-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Practical Security for Embedded Systems: Implementing TEE and Secure Storage - Yocto Project DevDay 2024 #36
base: master
Are you sure you want to change the base?
Conversation
d4f06a8
to
cd3f219
Compare
I think it's not that important to keep a pretty commit history here. We can easily merge it as one commit or squash them before rebasing. The content should be what matters here |
2399e9c
to
b2b2392
Compare
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Maciej Pijanowski <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
This is a preliminary plan for my slides. Signed-off-by: Daniil Klimuk <[email protected]>
timings Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
1ec2069
to
b14896f
Compare
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
More review tomorrow.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is the Secure Partition Manager
and what functionality/task does it have? Could you explain this, or redirect me to appropriate resources?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here's a good definition of both Secure Partition Manager and Secure Partition. Till recently Trusted Firmware-A only supported single secure partition. I don't think it's a stable and well documented feature. Might not be implemented that often
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should describe this drawing really good, for now it is difficult to understand. Please leave a comment how are you going to do this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I want to describe how Arm Trustzone doesn't handle storing secrets in a non-volatile memory. So for some scenario "private keys for authentication" like a mobile banking application plain TrustZone is not enough and needs a secure storage (not just any storage). I guess I could go into more detail what safety measures should be present (RPMB, maybe secure counter(?))
+ Trusted Applications are also protected from each other | ||
- The Secure Partition Manager is optional, just as you can run a Rich OS without a | ||
hypervisor you can run a Trusted OS without the Secure Partition Manager | ||
- Worth noting that the Secure Partition Manager can be also implemented in EL3 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any sources here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
From my understanding it's most often implemented in EL3 but I've added resources at the Resources slide with implementation that lives in EL2 called Hafnium
Trusted firmware docs mention implementation that resides in EL3
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's just easier to understand when SPM is in EL2 because you can think of it as this "Trusted OS Hypervisor" that ensures TA's are isolated from each other
|
||
--- | ||
|
||
# Normal vs Secure Worlds - Arm Cortex-M |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can add a bit more info on this slide, so it will not look so empty.
- coreboot licensed service providers since 2016 and leadership participants | ||
- UEFI Adopters since 2018 | ||
- Yocto Participants and Embedded Linux experts since 2019 | ||
- Official consultants for Linux Foundation fwupd/LVFS project since 2020 | ||
- IBM OpenPOWER Foundation members since 2020 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tym2k1, could you address this?
1. Turn on `CONFIG_TEE` and `CONFIG_OPTEE` (and related configs, if needed) | ||
configs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
1. Turn on `CONFIG_TEE` and `CONFIG_OPTEE` (and related configs, if needed) | |
configs. | |
1. Turn on `CONFIG_TEE` and `CONFIG_OPTEE` (and related, if needed) configs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed here a06b6d9.
|
||
# Linux integration | ||
|
||
Turn on `CONFIG_TEE` and `CONFIG_OPTEE` (and related, if needed) configs, and |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@DaniilKl, the previous and next slides have numbered lists - shouldn't we split this sentence into two points?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have thought about it, but if I split this sentence into a list - I will not be able to place code on the same slide, and splitting this sentence and code on two slides will, IMHO, be more inconvenient than using the sentence. I am going to compensate it with speech.
|
||
- <a href="https://3mdeb.com">https://3mdeb.com</a> | ||
|
||
- <a href="https://calendly.com/3mdeb/consulting-remote-meeting">Book a call</a> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@DaniilKl please use this link for a "Book a Call" action: https://cloud.3mdeb.com/index.php/apps/calendar/appointment/n7T65toSaD9t
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed here f3a41bb.
</a> | ||
|
||
- <a href="https://twitter.com/3mdeb_com"> | ||
<img src="/remark-templates/3mdeb-presentation-template/images/twitter.png" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@DaniilKl outdated icon - if you've some time, maybe prepare the X icon - nice to have feature :)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed here 75b8fe1.
|
||
--- | ||
|
||
# Resources |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This slide is not designed for live presentation, but rather as a reference, for those who will check the slides on their own, so I do not see any reason to simplify it.
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Tymoteusz Burak <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggestions and clarifications requests
??? | ||
|
||
- Time for this slide: TODO | ||
- Idea/goal of this slide: To say that though vendor supplied binaries were |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you highlight why such binaries are needed? What do they contain and why do the vendors supply them?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you highlight why such binaries are needed?
To launch OP-TEE and ATF they provide.
What do they contain
ATF and OP-TEE.
why do the vendors supply them?
I wish I knew...
I will say thin during presentation.
|
||
.center[ <img src="./img/vendor-binaries-meme.png" height="350px"> ] | ||
|
||
.center[ <span style="font-size:30px;">There's some kind of mess here!</span>] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO it's funnier without the subtitle as youre explaining the joke
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
IMHO it is easier to understand with subtitle.
- TODO | ||
- Notes: | ||
- Weak points: | ||
- You have to trust vendor binaries; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a way to not use them? What could be done about it?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Compilation from source, I will say it during presentation without stating it on slides explicitly.
|
||
1. Turn on `CONFIG_TEE` and `CONFIG_OPTEE` (and related configs, if needed) | ||
configs. | ||
2. Link ATF (`BL31`): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does BL31 stand for?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BL1
: Boot ROM;
BL2
: SPL and TPL;
BL3
: Bootloader (U-Boot) with integrated ATF and OP-TEE;
BL31
: ATF (so, it is explicitly sown that it is a part of U-Boot image);
BL32
: OP-TEE (so, it is explicitly sown that it is a part of U-Boot image);
BL33
: REE bootloader (U-Boot).
More about this here.
EXTRA_OEMAKE:append = " TEE=${DEPLOY_DIR_IMAGE}/optee/tee.elf" | ||
``` | ||
|
||
4. Check `binman` configuration, in case you are using other file formats (e.g. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why binman and where are the mentioned files used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a complicated topic, I am going to mention and describe it during presentation, but I will not have enough time to go into details here.
# Testing using vendor binaries | ||
|
||
```bash | ||
(...) | ||
U-Boot SPL 2024.01 (Jan 08 2024 - 15:37:48 +0000) | ||
(...) | ||
NOTICE: BL31: v2.3():v2.3-607-gbf602aff1:cl | ||
NOTICE: BL31: Built : 10:16:03, Jun 5 2023 | ||
(...) | ||
I/TC: OP-TEE version: 3.13.0-723-gdcfdd61d0 #hisping.lin (gcc version 10.2.1... | ||
(...) | ||
root@quartz64-a:~# dmesg | ||
(...) | ||
root@quartz64-a:~# alias p11="pkcs11-tool --module /usr/lib/libckteec.so.0" | ||
root@quartz64-a:~# p11 --show-info | ||
E/LD: ta_elf_load_main:1128 sys_map_zi stack | ||
E/TC:? 0 ldelf_init_with_ldelf:126 ldelf failed with res: 0xffff000c | ||
ERR [291] LT:ckteec_invoke_init:304: TEEC open session failed ffff000c from 3 | ||
(...) | ||
root@quartz64-a:~# xtest | ||
(...) | ||
653 subtests of which 188 failed | ||
106 test cases of which 76 failed | ||
0 test cases were skipped | ||
TEE test application done! | ||
``` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a lot of information for one slide and it's a little unreadable. Maybe split it into shorter slides and just say what, where and why you're running?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤔
# Testing self-ported image | ||
|
||
```bash | ||
U-Boot SPL 2024.01 (Jan 08 2024 - 15:37:48 +0000) | ||
(...) | ||
NOTICE: BL31: v2.3():v2.3-607-gbf602aff1:cl | ||
NOTICE: BL31: Built : 10:16:03, Jun 5 2023 | ||
(...) | ||
I/TC: OP-TEE version: 4.1.0-dev (gcc version 13.2.0 (GCC)) #1 Fri Jan 19 17:14:14 UTC 2024 aarch64 | ||
(...) | ||
root@quartz64-a:~# alias p11="pkcs11-tool --module /usr/lib/libckteec.so.0" | ||
root@quartz64-a:~# p11 --list-slots | ||
Available slots: | ||
Slot 0 (0x0): OP-TEE PKCS11 TA - TEE UUID 94e9ab89-4c43-56ea-8b35-45dc07226830 | ||
token state: uninitialized | ||
(...) | ||
root@quartz64-a:~# p11 --init-token --label mytoken --so-pin 1234567890 | ||
(...) | ||
root@quartz64-a:~# p11 --list-slots | ||
Available slots: | ||
Slot 0 (0x0): OP-TEE PKCS11 TA - TEE UUID 94e9ab89-4c43-56ea-8b35-45dc07226830 | ||
token label : mytoken | ||
token manufacturer : Linaro | ||
(...) | ||
root@quartz64-a:~# xtest | ||
(...) | ||
+----------------------------------------------------- | ||
28130 subtests of which 0 failed | ||
106 test cases of which 0 failed | ||
0 test cases were skipped | ||
TEE test application done! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The same problem of unreadability
|
||
# OP-TEE Secure Storage | ||
|
||
.center[ <img src="./img/op-tee-secure-storage.svg" height="350px"> ] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You haven't mentioned how Secure Storage is implemented on the device. Did you provision the RPMB somehow? Were there any constraints? What are requirements for such implementation? Could you do it differently?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you do it differently?
How exactly?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On what device? This slide shows Secure Storage implementation in OP-TEE not on any device.
Signed-off-by: Tymoteusz Burak <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
Signed-off-by: Daniil Klimuk <[email protected]>
No description provided.