Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
@tym2k1
tym2k1 committed Sep 2, 2024
1 parent 923e171 commit d4f06a8
Showing 1 changed file with 60 additions and 17 deletions.
77 changes: 60 additions & 17 deletions 2024/YoctoProjectDeveloperDay/practical-sec-tee.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,8 @@ extras:

.center[ <img src="/img/TEE_cpu_visual.svg" height="250px"> ]

<br>

_A secure area of a main processor that guarantees that the code and data loaded
inside are protected with respect to confidentiality and integrity._

Expand Down Expand Up @@ -179,9 +181,29 @@ normal execution environment

---

# Normal vs Secure Worlds - Arm Cortex-A
# Normal vs Secure Worlds - Arm

.left-column50[
<br>
### Arm Cortex-A
]

.right-column50[
<img src="/img/TEE_ARM_Cortex-a.svg" height="180px" style="margin-left:-120px; margin-top:-10px">
]

.left-column50[
<br>
<br>
<br>
<br>
<br>
### Arm Cortex-M
]

.center[ <img src="/img/TEE_ARM_Cortex-a.svg" height="250px"> ]
.right-column50[
<img src="/img/TEE_ARM_Cortex-m.svg" height="180px" style="margin-left:-17px">
]

???

Expand All @@ -191,40 +213,61 @@ normal execution environment

---

# Normal vs Secure Worlds - Arm Cortex-M
# Normal vs Secure Worlds - Others

.center[ <img src="/img/TEE_ARM_Cortex-m.svg" height="250px"> ]

---

# Normal vs Secure Worlds - x86
# Secure Storage vs fTPM

???
### TPM

- TODO (briefly)
<img src="/img/tpm_ftpm_tee_driver1.svg" height="55px">

---
### fTPM

# Normal vs Secure Worlds - RISC-V
<img src="/img/tpm_ftpm_tee_driver2.svg" height="55px">

???
### fTPM as TA

- TODO (briefly)
<img src="/img/tpm_ftpm_tee_driver3.svg" height="90px" style="margin-top:-25px">

---

# Secure Storage vs fTPM
# Trusted OS options

### TPM
.pure-table[
| Company | Product | Hardware Used | API Standard | Is Open-Source? | Supported by Yocto? |
|----------------------|-----------------|------------------------|-------------------------------|-----------------------|---------------------|
| Alibaba | Cloud Link TEE | ? | GlobalPlatform |||
| Apple | Secure Enclave | Separate processor | Proprietary |||
| BeanPod | ISEE | ARM TrustZone | GlobalPlatform |||
| Huawei | iTrustee | ARM TrustZone | GlobalPlatform |||
| Google | Trusty | ARM / Intel | Proprietary | Partially Open-Source ||
| Linaro | OPTEE | ARM TrustZone | GlobalPlatform | ✔️ | ✔️ |
| ProvenRun | ProvenCore | ARM TrustZone | ? |||
| Qualcomm | QTEE | ARM TrustZone | GlobalPlatform + Proprietary |||
| Samsung | TEEgris | ARM TrustZone | GlobalPlatform |||
| TrustKernel | T6 | Arm / Intel | GlobalPlatform | ✔️ * ||
| Trustonic | Kinibi | ARM TrustZone | GlobalPlatform |||
| Watchdata | WatchTrust | ARM TrustZone | GlobalPlatform |||
]

<img src="/img/tpm_ftpm_tee_driver1.svg" height="79px">
.footnote[

### fTPM
Sources:

<img src="/img/tpm_ftpm_tee_driver3.svg" height="130px" style="margin-top:-25px">
[wikipedia.org/Trusted_execution_environment](https://en.wikipedia.org/wiki/Trusted_execution_environment)

### fTPM as TA
*[github.com/liwenhaosuper/t6](https://github.com/liwenhaosuper/t6)
(The link to the supposed source code is dead)
]

???

<img src="/img/tpm_ftpm_tee_driver3.svg" height="130px" style="margin-top:-25px">
- Wikipedia also specifies a formally-validated static partitioning über eXtensible
Micro-Hypervisor Framework.
- Segway into Crosscon HV

---

0 comments on commit d4f06a8

Please sign in to comment.