Explore the use of OP-TEE as a cryptography engine in this comprehensive conference talk. Delve into the challenges of secure storage in the Internet of Things era and learn about SoC security features. Discover the fundamentals of OP-TEE, including new platform bring-up, RNG driver implementation, and hardware crypto accelerators. Examine the process of accessing OP-TEE from Linux, understanding Trusted Applications, and implementing minimal AES code. Gain insights into building a secure storage system, including storage application flow and slot operations. Investigate Linux userspace access libraries, kernel integration, and OpenSSL integration. Conclude with a summary of key takeaways for implementing OP-TEE as a robust cryptography solution.
Overview
Syllabus
Intro
The Internet of Things is Here
How Do We Store Things Securely?
SoC Security Features
What is OP-TEE?
Outline
OP-TEE New Platform Bring-up
Background
RNG Driver Plan
Crypto RNG API
Basic Driver Implementation
Configuration
HW Crypto Accelerators
crypto hash.ops
Peek into alloc
What is drvcrypt?
drvcrypt flow
Initialization and Registration
HW Alloc Implementation
HW Context Struct
Accessing OP-TEE From Linux
Trusted Application
What is a TEE Operation?
What are TEE Objects?
Minimal TA Interface II
Minimal AES code
Minimal Example Caveats
Building a Secure Storage System
Storage Application Flow
Slot Ops
Opening a Slot
Remaining TA Pieces
Linux Userspace Access Library
Linux kernel Integration
struct cipher alg
OpenSSL Integration
PKCS#11
Summary
Taught by
Linux Foundation
