SlideShare a Scribd company logo

RISC-V-Day-Tokyo2018-suzaki

Kuniyasu Suzaki
Kuniyasu Suzaki

The document discusses Trusted Execution Environments (TEEs) and running the Open Portable Trusted Execution Environment (OP-TEE) trusted operating system on RISC-V. It provides an overview of TEEs, describes OP-TEE and the requirements to implement it on RISC-V, including developing a boot sequence, kernel driver, and libraries. The document also compares TEE implementations on ARM TrustZone and Intel SGX and covers memory mapping when running OP-TEE on ARM-based boards.

Technology
1 of 14
Download to read offline
TEE to Run Trusted OS on RISC-V and Related Technologies 1 National Institute of Advanced Industrial Science and Technology(AIST) Kuniyasu Suzaki, Akira Tsukamoto
Contents • What is TEE? – RISC-V TEE • Trusted OS – “OP-TEE” – Requirement to implement OP-TEE 2 The difference from Micro51 workshop. Software view (RISC-V day Tokyo), Hardware view (Micro51 workshop) Slides will be opened at https://www.slideshare.net/suzaki
HIEE: Hardware-assisted Isolated Execution Environments* • HIEE is used for important process which is independent of OS. • Current CPU has HIEE. – X86 SMM: System Management Mode • Used by BIOS/UEFI. – Intel’s ME: Management Engine. • Run MINIX. Used for remote power control. – Intel SGX: Software Guard execution – ARM Trust Zone 3 * F.Zhang and H.Zhang, SoK:A Study of Using Hardware-assisted Isolated Execution Environments for Security[HASP16] They are not programmable for a user. They are programmable for a user. They are used for TEE.
What is TEE? • TEE: Trusted Execution Environment. – TEE separates computing world into “normal” and “secure”. • Secure world is used to run a critical code (e.g., authentication, DRM, etc). – GlobalPlatform defines TEE specification. • https://globalplatform.org/technical-committees/trusted-execution-environment-tee-committee/ 4 CPU TEE Secure World Normal World App Normal OS
Privileges for TEE • Global Platform's TEE specification assumes plural privileges on both worlds to run application on a OS. – Normal world runs normal applications on a normal OS. – Secure world runs trusted applications (TAs) on a trusted OS. • ARM Trust Zone offers same privileges to normal and secure world. • Intel SGX has only one privilege (enclave). – Enclave is different from Ring Architecture. 5 CPU Trusted OS Secure World Normal World App Normal OS (e.g., Linux) Trusted Application (TA) POSIX APIGP TEE API
TEE projects on RISC-V • Sanctum [MIT project, USENIX Sec’16] • KeyStone [UCB project] – https://keystone-enclave.org/ • MultiZone [Hex-Five product] – https://hex-five.com/ • TEE WG of RISC-V Foundation 6 Intel SGX type One special privilege (Enclave) ARM Trust Zone type plural privileges easy to implement GlobalPlatform style Trusted OS
ARM Trusted OS on ARM Trust Zone • GlobalPlatform model 7 Secure world Normal world Normal Applications Normal OS NIC Core Trusted OS Trusted Applications (TA) Core Secure Mode Hard eMMCUART Exception Level EL0: User EL1: Privilege EL2: Hypervisor EL3: Secure SMC (Secure Monitor Call) instruction Memory Static allocate Dynamic allocate
Boot Sequence on ARM Trust Zone • BL: Boot Loader • EL: Exception Level 8 Power on BL1: BootROM BL2: Trusted Boot Firmware Secure World Normal World BL31: Secure Monitor BL32: Trusted OS BL33: Normal OS EL3:Secure EL2:Hypervisor EL1:Priviledge EL0:User EL3:Secure EL2:Hypervisor EL1:Priviledge EL0:User
Trusted OS • Trusted OS is not a normal OS – Trusted OS is TCB (Trusted Computing Base). It must be secure (small). – No POSIX API, No dynamic link library • TA becomes a static linked binary. • Trusted OS needs the help of normal OS – Because Trusted OS has no File System, no device driver (except some special devices, e.g., UART) • When a TA want to save a data, the data is encrypted and saved on FS of normal OS. 9
Trusted OS • Open Source Trusted OS – OP-TEE (Linaro) https://github.com/OP-TEE – Open-TEE (Aalto University[TrustCom15]) https://open-tee.github.io/ – Trusty (Google) https://source.android.com/security/trusty/index.html – SierraTEE (Sierra) https://www.sierraware.com/open-source-ARM-TrustZone.html • Enterprise Trusted OS – Apple’s Secure Enclave – Qualcomm’s QSEE – Samsung’s Knox https://www.samsungknox.com/en – Trastonic Kinibi and MobiCore 10
How to run a TA on OP-TEE 11 Secure World Normal World Secure Monitor Exception Level EL0: User EL1: Privilege EL2: Hypervisor EL3: Secure Linux with op-tee driver TA with libutee.a OP-TEE (signature check) (dispatch by UUID) TA-Client TEE-Supplicant /dev/tee0 /dev/teeprev0 Load a TA Use a TA Helper of TAsignatureMajor Roll • TA-Client loads a TA on OP-TEE – TA needs a signature to load on OP-TEE – TA has a UUID to communicate with TA- Client and TEE-Supplicant • TA-Client sends a request to TA • TA replies an answer to TA-Client • TA sends a request to TEE- Supplicant (e.g., to save an encrypted data on File System) TEE internal API only (No POSIX sys call) TA libtee.so
Memory Map of OP-TEE • ARM Hikey Board 2GB • Software size: Our experience – Secure world • Secure Monitor 33KB • OP-TEE 281KB • TA 1,200KB – Normal World (on Linux) • TA-Client 17KB • TEE-Supplicant 197KB 12 0x7FFFFFFF (2GB) OP-TEE & TA 0x7F000000 16MB 0x7EC0000 Shared Memory 4 MB 0x7E80000 Linux Kernel with SMC driver 4 MB 0x7E00000 8 MB Secure Data Path Buffer Reserved Secure World Normal World
OP-TEE on RISC-V using seL4 • Rahul Mahadev’s Google Summer of Code • http://mahadevrahul.blogspot.com/ – The Trust Zone features and secure monitor are implemented as a seL4 library. – OP-TEE is paravirtualized, all calls referencing ARM Trusted Firmware and secure monitor are replaced with new calls. 13 seL4 Rich OS (Linux) Library to emulate Trust Zone VMM Paravirtualized OP-TEE TAApp
Conclusions • My talk is software view of TEE • When we implement OP-TEE on RISC-V, we must develop – Boot sequence: Trusted Boot Firmware, Secure Monitor – Linux kernel driver – Libraries (libutee.a for TA and libtee.so for Linux Apps) – Linux application to assist TA (TEE-supplicant) 14 See Micro51 RISC-V workshop for hardware view Slide of RISC-V Day Tokyo 2018 and Micro51 RISC-V workshop will be opened at https://www.slideshare.net/suzaki

Recommended

Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Yannick Gicquel
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Linaro
 
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...Edge AI and Vision Alliance
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
Introduction to Modern U-Boot
Introduction to Modern U-BootIntroduction to Modern U-Boot
Introduction to Modern U-BootGlobalLogic Ukraine
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 

Recommended

Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Yannick Gicquel
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Linaro
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Linaro
 
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...
“Making Edge AI Inference Programming Easier and Flexible,” a Presentation fr...Edge AI and Vision Alliance
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
Introduction to Modern U-Boot
Introduction to Modern U-BootIntroduction to Modern U-Boot
Introduction to Modern U-BootGlobalLogic Ukraine
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLinaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLinaro
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
 
Embedded_Linux_Booting
Embedded_Linux_BootingEmbedded_Linux_Booting
Embedded_Linux_BootingRashila Rr
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequenceHoucheng Lin
 
Yocto project and open embedded training
Yocto project and open embedded trainingYocto project and open embedded training
Yocto project and open embedded trainingH Ming
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELinaro
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureRyo Jin
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader Emertxe Information Technologies Pvt Ltd
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VRISC-V International
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEELinaro
 
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...The Linux Foundation
 
XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, Intel
XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, IntelXPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, Intel
XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, IntelThe Linux Foundation
 
Yocto Project introduction
Yocto Project introductionYocto Project introduction
Yocto Project introductionYi-Hsiu Hsu
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverLinaro
 
Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)Emertxe Information Technologies Pvt Ltd
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicJoseph Lu
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Kuniyasu Suzaki
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro
 

More Related Content

What's hot

LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLinaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLinaro
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
 
Embedded_Linux_Booting
Embedded_Linux_BootingEmbedded_Linux_Booting
Embedded_Linux_BootingRashila Rr
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewLinaro
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequenceHoucheng Lin
 
Yocto project and open embedded training
Yocto project and open embedded trainingYocto project and open embedded training
Yocto project and open embedded trainingH Ming
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELinaro
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureRyo Jin
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VRISC-V International
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEELinaro
 
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...The Linux Foundation
 
XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, Intel
XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, IntelXPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, Intel
XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, IntelThe Linux Foundation
 
Yocto Project introduction
Yocto Project introductionYocto Project introduction
Yocto Project introductionYi-Hsiu Hsu
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverLinaro
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicJoseph Lu
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal BootloaderSatpal Parmar
 

What's hot (20)

LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted Firmware
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
LCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted FirmwareLCU14 500 ARM Trusted Firmware
LCU14 500 ARM Trusted Firmware
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
 
Embedded_Linux_Booting
Embedded_Linux_BootingEmbedded_Linux_Booting
Embedded_Linux_Booting
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
 
Uboot startup sequence
Uboot startup sequenceUboot startup sequence
Uboot startup sequence
 
Yocto project and open embedded training
Yocto project and open embedded trainingYocto project and open embedded training
Yocto project and open embedded training
 
LCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEELCU14-103: How to create and run Trusted Applications on OP-TEE
LCU14-103: How to create and run Trusted Applications on OP-TEE
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit Architecture
 
U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-V
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEE
 
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
XPDDS17: Shared Virtual Memory Virtualization Implementation on Xen - Yi Liu,...
 
XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, Intel
XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, IntelXPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, Intel
XPDDS18: EPT-Based Sub-page Write Protection On Xenc - Yi Zhang, Intel
 
Yocto Project introduction
Yocto Project introductionYocto Project introduction
Yocto Project introduction
 
SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
 
Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)Embedded Android : System Development - Part II (Linux device drivers)
Embedded Android : System Development - Part II (Linux device drivers)
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panic
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
 

Similar to RISC-V-Day-Tokyo2018-suzaki

Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Kuniyasu Suzaki
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLinaro
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentationCHIACHE lee
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTStéphanie Roger
 
6 andrii grygoriev - security issues in arm trust zone software
6 andrii grygoriev - security issues in arm trust zone software6 andrii grygoriev - security issues in arm trust zone software
6 andrii grygoriev - security issues in arm trust zone softwareIevgenii Katsan
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityLinaro
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kuniyasu Suzaki
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth Pilli
 
HiPEAC Computing Systems Week 2022_Mario Porrmann presentation
HiPEAC Computing Systems Week 2022_Mario Porrmann presentationHiPEAC Computing Systems Week 2022_Mario Porrmann presentation
HiPEAC Computing Systems Week 2022_Mario Porrmann presentationVEDLIoT Project
 
HiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationHiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationVEDLIoT Project
 
How to port Tizen:Common to open source hardware devices?
How to port Tizen:Common to open source hardware devices? How to port Tizen:Common to open source hardware devices?
How to port Tizen:Common to open source hardware devices? Leon Anavi
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT SecurityHannes Tschofenig
 
Tizen RT: A Lightweight RTOS Platform for Low-End IoT Devices
Tizen RT: A Lightweight RTOS Platform for Low-End IoT DevicesTizen RT: A Lightweight RTOS Platform for Low-End IoT Devices
Tizen RT: A Lightweight RTOS Platform for Low-End IoT DevicesSamsung Open Source Group
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Riscure
 

Similar to RISC-V-Day-Tokyo2018-suzaki (20)

Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
Hardware-assisted Isolated Execution Environment to run trusted OS and applic...
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solution
 
Thesis presentation
Thesis presentationThesis presentation
Thesis presentation
 
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoTInria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
Inria Tech Talk : RIOT, l'OS libre pour vos objets connectés #IoT
 
TMS320DM8148 Embedded Linux
TMS320DM8148 Embedded LinuxTMS320DM8148 Embedded Linux
TMS320DM8148 Embedded Linux
 
6 andrii grygoriev - security issues in arm trust zone software
6 andrii grygoriev - security issues in arm trust zone software6 andrii grygoriev - security issues in arm trust zone software
6 andrii grygoriev - security issues in arm trust zone software
 
Slimline Open Firmware
Slimline Open FirmwareSlimline Open Firmware
Slimline Open Firmware
 
TEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source securityTEE - kernel support is now upstream. What this means for open source security
TEE - kernel support is now upstream. What this means for open source security
 
Faults inside System Software
Faults inside System SoftwareFaults inside System Software
Faults inside System Software
 
19EICN
19EICN19EICN
19EICN
 
IOT Exploitation
IOT Exploitation IOT Exploitation
IOT Exploitation
 
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
Kernel Memory Protection by an Insertable Hypervisor which has VM Introspec...
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
 
HiPEAC Computing Systems Week 2022_Mario Porrmann presentation
HiPEAC Computing Systems Week 2022_Mario Porrmann presentationHiPEAC Computing Systems Week 2022_Mario Porrmann presentation
HiPEAC Computing Systems Week 2022_Mario Porrmann presentation
 
HiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentationHiPEAC 2022_Marcelo Pasin presentation
HiPEAC 2022_Marcelo Pasin presentation
 
tizen-oshw-tds14sh
tizen-oshw-tds14shtizen-oshw-tds14sh
tizen-oshw-tds14sh
 
How to port Tizen:Common to open source hardware devices?
How to port Tizen:Common to open source hardware devices? How to port Tizen:Common to open source hardware devices?
How to port Tizen:Common to open source hardware devices?
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT Security
 
Tizen RT: A Lightweight RTOS Platform for Low-End IoT Devices
Tizen RT: A Lightweight RTOS Platform for Low-End IoT DevicesTizen RT: A Lightweight RTOS Platform for Low-End IoT Devices
Tizen RT: A Lightweight RTOS Platform for Low-End IoT Devices
 
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...Secure initialization of Trusted Execution Environments: When Secure Boot fal...
Secure initialization of Trusted Execution Environments: When Secure Boot fal...
 

More from Kuniyasu Suzaki

RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)Kuniyasu Suzaki
 
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)Kuniyasu Suzaki
 
IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告Kuniyasu Suzaki
 
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)Kuniyasu Suzaki
 
ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiKuniyasu Suzaki
 
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?Kuniyasu Suzaki
 
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)Kuniyasu Suzaki
 
BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017Kuniyasu Suzaki
 
USENIX NSDI17 Memory Disaggregation
USENIX NSDI17 Memory DisaggregationUSENIX NSDI17 Memory Disaggregation
USENIX NSDI17 Memory DisaggregationKuniyasu Suzaki
 
Io t security-suzki-20170224
Io t security-suzki-20170224Io t security-suzki-20170224
Io t security-suzki-20170224Kuniyasu Suzaki
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016Kuniyasu Suzaki
 
Report for S4x14 (SCADA Security Scientific Symposium 2014)
Report for S4x14 (SCADA Security Scientific Symposium 2014)Report for S4x14 (SCADA Security Scientific Symposium 2014)
Report for S4x14 (SCADA Security Scientific Symposium 2014)Kuniyasu Suzaki
 
Slide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiSlide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiKuniyasu Suzaki
 
OSセキュリティチュートリアル
OSセキュリティチュートリアルOSセキュリティチュートリアル
OSセキュリティチュートリアルKuniyasu Suzaki
 
Nested Virtual Machines and Proxies
Nested Virtual Machines and Proxies Nested Virtual Machines and Proxies
Nested Virtual Machines and Proxies Kuniyasu Suzaki
 
Bitvisorをベースとした既存Windowsのドライバメモリ保護
Bitvisorをベースとした既存Windowsのドライバメモリ保護Bitvisorをベースとした既存Windowsのドライバメモリ保護
Bitvisorをベースとした既存Windowsのドライバメモリ保護Kuniyasu Suzaki
 
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Kuniyasu Suzaki
 
仮想化技術によるマルウェア対策とその問題点
仮想化技術によるマルウェア対策とその問題点仮想化技術によるマルウェア対策とその問題点
仮想化技術によるマルウェア対策とその問題点Kuniyasu Suzaki
 
Technology Used in Virtual Machine (Jan 2008)
Technology Used in Virtual Machine (Jan 2008)Technology Used in Virtual Machine (Jan 2008)
Technology Used in Virtual Machine (Jan 2008)Kuniyasu Suzaki
 
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...Kuniyasu Suzaki
 

More from Kuniyasu Suzaki (20)

RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
RISC-Vのセキュリティ技術(TEE, Root of Trust, Remote Attestation)
 
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)
遠隔デバイスとの信頼を築くための技術とその標準(TEEP RATS)
 
IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告IETF111 RATS: Remote Attestation ProcedureS 報告
IETF111 RATS: Remote Attestation ProcedureS 報告
 
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)
Slide presented at FIT 2021 Top Conference (Reboot Oriented IoT, ACSAC2021)
 
ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu SuzakiACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
ACSAC2020 "Return-Oriented IoT" by Kuniyasu Suzaki
 
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
TEE (Trusted Execution Environment)は第二の仮想化技術になるか?
 
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
3種類のTEE比較(Intel SGX, ARM TrustZone, RISC-V Keystone)
 
BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017BMC: Bare Metal Container @Open Source Summit Japan 2017
BMC: Bare Metal Container @Open Source Summit Japan 2017
 
USENIX NSDI17 Memory Disaggregation
USENIX NSDI17 Memory DisaggregationUSENIX NSDI17 Memory Disaggregation
USENIX NSDI17 Memory Disaggregation
 
Io t security-suzki-20170224
Io t security-suzki-20170224Io t security-suzki-20170224
Io t security-suzki-20170224
 
”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016”Bare-Metal Container" presented at HPCC2016
”Bare-Metal Container" presented at HPCC2016
 
Report for S4x14 (SCADA Security Scientific Symposium 2014)
Report for S4x14 (SCADA Security Scientific Symposium 2014)Report for S4x14 (SCADA Security Scientific Symposium 2014)
Report for S4x14 (SCADA Security Scientific Symposium 2014)
 
Slide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by SuzakiSlide used at ACM-SAC 2014 by Suzaki
Slide used at ACM-SAC 2014 by Suzaki
 
OSセキュリティチュートリアル
OSセキュリティチュートリアルOSセキュリティチュートリアル
OSセキュリティチュートリアル
 
Nested Virtual Machines and Proxies
Nested Virtual Machines and Proxies Nested Virtual Machines and Proxies
Nested Virtual Machines and Proxies
 
Bitvisorをベースとした既存Windowsのドライバメモリ保護
Bitvisorをベースとした既存Windowsのドライバメモリ保護Bitvisorをベースとした既存Windowsのドライバメモリ保護
Bitvisorをベースとした既存Windowsのドライバメモリ保護
 
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
Security on cloud storage and IaaS (NSC: Taiwan - JST: Japan workshop)
 
仮想化技術によるマルウェア対策とその問題点
仮想化技術によるマルウェア対策とその問題点仮想化技術によるマルウェア対策とその問題点
仮想化技術によるマルウェア対策とその問題点
 
Technology Used in Virtual Machine (Jan 2008)
Technology Used in Virtual Machine (Jan 2008)Technology Used in Virtual Machine (Jan 2008)
Technology Used in Virtual Machine (Jan 2008)
 
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
EuroSec2012 "Effects of Memory Randomization, Sanitization and Page Cache on ...
 

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Recently uploaded (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

RISC-V-Day-Tokyo2018-suzaki

  • 1. TEE to Run Trusted OS on RISC-V and Related Technologies 1 National Institute of Advanced Industrial Science and Technology(AIST) Kuniyasu Suzaki, Akira Tsukamoto
  • 2. Contents • What is TEE? – RISC-V TEE • Trusted OS – “OP-TEE” – Requirement to implement OP-TEE 2 The difference from Micro51 workshop. Software view (RISC-V day Tokyo), Hardware view (Micro51 workshop) Slides will be opened at https://www.slideshare.net/suzaki
  • 3. HIEE: Hardware-assisted Isolated Execution Environments* • HIEE is used for important process which is independent of OS. • Current CPU has HIEE. – X86 SMM: System Management Mode • Used by BIOS/UEFI. – Intel’s ME: Management Engine. • Run MINIX. Used for remote power control. – Intel SGX: Software Guard execution – ARM Trust Zone 3 * F.Zhang and H.Zhang, SoK:A Study of Using Hardware-assisted Isolated Execution Environments for Security[HASP16] They are not programmable for a user. They are programmable for a user. They are used for TEE.
  • 4. What is TEE? • TEE: Trusted Execution Environment. – TEE separates computing world into “normal” and “secure”. • Secure world is used to run a critical code (e.g., authentication, DRM, etc). – GlobalPlatform defines TEE specification. • https://globalplatform.org/technical-committees/trusted-execution-environment-tee-committee/ 4 CPU TEE Secure World Normal World App Normal OS
  • 5. Privileges for TEE • Global Platform's TEE specification assumes plural privileges on both worlds to run application on a OS. – Normal world runs normal applications on a normal OS. – Secure world runs trusted applications (TAs) on a trusted OS. • ARM Trust Zone offers same privileges to normal and secure world. • Intel SGX has only one privilege (enclave). – Enclave is different from Ring Architecture. 5 CPU Trusted OS Secure World Normal World App Normal OS (e.g., Linux) Trusted Application (TA) POSIX APIGP TEE API
  • 6. TEE projects on RISC-V • Sanctum [MIT project, USENIX Sec’16] • KeyStone [UCB project] – https://keystone-enclave.org/ • MultiZone [Hex-Five product] – https://hex-five.com/ • TEE WG of RISC-V Foundation 6 Intel SGX type One special privilege (Enclave) ARM Trust Zone type plural privileges easy to implement GlobalPlatform style Trusted OS
  • 7. ARM Trusted OS on ARM Trust Zone • GlobalPlatform model 7 Secure world Normal world Normal Applications Normal OS NIC Core Trusted OS Trusted Applications (TA) Core Secure Mode Hard eMMCUART Exception Level EL0: User EL1: Privilege EL2: Hypervisor EL3: Secure SMC (Secure Monitor Call) instruction Memory Static allocate Dynamic allocate
  • 8. Boot Sequence on ARM Trust Zone • BL: Boot Loader • EL: Exception Level 8 Power on BL1: BootROM BL2: Trusted Boot Firmware Secure World Normal World BL31: Secure Monitor BL32: Trusted OS BL33: Normal OS EL3:Secure EL2:Hypervisor EL1:Priviledge EL0:User EL3:Secure EL2:Hypervisor EL1:Priviledge EL0:User
  • 9. Trusted OS • Trusted OS is not a normal OS – Trusted OS is TCB (Trusted Computing Base). It must be secure (small). – No POSIX API, No dynamic link library • TA becomes a static linked binary. • Trusted OS needs the help of normal OS – Because Trusted OS has no File System, no device driver (except some special devices, e.g., UART) • When a TA want to save a data, the data is encrypted and saved on FS of normal OS. 9
  • 10. Trusted OS • Open Source Trusted OS – OP-TEE (Linaro) https://github.com/OP-TEE – Open-TEE (Aalto University[TrustCom15]) https://open-tee.github.io/ – Trusty (Google) https://source.android.com/security/trusty/index.html – SierraTEE (Sierra) https://www.sierraware.com/open-source-ARM-TrustZone.html • Enterprise Trusted OS – Apple’s Secure Enclave – Qualcomm’s QSEE – Samsung’s Knox https://www.samsungknox.com/en – Trastonic Kinibi and MobiCore 10
  • 11. How to run a TA on OP-TEE 11 Secure World Normal World Secure Monitor Exception Level EL0: User EL1: Privilege EL2: Hypervisor EL3: Secure Linux with op-tee driver TA with libutee.a OP-TEE (signature check) (dispatch by UUID) TA-Client TEE-Supplicant /dev/tee0 /dev/teeprev0 Load a TA Use a TA Helper of TAsignatureMajor Roll • TA-Client loads a TA on OP-TEE – TA needs a signature to load on OP-TEE – TA has a UUID to communicate with TA- Client and TEE-Supplicant • TA-Client sends a request to TA • TA replies an answer to TA-Client • TA sends a request to TEE- Supplicant (e.g., to save an encrypted data on File System) TEE internal API only (No POSIX sys call) TA libtee.so
  • 12. Memory Map of OP-TEE • ARM Hikey Board 2GB • Software size: Our experience – Secure world • Secure Monitor 33KB • OP-TEE 281KB • TA 1,200KB – Normal World (on Linux) • TA-Client 17KB • TEE-Supplicant 197KB 12 0x7FFFFFFF (2GB) OP-TEE & TA 0x7F000000 16MB 0x7EC0000 Shared Memory 4 MB 0x7E80000 Linux Kernel with SMC driver 4 MB 0x7E00000 8 MB Secure Data Path Buffer Reserved Secure World Normal World
  • 13. OP-TEE on RISC-V using seL4 • Rahul Mahadev’s Google Summer of Code • http://mahadevrahul.blogspot.com/ – The Trust Zone features and secure monitor are implemented as a seL4 library. – OP-TEE is paravirtualized, all calls referencing ARM Trusted Firmware and secure monitor are replaced with new calls. 13 seL4 Rich OS (Linux) Library to emulate Trust Zone VMM Paravirtualized OP-TEE TAApp
  • 14. Conclusions • My talk is software view of TEE • When we implement OP-TEE on RISC-V, we must develop – Boot sequence: Trusted Boot Firmware, Secure Monitor – Linux kernel driver – Libraries (libutee.a for TA and libtee.so for Linux Apps) – Linux application to assist TA (TEE-supplicant) 14 See Micro51 RISC-V workshop for hardware view Slide of RISC-V Day Tokyo 2018 and Micro51 RISC-V workshop will be opened at https://www.slideshare.net/suzaki