SlideShare a Scribd company logo

TEE - kernel support is now upstream. What this means for open source security

Linaro
Linaro

TEE security infrastructure is now upstream in the Linux kernel, thanks to the hard work of many people in the ARM open source ecosystem. In this upcoming webinar, Joakim Bech and Jens Wiklander of the Linaro Security Working Group explain: ‣ Why upstream Linux kernel driver support is an important milestone. ‣ The relationship with specifications such as GlobalPlatform. ‣ A recap of the design principles for the TEE driver. ‣ How to get involved with TEE development. This webinar is based on the work of the Linaro Security Working Group. Their work helps Linaro achieve its mission of providing upstream open source support for the ARM ecosystem. The webinar will be of interest to developers and engineering managers who would like the latest status on TEE support in Linux, particularly those looking to develop secure applications with e.g. OP-TEE. It’s also a great case study for those interested in the challenges of Linux kernel upstreaming. There will be the opportunity to ask questions before, during and after the webinar. 🎙 Speakers: Joakim Bech, Security Working Group Tech Lead, Linaro Jens Wiklander, Security Working Group Engineer & Upstream Driver Author, Linaro​ 🎯 Moderator: Bill Fletcher, EMEA Field Engineering, Linaro ✨ Register here http://linaro.co/webinar01 For more information on... On Linaro - Leading Collaboration in the ARM Ecosystem - linaro.org On OP-TEE - the TEE in Linux using the ARM® TrustZone® technology op-tee.org ---------------------------------------------- Videos & Presentation -- Introduction to OP-TEE -- A great introduction to OP-TEE security written from the standpoint of Automotive Grade Linux. It's only 13 slides with some great diagrams explaining trusted execution, secure boot and isolation. #Automotive #AGL #OP-TEE #Linux https://www.slideshare.net/YannickGicquel/introduction-to-optee-26-may-2016 -- OP-TEE for Beginners and Porting Review -- Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome. #TrustedApplication #Trustzone http://connect.linaro.org/resource/hkg15/hkg15-311-op-tee-for-beginners-and-porting-review/

Technology
1 of 28
Download to read offline
Introducing today’s webinar subject ● Trusted Execution Environment - a software isolation environment for executing security applications ● Work originally on ARM TrustZone(R) technology for hardware isolation between the trusted and non-trusted worlds (see the diagram on the left) ● An open source project op-tee.org/about/ ● The driver source for the TEE has been recently accepted upstream for the 4.12 Linux kernel
Who is this webinar for? ● Members of the development community: ○ developing secure applications under Linux ○ contributing to open source ○ working in the ARM ecosystem ○ interested in upstreaming ○ anyone with supported hardware
What we’ll cover in this webinar ● A backgrounder on ○ OP-TEE ○ the components that make it up ○ the design principles behind it ● Why it’s important ● How the code got upstream ● How to get involved
We welcome your questions! ● There will be a Q&A at the end of the presentation. You can raise a question at any time as we go along in the chat window. ● We’ll try to answer as many questions as we can at the end of the presentation ● It’s useful to us if you can click on the dropdown speech bubble next to the chat for your comment to ‘Mark as a question’ How to mark your chat comment as a question
Today’s Presenters ● Joakim Bech ● Security Expert ● Bill Fletcher ● Moderator ● Jens Wiklander ● Security Working Group Senior Engineer & Upstream Driver Author
TEE - kernel support is now upstream. What this means for open source security Joakim Bech
OP-TEE
What is OP-TEE? 2010 2013 2014 2015 GP compliance! OP-TEE ● Open Portable Trusted Execution Environment ● Open Source and GlobalPlatform based TEE ● Origins from ST-Ericsson / STMicroelectronics proprietary TEE ○ Used in NovaThor products (mainly U8500) ● Linaro owns and maintains OP-TEE since 2015. Ownership from STM to Linaro
Where does OP-TEE run? ● ARMv7-A (32bit) ● ARMv8-A (64/32bit) ● Development devices ○ ARM Juno board, RPi3, HiKey etc. ● Consumer products ○ Tablets, mobile phones, set-top boxes, cars ● In OP-TEE upstream +20 platforms are officially supported. ○ We are aware of quite a few vendors using OP-TEE, but their platform is still not found in the upstream tree for one or another reason.
GlobalPlatform compliance / qualification? ● The software itself cannot be tested for compliance, it is always a combination of software + hardware that is tested ● To support the Self Testing and Product Qualification Processes, GlobalPlatform has developed a GlobalPlatform Test Suite Proprietary era Open Source era 2010 2014 2017 ST-Ericsson based devices passed compliance test Decision by individual companies Some members of Linaro runs the GP test suite on regular basis!
OP-TEE components Normal World Secure World User space optee_client optee_test Linux kernel TEE framework + OP-TEE driver Secure user space Trusted Applications (like optee_test) Secure privileged mode optee_os Secure Monitor v7-A: optee_os v8-A: ARM-TF This is what we are going to talk about today!
TEE Generic Framework Linux kernel v4.12
Why a TEE framework in kernel? ● Linux kernel is everywhere, from tiny devices to industrial systems ● Source code has been scrutinized ○ Kernel maintainers are very honest experts and not as “nice” as your corporate friend sitting next to you in the office ○ As a result of that the code actually being merged generally keeps a high standard ● Maintenance for “free” ● SoC vendors and OEM prefer pulling (official) patches from a single tree ● Use cases? Only DRM? No! ● It’s about unifying TEE protocols! Image courtesy of xkcd.com https://imgs.xkcd.com/comics/supported_features.png
GlobalPlatform? What is their role in the TEE driver ● Is the TEE driver in kernel a GlobalPlatform TEE driver? ○ A TEE driver uses a generic TEE framework, i.e., not tied to GP interfaces ● GlobalPlatform specifications define APIs for the end points ... ○ Client in Normal World - GP Client API specification ○ Trusted Applications in Secure World - GP Internal Core API specification ● … but does not mandate how layers in between shall handle the data Secure world Normal world Trusted app TEE core Linux kernel Client GlobalPlatform GlobalPlatform Generic TEE driver Vendor specific ● So the answer is, not much, but ideas etc are definitely inherited! ● But OP-TEE is a GlobalPlatform TEE, right?
Generic TEE Framework - design principles ● Keep it small and simple ○ A small set of IOCTL’s ■ include/uapi/linux/tee.h ■ static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) ● The data being transferred is opaque to the driver itself ● Use existing infrastructure in kernel ● Multi-core support ● A TEE driver uses the new framework ○ TEE Generic Framework ... ○ … is used by a TEE Vendor to implement a driver for their TEE solution ○ Currently only OP-TEE uses this new framework
IOCTL’s - Version ● TEE_IOC_VERSION ○ Identifies the TEE implementation ○ Query the TEE for specific features ○ Eventually used when there is more than one (?) TEE implementation on the system ● OP-TEE example: struct tee_ioctl_version_data v = { .impl_id = TEE_IMPL_ID_OPTEE, .impl_caps = TEE_OPTEE_CAP_TZ, .gen_caps = TEE_GEN_CAP_GP, }; TEE is OP-TEE OP-TEE capabilities Generic capabilities: GlobalPlatform
● TEE_IOC_OPEN_SESSION ○ The command that opens a communication channel between the client and the Trusted Application. ● TEE_IOC_CLOSE_SESSION ○ Closes an open session IOCTL’s - Sessions User space Linux kernel Trusted Applications Secure OS Secure Monitor Communication channel
IOCTL’s - Commands ● TEE_IOC_CANCEL ○ The command that gives the users the ability to cancel an ongoing operation. ● TEE_IOC_INVOKE ○ The main command to invoke commands that in turn will run Trusted Application specific functionality. ○ The principle is to use a unique Trusted Application command identifier together with data we are working with. ● Some out of TEE drivers out there have very specific commands for various use cases. Such drivers would need to change this behavior to instead “tunnel” all the data in invoke command. ○ Trustonic-tee-driver: 17 ○ QSEE: +30
IOCTL’s - Supplicants ● TEE_IOC_SUPPL_RECV ● TEE_IOC_SUPPL_SEND ● A supplicant is typically a daemon running in normal world ○ Serves secure side with various services ■ File system access ■ RPMB ■ REE time ■ etc ● We believe most TEE vendors have some kind of supplicant to support their TEE
Probe function ● As for drivers in general, we need a probe function ● Example, OP-TEE’s probe function ○ static struct optee *optee_probe(struct device_node *np) ■ Get the invoke function (SMC or HVC?) ■ Check UUID and revision ■ Check capabilities ■ Configure shared memory ■ Allocate TEE device(s) - both for the client(s) and for the supplicant ● The probe will not be called if there is no firmware section in the Device Tree blob
Challenges upstreaming a TEE Framework ● There are many kernel experts, but not that many of them are security experts ○ TEE driver is just one part of the entire TEE solution ● Getting people to review ○ Corporate policies ○ Unawareness of how to communicate on kernel mailinglists ● Chicken and egg problem ○ Keep patchsets small (submit early, submit often mentality) ○ But there must be enough to prove that it is actually working ● Other features being developed while doing upstream ○ Kernel TEE interface (GlobalPlatform Client API like), Secure Data Path, Benchmarking etc. ● Getting enough input from other TEE vendors
How to contribute? ● New to TEE development? ○ Study and try the driver with OP-TEE for example. ● TEE vendor? ○ Give feedback on the Linux kernel mailinglists about the current driver ○ (Try to) rewrite your current driver to use the new generic TEE framework ● Review patches! ● Talk to Linaro directly or? ○ For OP-TEE related questions and discussions: Yes! ○ For generic TEE framework discussions? No! Use the Linux kernel mailinglists. ● Subscribe to the mailinglists ○ linux-arm-kernel@lists.infradead.org ○ linux-kernel@vger.kernel.org
What does all this mean to Open Source Security? ● Another step in trying to unify TEE protocols ○ As mentioned, GlobalPlatform has defined the endpoints in the communication channel, but nothing has been defined between the endpoints! ● Reduce fragmentation ○ Many other subsystems share common frameworks in Linux ○ TEE implementations should be able to do that too! ● A common code base ○ Regardless what TEE we are working with, we have a common source code repository (if we want to…)
We welcome your questions! ● Next up -the Q&A. You can raise a question in the chat window. ● We’ll try to answer as many questions as we can at the end of the presentation ● It’s useful to us if you can click on the dropdown speech bubble next to the chat for your comment to ‘Mark as a question’ How to mark your chat comment as a question
LEADING COLLABORATION IN THE ARM ECOSYSTEM About Linaro ● Linaro delivers engineering effort to develop key technologies for the ARM ecosystem ● Linaro develops lots of key software technologies: ○ Tools and Languages, Firmware, Security, Virtualization, Power Management ○ Technology enablers for Mobile, Server, Multimedia, Networking and Embedded/IoT segments ● Linaro delivers its output to its members, into open source projects, and into the community. Check out our websites and projects which we host or support: ○ linaro.org/downloads, linaro.cloud ○ 96boards.org, op-tee.org, opendataplane.org, ○ kernelci.org ● Linaro works with its members to maximize the return on their open source investment
We welcome your questions! ● It’s the Q&A. You can raise a question in the chat window. ● If we run out of time we’ll try to follow up any remaining questions by mail ● It’s useful to us if you can click on the dropdown speech bubble next to the chat for your comment to ‘Mark as a question’ How to mark your chat comment as a question
Thank You For further information: Linaro.org and OP-TEE.org

Recommended

HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Secure storage updates - SFO17-309
Secure storage updates - SFO17-309
Linaro
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEE
Linaro
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEE
Linaro
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
Linaro
 
OPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialOPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build Tutorial
Dalton Valadares
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solution
Linaro
 

Recommended

HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Secure storage updates - SFO17-309
Secure storage updates - SFO17-309
Linaro
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEE
Linaro
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEE
Linaro
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
Linaro
 
OPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build TutorialOPTEE on QEMU - Build Tutorial
OPTEE on QEMU - Build Tutorial
Dalton Valadares
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solution
Linaro
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
Linaro
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
Yannick Gicquel
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
Linaro
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
Linaro
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
Linaro
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_
Linaro
 
LCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure frameworkLCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure framework
Linaro
 
LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted Firmware
Linaro
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debuggingLAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
96Boards
 
LAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEELAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEE
Linaro
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRM
Linaro
 
LAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEE
Linaro
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
Linaro
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Linaro
 
Linux systems - Getting started with setting up and embedded platform
Linux systems - Getting started with setting up and embedded platformLinux systems - Getting started with setting up and embedded platform
Linux systems - Getting started with setting up and embedded platform
Emertxe Information Technologies Pvt Ltd
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
Emertxe Information Technologies Pvt Ltd
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 
George Grey Welcome Keynote - BUD17-100K1
George Grey Welcome Keynote - BUD17-100K1George Grey Welcome Keynote - BUD17-100K1
George Grey Welcome Keynote - BUD17-100K1
Linaro
 
TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...
TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...
TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...
Linaro
 

More Related Content

What's hot

LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
Linaro
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
Yannick Gicquel
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
Linaro
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
Linaro
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
Linaro
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
Linaro
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_
Linaro
 
LCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure frameworkLCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure framework
Linaro
 
LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted Firmware
Linaro
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debuggingLAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
96Boards
 
LAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEELAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEE
Linaro
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRM
Linaro
 
LAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEE
Linaro
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
Linaro
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Linaro
 
Linux systems - Getting started with setting up and embedded platform
Linux systems - Getting started with setting up and embedded platformLinux systems - Getting started with setting up and embedded platform
Linux systems - Getting started with setting up and embedded platform
Emertxe Information Technologies Pvt Ltd
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
Emertxe Information Technologies Pvt Ltd
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 

What's hot (20)

LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
 
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3
 
HKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEEHKG18-402 - Build secure key management services in OP-TEE
HKG18-402 - Build secure key management services in OP-TEE
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_
 
LCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure frameworkLCA14: LCA14-418: Testing a secure framework
LCA14: LCA14-418: Testing a secure framework
 
LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted Firmware
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debuggingLAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
 
LAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEELAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEE
 
HKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRMHKG18-203 - Overview of Linaro DRM
HKG18-203 - Overview of Linaro DRM
 
LAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEELAS16-406: Android Widevine on OP-TEE
LAS16-406: Android Widevine on OP-TEE
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
 
Linux systems - Getting started with setting up and embedded platform
Linux systems - Getting started with setting up and embedded platformLinux systems - Getting started with setting up and embedded platform
Linux systems - Getting started with setting up and embedded platform
 
Linux Internals - Part I
Linux Internals - Part ILinux Internals - Part I
Linux Internals - Part I
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 

Similar to TEE - kernel support is now upstream. What this means for open source security

George Grey Welcome Keynote - BUD17-100K1
George Grey Welcome Keynote - BUD17-100K1George Grey Welcome Keynote - BUD17-100K1
George Grey Welcome Keynote - BUD17-100K1
Linaro
 
TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...
TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...
TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...
Linaro
 
On making standards organizations & open source communities work hand in hand
On making standards organizations & open source communities work hand in handOn making standards organizations & open source communities work hand in hand
On making standards organizations & open source communities work hand in hand
Benjamin Cabé
 
SFO15-100K1: Welcome Keynote: George Grey, Linaro CEO
SFO15-100K1: Welcome Keynote: George Grey, Linaro CEOSFO15-100K1: Welcome Keynote: George Grey, Linaro CEO
SFO15-100K1: Welcome Keynote: George Grey, Linaro CEO
Linaro
 
Voxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning MarshmallowsVoxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning Marshmallows
Ron Munitz
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
Mender.io
 
Not my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructureNot my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructure
Yshay Yaacobi
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows
Ron Munitz
 
TFLite NNAPI and GPU Delegates
TFLite NNAPI and GPU DelegatesTFLite NNAPI and GPU Delegates
TFLite NNAPI and GPU Delegates
Koan-Sin Tan
 
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software DistributionTalking TUF: Securing Software Distribution
Talking TUF: Securing Software Distribution
Docker, Inc.
 
Tizen IVI - Rusty Lynch (Intel) - Korea Linux Forum 2012
Tizen IVI - Rusty Lynch (Intel) - Korea Linux Forum 2012Tizen IVI - Rusty Lynch (Intel) - Korea Linux Forum 2012
Tizen IVI - Rusty Lynch (Intel) - Korea Linux Forum 2012
Ryo Jin
 
LAS16-108: JerryScript and other scripting languages for IoT
LAS16-108: JerryScript and other scripting languages for IoTLAS16-108: JerryScript and other scripting languages for IoT
LAS16-108: JerryScript and other scripting languages for IoT
Linaro
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
Mender.io
 
BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr
Linaro
 
LAS16 100 K1 - Keynote George Grey
LAS16 100 K1 - Keynote George GreyLAS16 100 K1 - Keynote George Grey
LAS16 100 K1 - Keynote George Grey
96Boards
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome Keynote
Linaro
 
Quick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOQuick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIO
Chris Simmonds
 
LAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and StatusLAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and Status
Linaro
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to Production
Mender.io
 

Similar to TEE - kernel support is now upstream. What this means for open source security (20)

George Grey Welcome Keynote - BUD17-100K1
George Grey Welcome Keynote - BUD17-100K1George Grey Welcome Keynote - BUD17-100K1
George Grey Welcome Keynote - BUD17-100K1
 
TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...
TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...
TSC Sponsored BoF: Can Linux and Automotive Functional Safety Mix ? Take 2: T...
 
On making standards organizations & open source communities work hand in hand
On making standards organizations & open source communities work hand in handOn making standards organizations & open source communities work hand in hand
On making standards organizations & open source communities work hand in hand
 
SFO15-100K1: Welcome Keynote: George Grey, Linaro CEO
SFO15-100K1: Welcome Keynote: George Grey, Linaro CEOSFO15-100K1: Welcome Keynote: George Grey, Linaro CEO
SFO15-100K1: Welcome Keynote: George Grey, Linaro CEO
 
Voxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning MarshmallowsVoxxed Days Villnius 2015 - Burning Marshmallows
Voxxed Days Villnius 2015 - Burning Marshmallows
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to production
 
Not my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructureNot my problem - Delegating responsibility to infrastructure
Not my problem - Delegating responsibility to infrastructure
 
MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows MobSecCon 2015 - Burning Marshmallows
MobSecCon 2015 - Burning Marshmallows
 
TFLite NNAPI and GPU Delegates
TFLite NNAPI and GPU DelegatesTFLite NNAPI and GPU Delegates
TFLite NNAPI and GPU Delegates
 
Talking TUF: Securing Software Distribution
Talking TUF: Securing Software DistributionTalking TUF: Securing Software Distribution
Talking TUF: Securing Software Distribution
 
Tizen IVI - Rusty Lynch (Intel) - Korea Linux Forum 2012
Tizen IVI - Rusty Lynch (Intel) - Korea Linux Forum 2012Tizen IVI - Rusty Lynch (Intel) - Korea Linux Forum 2012
Tizen IVI - Rusty Lynch (Intel) - Korea Linux Forum 2012
 
LAS16-108: JerryScript and other scripting languages for IoT
LAS16-108: JerryScript and other scripting languages for IoTLAS16-108: JerryScript and other scripting languages for IoT
LAS16-108: JerryScript and other scripting languages for IoT
 
Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018Why the yocto project for my io t project elc_edinburgh_2018
Why the yocto project for my io t project elc_edinburgh_2018
 
BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr BUD17-405: Building a reference IoT product with Zephyr
BUD17-405: Building a reference IoT product with Zephyr
 
LAS16 100 K1 - Keynote George Grey
LAS16 100 K1 - Keynote George GreyLAS16 100 K1 - Keynote George Grey
LAS16 100 K1 - Keynote George Grey
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome Keynote
 
Quick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIOQuick and Easy Device Drivers for Embedded Linux Using UIO
Quick and Easy Device Drivers for Embedded Linux Using UIO
 
Vishal_Resume
Vishal_ResumeVishal_Resume
Vishal_Resume
 
LAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and StatusLAS16-200: Firmware summit - Tianocore Progress and Status
LAS16-200: Firmware summit - Tianocore Progress and Status
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to Production
 

More from Linaro

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Linaro
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Linaro
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Linaro
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
Linaro
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
Linaro
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
Linaro
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
Linaro
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Linaro
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
Linaro
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
Linaro
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Linaro
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
Linaro
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
Linaro
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
Linaro
 

More from Linaro (20)

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
 

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
Product School
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
OnBoard
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 

Recently uploaded (20)

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
From Siloed Products to Connected Ecosystem: Building a Sustainable and Scala...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
Leading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdfLeading Change strategies and insights for effective change management pdf 1.pdf
Leading Change strategies and insights for effective change management pdf 1.pdf
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 

TEE - kernel support is now upstream. What this means for open source security

  • 1.
  • 2. Introducing today’s webinar subject ● Trusted Execution Environment - a software isolation environment for executing security applications ● Work originally on ARM TrustZone(R) technology for hardware isolation between the trusted and non-trusted worlds (see the diagram on the left) ● An open source project op-tee.org/about/ ● The driver source for the TEE has been recently accepted upstream for the 4.12 Linux kernel
  • 3. Who is this webinar for? ● Members of the development community: ○ developing secure applications under Linux ○ contributing to open source ○ working in the ARM ecosystem ○ interested in upstreaming ○ anyone with supported hardware
  • 4. What we’ll cover in this webinar ● A backgrounder on ○ OP-TEE ○ the components that make it up ○ the design principles behind it ● Why it’s important ● How the code got upstream ● How to get involved
  • 5. We welcome your questions! ● There will be a Q&A at the end of the presentation. You can raise a question at any time as we go along in the chat window. ● We’ll try to answer as many questions as we can at the end of the presentation ● It’s useful to us if you can click on the dropdown speech bubble next to the chat for your comment to ‘Mark as a question’ How to mark your chat comment as a question
  • 6. Today’s Presenters ● Joakim Bech ● Security Expert ● Bill Fletcher ● Moderator ● Jens Wiklander ● Security Working Group Senior Engineer & Upstream Driver Author
  • 7. TEE - kernel support is now upstream. What this means for open source security Joakim Bech
  • 9. What is OP-TEE? 2010 2013 2014 2015 GP compliance! OP-TEE ● Open Portable Trusted Execution Environment ● Open Source and GlobalPlatform based TEE ● Origins from ST-Ericsson / STMicroelectronics proprietary TEE ○ Used in NovaThor products (mainly U8500) ● Linaro owns and maintains OP-TEE since 2015. Ownership from STM to Linaro
  • 10. Where does OP-TEE run? ● ARMv7-A (32bit) ● ARMv8-A (64/32bit) ● Development devices ○ ARM Juno board, RPi3, HiKey etc. ● Consumer products ○ Tablets, mobile phones, set-top boxes, cars ● In OP-TEE upstream +20 platforms are officially supported. ○ We are aware of quite a few vendors using OP-TEE, but their platform is still not found in the upstream tree for one or another reason.
  • 11. GlobalPlatform compliance / qualification? ● The software itself cannot be tested for compliance, it is always a combination of software + hardware that is tested ● To support the Self Testing and Product Qualification Processes, GlobalPlatform has developed a GlobalPlatform Test Suite Proprietary era Open Source era 2010 2014 2017 ST-Ericsson based devices passed compliance test Decision by individual companies Some members of Linaro runs the GP test suite on regular basis!
  • 12. OP-TEE components Normal World Secure World User space optee_client optee_test Linux kernel TEE framework + OP-TEE driver Secure user space Trusted Applications (like optee_test) Secure privileged mode optee_os Secure Monitor v7-A: optee_os v8-A: ARM-TF This is what we are going to talk about today!
  • 14. Why a TEE framework in kernel? ● Linux kernel is everywhere, from tiny devices to industrial systems ● Source code has been scrutinized ○ Kernel maintainers are very honest experts and not as “nice” as your corporate friend sitting next to you in the office ○ As a result of that the code actually being merged generally keeps a high standard ● Maintenance for “free” ● SoC vendors and OEM prefer pulling (official) patches from a single tree ● Use cases? Only DRM? No! ● It’s about unifying TEE protocols! Image courtesy of xkcd.com https://imgs.xkcd.com/comics/supported_features.png
  • 15. GlobalPlatform? What is their role in the TEE driver ● Is the TEE driver in kernel a GlobalPlatform TEE driver? ○ A TEE driver uses a generic TEE framework, i.e., not tied to GP interfaces ● GlobalPlatform specifications define APIs for the end points ... ○ Client in Normal World - GP Client API specification ○ Trusted Applications in Secure World - GP Internal Core API specification ● … but does not mandate how layers in between shall handle the data Secure world Normal world Trusted app TEE core Linux kernel Client GlobalPlatform GlobalPlatform Generic TEE driver Vendor specific ● So the answer is, not much, but ideas etc are definitely inherited! ● But OP-TEE is a GlobalPlatform TEE, right?
  • 16. Generic TEE Framework - design principles ● Keep it small and simple ○ A small set of IOCTL’s ■ include/uapi/linux/tee.h ■ static long tee_ioctl(struct file *filp, unsigned int cmd, unsigned long arg) ● The data being transferred is opaque to the driver itself ● Use existing infrastructure in kernel ● Multi-core support ● A TEE driver uses the new framework ○ TEE Generic Framework ... ○ … is used by a TEE Vendor to implement a driver for their TEE solution ○ Currently only OP-TEE uses this new framework
  • 17. IOCTL’s - Version ● TEE_IOC_VERSION ○ Identifies the TEE implementation ○ Query the TEE for specific features ○ Eventually used when there is more than one (?) TEE implementation on the system ● OP-TEE example: struct tee_ioctl_version_data v = { .impl_id = TEE_IMPL_ID_OPTEE, .impl_caps = TEE_OPTEE_CAP_TZ, .gen_caps = TEE_GEN_CAP_GP, }; TEE is OP-TEE OP-TEE capabilities Generic capabilities: GlobalPlatform
  • 18. ● TEE_IOC_OPEN_SESSION ○ The command that opens a communication channel between the client and the Trusted Application. ● TEE_IOC_CLOSE_SESSION ○ Closes an open session IOCTL’s - Sessions User space Linux kernel Trusted Applications Secure OS Secure Monitor Communication channel
  • 19. IOCTL’s - Commands ● TEE_IOC_CANCEL ○ The command that gives the users the ability to cancel an ongoing operation. ● TEE_IOC_INVOKE ○ The main command to invoke commands that in turn will run Trusted Application specific functionality. ○ The principle is to use a unique Trusted Application command identifier together with data we are working with. ● Some out of TEE drivers out there have very specific commands for various use cases. Such drivers would need to change this behavior to instead “tunnel” all the data in invoke command. ○ Trustonic-tee-driver: 17 ○ QSEE: +30
  • 20. IOCTL’s - Supplicants ● TEE_IOC_SUPPL_RECV ● TEE_IOC_SUPPL_SEND ● A supplicant is typically a daemon running in normal world ○ Serves secure side with various services ■ File system access ■ RPMB ■ REE time ■ etc ● We believe most TEE vendors have some kind of supplicant to support their TEE
  • 21. Probe function ● As for drivers in general, we need a probe function ● Example, OP-TEE’s probe function ○ static struct optee *optee_probe(struct device_node *np) ■ Get the invoke function (SMC or HVC?) ■ Check UUID and revision ■ Check capabilities ■ Configure shared memory ■ Allocate TEE device(s) - both for the client(s) and for the supplicant ● The probe will not be called if there is no firmware section in the Device Tree blob
  • 22. Challenges upstreaming a TEE Framework ● There are many kernel experts, but not that many of them are security experts ○ TEE driver is just one part of the entire TEE solution ● Getting people to review ○ Corporate policies ○ Unawareness of how to communicate on kernel mailinglists ● Chicken and egg problem ○ Keep patchsets small (submit early, submit often mentality) ○ But there must be enough to prove that it is actually working ● Other features being developed while doing upstream ○ Kernel TEE interface (GlobalPlatform Client API like), Secure Data Path, Benchmarking etc. ● Getting enough input from other TEE vendors
  • 23. How to contribute? ● New to TEE development? ○ Study and try the driver with OP-TEE for example. ● TEE vendor? ○ Give feedback on the Linux kernel mailinglists about the current driver ○ (Try to) rewrite your current driver to use the new generic TEE framework ● Review patches! ● Talk to Linaro directly or? ○ For OP-TEE related questions and discussions: Yes! ○ For generic TEE framework discussions? No! Use the Linux kernel mailinglists. ● Subscribe to the mailinglists ○ linux-arm-kernel@lists.infradead.org ○ linux-kernel@vger.kernel.org
  • 24. What does all this mean to Open Source Security? ● Another step in trying to unify TEE protocols ○ As mentioned, GlobalPlatform has defined the endpoints in the communication channel, but nothing has been defined between the endpoints! ● Reduce fragmentation ○ Many other subsystems share common frameworks in Linux ○ TEE implementations should be able to do that too! ● A common code base ○ Regardless what TEE we are working with, we have a common source code repository (if we want to…)
  • 25. We welcome your questions! ● Next up -the Q&A. You can raise a question in the chat window. ● We’ll try to answer as many questions as we can at the end of the presentation ● It’s useful to us if you can click on the dropdown speech bubble next to the chat for your comment to ‘Mark as a question’ How to mark your chat comment as a question
  • 26. LEADING COLLABORATION IN THE ARM ECOSYSTEM About Linaro ● Linaro delivers engineering effort to develop key technologies for the ARM ecosystem ● Linaro develops lots of key software technologies: ○ Tools and Languages, Firmware, Security, Virtualization, Power Management ○ Technology enablers for Mobile, Server, Multimedia, Networking and Embedded/IoT segments ● Linaro delivers its output to its members, into open source projects, and into the community. Check out our websites and projects which we host or support: ○ linaro.org/downloads, linaro.cloud ○ 96boards.org, op-tee.org, opendataplane.org, ○ kernelci.org ● Linaro works with its members to maximize the return on their open source investment
  • 27. We welcome your questions! ● It’s the Q&A. You can raise a question in the chat window. ● If we run out of time we’ll try to follow up any remaining questions by mail ● It’s useful to us if you can click on the dropdown speech bubble next to the chat for your comment to ‘Mark as a question’ How to mark your chat comment as a question
  • 28. Thank You For further information: Linaro.org and OP-TEE.org