Software Supply Chain Security with Trusted Execution Environment Provisioning Protocol

Explore the benefits of the Trusted Execution Environment Provisioning (TEEP) protocol for Software Supply Chain Security in this informative conference talk. Delve into the challenges of maintaining security in an era of rapidly increasing software packages and learn how TEEP addresses these issues. Discover the standardization efforts and open-source reference implementation of TEEP at the Internet Engineering Task Force (IETF). Understand how TEEP enables lifecycle management of software packages as Trusted Components (TC), covering various devices from IoT and edge to drones and heavy industry equipment. Examine the application of TEEP on ARM, RISC-V, and Intel architectures, and learn how it verifies device integrity before installing or updating TCs using PKI key management technology. Gain insights into essential security technologies employed by TEEP, including Remote Attestation and Concise Binary Object Representation (CBOR), along with the necessary hardware requirements for implementation.