) as a research scientist at Computer Science and Math Division (CSMD). In this role, Pavel was responsible for research and development multiple projects in high-performance communication domain including: Collective Communication Offload (CORE-Direct & Cheetah), OpenSHMEM, and OpenUCX. Before joining ORNL, Pavel spent ten years at Mellanox Technologies, where he led Mellanox HPC team and was one of the key driver in enablement Mellanox HPC software stack, including OFA software stack, OpenMPI, MVAPICH, OpenSHMEM, and other.
Pavel is a recipient of prestigious R&D100 award for his contribution in development of the CORE-Direct collective offload technology and he published in excess of 20 research papers.
"
Talk Title: HPC network stack on ARM
Talk Abstract:
Applications, programming languages, and libraries that leverage sophisticated network hardware capabilities have a natural advantage when used in today¹s and tomorrow's high-performance and data center computer environments. Modern RDMA based network interconnects provides incredibly rich functionality (RDMA, Atomics, OS-bypass, etc.) that enable low-latency and high-bandwidth communication services. The functionality is supported by a variety of interconnect technologies such as InfiniBand, RoCE, iWARP, Intel OPA, Cray¹s Aries/Gemini, and others. Over the last decade, the HPC community has developed variety user/kernel level protocols and libraries that enable a variety of high-performance applications over RDMA interconnects including MPI, SHMEM, UPC, etc. With the emerging availability HPC solutions based on ARM CPU architecture it is important to understand how ARM integrates with the RDMA hardware and HPC network software stack. In this talk, we will overview ARM architecture and system software stack, including MPI runtimes, OpenSHMEM, and OpenUCX.
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...Linaro
Speaker: Jay Kruemcke
Speaker Company: SUSE
Bio:
"Jay is responsible for the SUSE Linux server products for High Performance Computing, 64-bit ARM systems, and SUSE Linux for IBM Power servers.
Jay has built an extensive career in product management including using social media for client collaboration, product positioning, driving future product directions, and evangelizing the capabilities and future directions for dozens of enterprise products.
"
Talk Title: It just keeps getting better - SUSE enablement for Arm
Talk Abstract:
SUSE has been delivering commercial Linux support for Arm based servers since 2016. Initially the focus was on high end servers for HPC and Ceph based software defined storage. But we have enabled a number of other Arm SoCs and are even supporting the Raspberry Pi. This session will cover the SUSE products that are available for the Arm platform and view to the future.
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Linaro
Speakers: Gilad Shainer and Scot Schultz
Company: Mellanox Technologies
Talk Title: Intelligent Interconnect Architecture to Enable Next
Generation HPC
Talk Abstract:
The latest revolution in HPC interconnect architecture is the development of In-Network Computing, a technology that enables handling and accelerating application workloads at the network level. By placing data-related algorithms on an intelligent network, we can overcome the new performance bottlenecks and improve the data center and applications performance. The combination of In-Network Computing and ARM based processors offer a rich set of capabilities and opportunities to build the next generation of HPC platforms.
Gilad Shainer Bio:
Gilad Shainer has served as Mellanox's vice president of marketing since March 2013. Previously, Mr. Shainer was Mellanox's vice president of marketing development from March 2012 to March 2013. Mr. Shainer joined Mellanox in 2001 as a design engineer and later served in senior marketing management roles between July 2005 and February 2012. Mr. Shainer holds several patents in the field of high-speed networking and contributed to the PCI-SIG PCI-X and PCIe specifications. Gilad Shainer holds a MSc degree (2001, Cum Laude) and a BSc degree (1998, Cum Laude) in Electrical Engineering from the Technion Institute of Technology in Israel.
Scot Schultz Bio:
Scot Schultz is a HPC technology specialist with broad knowledge in operating systems, high speed interconnects and processor technologies. Joining the Mellanox team in 2013, Schultz is 30-year veteran of the computing industry. Prior to joining Mellanox, he spent the past 17 years at AMD in various engineering and leadership roles in the area of high performance computing. Scot has also been instrumental with the growth and development of various industry organizations including the Open Fabrics Alliance, and continues to serve as a founding board-member of the OpenPOWER Foundation and Director of Educational Outreach and founding member of the HPC-AI Advisory Council.
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Linaro
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Santa Clara 2018
Bio: "Yutaka Ishikawa is the project leader of developing the post K
supercomputer. From 1987 to 2001, he was a member of AIST (former
Electrotechnical Laboratory), METI. From 1993 to 2001, he was the
chief of Parallel and Distributed System Software Laboratory at Real
World Computing Partnership. He led development of cluster system
software called SCore, which was used in several large PC cluster
systems around 2004. From 2002 to 2014, he was a professor at the
University Tokyo. He led a project to design a commodity-based
supercomputer called T2K open supercomputer. As a result, three
universities, Tsukuba, Tokyo, and Kyoto, obtained each supercomputer
based on the specification in 2008. He was also involved with the
design of the Oakleaf-PACS, the successor of T2K supercomputer in both
Tsukuba and Tokyo, whose peak performance is 25PF."
Session Title: Post-K and Arm HPC Ecosystem
Session Description:
"Post-K, a flagship supercomputer in Japan, is being developed by Riken
and Fujitsu. It will be the first supercomputer with Armv8-A+SVE.
This talk will give an overview of Post-K and how RIKEN and Fujitsu
are currently working on software stack for an Arm architecture."
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Linaro
Event: Arm Architecture HPC Workshop by Linaro and HiSilicon
Location: Santa Clara, CA
Speaker: Andrew J Younge
Talk Title: Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Supercomputing
Talk Desc: The Vanguard program looks to expand the potential technology choices for leadership-class High Performance Computing (HPC) platforms, not only for the National Nuclear Security Administration (NNSA) but for the Department of Energy (DOE) and wider HPC community. Specifically, there is a need to expand the supercomputing ecosystem by investing and developing emerging, yet-to-be-proven technologies and address both hardware and software challenges together, as well as to prove-out the viability of such novel platforms for production HPC workloads.
The first deployment of the Vanguard program will be Astra, a prototype Petascale Arm supercomputer to be sited at Sandia National Laboratories during 2018. This talk will focus on the arthictecural details of Astra and the significant investments being made towards the maturing the Arm software ecosystem. Furthermore, we will share initial performance results based on our pre-general availability testbed system and outline several planned research activities for the machine.
Bio: Andrew Younge is a R&D Computer Scientist at Sandia National Laboratories with the Scalable System Software group. His research interests include Cloud Computing, Virtualization, Distributed Systems, and energy efficient computing. Andrew has a Ph.D in Computer Science from Indiana University, where he was the Persistent Systems fellow and a member of the FutureGrid project, an NSF-funded experimental cyberinfrastructure test-bed. Over the years, Andrew has held visiting positions at the MITRE Corporation, the University of Southern California / Information Sciences Institute, and the University of Maryland, College Park. He received his Bachelors and Masters of Science from the Computer Science Department at Rochester Institute of Technology (RIT) in 2008 and 2010, respectively.
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro
Session ID: HKG18-501
Session Name: HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Speaker: Chris Redpath
Track: Mobile, Kernel
★ Session Summary ★
This session will introduce the changes to EAS planned for 4.14 kernel, and how Arm hopes that EAS will develop in future. EAS has already evolved from an Arm/Linaro joint project to involving a much wider community of SoC vendors, Google and interested device manufacturers. We will highlight the product-specific pieces remaining in the Android Common Kernel EAS implementation, and our plans to provide an upstreaming plan for each product feature. In particular, the new 'simplified energy model' is designed to provide mainline-friendliness and comparable performance using a simple DT expression of cpu power/performance.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-501/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-501.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-501.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Mobile, Kernel
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro
"Session ID: HKG18-501
Session Name: HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Speaker: Chris Redpath
Track: Mobile, Kernel
★ Session Summary ★
This session will introduce the changes to EAS planned for 4.14 kernel, and how Arm hopes that EAS will develop in future. EAS has already evolved from an Arm/Linaro joint project to involving a much wider community of SoC vendors, Google and interested device manufacturers. We will highlight the product-specific pieces remaining in the Android Common Kernel EAS implementation, and our plans to provide an upstreaming plan for each product feature. In particular, the new 'simplified energy model' is designed to provide mainline-friendliness and comparable performance using a simple DT expression of cpu power/performance.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-501/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-501.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-501.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Mobile, Kernel
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allLinaro
"Session ID: HKG18-315
Session Name: HKG18-315 - Why the ecosystem is a wonderful thing warts and all
Speaker: Andrew Wafaa
Track: Ecosystem Day
★ Session Summary ★
The Arm ecosystem is a vibrant place, but it's not always smooth sailing. This presentation will go through the highs and lows of getting the ecosystem fully Arm enabled.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-315/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-315.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-315.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Ecosystem Day
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorLinaro
"Session ID: HKG18-115
Session Name: HKG18-115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Speaker: Jan Kiszka
Track: Security
★ Session Summary ★
The open source hypervisor Jailhouse provides hard partitioning of multicore systems to co-locate multiple Linux or RTOS instances side by side. It aims at low complexity and minimal footprint to achieve deterministic behavior and enable certifications according to safety or security standards. In this session, we would like to look at the ARM-specific status of Jailhouse and discuss applications, to-dos and possible collaborations around it with the ARM community. The session is intended to be half presentation, half Q&A / discussion.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-115/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-115.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-115.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Security
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
"Session ID: HKG18-TR08
Session Name: HKG18-TR08 - Upstreaming SVE in QEMU
Speaker: Alex Bennée,Richard Henderson
Track: Enterprise
★ Session Summary ★
ARM's Scalable Vector Extensions is an innovative solution to processing highly data parallel workloads. While several out-of-tree attempts at implementing SVE support for QEMU existed, we took a fundamentally different approach to solving key challenges and therefore pursued a from-scratch QEMU SVE implementation in Linaro. Our strategic choice was driven by several factors. First as an ""upstream first"" organisation we were focused on a solution that would be readily accepted by the upstream project. This entailed doing our development in the open on the project mailing lists where early feedback and community consensus can be reached.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-tr08/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-tr08.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-tr08.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Enterprise
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
HKG18-113- Secure Data Path work with i.MX8MLinaro
"Session ID: HKG18-113
Session Name: HKG18-113 - Secure Data Path work with i.MX8M
Speaker: Cyrille Fleury
Track: Digital Home
★ Session Summary ★
NXP presentation on Secure Data Path work with i.MX8M Soc. Demonstrate 4K PlayReady playback with Android 8.1 running on i.MX8M. Focus on security (MS SL3000 and Widevine level 1)
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-113/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-113.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-113.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Digital Home
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
HKG18-120 - Devicetree Schema Documentation and Validation Linaro
"Session ID: HKG18-120
Session Name: HKG18-120 - Structured Documentation and Validation for Device Tree
Speaker: Grant Likely
Track: Kernel
★ Session Summary ★
Devicetree has become the dominant hardware configuration language used when building embedded systems. Projects using Devicetree now include Linux, U-Boot, Android, FreeBSD, and Zephyr. However, it is notoriously difficult to write correct Devicetree data files. The dtc tools perform limited tests for valid data, and there there is not yet a way to add validity test for specific hardware descriptions. Neither is there a good way to document requirements for specific bindings. Work is underway to solve these problems. This session will present a proposal for adding Devicetree schema files to the Devicetree toolchain that can be used to both validate data and produce usable documentation.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-120/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-120.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-120.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: Kernel
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
"Session ID: HKG18-223
Session Name: HKG18-223 - Trusted Firmware M : Trusted Boot
Speaker: Tamas Ban
Track: LITE
★ Session Summary ★
An overview of the trusted boot concept and firmware update on the ARMv8-M based platform and how MCUBoot acts as a BL2 bootloader for TF-M.
Trusted Firmware M
In October 2017, Arm announced the vision of Platform Security Architecture (PSA) - a common framework to allow everyone in the IoT ecosystem to move forward with stronger, scalable security and greater confidence. There are three key stages to the Platform Security Architecture: Analysis, Architecture and Implementation which are described at https://developer.arm.com/products/architecture/platform-security-architecture.
_Trusted Firmware M, i.e. TF-M, is the Arm project to provide an open source reference implementation firmware that will conform to the PSA specification for M-Class devices. Early access to TF-M was released in December 2017 and it is being made public during Linaro Connect. The implementation should be considered a prototype until the PSA specifications reach release state and the code aligns._
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-223/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-223.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-223.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: LITE
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
2. ENGINEERS
AND DEVICES WORKING
TOGETHER
Agenda
● Introduction & Scope of work
● Arm Trusted Board Boot (PKI, CoT, Authentication Flow)
● Arm Trusted Firmware implementation
● UEFI Secure Boot (PKI, CoT, Authentication Flow)
● UEFI Secure Boot on Arm – EDK2 recap
● Complete CoT
● Secure Variable Storage
● Other OSS Solutions (Android, U-Boot)
● Next steps
3. ENGINEERS AND DEVICES
WORKING TOGETHER
Introduction
● Secure Boot a mechanism to build (and maintain!) a complete Chain of Trust
on all the software layers executed in a system, preventing malicious code to be
stored and loaded in place of the authenticated one
● Security through existing specifications, industry standards & OSS
○ Interoperability (same OS/Software on different Platforms/Firmware)
○ Common Secure Boot and Secure Firmware Update Interfaces Reduced integration effort
○ Stability, frequent updates, wide usage Reduced maintenance cost
Enterprise/Networking
Embedded
Mobile/Client
UEFI Secure Boot
Secure/Verified Boot
(UEFI?)
Verified Boot
4. ENGINEERS AND DEVICES
WORKING TOGETHER
Scope of Work
Apps
OS/RTOS
Trusted Software
TrustZone
Extended Root of Trust
iROT
TrustZone
CryptoCell
Keys Hardware
Arm Trusted Firmware
Trusted OS
UEFI
Firmware
OS
Apps
Trusted
Apps
TBSA &
RoT
TBBR
UEFI
TrustZone-
basedTEE
ARMv8-A Architecture
5. ENGINEERS AND DEVICES
WORKING TOGETHER
Scope of Work
Apps
OS/RTOS
Trusted Software
TrustZone
Extended Root of Trust
iROT
TrustZone
CryptoCell
Keys Hardware
Arm Trusted Firmware
Trusted OS
OS
Apps
Trusted
Apps
TBSA &
RoT
TBBR
TrustZone-
basedTEE
ARMv8-A Architecture
UEFI
Firmware
UEFI
6. ENGINEERS AND DEVICES
WORKING TOGETHER
Arm Trusted Board Boot vs UEFI Secure Boot
● TWO DISTINCT MECHANISMS :
different Key/Certificates & PKI
● SAME GOAL : verifying the
authenticity and integrity of a
software/firmware image before
allowing its runtime execution
● DIFFERENT TARGET IMAGES
● Combined together they enable a
full Secure Boot establishing a
complete Chain Of Trust (despite
different PKI) from the very first
firmware executed up to the OS
HARDWARE
UEFI Firmware (BL33)
OS
Arm TF (BLx stages)
BL1
UEFI
Driver
UEFI
App
OS
Loader
UEFI
Secure
Boot
Arm
TBB
App1 App2 App3
RoT
7. ENGINEERS AND DEVICES
WORKING TOGETHER
Arm Trusted Board Boot
● Based on Arm TBSA/TBRR documents (available under NDA)
○ TBBR-Client specification (DEN0006C) reference for Arm Trusted Firmware
implementation
● Arm TBB: a reference example on how to build a CoT from the very first ROM
firmware executed (BL1) up to the first normal world firmware (BL33)
● SBBR recent implications (ARMServerAC):
○ v1.1 will generically mandate the use of a “complete cascading Chain of Trust
from the initial firmware up to the first normal world firmware”
○ Arm TBB and Arm Trusted Firmware provide a reference implementation
○ Other 3rd party solutions (BL1/BL2) will also be accepted as long as they start from an
HW RoT and allow a complete verification up to the UEFI compliant firmware (BL33)
8. ENGINEERS AND DEVICES
WORKING TOGETHER
Arm Trusted Firmware TBB – PKI Details
● 2 implicitly trusted components (tamper proof)
1. Root Of Trust Public Key (ROTPK) with SHA-256 hash stored on trusted registers
2. Boot Loader Stage 1 (BL1) stored on trusted ROM
● 2 Certificates pairs for each BL3x image
1. Key Certificate
■ Holds the BL3xpub key needed to validate the corresponding Content Certificate
2. Content Certificate
■ Holds the BL3x image hash to be verified against the hash of the loaded image
● 2 Key pairs used to sign/validate Key Certificates
1. Trusted World Key pair (TWpub/priv) used for BL31 & BL32 Key Certificates
2. Normal World Key pair (NWpub/priv) used for BL33 Key Certificate
● Public Keys and hashes are included as extensions to X.509 certificates
● Certificates are self-signed: no need for a valid CA
9. ENGINEERS AND DEVICES
WORKING TOGETHER
Arm Trusted Firmware TBB – Authentication Flow
● BL1 responsible for authenticating BL2 stage
1. BL1 verifies ROTPK in BL2 Content Certificate against ROTPK stored hash
2. BL1 verifies BL2 Content Certificate using enclosed ROTPK
3. BL1 loads BL2 and performs its hash verification
4. Execution is transferred to BL2
● BL2 responsible for authenticating BL3x stages (BL31, BL32, BL33)
1. BL2 verifies ROTPK in Trusted Key Certificate against ROTPK stored hash
2. BL2 verifies Trusted Key Certificate using enclosed ROTPK and saves TWpub /NTWpub
3. BL2 verifies BL3x (BL31/BL32) Key Certificate using TWpub
4. BL2 verifies BL3x (BL31/BL32) Content certificate using enclosed BL3xpub key
5. BL2 extracts and saves BL3x hash used for BL3x (BL31/BL32) image verification
6. BL2 verifies BL33 Key Certificate using NTWpub
7. BL2 verifies BL33 Content certificate using enclosed BL33pub key
8. BL2 extracts and saves BL33 hash used for BL33 image verification
○ Execution is transferred to verified BL3x BL33 images
10. ENGINEERS AND DEVICES
WORKING TOGETHER
Arm Trusted Firmware TBB – How it works (BL1)
Secure ROM
ROTPKSHA-256
BL1
Implicitly
Trusted
components
BL3xpriv
Secure world Images
BLKeyPub
BLxHASH
Key Certs
Content
Certs
Reset
BL3x
ROTpriv
ROTPK
BL2HASH
ROTpriv
TWpriv
BL3xpub
NWpriv
BL33pub
BL3xHASH
BL2
Normal world
BL33priv
BL33HASH
2
3
4
Exec
Legenda
Hash check
EL3 Execution
S-EL1 Execution BL images
EL2 Execution
BL33
1
Trusted Key Cert
ROTPK
TWpub
NWpub
11. ENGINEERS AND DEVICES
WORKING TOGETHER
TWpriv
BL3xpub
Arm Trusted Firmware TBB – How it works (BL2)
Secure ROM
ROTPKSHA-256
BL1
Implicitly
Trusted
components
Trusted Key Cert
BL3xpriv
Secure world Images
BLKeyPub
BLxHASH
Key Certs
Content
Certs
Reset
ROTPK
TWpub
NWpub
BL3x
ROTpriv
ROTpriv
BL3xHASH
BL2
For each BL3x stage
Normal world
Exec2
4
3
5
Legenda
Hash check
EL3 Execution
S-EL1 Execution BL images
EL2 Execution
BL33
BL33priv
BL33HASH
NWpriv
BL33pub
ROTPK
BL2HASH
1
12. ENGINEERS AND DEVICES
WORKING TOGETHER
Trusted Key Cert
ROTPK
TWpub
NWpub
NWpriv
BL33pub
BL33priv
BL33HASH
Arm Trusted Firmware TBB – How it works (BL2)
Secure ROM
ROTPKSHA-256
BL1
Implicitly
Trusted
components
BL3xpriv
Secure world Images
EL3 Execution
BLKeyPub
BLxHASH
Legenda
S-EL1 Execution BL images
Key Certs
Content
Certs
BL33
Normal world
Reset
EL2 Execution
BL3x
ROTpriv
ROTpriv
BL3xHASH
BL2
Exec
6 8
Hash check
TWpriv
BL3xpub
7
ROTPK
BL2HASH
13. ENGINEERS AND DEVICES
WORKING TOGETHER
Trusted Key Cert
ROTPK
TWpub
NWpub
Arm Trusted Firmware TBB – How it works (BL3x)
Secure ROM
ROTPKSHA-256
BL1
Implicitly
Trusted
components
BL3xpriv
Secure world Images
BLKeyPub
BLxHASH
Key Certs
Content
Certs
Normal world
Reset
BL3x
ROTpriv
ROTpriv
BL3xHASH
BL2
Exec
Legenda
Hash check
EL3 Execution
S-EL1 Execution BL images
EL2 Execution
BL33
BL33priv
BL33HASH
NWpriv
BL33pub
TWpriv
BL3xpub
ROTPK
BL2HASH
14. ENGINEERS AND DEVICES
WORKING TOGETHER
Trusted Key Cert
ROTPK
TWpub
NWpub
Arm Trusted Firmware TBB – How it works (BL33)
Secure ROM
ROTPKSHA-256
BL1
Implicitly
Trusted
components
BL3xpriv
Secure world Images
BLKeyPub
BLxHASH
Key Certs
Content
Certs
Normal world
Reset
BL3x
ROTpriv
ROTpriv
BL3xHASH
BL2
Exec
Legenda
Hash check
EL3 Execution
S-EL1 Execution BL images
EL2 Execution
BL33
BL33priv
BL33HASH
NWpriv
BL33pub
TWpriv
BL3xpub
ROTPK
BL2HASH
15. ENGINEERS AND DEVICES
WORKING TOGETHER
Arm Trusted Firmware Implementation Overview
● TBB working properly on BL1/BL2 on both AArch64 & AArch32!
○ JUNO and FVP Platforms TBB example running in AArch32 state on GitHub!
● Build flags (summary)
○ TRUSTED_BOARD_BOOT=1 to enable BL1+BL2 TBB support
○ GENERATE_COT=1 build and execute cert_create tool (see below)
○ XXX_KEYS=[path] used to specify location of keys in PEM format
○ Have a look at the user guide(1)!
● Tools:
○ cert_Create too: BL images and Keys as input Certificates as output
○ Fiptool: Certificates as input FIP (Firmware Image Package)
● Pre-integration of TBB with the Arm TrustZone CryptoCell product (CC-712) to
take advantage of its HW RoT and crypto acceleration services
16. ENGINEERS AND DEVICES
WORKING TOGETHER
UEFI Secure Boot
1. A platform ownership model for establishing a trust relationship among:
■ Platform Owner (ODM/OEM/EndUser) – PO
■ Platform Firmware (EDK2 / U-Boot / 3rd party BIOS) – PF
■ OS / 3rd party software vendors – OSV/ISV SV
○ Uses standard PKI, X.509 certificates and PE images digital signature, based on PE
digest/hash calculation described in Microsoft Authenticode PE Signature Format
○ Signature database (white/black list) update mechanism from trusted sources
2. A generic framework, based on the above model, to allow:
1. The firmware to authenticate UEFI executable images before allowing their
execution, preventing pre-boot malwares to be run
2. The Platform Owner and/or SV to securely update the signature databases into PF
with new/known allowed/forbidden image signatures
17. ENGINEERS AND DEVICES
WORKING TOGETHER
UEFI Firmware
UEFI Secure Boot – PKI details
● 2 asymmetric key pairs:
1. Platform Key (PK): Trust
relationship between PO & PF
■ PKpriv owned by the PO
■ PKpub enrolled into PF
2. Key Exchange Key (KEK): Trust
relationship between SV & PF
■ Different KEKpriv for each SV
■ Each SV enrolls KEKpub into PF
● Platform firmware NV variables (on
tamper proof storage) to hold:
○ PKpub / KEKpub list
○ Signatures DBs: signatures
white/black lists (db/dbx)
Enrollment
Process
SetupMode
PF NV variables
PO
SV
PKpriv
PKpub KEK1pub
SV
KEK1priv
KEK2priv
Signature_DBs:
db {} / dbx {}
KEK2pub
ROT
18. ENGINEERS AND DEVICES
WORKING TOGETHER
UEFI Firmware
UEFI Secure Boot – PKI details (2)
● Using PKpriv/KEKpriv , Signature_DB
is updated from trusted sources
with allowed/forbidden image
signatures, by means of UEFI
SetVariable() Runtime service
Enrollment
Process
UserMode
PKpriv
KEK2priv
SetVariable()
KEK1priv
Signature_DBs:
db {} / dbx {}
Signature_DBs:
db: {Sign1, Sign3}
dbx: {Sign2, Sign4}
PO
SV
SV
PKpub KEK1pub KEK2pub
PF NV variables
19. ENGINEERS AND DEVICES
WORKING TOGETHER
UEFI Firmware
Sign
check
Sign
check
UEFI Secure Boot – How it works
● UEFI executable images are verified
against Signature_DBs found in the
firmware
Enrollment
Process
DeployedMode
PKpriv
KEK2priv
KEK1priv
Signature_DBs:
db {} / dbx {}
Signature_DBs:
db: {Sign1, Sign3}
dbx: {Sign2, Sign4}
UEFI Executable Images
OS Loader+
OS Kernel
OS Loader+
OS Kernel 2
Sign1 Sign2
UEFI App1 UEFI App2
Sign3 Sign5
Exec
PO
SV
SV
PF NV variables
20. ENGINEERS AND DEVICES
WORKING TOGETHER
UEFI Secure Boot on Arm – EDK2 recap
● LCA14 (from Ard Biesheuvel)(2) ● LAS16 (Ard Biesheuvel)(3)
21. ENGINEERS AND DEVICES
WORKING TOGETHER
Arm Trusted Firmware – BL31
Complete CoT – Putting all together
UEFI FIRMWARE – BL33
Linux Kernel A Linux Kernel B
Secure
App1
Secure
App2
Guest App1 Guest App2
PKpub
KEKpub db / dbx
ROTPK
SHA-256
CC
KC
KC
CC
Normal World Secure World
Sign1 Sign2
EL0
EL1
EL2
S-EL0
EL3
TBB
BL1
S-EL1TBB
BL2
CC
S-EL1 payload (BL32)
22. ENGINEERS AND DEVICES
WORKING TOGETHER
Secure Variable access
Arm Trusted Firmware – BL31
Linux Kernel A Linux Kernel B
Secure Partition
Variable access
Guest App1 Guest App2
KEKpub
db / dbx
TBB
BL2
Normal World Secure World
TBB
BL1
EL0
EL1
EL2
EL3
PKpub
ROTPK
SHA-256
Secure Partition Manager
SVC Trampoline – BL31
SetVariable()
UEFI FIRMWARE – BL33
Arm MM Interface
S-EL0
S-EL1
Secure Storage
23. ENGINEERS AND DEVICES
WORKING TOGETHER
Other OSS Solutions
● Android Verified Boot(4) on AOSP:
○ De-facto industry standard for Mobile secure boot path since Android 4.4/5.0
○ CoT starting from OEM public key (tamper proof) to verify android boot image
○ Device State (LOCKED/UNLOCKED) must be protected not to break the CoT
○ On newer versions (8.0) also Rollback protection available(5)
● U-Boot Verified Boot(6)
○ CoT starting from trusted U-Boot image (BL33) carrying initial public key (tamper proof)
○ Usual image verification chain then follows
○ No specified platform ownership model for updating keys in field
● U-Boot Secure Boot?
○ Leveraging “UEFI on Top on U-Boot”(7) work, with SetVariable extension?
○ Plugging shim over UEFI-enabled U-Boot to handle key management?
Convergence of Embedded and Enterprise secure boot flows!
24. ENGINEERS AND DEVICES
WORKING TOGETHER
Plans & Next Steps
● Software side:
○ Arm open-source reference platform software of TBB+UEFI Secure Boot with Secure
Variable storage access from Secure Partition
○ Investigate U-Boot based solution for Embedded/Mobile
○ Future: Secure Firmware Update (FWU vs UEFI Signed Capsule Update)
● Specification side:
○ TBBR/SBBR updates & possible Server side TBBR/TBSA
○ Interactions with TCG TPM & Measured Boot
○ What level of standardization required on the Firmware side for a TBB solution?
■ A guidance on which authentication steps to be executed at each ELx/BLx to
avoid arbitrary code execution at EL3(8)?
● Different HW solutions for the initial RoT ( SFO17-304)
25. ENGINEERS AND DEVICES
WORKING TOGETHER
References
1) ARM Trusted Firmware TBB Documentation, Design Guide, User Guide
○ https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/trusted-board-boot.rst
○ https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/auth-framework.rst
○ https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/user-guide.rst
2) LCA14-105: UEFI secure boot
○ http://connect.linaro.org/resource/lca14/lca14-105-uefi-secure-boot/
3) LAS16-200: UEFI Secure Boot
○ http://s3.amazonaws.com/connect.linaro.org/las16/Presentations/Tuesday/LAS16-200%20-
%20Firmware%20Summit%20-%20UEFI%20Secure%20Boot.pdf
4) Android Verified Boot: https://source.android.com/security/verifiedboot/
5) AVB Codebase and latest updates: https://android.googlesource.com/platform/external/avb/
6) U-Boot Verified Boot: https://lwn.net/Articles/571031/
7) UEFI on Top of U-Boot:
○ https://www.suse.com/docrep/documents/a1f0ledpbe/UEFI%20on%20Top%20of%20U-Boot.pdf
8) UCSB Mobile Boot Loaders Analysis and TEE implementation flaws
○ https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/redini