From d4f06a8d356eb1e182fe97ba83908c3dde03d200 Mon Sep 17 00:00:00 2001 From: Tymoteusz Burak Date: Mon, 2 Sep 2024 18:40:19 +0200 Subject: [PATCH] WIP --- .../practical-sec-tee.md | 77 +++++++++++++++---- 1 file changed, 60 insertions(+), 17 deletions(-) diff --git a/2024/YoctoProjectDeveloperDay/practical-sec-tee.md b/2024/YoctoProjectDeveloperDay/practical-sec-tee.md index bcda60b..b9ad17f 100644 --- a/2024/YoctoProjectDeveloperDay/practical-sec-tee.md +++ b/2024/YoctoProjectDeveloperDay/practical-sec-tee.md @@ -152,6 +152,8 @@ extras: .center[ ] +
+ _A secure area of a main processor that guarantees that the code and data loaded inside are protected with respect to confidentiality and integrity._ @@ -179,9 +181,29 @@ normal execution environment --- -# Normal vs Secure Worlds - Arm Cortex-A +# Normal vs Secure Worlds - Arm + +.left-column50[ +
+### Arm Cortex-A +] + +.right-column50[ + +] + +.left-column50[ +
+
+
+
+
+### Arm Cortex-M +] -.center[ ] +.right-column50[ + +] ??? @@ -191,40 +213,61 @@ normal execution environment --- -# Normal vs Secure Worlds - Arm Cortex-M +# Normal vs Secure Worlds - Others .center[ ] --- -# Normal vs Secure Worlds - x86 +# Secure Storage vs fTPM -??? +### TPM -- TODO (briefly) + ---- +### fTPM -# Normal vs Secure Worlds - RISC-V + -??? +### fTPM as TA -- TODO (briefly) + --- -# Secure Storage vs fTPM +# Trusted OS options -### TPM +.pure-table[ +| Company | Product | Hardware Used | API Standard | Is Open-Source? | Supported by Yocto? | +|----------------------|-----------------|------------------------|-------------------------------|-----------------------|---------------------| +| Alibaba | Cloud Link TEE | ? | GlobalPlatform | ❌ | ❌ | +| Apple | Secure Enclave | Separate processor | Proprietary | ❌ | ❌ | +| BeanPod | ISEE | ARM TrustZone | GlobalPlatform | ❌ | ❌ | +| Huawei | iTrustee | ARM TrustZone | GlobalPlatform | ❌ | ❌ | +| Google | Trusty | ARM / Intel | Proprietary | Partially Open-Source | ❌ | +| Linaro | OPTEE | ARM TrustZone | GlobalPlatform | ✔️ | ✔️ | +| ProvenRun | ProvenCore | ARM TrustZone | ? | ❌ | ❌ | +| Qualcomm | QTEE | ARM TrustZone | GlobalPlatform + Proprietary | ❌ | ❌ | +| Samsung | TEEgris | ARM TrustZone | GlobalPlatform | ❌ | ❌ | +| TrustKernel | T6 | Arm / Intel | GlobalPlatform | ✔️ * | ❌ | +| Trustonic | Kinibi | ARM TrustZone | GlobalPlatform | ❌ | ❌ | +| Watchdata | WatchTrust | ARM TrustZone | GlobalPlatform | ❌ | ❌ | +] - +.footnote[ -### fTPM +Sources: - +[wikipedia.org/Trusted_execution_environment](https://en.wikipedia.org/wiki/Trusted_execution_environment) -### fTPM as TA +*[github.com/liwenhaosuper/t6](https://github.com/liwenhaosuper/t6) +(The link to the supposed source code is dead) +] + +??? - +- Wikipedia also specifies a formally-validated static partitioning über eXtensible +Micro-Hypervisor Framework. + - Segway into Crosscon HV ---