Embedded Recipes 2022 - Secure Elements in a Trusted Execution Environment
A Secure Element is a tamper resistant device that provides secure storage and an execution environment for sensitive data and cryptographic processing. They connect to the host processors through I2C or SPI on the physical channel and the T=1 ISO/IEC 7816 block oriented half-duplex protocol on the second layer.
A Trusted Execution Environment (TEE) is an area of the main processor that provides isolated execution and confidentiality of its assets. A TEE executes its own secure operating system with access to cryptographic algorithms that, depending on the SoC, can be implemented in software libraries (i.e: libtomcrypt, libmbedtls) or in hardware as accelerator co-processors.
The shared memory mechanisms used by TEEs to communicate with bootloaders and Rich Execution Environments (REE) such as Linux are a perfect match to transport block protocols like T=1. This gives a TEE the opportunity to share buses with a REE, while avoiding access collisions and without imposing static usage or power requirements.
This presentation will explain how the NXP EdgeLock SE05x driver was integrated and upstreamed to OP-TEE, and how it provides cryptographic support and secure storage to the boot firmware (U-boot), the TEE (OP-TEE), and the REE (Linux).
Jorge Ramirez
Видео Embedded Recipes 2022 - Secure Elements in a Trusted Execution Environment канала Kernel Recipes
A Trusted Execution Environment (TEE) is an area of the main processor that provides isolated execution and confidentiality of its assets. A TEE executes its own secure operating system with access to cryptographic algorithms that, depending on the SoC, can be implemented in software libraries (i.e: libtomcrypt, libmbedtls) or in hardware as accelerator co-processors.
The shared memory mechanisms used by TEEs to communicate with bootloaders and Rich Execution Environments (REE) such as Linux are a perfect match to transport block protocols like T=1. This gives a TEE the opportunity to share buses with a REE, while avoiding access collisions and without imposing static usage or power requirements.
This presentation will explain how the NXP EdgeLock SE05x driver was integrated and upstreamed to OP-TEE, and how it provides cryptographic support and secure storage to the boot firmware (U-boot), the TEE (OP-TEE), and the REE (Linux).
Jorge Ramirez
Видео Embedded Recipes 2022 - Secure Elements in a Trusted Execution Environment канала Kernel Recipes
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
![Kernel Recipes 2022 - What’s new with io_uring](https://i.ytimg.com/vi/ToSRCSijRuE/default.jpg)
![Embedded Recipes 2022 - The next 50 million firmware updates](https://i.ytimg.com/vi/iR_KAjRe9fA/default.jpg)
![Kernel Recipes 2018 - Mitigating Spectre and Meltdown vulnerabilities - David Woodhouse](https://i.ytimg.com/vi/wZmqzB4QMpg/default.jpg)
![Embedded Recipes 2019 - Testing firmware the devops way](https://i.ytimg.com/vi/Cs6S928qw6Q/default.jpg)
![Kernel Recipes 2018 - A year of fixing Coverity issues... - Gustavo A. R. Silva](https://i.ytimg.com/vi/qj1Yjc_dK6s/default.jpg)
![Embedded Recipes 2017 - Proper APIs to HW video codec accelerators - Olivier Crete](https://i.ytimg.com/vi/bntAsF8IaLo/default.jpg)
![Embedded Recipes 2022 - Tracing on embedded boards](https://i.ytimg.com/vi/7KHLoZKwlBk/default.jpg)
![Kernel Recipes 2022](https://i.ytimg.com/vi/nhJqaZT94z0/default.jpg)
![Kernel Recipes - Creating custom Debian images for your embedded device](https://i.ytimg.com/vi/467kgcSxDf0/default.jpg)
![Kernel Recipes 2015 - Solving the Linux storage scalability bottlenecks - by Jens Axboe](https://i.ytimg.com/vi/VIdKBD9-Ozg/default.jpg)
![Kernel Recipes 2019 - pidfds: Process file descriptors on Linux](https://i.ytimg.com/vi/19SlR_zjPxc/default.jpg)
![Kernel Recipes 2022 - Rethinking the kernel camera framework](https://i.ytimg.com/vi/KL3ajTu8VzU/default.jpg)
![Kernel Recipes 2022 - Make Linux developers fix your kernel bug](https://i.ytimg.com/vi/Uh_mWWMJHDY/default.jpg)
![Kernel Recipes 2019 - BPF at Facebook](https://i.ytimg.com/vi/bbHFg9IsTk8/default.jpg)
![Kernel Recipes 2015 - Linux kernel IO subsystem - by Jan Kara](https://i.ytimg.com/vi/2tu__ZHC0mI/default.jpg)
![Embedded Recipes 2018 - Using yocto to generate container images for yocto - Jérémy Rosen](https://i.ytimg.com/vi/0S2Qow1IcQA/default.jpg)
![Kernel Recipes 2018 - CLIP OS: a defense-in-depth OS - Mickael Salaün, Timothée Ravier](https://i.ytimg.com/vi/PjRE0uBtkHU/default.jpg)
![Embedded Recipes 2018 - SoC+FPGA support in 2018 - Marek Vasut](https://i.ytimg.com/vi/H7EsuyPQgFc/default.jpg)
![Kernel Recipes 2019 - No NMI? No Problem! – Implementing Arm64 Pseudo-NMI](https://i.ytimg.com/vi/7cVaEiaeSmo/default.jpg)
![Julia Lawall, INRIA - Coccinelle](https://i.ytimg.com/vi/ohyn1DTuh18/default.jpg)
![Kernel Recipes 2023 - Demystifying the Linux kernel security process](https://i.ytimg.com/vi/2TZe5EROFhE/default.jpg)