The Trusted Platform Module (TPM) is an international standard for a secure cryptoprocessor developed by the Trusted Computing Group to provide hardware-based security related features. It measures the boot process and software running on a device to ensure integrity and allows for remote attestation of the device's state. The TPM provides roots of trust for measurement, reporting, and storage and utilizes platform configuration registers, sealed storage, and keys to securely store and report information based on the device's configuration.
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
LAS16-111: Raspberry Pi3, OP-TEE and JTAG debugging
Speakers:
Date: September 26, 2016
★ Session Description ★
ARM TrustZone is a critical technology for securing IoT devices and systems. But awareness of TrustZone and its benefits lags within the maker community as well as among enterprises. The first step to solving this problem is lowering the cost of access. Sequitur Labs and Linaro have joined forces to address this problem by making a port of OP-TEE available on the Raspberry Pi 3. The presentation covers the value of TrustZone for securing IoT and how customers can learn more through this joint effort.
Embedded systems security remains a challenge for many developers. Awareness of mature, proven technologies such as ARM TrustZone is very low among the Maker community as well as among enterprises. As a result this foundational technology is largely being ignored as a security solution. Sequitur Labs and Linaro have taken an innovative approach combining an Open Source solution – OP-TEE with Raspberry Pi 3. The Raspberry Pi 3 is one of the world’s most popular platforms among device makers. Its value as an educational tool for learning about embedded systems development is proven.
Sequitur Labs have also enabled bare metal debugging via JTag on the Pi 3 enhancing the value of the Pi 3 as an educational tool for embedded systems development.
The presentation will focus on
ARM v8a architecture and instruction set
ARM Trusted Firmware
TrustZone and OP-TEE basics
JTAG and bare metal debugging the Raspberry Pi 3
★ Resources ★
Etherpad: pad.linaro.org/p/las16-111
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-111/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Security for io t apr 29th mentor embedded hangoutmentoresd
Security Strategies for Internet of Things From Devices to The Cloud -- these slides were presented during a live Google+ On-Air Hangout Panel on April 29th, 2014, presented by Mentor Graphics Embedded Software
SFO15-200: Linux kernel generic TEE driver
Speaker: Jens Wiklander
Date: September 22, 2015
★ Session Description ★
At this session we will get more knowledge about the TEE driver that Linaro has been working on for the last couple of months. Questions to be answered are for example: What are the API’s? How does the TEE driver work as a communication channel. What will a developer need to think of when adding support for another TEE solution?
★ Resources ★
Video: https://www.youtube.com/watch?v=BhLndLUQamM
Presentation: http://www.slideshare.net/linaroorg/sfo15200-linux-kernel-generic-tee-driver
Etherpad: pad.linaro.org/p/sfo15-200
Pathable: https://sfo15.pathable.com/meetings/302831
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
"Session ID: BUD17-400
Session Name: Secure Data Path with OPTEE - BUD17-400
Speaker: Mark Gregotski
Track: LHG
★ Session Summary ★
LHG is using the ION-based secure memory allocator integrated with OPTEE as the basis for secure data path processing pipeline. LHG is following the W3C EME protocol and supporting Content Decryption Modules (CDMs) from Widevine and PlayReady.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-400/
Presentation: https://www.slideshare.net/linaroorg/bud17400-secure-data-path-with-optee
Video: https://youtu.be/6JdzsWZq4Ls
---------------------------------------------------
★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary
---------------------------------------------------
Keyword: LHG, secure-data, OPTEE
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
LAS16-111: Easing Access to ARM TrustZone – OP-TEE and Raspberry Pi 3Linaro
LAS16-111: Raspberry Pi3, OP-TEE and JTAG debugging
Speakers:
Date: September 26, 2016
★ Session Description ★
ARM TrustZone is a critical technology for securing IoT devices and systems. But awareness of TrustZone and its benefits lags within the maker community as well as among enterprises. The first step to solving this problem is lowering the cost of access. Sequitur Labs and Linaro have joined forces to address this problem by making a port of OP-TEE available on the Raspberry Pi 3. The presentation covers the value of TrustZone for securing IoT and how customers can learn more through this joint effort.
Embedded systems security remains a challenge for many developers. Awareness of mature, proven technologies such as ARM TrustZone is very low among the Maker community as well as among enterprises. As a result this foundational technology is largely being ignored as a security solution. Sequitur Labs and Linaro have taken an innovative approach combining an Open Source solution – OP-TEE with Raspberry Pi 3. The Raspberry Pi 3 is one of the world’s most popular platforms among device makers. Its value as an educational tool for learning about embedded systems development is proven.
Sequitur Labs have also enabled bare metal debugging via JTag on the Pi 3 enhancing the value of the Pi 3 as an educational tool for embedded systems development.
The presentation will focus on
ARM v8a architecture and instruction set
ARM Trusted Firmware
TrustZone and OP-TEE basics
JTAG and bare metal debugging the Raspberry Pi 3
★ Resources ★
Etherpad: pad.linaro.org/p/las16-111
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-111/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Security for io t apr 29th mentor embedded hangoutmentoresd
Security Strategies for Internet of Things From Devices to The Cloud -- these slides were presented during a live Google+ On-Air Hangout Panel on April 29th, 2014, presented by Mentor Graphics Embedded Software
SFO15-200: Linux kernel generic TEE driver
Speaker: Jens Wiklander
Date: September 22, 2015
★ Session Description ★
At this session we will get more knowledge about the TEE driver that Linaro has been working on for the last couple of months. Questions to be answered are for example: What are the API’s? How does the TEE driver work as a communication channel. What will a developer need to think of when adding support for another TEE solution?
★ Resources ★
Video: https://www.youtube.com/watch?v=BhLndLUQamM
Presentation: http://www.slideshare.net/linaroorg/sfo15200-linux-kernel-generic-tee-driver
Etherpad: pad.linaro.org/p/sfo15-200
Pathable: https://sfo15.pathable.com/meetings/302831
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
"Session ID: BUD17-400
Session Name: Secure Data Path with OPTEE - BUD17-400
Speaker: Mark Gregotski
Track: LHG
★ Session Summary ★
LHG is using the ION-based secure memory allocator integrated with OPTEE as the basis for secure data path processing pipeline. LHG is following the W3C EME protocol and supporting Content Decryption Modules (CDMs) from Widevine and PlayReady.
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/bud17/bud17-400/
Presentation: https://www.slideshare.net/linaroorg/bud17400-secure-data-path-with-optee
Video: https://youtu.be/6JdzsWZq4Ls
---------------------------------------------------
★ Event Details ★
Linaro Connect Budapest 2017 (BUD17)
6-10 March 2017
Corinthia Hotel, Budapest,
Erzsébet krt. 43-49,
1073 Hungary
---------------------------------------------------
Keyword: LHG, secure-data, OPTEE
http://www.linaro.org
http://connect.linaro.org
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://twitter.com/linaroorg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
This introduces the linaro OP-TEE project in the context of the Automotive Grade Linux distribution. This TEE is today considered as a potential key element to provides some security enforcement in the scope of Software OTA for the AGL distribution.
This brief slides set was presented during AGL Face to Face Technical Meeting 25 – 27 May, Vannes, France
TEE - kernel support is now upstream. What this means for open source securityLinaro
TEE security infrastructure is now upstream in the Linux kernel, thanks to the hard work of many people in the ARM open source ecosystem. In this upcoming webinar, Joakim Bech and Jens Wiklander of the Linaro Security Working Group explain:
‣ Why upstream Linux kernel driver support is an important milestone.
‣ The relationship with specifications such as GlobalPlatform.
‣ A recap of the design principles for the TEE driver.
‣ How to get involved with TEE development.
This webinar is based on the work of the Linaro Security Working Group. Their work helps Linaro achieve its mission of providing upstream open source support for the ARM ecosystem. The webinar will be of interest to developers and engineering managers who would like the latest status on TEE support in Linux, particularly those looking to develop secure applications with e.g. OP-TEE. It’s also a great case study for those interested in the challenges of Linux kernel upstreaming. There will be the opportunity to ask questions before, during and after the webinar.
🎙 Speakers:
Joakim Bech, Security Working Group Tech Lead, Linaro
Jens Wiklander, Security Working Group Engineer & Upstream Driver Author, Linaro
🎯 Moderator:
Bill Fletcher, EMEA Field Engineering, Linaro
✨ Register here
http://linaro.co/webinar01
For more information on...
On Linaro - Leading Collaboration in the ARM Ecosystem - linaro.org
On OP-TEE - the TEE in Linux using the ARM® TrustZone® technology op-tee.org
----------------------------------------------
Videos & Presentation
--
Introduction to OP-TEE
--
A great introduction to OP-TEE security written from the standpoint of Automotive Grade Linux. It's only 13 slides with some great diagrams explaining trusted execution, secure boot and isolation.
#Automotive #AGL #OP-TEE #Linux
https://www.slideshare.net/YannickGicquel/introduction-to-optee-26-may-2016
--
OP-TEE for Beginners and Porting Review
--
Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome.
#TrustedApplication #Trustzone
http://connect.linaro.org/resource/hkg15/hkg15-311-op-tee-for-beginners-and-porting-review/
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
Smart connected devices such as mobile phones, tablets and Digital TVs are required to handle data with strong security and confidentiality requirements. A “Trusted Execution Environment” (TEE) provides an environment for processing data securely, protected from normal platform applications. This talk is intended as an introduction to Trusted Execution, and the open-source Trusted Execution Environment OP-TEE in particular. It introduces the GlobalPlatform TEE Specifications, explains how Trusted Execution is implemented by ARM TrustZone and OP-TEE, and outlines how trusted boot software manages the secure boot of an ARM platform. Finally, it gives some pointers on how to get started with OP-TEE.
LCU14-103: How to create and run Trusted Applications on OP-TEELinaro
LCU14-103: How to create and run Trusted Applications on OP-TEE
---------------------------------------------------
Speaker: Joakim Bech
Date: September 15, 2014
---------------------------------------------------
Coresight is the name given to a set of IP blocks providing hardware assisted tracing for ARM based SoCs. This presentation will give an introduction to the technology, how it works and offer a glimpse of the capabilities it offers. More specifically we will go over the components that are part of the architecture and how they are used. Next will be presented the framework Linaro is working on in an effort to provide consolidation and standardization of interfaces to the coresight subsystem. We will conclude with a status of our current upstreaming efforts and how we see the coming months unfolding.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137703
Google Event: https://plus.google.com/u/0/events/cvb85kqv10dsc4k3e0hcvbr6i58
Presentation: http://www.slideshare.net/linaroorg/lcu14-101-coresight-overview
Video: https://www.youtube.com/watch?v=IQhbM55F23U&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-101
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
LCU13: Deep Dive into ARM Trusted Firmware
Resource: LCU13
Name: Deep Dive into ARM Trusted Firmware
Date: 31-10-2013
Speaker: Dan Handley / Charles Garcia-Tobin
Insights into the performance and configuration of TCP in Automotive Ethernet...RealTime-at-Work (RTaW)
The idea of using TCP in cars has been around for some time, as the first specification of Autosar TCP/IP stack dates back from early 2013. However, TCP has not been popular yet in cars and there has not been much published works on using TCP for in-vehicle communications so far.
TCP – the Transmission Control Protocol – provides connection-oriented reliable transmission between network applications. TCP is the cornerstone of the Internet – a hugely successful protocol over the last 40 years – if it is certainly a fine piece of engineering but it is definitely a complex one.
The question we explore in this study is what can we expect from TCP for on-board in-vehicle communication in terms of latencies & throughput and how to best configure TCP in a context for which
it has not been conceived. In particular, we will show that TCP configuration on the ECU sides should consider the amount of memory available in the switches and that traffic shaping policy, as available in TSN, can provide a nice performance boost for TCP communication.
Presentation of a paper at ISC 2008. Modification of a virtual TPM design to support more flexible key management and migration support for virtual machines.
Key management: Introduction, How public key distribution done, Diffie Hellman Key Exchage Algorithm,Digital Certificate. Key Management using Digital certificate is done etc. wireshark screenshot showing digital cetificate.
This is the presentation I gave on Linux kernel modules at the Linux Meetup in Austin, TX, on 2/5/2015.
http://www.meetup.com/linux-85/events/185946802/
Code referred to in the presentation: https://github.com/ereyes01/kernel-mod-prez
The lecture by Sartakov A. Vasily for Summer Systems School'12.
Brief introduction to Trusted Computing.
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
1. http://ksyslabs.org/
This introduces the linaro OP-TEE project in the context of the Automotive Grade Linux distribution. This TEE is today considered as a potential key element to provides some security enforcement in the scope of Software OTA for the AGL distribution.
This brief slides set was presented during AGL Face to Face Technical Meeting 25 – 27 May, Vannes, France
TEE - kernel support is now upstream. What this means for open source securityLinaro
TEE security infrastructure is now upstream in the Linux kernel, thanks to the hard work of many people in the ARM open source ecosystem. In this upcoming webinar, Joakim Bech and Jens Wiklander of the Linaro Security Working Group explain:
‣ Why upstream Linux kernel driver support is an important milestone.
‣ The relationship with specifications such as GlobalPlatform.
‣ A recap of the design principles for the TEE driver.
‣ How to get involved with TEE development.
This webinar is based on the work of the Linaro Security Working Group. Their work helps Linaro achieve its mission of providing upstream open source support for the ARM ecosystem. The webinar will be of interest to developers and engineering managers who would like the latest status on TEE support in Linux, particularly those looking to develop secure applications with e.g. OP-TEE. It’s also a great case study for those interested in the challenges of Linux kernel upstreaming. There will be the opportunity to ask questions before, during and after the webinar.
🎙 Speakers:
Joakim Bech, Security Working Group Tech Lead, Linaro
Jens Wiklander, Security Working Group Engineer & Upstream Driver Author, Linaro
🎯 Moderator:
Bill Fletcher, EMEA Field Engineering, Linaro
✨ Register here
http://linaro.co/webinar01
For more information on...
On Linaro - Leading Collaboration in the ARM Ecosystem - linaro.org
On OP-TEE - the TEE in Linux using the ARM® TrustZone® technology op-tee.org
----------------------------------------------
Videos & Presentation
--
Introduction to OP-TEE
--
A great introduction to OP-TEE security written from the standpoint of Automotive Grade Linux. It's only 13 slides with some great diagrams explaining trusted execution, secure boot and isolation.
#Automotive #AGL #OP-TEE #Linux
https://www.slideshare.net/YannickGicquel/introduction-to-optee-26-may-2016
--
OP-TEE for Beginners and Porting Review
--
Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome.
#TrustedApplication #Trustzone
http://connect.linaro.org/resource/hkg15/hkg15-311-op-tee-for-beginners-and-porting-review/
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
Smart connected devices such as mobile phones, tablets and Digital TVs are required to handle data with strong security and confidentiality requirements. A “Trusted Execution Environment” (TEE) provides an environment for processing data securely, protected from normal platform applications. This talk is intended as an introduction to Trusted Execution, and the open-source Trusted Execution Environment OP-TEE in particular. It introduces the GlobalPlatform TEE Specifications, explains how Trusted Execution is implemented by ARM TrustZone and OP-TEE, and outlines how trusted boot software manages the secure boot of an ARM platform. Finally, it gives some pointers on how to get started with OP-TEE.
LCU14-103: How to create and run Trusted Applications on OP-TEELinaro
LCU14-103: How to create and run Trusted Applications on OP-TEE
---------------------------------------------------
Speaker: Joakim Bech
Date: September 15, 2014
---------------------------------------------------
Coresight is the name given to a set of IP blocks providing hardware assisted tracing for ARM based SoCs. This presentation will give an introduction to the technology, how it works and offer a glimpse of the capabilities it offers. More specifically we will go over the components that are part of the architecture and how they are used. Next will be presented the framework Linaro is working on in an effort to provide consolidation and standardization of interfaces to the coresight subsystem. We will conclude with a status of our current upstreaming efforts and how we see the coming months unfolding.
---------------------------------------------------
★ Resources ★
Zerista: http://lcu14.zerista.com/event/member/137703
Google Event: https://plus.google.com/u/0/events/cvb85kqv10dsc4k3e0hcvbr6i58
Presentation: http://www.slideshare.net/linaroorg/lcu14-101-coresight-overview
Video: https://www.youtube.com/watch?v=IQhbM55F23U&list=UUIVqQKxCyQLJS6xvSmfndLA
Etherpad: http://pad.linaro.org/p/lcu14-101
---------------------------------------------------
★ Event Details ★
Linaro Connect USA - #LCU14
September 15-19th, 2014
Hyatt Regency San Francisco Airport
---------------------------------------------------
LCU13: Deep Dive into ARM Trusted Firmware
Resource: LCU13
Name: Deep Dive into ARM Trusted Firmware
Date: 31-10-2013
Speaker: Dan Handley / Charles Garcia-Tobin
Insights into the performance and configuration of TCP in Automotive Ethernet...RealTime-at-Work (RTaW)
The idea of using TCP in cars has been around for some time, as the first specification of Autosar TCP/IP stack dates back from early 2013. However, TCP has not been popular yet in cars and there has not been much published works on using TCP for in-vehicle communications so far.
TCP – the Transmission Control Protocol – provides connection-oriented reliable transmission between network applications. TCP is the cornerstone of the Internet – a hugely successful protocol over the last 40 years – if it is certainly a fine piece of engineering but it is definitely a complex one.
The question we explore in this study is what can we expect from TCP for on-board in-vehicle communication in terms of latencies & throughput and how to best configure TCP in a context for which
it has not been conceived. In particular, we will show that TCP configuration on the ECU sides should consider the amount of memory available in the switches and that traffic shaping policy, as available in TSN, can provide a nice performance boost for TCP communication.
Presentation of a paper at ISC 2008. Modification of a virtual TPM design to support more flexible key management and migration support for virtual machines.
Key management: Introduction, How public key distribution done, Diffie Hellman Key Exchage Algorithm,Digital Certificate. Key Management using Digital certificate is done etc. wireshark screenshot showing digital cetificate.
This is the presentation I gave on Linux kernel modules at the Linux Meetup in Austin, TX, on 2/5/2015.
http://www.meetup.com/linux-85/events/185946802/
Code referred to in the presentation: https://github.com/ereyes01/kernel-mod-prez
The lecture by Sartakov A. Vasily for Summer Systems School'12.
Brief introduction to Trusted Computing.
SSS'12 - Education event, organized by ksys labs[1] in 2012, for students interested in system software development and information security.
1. http://ksyslabs.org/
On October 12, 2012, Safeguard Scientifics' EVP and Managing Director, Jim Datin presented a case study at the RBC Biotech Conference, which focused on “Biotech Success Stories of the [Philadelphia] Region”. Jim Datin presented a case study on Avid Radiopharmaceuticals, a Safeguard partner company from 2007-2010, when it was acquired by Eli Lilly. The presentation, entitled "“The Success of Avid Pharmaceuticals from an Investor's Point of View" highlights the critical factors to building a great company, "The 5 Ms" -- Management, Market, Model, Momentum and Moat.
This presentation contains details how a typcial modern x86 based PC from Intel establishes hardware root of trust for operation system and application to operate over it afterwards.
Here comes another enlightening document that dives into the thrilling world of breaking BitLocker, Windows' attempt at full disk encryption.
This analysis will walk you through the myriad of creative hacks, from the classic cold boot attacks—because who doesn't love freezing their computer to steal some data—to exploiting those oh-so-reliable TPM chips that might as well have a "hack me" sign on them.
We'll also cover some software vulnerabilities, because Microsoft just wouldn't be the same without a few of those sprinkled in for good measure. And let's not forget about intercepting those elusive decryption keys; it's like a digital treasure hunt!
So, whether you're a security expert, a forensic analyst, or just a curious cat in the world of cybersecurity, enjoy the read, and maybe keep that data backed up somewhere safe, yeah?
-------
This document provides a comprehensive analysis of the method demonstrated in the video "Breaking Bitlocker - Bypassing the Windows Disk Encryption" where the author showcases a low-cost hardware attack capable of bypassing BitLocker encryption. The analysis will cover various aspects of the attack, including the technical approach, the use of a Trusted Platform Module (TPM) chip, and the implications for security practices.
The analysis provides a high-quality summary of the demonstrated attack, ensuring that security professionals and specialists from different fields can understand the potential risks and necessary countermeasures. The document is particularly useful for cybersecurity experts, IT professionals, and organizations that rely on BitLocker for data protection and to highlight the need for ongoing security assessments and the potential for similar vulnerabilities in other encryption systems.
Reconfigurable Trust for Embedded Computing
Platforms
Published in:Applied Electronics (AE), 2012 International
Conference
By:-
Martin Schramm University of Applied Sciences Deggendorf Deggendorf,
Germanymartin.schramm@hdu-deggendorf.de
Andreas Grzemba University of Applied Sciences Deggendorf
Deggendorf, Germany andreas.grzemba@hdu-deggendorf.de
•The main topic for this paper is how to implement hardware in security.
•Implementing hardware adds sophisticated security and privacy mechanisms, by isolating security module from the rest of the system.
•Using FPGA is one way to add hardware security feature, and it was the main idea for this paper
"Session ID: HKG18-223
Session Name: HKG18-223 - Trusted Firmware M : Trusted Boot
Speaker: Tamas Ban
Track: LITE
★ Session Summary ★
An overview of the trusted boot concept and firmware update on the ARMv8-M based platform and how MCUBoot acts as a BL2 bootloader for TF-M.
Trusted Firmware M
In October 2017, Arm announced the vision of Platform Security Architecture (PSA) - a common framework to allow everyone in the IoT ecosystem to move forward with stronger, scalable security and greater confidence. There are three key stages to the Platform Security Architecture: Analysis, Architecture and Implementation which are described at https://developer.arm.com/products/architecture/platform-security-architecture.
_Trusted Firmware M, i.e. TF-M, is the Arm project to provide an open source reference implementation firmware that will conform to the PSA specification for M-Class devices. Early access to TF-M was released in December 2017 and it is being made public during Linaro Connect. The implementation should be considered a prototype until the PSA specifications reach release state and the code aligns._
---------------------------------------------------
★ Resources ★
Event Page: http://connect.linaro.org/resource/hkg18/hkg18-223/
Presentation: http://connect.linaro.org.s3.amazonaws.com/hkg18/presentations/hkg18-223.pdf
Video: http://connect.linaro.org.s3.amazonaws.com/hkg18/videos/hkg18-223.mp4
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2018 (HKG18)
19-23 March 2018
Regal Airport Hotel Hong Kong
---------------------------------------------------
Keyword: LITE
'http://www.linaro.org'
'http://connect.linaro.org'
---------------------------------------------------
Follow us on Social Media
https://www.facebook.com/LinaroOrg
https://www.youtube.com/user/linaroorg?sub_confirmation=1
https://www.linkedin.com/company/1026961"
CONFidence 2014: Yaniv Miron: ATMs – We kick their assPROIDEA
ATMs (Automated Teller Machines) are usually weak spots in any organization that operates them. We would like to share with you how we hack ATMs. We will show GENERIC ways to attack ATMs. Specific attacks are kewl but we like GENERIC ones that work in the often complex ATM world. Join us to pwn some ATMs and learn from our vast experience in the trenches.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Honest Reviews of Tim Han LMA Course Program.pptxtimhan337
Personal development courses are widely available today, with each one promising life-changing outcomes. Tim Han’s Life Mastery Achievers (LMA) Course has drawn a lot of interest. In addition to offering my frank assessment of Success Insider’s LMA Course, this piece examines the course’s effects via a variety of Tim Han LMA course reviews and Success Insider comments.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Francesca Gottschalk - How can education support child empowerment.pptxEduSkills OECD
Francesca Gottschalk from the OECD’s Centre for Educational Research and Innovation presents at the Ask an Expert Webinar: How can education support child empowerment?
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
The French Revolution, which began in 1789, was a period of radical social and political upheaval in France. It marked the decline of absolute monarchies, the rise of secular and democratic republics, and the eventual rise of Napoleon Bonaparte. This revolutionary period is crucial in understanding the transition from feudalism to modernity in Europe.
For more information, visit-www.vavaclasses.com
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
2. INTRODUCTION
• The Trusted Platform Module (TPM) is an international
standard for a secure crypto-processor.
• The TPM technical specification was written by a computer
industry consortium called the Trusted Computing Group
(TCG).
• The International Organization for Standardization (ISO) and
the International Electro-technical Commission (IEC)
standardized the specification as ISO/IEC 11889 in 2009.
2 of 36
3. ABBREVIATIONS
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
TPM – Trusted Platform Module
TCG – Trusted Computing Group
TCB - Trusted Computing Base
BIOS – Basic Input-Output System
EK – Endorsement Key
SRK – Storage Root Key
PCR – Platform Configuration Register
AIK – Attestation Identity Key
ROT – Root of Trust
CRTM – Core Root of Trust
RTM – Root of Trust for Measurement
RTR – Root of Trust for Reporting
RTS – Root of Trust for Storage
MBR – Master Boot Record
GRUB – Grand Unified Boot Loader
DRM – Digital Rights Management
3 of 36
4. TRUSTED COMPUTING GROUP
• The Trusted Computing Group (2003), successor to the Trusted
Computing Platform Alliance (TCPA)
• An initiative started by AMD, Cisco, Hewlett-Packard, IBM, Intel,
Microsoft and Wave Systems Corp.
• TCG is a non-profit organization formed to develop, define, and promote
open standards for hardware-enabled trusted computing and security
technologies, including hardware building blocks and software interfaces
across multiple platforms
• Promoters + Contributors + Adopters = 108
4 of 36
6. TRUSTED COMPUTING
• The computer will consistently behave in expected ways, and those
behaviors will be enforced by computer hardware and software
• Enforcing this behavior is achieved by loading the hardware with a unique
encryption key inaccessible to the rest of the system
• TC is controversial as the hardware is not only secured for its owner, but
also secured against its owner
6 of 36
7. FUNDAMENTAL TRUSTED COMPUTING
FUNCTIONALITY
• A mechanism is required to record (measure) what software
is/was running
•
•
•
•
Requires to monitor the boot process
Needs an anchor to start the measurement from a Root of Trust
Nobody should be able to modify or forge these measurements
Some shielded location for the measurements is required
7 of 36
8. FUNDAMENTAL TRUSTED COMPUTING
FUNCTIONALITY
• Now you know that your platform is in a defined state
• Why should someone else believe this claim?
• A mechanism to securely report the measurements to a 3rd party is
required
• Secure storage
• Allow access to data only if system is in a known state
• Cost efficient implementation and production
8 of 36
11. TPM
• The TPM is a platform component
• NOT a platform all by itself
• TPM becomes a permanent component of the platform
• The TPM is NOT an active component, always a responder to a request and
never initiates an interrupt or other such operation
• TPM cannot alter execution flow of system (e.g. booting, execution of
applications)
11 of 36
12. TPM: CHANGES TO PC
• Extra hardware
• TPM
• Single 33 MHz clock
• Software changes
• BIOS
• OS & Apps
12 of 36
14. PLATFORM CONFIGURATION REGISTERS
• There are at least 16 PCRs in a TPM.
• They store platform configuration measurements.
• These measurements are normally hash values (SHA-1) of entities
(applications) running on the platform.
• PCRs can not be written directly; data is stored by a process called
extending the PCR.
• PCR = SHA-1(PCR + measurement)
• PCR extends are not commutative
• PCRs initialized to default value (e.g. 0) at boot time
• After boot, PCRs contain hash chain of booted software
14 of 36
15. INTEGRITY MEASUREMENT WITH TPM
• A measures entity B (could be executable or other files ...). Result is
a B's "fingerprint".
• This fingerprint is stored in a Stored Measurement Log (SML)
which resides in the hard drive (outside, and not protected by a
TPM).
• A then inserts B's fingerprint into a PCR (via the PCR's extend
operation).
• Control is passed to B.
15 of 36
17. ROOTS OF TRUST
• Root of Trust is a hardware or software mechanism that one implicitly trusts
• Root of Trust for Measurement (RTM)
• Uses Platform Configuration Registers (PCR) to record the state of a system
• Static entity like the PC BIOS
• Root of Trust for Reporting (RTR)
• Entity trusted to report information accurately and correctly
• Uses PCR and RSA signatures to report the platform state to external parties in an
unforgettable way
• Root of Trust for Storage (RTS)
• Entity trusted to store information without interference leakage
• Uses PCR and RSA encryption to protect data and ensure that data can only be accessed if
platform is in a known state
17 of 36
18. ROOT OF TRUST FOR MEASUREMENT
• Involved steps:
• Measure (compute the hash value of) the next entity: e.g. the
BIOS measures the OS loader
• The measurement is extended into one of the TPM PCR
• Control is passed to the measured entity
• This process is continued for all components of a system up to
user level applications
• Measurements change with system updates and patches
18 of 36
19. ROOT OF TRUST FOR REPORTING
• Endorsement Key (EK) forms the RTR
• Private part never leaves the TPM (only exists in shielded location)
• EK is unique for every TPM and therefore uniquely identifies a
TPM
• The EK is backed by an EK certificate typically issued by the TPM
manufacturer
• The EK certificate guarantees that the key actually is an EK and is
protected by a genuine TPM
19 of 36
20. ROOT OF TRUST FOR STORAGE
• Two approaches
• Without using PCR: bind/unbind
• With using PCR: seal/unseal
• Binding
• Happens outside of the TPM
• Encrypt data with the public part of a TPM key
• Only the TPM that the key pair belongs to can decrypt the data and private key can
only be used inside the TPM
• Binding to a specific TPM, use a non-migratable binding key (migratable keys can
also be used)
• Unbinding
• Decryption of bound data inside the TPM using the private key
20 of 36
21. TPM KEYS
• Storage Root Key (SRK)
•
•
•
•
2048 bit RSA key
Is top level element of TPM key hierarchy
Created during take ownership
Non-migratable, store inside the chip, can be removed
• Storage Keys
• RSA keys used to wrap (encrypt) other elements in the TPM key hierarchy
• Created during user initialization
• Signature Keys
• RSA keys used for signing operations
• Must be a leaf in the TPM key hierarchy
21 of 36
23. ENDORSEMENT KEY
• The endorsement key is a 2048-bit RSA public and private key
pair
• Created randomly on the chip at manufacture time
• Non-migratable, store inside the chip, cannot be removed
• It is never used for encryption or signing
23 of 36
24. SECURE INPUT AND OUTPUT
• Secure I/O provides a secure hardware path from the keyboard
to an application
• From the application back to the screen.
• No other software running on the same PC will be able to
determine what the user typed, or how the application
responded.
24 of 36
25. MEMORY CURTAINING
• Memory curtaining extends common memory protection
techniques to provide full isolation of sensitive areas of
memory
• Even the operating system does not have full access to
curtained memory
• The exact implementation details are vendor specific
25 of 36
26. SEALED STORAGE
• Sealed storage protects private information by binding it to
platform configuration information including the software and
hardware being used
• Data can be released only to a particular combination of
software and hardware
• Embedding PCR values in blob ensures that only
certain apps can decrypt data
• Messing with MBR or OS kernel will change PCR values
26 of 36
27. SEALED STORAGE
• Encrypt data using RSA key on TPM
• TPM_Seal
•
•
•
•
(some) Arguments:
keyhandle: which TPM key to encrypt with
KeyAuth: Password for using key `keyhandle’
PcrValues: PCRs to embed in encrypted blob
data block: at most 256 bytes (2048 bits)
•
Used to encrypt symmetric key (e.g. AES)
• Returns encrypted blob.
• Blob can only be decrypted with TPM_Unseal when:
• PCR-reg-vals = PCR-vals in blob.
• TPM_Unseal will fail otherwise
27 of 36
28. REMOTE ATTESTATION
• Remote attestation allows changes to the user's computer to be
detected by authorized parties
• Good applications:
• Bank allows money transfer only if customer’s machine runs “up-to-date”
OS patches.
• Enterprise allows laptop to connect to its network only if laptop runs
“authorized” software
• Quake players can join a Quake network only if their Quake client is
unmodified.
• DRM:
• Music Stores sell content for authorized players only.
28 of 36
29. REMOTE ATTESTATION- HOW IT WORKS
• Recall: EK private key on TPM.
• Cert for EK public-key issued by TPM vendor.
• Step 1: Create Attestation Identity Key (AIK)
• AIK Private key known only to TPM
• AIK public cert issued only if EK cert is valid
29 of 36
30. REMOTE ATTESTATION- HOW IT WORKS
• Step 2: sign PCR values (after boot)
• Call TPM_Quote (some) Arguments:
• keyhandle: which AIK key to sign with
• KeyAuth: Password for using key `keyhandle’
• PCR List: Which PCRs to sign.
• Challenge: 20-byte challenge from remote server
• Prevents replay of old signatures.
• Userdata: additional data to include in sig.
• Returns signed data and signature.
30 of 36
31. MISCONCEPTIONS CLARIFIED
• The TPM does not measure, monitor or control anything
• The TPM is a passive device in the system
• The TPM has no way of knowing what was measured
• Measurements are made by host software and sent to the TPM
• TPM does not perform bulk encryption
• (e.g. File and Folder encryption or Full Disk encryption)
• Digital Right Management (DRM) is not a goal of TCG specifications
• All technical aspects of DRM are not inherent in the TPM
• TPM can work with any operating systems or application software
• The specification is open and the API is defined, no TCG secrets
31 of 36
32. BENEFITS
•
•
•
•
•
•
•
Enhance confidence in platform
Proof that a platform is a Trusted Platform
Binding of data to a particular platform
Sealing data to a trusted system state/configuration
Owner privacy and control
Secure boot
Low cost exportable technology
32 of 36
33. CRITICISM
•
•
•
•
•
•
Digital rights management
Users unable to modify software
Users have no control over data
Users unable to exercise legal rights
Users vulnerable to vendor withdrawal of service
Users unable to override
33 of 36
34. STANDARDIZATION
• JTC1, a joint committee of the International Organization for
Standardization, or ISO, and IEC, the International Electro-technical
Commission, has accepted and published the Trusted Computing
Group Trusted Platform Module specification Version 1.2 as
ISO/IEC standard 11889.
• Abstract
• ISO/IEC 11889 defines the Trusted Platform Module (TPM), a device that enables
trust in computing platforms in general. ISO/IEC 11889-1:2009 is an overview of
the TPM. It describes the TPM and how it fits into the trusted platform. ISO/IEC
11889-1:2009 describes trusted platform concepts such as the trust boundary,
transitive trust, integrity measurement, and integrity reporting.
34 of 36