Overview
Learn how to implement Android tamper-resistant secure storage and secure it in virtualization environments. Explore the full software stack of storage services based on RPMB in eMMC flash devices, including key generation, hardware root binding, and factory key provisioning. Discover secure storage virtualization architecture in ACRN hypervisor, focusing on creating root sub-keys for guest data encryption, building a "one-vm, two-world" TEE protection system, and isolating memory between guest TEE worlds and the hypervisor. Gain insights into authenticated write access, VT-TEE/Trusty in Android, and various secure storage types. Delve into ACRN hypervisor architecture, confidentiality measures, and SEED/SSEK derivation techniques for enhanced security in virtualized environments.
Syllabus
Intro
Agenda Problem Statement
Technical Details / Characteristics
How it works (Example: authenticated write access)
VT-TEE/Trusty in Android (Two-VM)
Android Secure Storage (SS)
SS/TP : Tamper-Proof Secure storage
SS/TD: Tamper-Detection Secure storage
ACR Hypervisor Architecture
Secure Storage Virtualization - Confidentiality
ACRN Hypervisor SEED/SSEK Derivation
Conclusion
Future Considerations
Taught by
Linux Foundation