SlideShare a Scribd company logo

Standardizing the tee with global platform and RISC-V

RISC-V International
RISC-V International

RISC-V Summit 2020 presentation

Technology
1 of 27
Download to read offline
December 8-10 | Virtual Event Standardizing the TEE with GlobalPlatform and RISC-V Gil Bernabeu Technical Director GlobalPlatform #RISCVSUMMIT
3 Industry Focused Common Goal Reduced time to market for digital services Successful Collaboration 20 years of implementations Established Standards Over 150 technical documents available GlobalPlatform is a member-driven technical community Chip Manufacturers Device Manufacturers Regulators Certification Bodies Laboratories IoT Cloud Platform Providers Application Developers Service Providers
4 GlobalPlatform is Member Driven
5 Protection of Digital Services Certification of Secure Components Secure Remote Management of Digital Services By addressing these requirements, GlobalPlatform: • Speeds up alignment between service providers and device manufacturers on technical and commercial interests • Offers a simpler route to market GlobalPlatform’s technology provides a range of authentication, connectivity, privacy and security solutions Key Requirements for a Successful Secure Deployment 1 2 3
6 Protecting Digital Services: Secure Components and Device Trust Architecture Protection of Digital Services Secure Component Secure Element Trusted Execution Environment At Device Level Device Trust Architecture MCU
7 Protection of Digital Services – Secure Component GlobalPlatform protects digital services by standardizing and certifying two secure component technologies (secure component = hardware + firmware + root of trust) 7.6 billion Secure Elements (SEs) deployed in 2019 were based on GlobalPlatform specifications Secure Element (SE) Trusted Execution Environment (TEE) 1 billion GlobalPlatform-compliant TEE-enabled processors shipped for the smartphone market in 2019 Total amount of deployed SEs based on GlobalPlatform technology since 2010 to over 42 billion
8 VAN.2 GlobalPlatform’s Answer to Cover Different Security Market Requirements VAN.5 VAN.3 GlobalPlatform TEE Protection Profile GlobalPlatform SE Protection Profile under evaluation GlobalPlatform MCU ROT Protection Profile under public review Robustness • Levels are not related to a specific technology • Levels are aligned with attack Methodology Penetration Testing • Product differentiation is possible with clear level of protection of assets Trusted Execution Environment Technical Community (lab, vendor, expert) open to national Certification Bodies created back in 2016
9 New Scope of Work at an Enhanced Level • Last year we have decided to also cover Secure MCU in our road map for addressing enhanced level – This is a good way to secure IoT due to the dissemination of secure MCU into IoT devices • Our MCU Protection Profile is under final review – Your comments are welcome! – Public Review Ends: 07 Dec 2020 • The GlobalPlatform enhanced attack methodology is now under revision to cover this additional design https://globalplatform.org/specifications/for-public-review/
10 GlobalPlatform TEE GlobalPlatform defines a TEE as a secure area in the main silicon of a connected device to enable a minimal trusted computing base (TCB) • Provides high-performance hardware security with zero additional Bill of Material (BoM) • Offers isolated safe execution of authorized security software, known as 'trusted applications’ which enable end-to-end security • Protects sensitive data in transit, while processed and when stored
11 • Isolation from the Regular Execution Environment (REE) TEE Security Features Broad security features to protect Trusted Applications (TAs) Application management control Random number generation, cryptography and monotonic time Hardware-based device binding Integrity and confidentiality of protected data storage Privileged access to hardware and peripherals (e.g. sensors, crypto engines) • Isolation from other Trusted Application Trusted Application
12 The Trusted Execution Environment (TEE) (1 of 2) • Protected by hardware mechanisms – Isolate the TEE from the REE – Only allowed communication uses defined entry points – No single hardware implementation • High performance – TEE code runs on a full function CPU • Fast communications mechanisms – TEE may be able to access REE memory – Hardware protects TEE memory from REE • Multiple simultaneously active Trusted Applications in the TEE
13 The Trusted Execution Environment (2 of 2) • Standardized by GlobalPlatform – Portable across platforms • Everything in the TEE is defined for security first, then speed • Executables running in TEE are validated before execution • Secure storage mechanism for secrecy – Authenticity, integrity and confidentiality • TEE Protection Profile defined by GlobalPlatform – Defines the level of hardware protection that is required – See later
14 Hardware Isolation is a Must • The defining feature of the TEE is hardware protection • Software based protections can be hacked, properly defined hardware protections cannot – How can you hack a set of silicon gates? • Hardware ensures only valid entry points can be called – No side-channel access to secure resources from the REE • Standard does not define how hardware protection is implemented – CPU modes – Separate CPU • Hardware protection is no use without secure software – A careless programmer can destroy security • Software carefully guards the pinch points / Software uses the hardware protections – Guards the pinch points – Limits access to secrets – Minimizes interfaces to the REE – Minimizes side channel attacks in some cases • Provides the Trusted Execution Environment (TEE) for secure code
15 Based on Multiple TEE Hardware Implementations PCB C On-SoC On-Chip Security Subsystem µProcessing Core(s) Peripherals OTP Fields RAM Crypto Accelerators ROM Key TEE Component REE Component Shared Component PCB B PCB A On-SoC Crypto Accelerators ROM On-SoC External Memories External Security Co-Processor µProcessing Core(s) Peripherals OTP Fields RAM Crypto Accelerators ROM µProcessing Core(s) RAM External Memories OTP Fields Peripherals External Memories Discussion started with RISC-V to look on new potential HW implementations
16 TEE Software Architecture REE Applicatio n REE Applicatio n REE Application Client Application Shared Memory Public Device Drivers REE Comms. Agent TEE Client API Rich OS Components Trusted Device Drivers TEE Comms. Agent Trusted Kernel Trusted Core Framework Trusted OS Components TEE Internal Core API and extensions Shared Memory View Trusted Application REE Applicatio n REE Applicatio n Trusted Application Public Peripherals Trusted Peripherals Switchable Peripherals Message s Isolation defined by TEE Protection Profile Platform Hardware TEE Protocols
Service Providers are Accessing High Level Services
18 • The original (“high-level”) TUI provided a limited set of use cases and screen layout support: – PNG image display – PIN entry – PIN and Password Entry • Designed for initial TUI use cases with layout design implemented by device vendors • The new version (GlobalPlatform TEE TUI “Low Level” – April 2018) supports – Direct access for TAs to isolated display framebuffer  Allows the Trusted Application FULL control of how and what it displays  No un-trusted or other TA software can access the displayed data – Direct access for TAs to peripherals and event based isolated input  Allowing the Trusted Application FULL control of how it reacts to user inputs  No un-trusted or other TA software can access the input data streams GlobalPlatform TEE Trusted User Interface (TUI): A New Version Label Security Indicator mylogin < correction cancel validate login **** < correction password Virtual Keyboard Label Security Indicator Cancel Validate
19 • Good biometrics are harder to steal and use than PIN or password, and much easier to remember if and only if securely implemented • GlobalPlatform TEE Biometric API – Design validated for fingerprint sensors – Open to be used as a generic biometric interface for other biometry types • No un-trusted or TA software can access the biometric data • No un-trusted or TA software can inject false/stolen biometric material • Support for multiple users and multiple fingerprints • Each Trusted Application (TA) gets to set its own rules for – what a fingerprint does – and how long it may do it GlobalPlatform TEE Biometric API (an extension of GlobalPlatform TEE TUI Low Level) TEE with Trusted User Interface Un-Trusted The User’s Device My Trusted App in the TEE
20 • Full control of display by TA – No overlays from untrusted software – Support libraries could additionally provide  Modern graphics support, fonts, etc..  Or the old GlobalPlatform TUI “High Level” • Multiple screen types – e.g. consider in vehicle infotainment systems  Multiple users  Multiple video streams New Features from TUI Low Level and Biometrics Label Security Indicator mylogin < correction cancel validate login **** < correction password Virtual Keyboard Label Security Indicator Cancel Validate * © Images reproduced under Wikipedia Commons. CC BY-SA 3.0 or Public Domain * * * * *
21 Management of the TEE • TEE Management Framework has been designed on 3 layers 1) Administration Operations  The management of Trusted Applications and Security Domains 2) Security Model  Defines the Actors and Security Mechanisms 3) Protocol(s)  The encoding of administrator operations  Secure sessions with a Security Domain Support multiple deployment models + ASN.1 command and OTrP model
22 TEE Protection Profile and Modules are Available New PP TEE v1.3 Covers from the ROT to the APIs Evaluated by the French scheme • SFR improvement and now rely on GP Crypto requirements • AVA_VAN_AP.3 replaces AVA_TEE.2 • Aligned with latest Attack methods catalog • Includes 2 PP Modules We are also finalizing: • Secure Media Path TEE PP modules • Trusted User Interface TEE PP modules • Biometrics TEE PP module
23 An isolated environment has been created GlobalPlatform Security Certification confirms The product meets the defined level of correctness and robustness The product protects against SW-based attacks and exploitation of its physical boundary GlobalPlatform TEE Security Certification Work is based on ISO standards ISO/IEC 15408 GlobalPlatform stays ahead of widespread attacks and state-of-the-art countermeasures.
24 Microcontroller (MCU) Root of Trust and Protection Profile Application Application Root of Trust Application Root of Trust RoT Services Secure Partition Manager Library / OS Kernel Secure Processing Environment (SPE) Non-Secure Processing Environment (NSPE) Isolation boundary Client API Implementation Defined Internal API Internal API Implementation Defined Internal API TOE Application Processor TEE Microcontroller (MCU) High-End & Mid-End IoT Devices Low-End IoT Devices MCU – Root Of Trust TEE Concepts Adapted to Microcontrollers Scope of Protection Profile
25 • Leveraging GlobalPlatform TEE specifications for RISC-V architecture secure hardware enclave • GlobalPlatform TEE specifications are architecture-agnostic – With focus on meeting isolation and secure trust goals rather than how hardware can achieve these objectives • 1st identified item: define a new “lightweight” configuration for IoT TEE configuration – Pick and choose the minimal needed set from existing GlobalPlatform specifications – Ideal for software and devices targeted at a particular use case and reduced use of resources rather than “generic” environment of today’s TEEs • Project example for secure hardware enclave: https://keystone-enclave.org/ • First open-source framework for architecting and building customized TEEs with secure hardware enclaves based on RISC-V RISC-V and GlobalPlatform Starting Working Together
26 Summary • Service providers are now widely using GlobalPlatform TEE APIs to develop digital services • The Protection Profile and the security certification defines a clear base line to allow service providers to calculate precisely their risk • Collaboration with RISC-V will create new devices supporting TEE and will accelerate digital service deployment • GlobalPlatform TEE technology is now widely deployed in different markets over different hardware architecture
27 Contact Us Membership: membership@globalplatform.org PR Contact: globalplatform@iseepr.co.uk Tel: +44 (0) 113 350 1922 Questions: secretariat@globalplatform.org Twitter @GlobalPlatform_ YouTube GlobalPlatformTV YouKu GlobalPlatform GitHub GlobalPlatform.GitHub.com LinkedIn GlobalPlatform WeChat GlobalPlatform China www.globalplatform.org
December 8-10 | Virtual Event Thank you for joining us. Contribute to the RISC-V conversation on social! #RISCVSUMMIT @risc_v

Recommended

File systems for Embedded Linux
File systems for Embedded LinuxFile systems for Embedded Linux
File systems for Embedded LinuxEmertxe Information Technologies Pvt Ltd
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEELinaro
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMSherif Mousa
 
Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Macpaul Lin
 
Spi drivers
Spi driversSpi drivers
Spi driverspradeep_tewani
 
Embedded Operating System - Linux
Embedded Operating System - LinuxEmbedded Operating System - Linux
Embedded Operating System - LinuxEmertxe Information Technologies Pvt Ltd
 
Berkeley Packet Filters
Berkeley Packet FiltersBerkeley Packet Filters
Berkeley Packet FiltersKernel TLV
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
 

Recommended

File systems for Embedded Linux
File systems for Embedded LinuxFile systems for Embedded Linux
File systems for Embedded LinuxEmertxe Information Technologies Pvt Ltd
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEELinaro
 
Building Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMBuilding Embedded Linux Full Tutorial for ARM
Building Embedded Linux Full Tutorial for ARMSherif Mousa
 
Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Bootstrap process of u boot (NDS32 RISC CPU)
Bootstrap process of u boot (NDS32 RISC CPU)Macpaul Lin
 
Spi drivers
Spi driversSpi drivers
Spi driverspradeep_tewani
 
Embedded Operating System - Linux
Embedded Operating System - LinuxEmbedded Operating System - Linux
Embedded Operating System - LinuxEmertxe Information Technologies Pvt Ltd
 
Berkeley Packet Filters
Berkeley Packet FiltersBerkeley Packet Filters
Berkeley Packet FiltersKernel TLV
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
 
Qemu Introduction
Qemu IntroductionQemu Introduction
Qemu IntroductionChiawei Wang
 
EMBEDDED C
EMBEDDED CEMBEDDED C
EMBEDDED CKeroles karam khalil
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Yannick Gicquel
 
Linux Porting to a Custom Board
Linux Porting to a Custom BoardLinux Porting to a Custom Board
Linux Porting to a Custom BoardPatrick Bellasi
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device driversHoucheng Lin
 
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSDLAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSDLinaro
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDKDenys Haryachyy
 
Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmertxe Information Technologies Pvt Ltd
 
Gpu with cuda architecture
Gpu with cuda architectureGpu with cuda architecture
Gpu with cuda architectureDhaval Kaneria
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequenceHoucheng Lin
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Ahmed El-Arabawy
 
Linux Programming
Linux ProgrammingLinux Programming
Linux ProgrammingEmertxe Information Technologies Pvt Ltd
 
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingPART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingFastBit Embedded Brain Academy
 
Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Thomas Petazzoni
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118Wei Fu
 
Secure boot general
Secure boot generalSecure boot general
Secure boot generalPrabhu Swamy
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLinaro
 
Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT GatewayLF Events
 

More Related Content

What's hot

Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Yannick Gicquel
 
Linux Porting to a Custom Board
Linux Porting to a Custom BoardLinux Porting to a Custom Board
Linux Porting to a Custom BoardPatrick Bellasi
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device driversHoucheng Lin
 
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSDLAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSDLinaro
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
Gpu with cuda architecture
Gpu with cuda architectureGpu with cuda architecture
Gpu with cuda architectureDhaval Kaneria
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequenceHoucheng Lin
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Ahmed El-Arabawy
 
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingPART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingFastBit Embedded Brain Academy
 
Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Thomas Petazzoni
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingMichelle Holley
 
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118Wei Fu
 
Secure boot general
Secure boot generalSecure boot general
Secure boot generalPrabhu Swamy
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLinaro
 

What's hot (20)

Qemu Introduction
Qemu IntroductionQemu Introduction
Qemu Introduction
 
EMBEDDED C
EMBEDDED CEMBEDDED C
EMBEDDED C
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
 
Linux Porting to a Custom Board
Linux Porting to a Custom BoardLinux Porting to a Custom Board
Linux Porting to a Custom Board
 
Arm device tree and linux device drivers
Arm device tree and linux device driversArm device tree and linux device drivers
Arm device tree and linux device drivers
 
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSDLAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
LAS16-210: Hardware Assisted Tracing on ARM with CoreSight and OpenCSD
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
 
Understanding DPDK
Understanding DPDKUnderstanding DPDK
Understanding DPDK
 
Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernel
 
Gpu with cuda architecture
Gpu with cuda architectureGpu with cuda architecture
Gpu with cuda architecture
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequence
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
 
Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1) Course 102: Lecture 26: FileSystems in Linux (Part 1)
Course 102: Lecture 26: FileSystems in Linux (Part 1)
 
Linux Programming
Linux ProgrammingLinux Programming
Linux Programming
 
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with DebuggingPART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
PART-2 : Mastering RTOS FreeRTOS and STM32Fx with Debugging
 
Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)Device Tree for Dummies (ELC 2014)
Device Tree for Dummies (ELC 2014)
 
DPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet ProcessingDPDK & Layer 4 Packet Processing
DPDK & Layer 4 Packet Processing
 
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118
Reliability, Availability, and Serviceability (RAS) on ARM64 status - SAN19-118
 
Secure boot general
Secure boot generalSecure boot general
Secure boot general
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
 

Similar to Standardizing the tee with global platform and RISC-V

Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversWithTheBest
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT GatewayLF Events
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overviewSajid Marwat
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionLinaro
 
Reference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdfReference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdfimjamadarp19
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DividePriyanka Aash
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
trusted computing platform alliancee.ppt
trusted computing platform alliancee.ppttrusted computing platform alliancee.ppt
trusted computing platform alliancee.pptnaghamallella
 
Enabling Technologies for Branded Wireless Services - Boris Klots, Motorola, ...
Enabling Technologies for Branded Wireless Services - Boris Klots, Motorola, ...Enabling Technologies for Branded Wireless Services - Boris Klots, Motorola, ...
Enabling Technologies for Branded Wireless Services - Boris Klots, Motorola, ...mfrancis
 
Field-to-Cloud Technology Building Blocks enabling a Sports Medical Solution....
Field-to-Cloud Technology Building Blocks enabling a Sports Medical Solution....Field-to-Cloud Technology Building Blocks enabling a Sports Medical Solution....
Field-to-Cloud Technology Building Blocks enabling a Sports Medical Solution....Eurotech
 
IoT and the Role of Platforms
IoT and the Role of PlatformsIoT and the Role of Platforms
IoT and the Role of PlatformsTiE Bangalore
 
Arch overview
Arch overviewArch overview
Arch overviewmaojunjie
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
interactive-electronic-technical-manuals(IETM).pdf
interactive-electronic-technical-manuals(IETM).pdfinteractive-electronic-technical-manuals(IETM).pdf
interactive-electronic-technical-manuals(IETM).pdfSmartify Sol
 
Track 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikTrack 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikST_World
 
The Impact of M2M. Use Case Example High-Impact Sports
The Impact of M2M. Use Case Example High-Impact SportsThe Impact of M2M. Use Case Example High-Impact Sports
The Impact of M2M. Use Case Example High-Impact SportsEurotech
 
ConnectorIO Services, Industrial IoT, Cloud BMS platform - 2019.12
ConnectorIO Services, Industrial IoT, Cloud BMS platform - 2019.12ConnectorIO Services, Industrial IoT, Cloud BMS platform - 2019.12
ConnectorIO Services, Industrial IoT, Cloud BMS platform - 2019.12Connectorio
 
Intel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel IoT
 

Similar to Standardizing the tee with global platform and RISC-V (20)

Securing the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank ChaversSecuring the Internet of Things - Hank Chavers
Securing the Internet of Things - Hank Chavers
 
Secure IOT Gateway
Secure IOT GatewaySecure IOT Gateway
Secure IOT Gateway
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment Success
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overview
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
 
Reference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdfReference Architecture for Electric Energy OT.pdf
Reference Architecture for Electric Energy OT.pdf
 
From IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity DivideFrom IT to IoT: Bridging the Growing Cybersecurity Divide
From IT to IoT: Bridging the Growing Cybersecurity Divide
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
trusted computing platform alliancee.ppt
trusted computing platform alliancee.ppttrusted computing platform alliancee.ppt
trusted computing platform alliancee.ppt
 
Enabling Technologies for Branded Wireless Services - Boris Klots, Motorola, ...
Enabling Technologies for Branded Wireless Services - Boris Klots, Motorola, ...Enabling Technologies for Branded Wireless Services - Boris Klots, Motorola, ...
Enabling Technologies for Branded Wireless Services - Boris Klots, Motorola, ...
 
Field-to-Cloud Technology Building Blocks enabling a Sports Medical Solution....
Field-to-Cloud Technology Building Blocks enabling a Sports Medical Solution....Field-to-Cloud Technology Building Blocks enabling a Sports Medical Solution....
Field-to-Cloud Technology Building Blocks enabling a Sports Medical Solution....
 
IoT and the Role of Platforms
IoT and the Role of PlatformsIoT and the Role of Platforms
IoT and the Role of Platforms
 
Arch overview
Arch overviewArch overview
Arch overview
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition System
 
interactive-electronic-technical-manuals(IETM).pdf
interactive-electronic-technical-manuals(IETM).pdfinteractive-electronic-technical-manuals(IETM).pdf
interactive-electronic-technical-manuals(IETM).pdf
 
Track 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artikTrack 4 session 6 - st dev con 2016 - samsung artik
Track 4 session 6 - st dev con 2016 - samsung artik
 
The Impact of M2M. Use Case Example High-Impact Sports
The Impact of M2M. Use Case Example High-Impact SportsThe Impact of M2M. Use Case Example High-Impact Sports
The Impact of M2M. Use Case Example High-Impact Sports
 
ConnectorIO Services, Industrial IoT, Cloud BMS platform - 2019.12
ConnectorIO Services, Industrial IoT, Cloud BMS platform - 2019.12ConnectorIO Services, Industrial IoT, Cloud BMS platform - 2019.12
ConnectorIO Services, Industrial IoT, Cloud BMS platform - 2019.12
 
Intel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of ThingsIntel Gateway Solutions for the Internet of Things
Intel Gateway Solutions for the Internet of Things
 

More from RISC-V International

London Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VLondon Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VRISC-V International
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...RISC-V International
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VRISC-V International
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresRISC-V International
 
Reverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipReverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipRISC-V International
 
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V International
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V International
 
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V International
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V International
 
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V International
 
RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the unionRISC-V International
 
Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...RISC-V International
 

More from RISC-V International (20)

WD RISC-V inliner work effort
WD RISC-V inliner work effortWD RISC-V inliner work effort
WD RISC-V inliner work effort
 
RISC-V Zce Extension
RISC-V Zce ExtensionRISC-V Zce Extension
RISC-V Zce Extension
 
RISC-V Online Tutor
RISC-V Online TutorRISC-V Online Tutor
RISC-V Online Tutor
 
London Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VLondon Open Source Meetup for RISC-V
London Open Source Meetup for RISC-V
 
RISC-V Introduction
RISC-V IntroductionRISC-V Introduction
RISC-V Introduction
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-V
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V cores
 
Security and functional safety
Security and functional safetySecurity and functional safety
Security and functional safety
 
Reverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipReverse Engineering of Rocket Chip
Reverse Engineering of Rocket Chip
 
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor Family
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_gen
 
RISC-V 30908 patra
RISC-V 30908 patraRISC-V 30908 patra
RISC-V 30908 patra
 
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentor
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
 
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notes
 
RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the union
 
Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...
 
Porting tock to open titan
Porting tock to open titanPorting tock to open titan
Porting tock to open titan
 
Open j9 jdk on RISC-V
Open j9 jdk on RISC-VOpen j9 jdk on RISC-V
Open j9 jdk on RISC-V
 

Recently uploaded

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Standardizing the tee with global platform and RISC-V

  • 1. December 8-10 | Virtual Event Standardizing the TEE with GlobalPlatform and RISC-V Gil Bernabeu Technical Director GlobalPlatform #RISCVSUMMIT
  • 2. 3 Industry Focused Common Goal Reduced time to market for digital services Successful Collaboration 20 years of implementations Established Standards Over 150 technical documents available GlobalPlatform is a member-driven technical community Chip Manufacturers Device Manufacturers Regulators Certification Bodies Laboratories IoT Cloud Platform Providers Application Developers Service Providers
  • 4. 5 Protection of Digital Services Certification of Secure Components Secure Remote Management of Digital Services By addressing these requirements, GlobalPlatform: • Speeds up alignment between service providers and device manufacturers on technical and commercial interests • Offers a simpler route to market GlobalPlatform’s technology provides a range of authentication, connectivity, privacy and security solutions Key Requirements for a Successful Secure Deployment 1 2 3
  • 5. 6 Protecting Digital Services: Secure Components and Device Trust Architecture Protection of Digital Services Secure Component Secure Element Trusted Execution Environment At Device Level Device Trust Architecture MCU
  • 6. 7 Protection of Digital Services – Secure Component GlobalPlatform protects digital services by standardizing and certifying two secure component technologies (secure component = hardware + firmware + root of trust) 7.6 billion Secure Elements (SEs) deployed in 2019 were based on GlobalPlatform specifications Secure Element (SE) Trusted Execution Environment (TEE) 1 billion GlobalPlatform-compliant TEE-enabled processors shipped for the smartphone market in 2019 Total amount of deployed SEs based on GlobalPlatform technology since 2010 to over 42 billion
  • 7. 8 VAN.2 GlobalPlatform’s Answer to Cover Different Security Market Requirements VAN.5 VAN.3 GlobalPlatform TEE Protection Profile GlobalPlatform SE Protection Profile under evaluation GlobalPlatform MCU ROT Protection Profile under public review Robustness • Levels are not related to a specific technology • Levels are aligned with attack Methodology Penetration Testing • Product differentiation is possible with clear level of protection of assets Trusted Execution Environment Technical Community (lab, vendor, expert) open to national Certification Bodies created back in 2016
  • 8. 9 New Scope of Work at an Enhanced Level • Last year we have decided to also cover Secure MCU in our road map for addressing enhanced level – This is a good way to secure IoT due to the dissemination of secure MCU into IoT devices • Our MCU Protection Profile is under final review – Your comments are welcome! – Public Review Ends: 07 Dec 2020 • The GlobalPlatform enhanced attack methodology is now under revision to cover this additional design https://globalplatform.org/specifications/for-public-review/
  • 9. 10 GlobalPlatform TEE GlobalPlatform defines a TEE as a secure area in the main silicon of a connected device to enable a minimal trusted computing base (TCB) • Provides high-performance hardware security with zero additional Bill of Material (BoM) • Offers isolated safe execution of authorized security software, known as 'trusted applications’ which enable end-to-end security • Protects sensitive data in transit, while processed and when stored
  • 10. 11 • Isolation from the Regular Execution Environment (REE) TEE Security Features Broad security features to protect Trusted Applications (TAs) Application management control Random number generation, cryptography and monotonic time Hardware-based device binding Integrity and confidentiality of protected data storage Privileged access to hardware and peripherals (e.g. sensors, crypto engines) • Isolation from other Trusted Application Trusted Application
  • 11. 12 The Trusted Execution Environment (TEE) (1 of 2) • Protected by hardware mechanisms – Isolate the TEE from the REE – Only allowed communication uses defined entry points – No single hardware implementation • High performance – TEE code runs on a full function CPU • Fast communications mechanisms – TEE may be able to access REE memory – Hardware protects TEE memory from REE • Multiple simultaneously active Trusted Applications in the TEE
  • 12. 13 The Trusted Execution Environment (2 of 2) • Standardized by GlobalPlatform – Portable across platforms • Everything in the TEE is defined for security first, then speed • Executables running in TEE are validated before execution • Secure storage mechanism for secrecy – Authenticity, integrity and confidentiality • TEE Protection Profile defined by GlobalPlatform – Defines the level of hardware protection that is required – See later
  • 13. 14 Hardware Isolation is a Must • The defining feature of the TEE is hardware protection • Software based protections can be hacked, properly defined hardware protections cannot – How can you hack a set of silicon gates? • Hardware ensures only valid entry points can be called – No side-channel access to secure resources from the REE • Standard does not define how hardware protection is implemented – CPU modes – Separate CPU • Hardware protection is no use without secure software – A careless programmer can destroy security • Software carefully guards the pinch points / Software uses the hardware protections – Guards the pinch points – Limits access to secrets – Minimizes interfaces to the REE – Minimizes side channel attacks in some cases • Provides the Trusted Execution Environment (TEE) for secure code
  • 14. 15 Based on Multiple TEE Hardware Implementations PCB C On-SoC On-Chip Security Subsystem µProcessing Core(s) Peripherals OTP Fields RAM Crypto Accelerators ROM Key TEE Component REE Component Shared Component PCB B PCB A On-SoC Crypto Accelerators ROM On-SoC External Memories External Security Co-Processor µProcessing Core(s) Peripherals OTP Fields RAM Crypto Accelerators ROM µProcessing Core(s) RAM External Memories OTP Fields Peripherals External Memories Discussion started with RISC-V to look on new potential HW implementations
  • 15. 16 TEE Software Architecture REE Applicatio n REE Applicatio n REE Application Client Application Shared Memory Public Device Drivers REE Comms. Agent TEE Client API Rich OS Components Trusted Device Drivers TEE Comms. Agent Trusted Kernel Trusted Core Framework Trusted OS Components TEE Internal Core API and extensions Shared Memory View Trusted Application REE Applicatio n REE Applicatio n Trusted Application Public Peripherals Trusted Peripherals Switchable Peripherals Message s Isolation defined by TEE Protection Profile Platform Hardware TEE Protocols
  • 16. Service Providers are Accessing High Level Services
  • 17. 18 • The original (“high-level”) TUI provided a limited set of use cases and screen layout support: – PNG image display – PIN entry – PIN and Password Entry • Designed for initial TUI use cases with layout design implemented by device vendors • The new version (GlobalPlatform TEE TUI “Low Level” – April 2018) supports – Direct access for TAs to isolated display framebuffer  Allows the Trusted Application FULL control of how and what it displays  No un-trusted or other TA software can access the displayed data – Direct access for TAs to peripherals and event based isolated input  Allowing the Trusted Application FULL control of how it reacts to user inputs  No un-trusted or other TA software can access the input data streams GlobalPlatform TEE Trusted User Interface (TUI): A New Version Label Security Indicator mylogin < correction cancel validate login **** < correction password Virtual Keyboard Label Security Indicator Cancel Validate
  • 18. 19 • Good biometrics are harder to steal and use than PIN or password, and much easier to remember if and only if securely implemented • GlobalPlatform TEE Biometric API – Design validated for fingerprint sensors – Open to be used as a generic biometric interface for other biometry types • No un-trusted or TA software can access the biometric data • No un-trusted or TA software can inject false/stolen biometric material • Support for multiple users and multiple fingerprints • Each Trusted Application (TA) gets to set its own rules for – what a fingerprint does – and how long it may do it GlobalPlatform TEE Biometric API (an extension of GlobalPlatform TEE TUI Low Level) TEE with Trusted User Interface Un-Trusted The User’s Device My Trusted App in the TEE
  • 19. 20 • Full control of display by TA – No overlays from untrusted software – Support libraries could additionally provide  Modern graphics support, fonts, etc..  Or the old GlobalPlatform TUI “High Level” • Multiple screen types – e.g. consider in vehicle infotainment systems  Multiple users  Multiple video streams New Features from TUI Low Level and Biometrics Label Security Indicator mylogin < correction cancel validate login **** < correction password Virtual Keyboard Label Security Indicator Cancel Validate * © Images reproduced under Wikipedia Commons. CC BY-SA 3.0 or Public Domain * * * * *
  • 20. 21 Management of the TEE • TEE Management Framework has been designed on 3 layers 1) Administration Operations  The management of Trusted Applications and Security Domains 2) Security Model  Defines the Actors and Security Mechanisms 3) Protocol(s)  The encoding of administrator operations  Secure sessions with a Security Domain Support multiple deployment models + ASN.1 command and OTrP model
  • 21. 22 TEE Protection Profile and Modules are Available New PP TEE v1.3 Covers from the ROT to the APIs Evaluated by the French scheme • SFR improvement and now rely on GP Crypto requirements • AVA_VAN_AP.3 replaces AVA_TEE.2 • Aligned with latest Attack methods catalog • Includes 2 PP Modules We are also finalizing: • Secure Media Path TEE PP modules • Trusted User Interface TEE PP modules • Biometrics TEE PP module
  • 22. 23 An isolated environment has been created GlobalPlatform Security Certification confirms The product meets the defined level of correctness and robustness The product protects against SW-based attacks and exploitation of its physical boundary GlobalPlatform TEE Security Certification Work is based on ISO standards ISO/IEC 15408 GlobalPlatform stays ahead of widespread attacks and state-of-the-art countermeasures.
  • 23. 24 Microcontroller (MCU) Root of Trust and Protection Profile Application Application Root of Trust Application Root of Trust RoT Services Secure Partition Manager Library / OS Kernel Secure Processing Environment (SPE) Non-Secure Processing Environment (NSPE) Isolation boundary Client API Implementation Defined Internal API Internal API Implementation Defined Internal API TOE Application Processor TEE Microcontroller (MCU) High-End & Mid-End IoT Devices Low-End IoT Devices MCU – Root Of Trust TEE Concepts Adapted to Microcontrollers Scope of Protection Profile
  • 24. 25 • Leveraging GlobalPlatform TEE specifications for RISC-V architecture secure hardware enclave • GlobalPlatform TEE specifications are architecture-agnostic – With focus on meeting isolation and secure trust goals rather than how hardware can achieve these objectives • 1st identified item: define a new “lightweight” configuration for IoT TEE configuration – Pick and choose the minimal needed set from existing GlobalPlatform specifications – Ideal for software and devices targeted at a particular use case and reduced use of resources rather than “generic” environment of today’s TEEs • Project example for secure hardware enclave: https://keystone-enclave.org/ • First open-source framework for architecting and building customized TEEs with secure hardware enclaves based on RISC-V RISC-V and GlobalPlatform Starting Working Together
  • 25. 26 Summary • Service providers are now widely using GlobalPlatform TEE APIs to develop digital services • The Protection Profile and the security certification defines a clear base line to allow service providers to calculate precisely their risk • Collaboration with RISC-V will create new devices supporting TEE and will accelerate digital service deployment • GlobalPlatform TEE technology is now widely deployed in different markets over different hardware architecture
  • 26. 27 Contact Us Membership: membership@globalplatform.org PR Contact: globalplatform@iseepr.co.uk Tel: +44 (0) 113 350 1922 Questions: secretariat@globalplatform.org Twitter @GlobalPlatform_ YouTube GlobalPlatformTV YouKu GlobalPlatform GitHub GlobalPlatform.GitHub.com LinkedIn GlobalPlatform WeChat GlobalPlatform China www.globalplatform.org
  • 27. December 8-10 | Virtual Event Thank you for joining us. Contribute to the RISC-V conversation on social! #RISCVSUMMIT @risc_v