SlideShare una empresa de Scribd logo

HKG18-212 - Trusted Firmware M: Introduction

Linaro
Linaro

Trusted Firmware is a set of foundational software components that implement security services for secure platforms, including a trusted execution environment, secure function invocation, secure device initialization and setup, and trusted boot. Trusted Firmware for A-profile systems (TF-A) is a mature open source project, while Trusted Firmware M (TF-M) builds on TF-A for M-profile devices in a more constrained manner. The Platform Security Architecture (PSA) provides standard interfaces to build secure systems, and Trusted Firmware implements PSA. TF-M development includes aligning with PSA, supporting Arm platforms and IP, and taking third-party contributions through a new open governance model hosted by Linaro

Tecnología
1 de 22
Descargar para leer sin conexión
Non-Confidential © Arm 2018 Linaro Connect – Hong Kong March 2018 Trusted Firmware Central Engineering - Open Source Software James King
Non-Confidential © Arm 20182 • What is Trusted Firmware? What is new? • What is PSA? • Open Source Project • Learn More • Q & A Contents
Non-Confidential © Arm 20183 It is a set of foundational software components which implement the services required for a secure platform: • Reference software for partners to build on which creates a trusted execution environment • Secure Function invocation (Software Interface to TrustZone) • Secure Device Initialisation and Setup • Trusted Boot (image verification derived from RoT) • PSA Compliance (more on this later) What is Trusted Firmware?
Non-Confidential © Arm 20184 This Reference Software is designed to be: • Ported to applicable SoCs to ensure they provide the system security offered by the hardware – Minimise Production Effort • A standardisation of how secure services get invoked to allow for more portable secure software integrations – Ease Software Integration • A standardisation of how hardware functions to support security get invoked (to optimally address vulnerabilities) – Security by Scale What is Trusted Firmware? (cont’d)
Non-Confidential © Arm 20185 Trusted Firmware for A-profile systems (TF-A) • Mature Open Source Project • v0.2 went public in October 2013 ( http://connect.linaro.org/resource/lca14/lca14-102-adopting-arm-trusted-firmware/) • Well established collaboration model • Security Incident Handling • Security and MISRA hardened (and ongoing hardening) • Used in most production Armv8-A systems • Trusted Boot Support • Integrated with main TEEs and secure software solutions This is not new!
Non-Confidential © Arm 20186 Reference boot flows • For all Armv8-A systems • AArch64 & AArch32 support • Armv7-A systems support Open Source at GitHub • BSD License • Contributors welcome (DCO) Latest release = v1.5 • RAS (SPM, SDEI, EHF) support • Secure Partitions initial support • PSCI v1.1 & SMCCC v1.1 support • Dynamic Configuration Phase 1 • BL2 optional execution at EL3 Trusted Firmware A 2nd level Boot Loader (BL2) loads all 3rd level images 1st level Boot Loader (BL1) loads 2nd level image Loading RESET RESET https://github.com/ARM-software/arm-trusted-firmware SCMI
Non-Confidential © Arm 20187 TF-M builds on TF-A terminology & principles to create a unified approach for secure device software: • Isolated secure and non-secure execution environments • Methods to invoke secure services from non-secure apps • Trusted device initialisation and trusted boot mechanisms Albeit more honed to the M-profile device eco-system • Aimed at more constrained devices, thus more configurability • Different mechanism for TrustZone isolation • Much more fragmented OS and software eco-system Trusted Firmware M (TF-M) is new!
Non-Confidential © Arm 20188 TF-M provides a good starting point for secure software implementations now, but there is lots more to do… TF-M is the start of a journey
Non-Confidential © Arm 20189 What is PSA? Relevant to all segments – but starting with IoT
Non-Confidential © Arm 201810 Platform Security Architecture for simpler IoT security A recipe for building secure systems from analysis to implementation Analyse • Threat models and security analyses Architec t • Firmware architectur e & hardware specificati ons Implem ent • Source code & hardware IP PSA documents Enabling products & contributions
Non-Confidential © Arm 201811 Threat Models and Security Analyses https://pages.arm.com/psa-resources.html
Non-Confidential © Arm 201812 PSA Firmware Framework Concepts • Secure Partition Manager (SPM) – provides the boot, isolation and IPC services to the SPE • Partition – the unit of execution • Secure function – a set of related APIs invoked through secure IPC • Trusted function – a secure function that Non secure partition Application firmware OS libraries OS kernel Secure partition Secure function Secure function Trusted partition Trusted function Trusted function Secure Partition Manager Secure IPC Secure isolation Secure debug Isolation boundary Secure Processing Environment Non-secure Processing environment Secure partition Secure function Secure function
Non-Confidential © Arm 201813 PSA - Standardized interfaces PSA specifies interfaces to decouple components • Enables reuse of components in other device platforms • Reduces integration effort PSA provides an architectural specification • Hardware, firmware and process requirements and interfaces • Partners can provide alternative implementations Trusted Firmware is example PSA software Secure Functio ns Secure partition API Core Trusted Firmware (SPM) Boot firmware Root of Trust keys Platform hardware Non-secure processing environment Secure processing environment Application(s) RTOS SecureIPC Secure hardware requirements TBSA Armv8-M Trusted Function s PSA APIs
Non-Confidential © Arm 201814 1. Align with the PSA specifications by the time they make public release 1. Standardised APIs for crypto, attestation, secure storage, IPC, hardware RoT, audit logging, debug control, etc 2. Full SPM and IPC to isolate many secure functions and their interactions 3. Device initialisation, Trusted boot and firmware update 4. Many build configurations to support from most constrained to most secure 2. Support Arm development platforms and IP 1. Musca test-chip, SDK-20x FPGA on MPS2/3, AEMv8-M/IoT-kit FVP 2. V8-M system IP, Arm Cryptocell, Arm CryptoIsland 3. Support and enable contributions 1. Partner SoCs and systems 2. Software integrations – secure services, RTOSes, secure-OSes All in a public open source project (Back to) Trusted Firmware M - Plans Musca
Non-Confidential © Arm 201815 • Trusted Firmware for A-profile Arm SoCs has been publicly available as free open source software for many years at https://github.com/ARM-software/arm-trusted-firmware • This software has received contributions from many partners and is very widely used across the eco-system • Now that partners depend on this firmware (or have expectations of depending on TF-M) it has been requested that this open source software been moved to an open governance model • While developed as reference code by Arm, it is designed to provide common functionality across all the partnership SoCs and products. • Enable the whole ecosystem to participate and steer the direction of the project. Open Governance Trusted Firmware
Non-Confidential © Arm 201816 Linaro is forming a new division to host open-governance open source software projects • Projects are operated independently from the main Linaro organisation • Each project has own board, committees, funding, URLs, etc • This division is contracted to provide services such as IT infrastructure, finance, legal, marketing and engineering – as requested by the project • Project membership equally open to Linaro members and non-members • For each project: • Board members – kept between viable minimum and project maximum • General members Get to steer strategy and investment plans for the project Linaro Community Projects Division
Non-Confidential © Arm 201817
Non-Confidential © Arm 201818 Infrastructure is live now https://git.trustedfirmware.org/ • Public GiT containing TF-A and TF-M master codebases https://review.trustedfirmware.org • Public Gerrit review server for patch submissions and review https://issues.trustedfirmware.org/ • Public phabricator ticket server for bugs and change requests to be raised Codebase includes maintainer files and contribution guidelines TF-M ready to take contributions there now TF-A will transition from GitHub contributions over next few months
Non-Confidential © Arm 201819 Get Involved Platinum, General and Community memberships available • Linaro and Arm presenting details to potential members • Take partial ownership of a project you depend on • Ensure your dependencies are maintained and continually validated • Your Board in the CI farm • Your Software Tests in the CI suite • Reduce internal maintainership costs by pushing generic features you need • Help ensure that the open source community supports Trusted Firmware interfaces and features Contact board@trustedfirmware.org for more information
Non-Confidential © Arm 201820 Deep dive presentations around TF-M this afternoon • 2pm – 5pm in Berlin (Session Room II) 1. Trusted Firmware M : Core and Partition Manager (Miklos Balint) 2. Trusted Firmware M : Secure Storage (Ashutosh Singh) 3. Trusted Firmware M : Trusted Boot (Tamas Ban) Hacking in the LITE room to integrate TF-M and Zephyr for Arm v8-M platforms Learn More
Non-Confidential © Arm 201821 • Ask now (or after the presentation) • Come to the LITE hacking room and find a TF engineer • Email board@trustedfirmware.org or james.king@arm.com
Non-Confidential © Arm 2018222222 Thank You! Danke! Merci! 谢谢 ! ありがとう ! Gracias! Kiitos!

Recomendados

HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
Linaro
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
FFRI, Inc.
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Linux : PSCI
Linux : PSCILinux : PSCI
Linux : PSCI
Mr. Vengineer
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
Yannick Gicquel
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Linaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 

Recomendados

HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
Linaro
 
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
ARMv8-M TrustZone: A New Security Feature for Embedded Systems (FFRI Monthly ...
FFRI, Inc.
 
BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE BUD17-416: Benchmark and profiling in OP-TEE
BUD17-416: Benchmark and profiling in OP-TEE
Linaro
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Linux : PSCI
Linux : PSCILinux : PSCI
Linux : PSCI
Mr. Vengineer
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
Yannick Gicquel
 
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Linaro
 
HKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting ReviewHKG15-311: OP-TEE for Beginners and Porting Review
HKG15-311: OP-TEE for Beginners and Porting Review
Linaro
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_
Linaro
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted Firmware
Linaro
 
Qemu Pcie
Qemu PcieQemu Pcie
Qemu Pcie
The Linux Foundation
 
Memory model
Memory modelMemory model
Memory model
Yi-Hsiu Hsu
 
Embedded Linux on ARM
Embedded Linux on ARMEmbedded Linux on ARM
Embedded Linux on ARM
Emertxe Information Technologies Pvt Ltd
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solution
Linaro
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
Linaro
 
Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development
FastBit Embedded Brain Academy
 
Introduction to armv8 aarch64
Introduction to armv8 aarch64Introduction to armv8 aarch64
Introduction to armv8 aarch64
Yi-Hsiu Hsu
 
DAIS19: On the Performance of ARM TrustZone
DAIS19: On the Performance of ARM TrustZoneDAIS19: On the Performance of ARM TrustZone
DAIS19: On the Performance of ARM TrustZone
LEGATO project
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)
Drew Fustini
 
XPDS16: Keeping coherency on ARM - Julien Grall, ARM
XPDS16: Keeping coherency on ARM - Julien Grall, ARMXPDS16: Keeping coherency on ARM - Julien Grall, ARM
XPDS16: Keeping coherency on ARM - Julien Grall, ARM
The Linux Foundation
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debuggingLAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
96Boards
 
Embedded C programming session10
Embedded C programming session10Embedded C programming session10
Embedded C programming session10
Keroles karam khalil
 
Interview preparation workshop
Interview preparation workshopInterview preparation workshop
Interview preparation workshop
Emertxe Information Technologies Pvt Ltd
 
from Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Worksfrom Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Works
Zhen Wei
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
Satpal Parmar
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
FIDO Alliance
 
PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoT
Duncan Purves
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
RISC-V International
 

Más contenido relacionado

La actualidad más candente

BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
Linaro
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
Linaro
 
Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development
FastBit Embedded Brain Academy
 
DAIS19: On the Performance of ARM TrustZone
DAIS19: On the Performance of ARM TrustZoneDAIS19: On the Performance of ARM TrustZone
DAIS19: On the Performance of ARM TrustZone
LEGATO project
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
Linaro
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)
Drew Fustini
 

La actualidad más candente (20)

BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_Trusted firmware deep_dive_v1.0_
Trusted firmware deep_dive_v1.0_
 
LCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted FirmwareLCU13: An Introduction to ARM Trusted Firmware
LCU13: An Introduction to ARM Trusted Firmware
 
Qemu Pcie
Qemu PcieQemu Pcie
Qemu Pcie
 
Memory model
Memory modelMemory model
Memory model
 
Embedded Linux on ARM
Embedded Linux on ARMEmbedded Linux on ARM
Embedded Linux on ARM
 
LCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solutionLCA14: LCA14-502: The way to a generic TrustZone® solution
LCA14: LCA14-502: The way to a generic TrustZone® solution
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
 
Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development Part-1 : Mastering microcontroller with embedded driver development
Part-1 : Mastering microcontroller with embedded driver development
 
Introduction to armv8 aarch64
Introduction to armv8 aarch64Introduction to armv8 aarch64
Introduction to armv8 aarch64
 
DAIS19: On the Performance of ARM TrustZone
DAIS19: On the Performance of ARM TrustZoneDAIS19: On the Performance of ARM TrustZone
DAIS19: On the Performance of ARM TrustZone
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
 
Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)Linux on RISC-V with Open Hardware (ELC-E 2020)
Linux on RISC-V with Open Hardware (ELC-E 2020)
 
XPDS16: Keeping coherency on ARM - Julien Grall, ARM
XPDS16: Keeping coherency on ARM - Julien Grall, ARMXPDS16: Keeping coherency on ARM - Julien Grall, ARM
XPDS16: Keeping coherency on ARM - Julien Grall, ARM
 
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debuggingLAS16 111 - Raspberry pi3, op-tee and jtag debugging
LAS16 111 - Raspberry pi3, op-tee and jtag debugging
 
Embedded C programming session10
Embedded C programming session10Embedded C programming session10
Embedded C programming session10
 
Interview preparation workshop
Interview preparation workshopInterview preparation workshop
Interview preparation workshop
 
from Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Worksfrom Binary to Binary: How Qemu Works
from Binary to Binary: How Qemu Works
 
U Boot or Universal Bootloader
U Boot or Universal BootloaderU Boot or Universal Bootloader
U Boot or Universal Bootloader
 
Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)Introducing FIDO Device Onboard (FDO)
Introducing FIDO Device Onboard (FDO)
 

Similar a HKG18-212 - Trusted Firmware M: Introduction

Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Linaro
 
F5 Networks: миграция c Microsoft TMG
F5 Networks: миграция c Microsoft TMGF5 Networks: миграция c Microsoft TMG
F5 Networks: миграция c Microsoft TMG
Dmitry Tikhovich
 
devops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptxdevops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptx
Deepakgupta273447
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Weaveworks
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
Srikanth Pilli
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Yoshitake Kobayashi
 

Similar a HKG18-212 - Trusted Firmware M: Introduction (20)

PSA Certified – building trust in IoT
PSA Certified – building trust in IoTPSA Certified – building trust in IoT
PSA Certified – building trust in IoT
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
Approach-to-Security-applications-running-from-different-HW-platforms-Daniel-...
 
Zephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdfZephyr-Overview-20230124.pdf
Zephyr-Overview-20230124.pdf
 
A practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platformsA practical approach to securing embedded and io t platforms
A practical approach to securing embedded and io t platforms
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT Security
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
LAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devicesLAS16-203: Platform security architecture for embedded devices
LAS16-203: Platform security architecture for embedded devices
 
F5 Networks: миграция c Microsoft TMG
F5 Networks: миграция c Microsoft TMGF5 Networks: миграция c Microsoft TMG
F5 Networks: миграция c Microsoft TMG
 
devops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptxdevops ppt for hjs jsdjhjd hsdbusinees.pptx
devops ppt for hjs jsdjhjd hsdbusinees.pptx
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021Application security meetup k8_s security with zero trust_29072021
Application security meetup k8_s security with zero trust_29072021
 
Intro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and LinkerdIntro to GitOps with Weave GitOps, Flagger and Linkerd
Intro to GitOps with Weave GitOps, Flagger and Linkerd
 
Software update for IoT: the current state of play
Software update for IoT: the current state of playSoftware update for IoT: the current state of play
Software update for IoT: the current state of play
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
 
Pivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First LookPivotal Cloud Foundry 2.4: A First Look
Pivotal Cloud Foundry 2.4: A First Look
 
2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil2011 NASA Open Source Summit - Forge.mil
2011 NASA Open Source Summit - Forge.mil
 
mbed Connect Asia 2016 Intro to mbed OS
mbed Connect Asia 2016 Intro to mbed OSmbed Connect Asia 2016 Intro to mbed OS
mbed Connect Asia 2016 Intro to mbed OS
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
 
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
Civil Infrastructure Platform: Industrial Grade SLTS Kernel and Base-layer De...
 

Más de Linaro

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Linaro
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Linaro
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
Linaro
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
Linaro
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
Linaro
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
Linaro
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Linaro
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Linaro
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
Linaro
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
Linaro
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
Linaro
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
Linaro
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
Linaro
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
Linaro
 
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
Linaro
 
HKG18-317 - Arm Server Ready Program
HKG18-317 - Arm Server Ready ProgramHKG18-317 - Arm Server Ready Program
HKG18-317 - Arm Server Ready Program
Linaro
 

Más de Linaro (20)

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
 
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
HKG18-500K1 - Keynote: Dileep Bhandarkar - Emerging Computing Trends in the D...
 
HKG18-317 - Arm Server Ready Program
HKG18-317 - Arm Server Ready ProgramHKG18-317 - Arm Server Ready Program
HKG18-317 - Arm Server Ready Program
 

Último

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Último (20)

Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​Elevate Developer Efficiency & build GenAI Application with Amazon Q​
Elevate Developer Efficiency & build GenAI Application with Amazon Q​
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

HKG18-212 - Trusted Firmware M: Introduction

  • 1. Non-Confidential © Arm 2018 Linaro Connect – Hong Kong March 2018 Trusted Firmware Central Engineering - Open Source Software James King
  • 2. Non-Confidential © Arm 20182 • What is Trusted Firmware? What is new? • What is PSA? • Open Source Project • Learn More • Q & A Contents
  • 3. Non-Confidential © Arm 20183 It is a set of foundational software components which implement the services required for a secure platform: • Reference software for partners to build on which creates a trusted execution environment • Secure Function invocation (Software Interface to TrustZone) • Secure Device Initialisation and Setup • Trusted Boot (image verification derived from RoT) • PSA Compliance (more on this later) What is Trusted Firmware?
  • 4. Non-Confidential © Arm 20184 This Reference Software is designed to be: • Ported to applicable SoCs to ensure they provide the system security offered by the hardware – Minimise Production Effort • A standardisation of how secure services get invoked to allow for more portable secure software integrations – Ease Software Integration • A standardisation of how hardware functions to support security get invoked (to optimally address vulnerabilities) – Security by Scale What is Trusted Firmware? (cont’d)
  • 5. Non-Confidential © Arm 20185 Trusted Firmware for A-profile systems (TF-A) • Mature Open Source Project • v0.2 went public in October 2013 ( http://connect.linaro.org/resource/lca14/lca14-102-adopting-arm-trusted-firmware/) • Well established collaboration model • Security Incident Handling • Security and MISRA hardened (and ongoing hardening) • Used in most production Armv8-A systems • Trusted Boot Support • Integrated with main TEEs and secure software solutions This is not new!
  • 6. Non-Confidential © Arm 20186 Reference boot flows • For all Armv8-A systems • AArch64 & AArch32 support • Armv7-A systems support Open Source at GitHub • BSD License • Contributors welcome (DCO) Latest release = v1.5 • RAS (SPM, SDEI, EHF) support • Secure Partitions initial support • PSCI v1.1 & SMCCC v1.1 support • Dynamic Configuration Phase 1 • BL2 optional execution at EL3 Trusted Firmware A 2nd level Boot Loader (BL2) loads all 3rd level images 1st level Boot Loader (BL1) loads 2nd level image Loading RESET RESET https://github.com/ARM-software/arm-trusted-firmware SCMI
  • 7. Non-Confidential © Arm 20187 TF-M builds on TF-A terminology & principles to create a unified approach for secure device software: • Isolated secure and non-secure execution environments • Methods to invoke secure services from non-secure apps • Trusted device initialisation and trusted boot mechanisms Albeit more honed to the M-profile device eco-system • Aimed at more constrained devices, thus more configurability • Different mechanism for TrustZone isolation • Much more fragmented OS and software eco-system Trusted Firmware M (TF-M) is new!
  • 8. Non-Confidential © Arm 20188 TF-M provides a good starting point for secure software implementations now, but there is lots more to do… TF-M is the start of a journey
  • 9. Non-Confidential © Arm 20189 What is PSA? Relevant to all segments – but starting with IoT
  • 10. Non-Confidential © Arm 201810 Platform Security Architecture for simpler IoT security A recipe for building secure systems from analysis to implementation Analyse • Threat models and security analyses Architec t • Firmware architectur e & hardware specificati ons Implem ent • Source code & hardware IP PSA documents Enabling products & contributions
  • 11. Non-Confidential © Arm 201811 Threat Models and Security Analyses https://pages.arm.com/psa-resources.html
  • 12. Non-Confidential © Arm 201812 PSA Firmware Framework Concepts • Secure Partition Manager (SPM) – provides the boot, isolation and IPC services to the SPE • Partition – the unit of execution • Secure function – a set of related APIs invoked through secure IPC • Trusted function – a secure function that Non secure partition Application firmware OS libraries OS kernel Secure partition Secure function Secure function Trusted partition Trusted function Trusted function Secure Partition Manager Secure IPC Secure isolation Secure debug Isolation boundary Secure Processing Environment Non-secure Processing environment Secure partition Secure function Secure function
  • 13. Non-Confidential © Arm 201813 PSA - Standardized interfaces PSA specifies interfaces to decouple components • Enables reuse of components in other device platforms • Reduces integration effort PSA provides an architectural specification • Hardware, firmware and process requirements and interfaces • Partners can provide alternative implementations Trusted Firmware is example PSA software Secure Functio ns Secure partition API Core Trusted Firmware (SPM) Boot firmware Root of Trust keys Platform hardware Non-secure processing environment Secure processing environment Application(s) RTOS SecureIPC Secure hardware requirements TBSA Armv8-M Trusted Function s PSA APIs
  • 14. Non-Confidential © Arm 201814 1. Align with the PSA specifications by the time they make public release 1. Standardised APIs for crypto, attestation, secure storage, IPC, hardware RoT, audit logging, debug control, etc 2. Full SPM and IPC to isolate many secure functions and their interactions 3. Device initialisation, Trusted boot and firmware update 4. Many build configurations to support from most constrained to most secure 2. Support Arm development platforms and IP 1. Musca test-chip, SDK-20x FPGA on MPS2/3, AEMv8-M/IoT-kit FVP 2. V8-M system IP, Arm Cryptocell, Arm CryptoIsland 3. Support and enable contributions 1. Partner SoCs and systems 2. Software integrations – secure services, RTOSes, secure-OSes All in a public open source project (Back to) Trusted Firmware M - Plans Musca
  • 15. Non-Confidential © Arm 201815 • Trusted Firmware for A-profile Arm SoCs has been publicly available as free open source software for many years at https://github.com/ARM-software/arm-trusted-firmware • This software has received contributions from many partners and is very widely used across the eco-system • Now that partners depend on this firmware (or have expectations of depending on TF-M) it has been requested that this open source software been moved to an open governance model • While developed as reference code by Arm, it is designed to provide common functionality across all the partnership SoCs and products. • Enable the whole ecosystem to participate and steer the direction of the project. Open Governance Trusted Firmware
  • 16. Non-Confidential © Arm 201816 Linaro is forming a new division to host open-governance open source software projects • Projects are operated independently from the main Linaro organisation • Each project has own board, committees, funding, URLs, etc • This division is contracted to provide services such as IT infrastructure, finance, legal, marketing and engineering – as requested by the project • Project membership equally open to Linaro members and non-members • For each project: • Board members – kept between viable minimum and project maximum • General members Get to steer strategy and investment plans for the project Linaro Community Projects Division
  • 18. Non-Confidential © Arm 201818 Infrastructure is live now https://git.trustedfirmware.org/ • Public GiT containing TF-A and TF-M master codebases https://review.trustedfirmware.org • Public Gerrit review server for patch submissions and review https://issues.trustedfirmware.org/ • Public phabricator ticket server for bugs and change requests to be raised Codebase includes maintainer files and contribution guidelines TF-M ready to take contributions there now TF-A will transition from GitHub contributions over next few months
  • 19. Non-Confidential © Arm 201819 Get Involved Platinum, General and Community memberships available • Linaro and Arm presenting details to potential members • Take partial ownership of a project you depend on • Ensure your dependencies are maintained and continually validated • Your Board in the CI farm • Your Software Tests in the CI suite • Reduce internal maintainership costs by pushing generic features you need • Help ensure that the open source community supports Trusted Firmware interfaces and features Contact board@trustedfirmware.org for more information
  • 20. Non-Confidential © Arm 201820 Deep dive presentations around TF-M this afternoon • 2pm – 5pm in Berlin (Session Room II) 1. Trusted Firmware M : Core and Partition Manager (Miklos Balint) 2. Trusted Firmware M : Secure Storage (Ashutosh Singh) 3. Trusted Firmware M : Trusted Boot (Tamas Ban) Hacking in the LITE room to integrate TF-M and Zephyr for Arm v8-M platforms Learn More
  • 21. Non-Confidential © Arm 201821 • Ask now (or after the presentation) • Come to the LITE hacking room and find a TF engineer • Email board@trustedfirmware.org or james.king@arm.com
  • 22. Non-Confidential © Arm 2018222222 Thank You! Danke! Merci! 谢谢 ! ありがとう ! Gracias! Kiitos!