RISC-V-Day-Tokyo2018-suzaki
2 likes•892 views
The document discusses Trusted Execution Environments (TEEs) and running the Open Portable Trusted Execution Environment (OP-TEE) trusted operating system on RISC-V. It provides an overview of TEEs, describes OP-TEE and the requirements to implement it on RISC-V, including developing a boot sequence, kernel driver, and libraries. The document also compares TEE implementations on ARM TrustZone and Intel SGX and covers memory mapping when running OP-TEE on ARM-based boards.
![HIEE: Hardware-assisted Isolated Execution Environments*
• HIEE is used for important process which is independent of OS.
• Current CPU has HIEE.
– X86 SMM: System Management Mode
• Used by BIOS/UEFI.
– Intel’s ME: Management Engine.
• Run MINIX. Used for remote power control.
– Intel SGX: Software Guard execution
– ARM Trust Zone
3
* F.Zhang and H.Zhang, SoK:A Study of Using Hardware-assisted Isolated Execution
Environments for Security[HASP16]
They are not programmable for a user.
They are programmable for a user.
They are used for TEE.](https://image.slidesharecdn.com/risc-v-day-tokyo20181018-suzaki-181018081042/85/RISC-V-Day-Tokyo2018-suzaki-3-320.jpg)
![TEE projects on RISC-V
• Sanctum [MIT project, USENIX Sec’16]
• KeyStone [UCB project]
– https://keystone-enclave.org/
• MultiZone [Hex-Five product]
– https://hex-five.com/
• TEE WG of RISC-V Foundation
6
Intel SGX type
One special privilege (Enclave)
ARM Trust Zone type
plural privileges
easy to implement GlobalPlatform
style Trusted OS](https://image.slidesharecdn.com/risc-v-day-tokyo20181018-suzaki-181018081042/85/RISC-V-Day-Tokyo2018-suzaki-6-320.jpg)
![Trusted OS
• Open Source Trusted OS
– OP-TEE (Linaro) https://github.com/OP-TEE
– Open-TEE (Aalto University[TrustCom15]) https://open-tee.github.io/
– Trusty (Google) https://source.android.com/security/trusty/index.html
– SierraTEE (Sierra) https://www.sierraware.com/open-source-ARM-TrustZone.html
• Enterprise Trusted OS
– Apple’s Secure Enclave
– Qualcomm’s QSEE
– Samsung’s Knox https://www.samsungknox.com/en
– Trastonic Kinibi and MobiCore
10](https://image.slidesharecdn.com/risc-v-day-tokyo20181018-suzaki-181018081042/85/RISC-V-Day-Tokyo2018-suzaki-10-320.jpg)
RISC-V-Day-Tokyo2018-suzaki
- 1. TEE to Run Trusted OS on RISC-V and Related Technologies 1 National Institute of Advanced Industrial Science and Technology(AIST) Kuniyasu Suzaki, Akira Tsukamoto
- 2. Contents • What is TEE? – RISC-V TEE • Trusted OS – “OP-TEE” – Requirement to implement OP-TEE 2 The difference from Micro51 workshop. Software view (RISC-V day Tokyo), Hardware view (Micro51 workshop) Slides will be opened at https://www.slideshare.net/suzaki
- 3. HIEE: Hardware-assisted Isolated Execution Environments* • HIEE is used for important process which is independent of OS. • Current CPU has HIEE. – X86 SMM: System Management Mode • Used by BIOS/UEFI. – Intel’s ME: Management Engine. • Run MINIX. Used for remote power control. – Intel SGX: Software Guard execution – ARM Trust Zone 3 * F.Zhang and H.Zhang, SoK:A Study of Using Hardware-assisted Isolated Execution Environments for Security[HASP16] They are not programmable for a user. They are programmable for a user. They are used for TEE.
- 4. What is TEE? • TEE: Trusted Execution Environment. – TEE separates computing world into “normal” and “secure”. • Secure world is used to run a critical code (e.g., authentication, DRM, etc). – GlobalPlatform defines TEE specification. • https://globalplatform.org/technical-committees/trusted-execution-environment-tee-committee/ 4 CPU TEE Secure World Normal World App Normal OS
- 5. Privileges for TEE • Global Platform's TEE specification assumes plural privileges on both worlds to run application on a OS. – Normal world runs normal applications on a normal OS. – Secure world runs trusted applications (TAs) on a trusted OS. • ARM Trust Zone offers same privileges to normal and secure world. • Intel SGX has only one privilege (enclave). – Enclave is different from Ring Architecture. 5 CPU Trusted OS Secure World Normal World App Normal OS (e.g., Linux) Trusted Application (TA) POSIX APIGP TEE API
- 6. TEE projects on RISC-V • Sanctum [MIT project, USENIX Sec’16] • KeyStone [UCB project] – https://keystone-enclave.org/ • MultiZone [Hex-Five product] – https://hex-five.com/ • TEE WG of RISC-V Foundation 6 Intel SGX type One special privilege (Enclave) ARM Trust Zone type plural privileges easy to implement GlobalPlatform style Trusted OS
- 7. ARM Trusted OS on ARM Trust Zone • GlobalPlatform model 7 Secure world Normal world Normal Applications Normal OS NIC Core Trusted OS Trusted Applications (TA) Core Secure Mode Hard eMMCUART Exception Level EL0: User EL1: Privilege EL2: Hypervisor EL3: Secure SMC (Secure Monitor Call) instruction Memory Static allocate Dynamic allocate
- 8. Boot Sequence on ARM Trust Zone • BL: Boot Loader • EL: Exception Level 8 Power on BL1: BootROM BL2: Trusted Boot Firmware Secure World Normal World BL31: Secure Monitor BL32: Trusted OS BL33: Normal OS EL3:Secure EL2:Hypervisor EL1:Priviledge EL0:User EL3:Secure EL2:Hypervisor EL1:Priviledge EL0:User
- 9. Trusted OS • Trusted OS is not a normal OS – Trusted OS is TCB (Trusted Computing Base). It must be secure (small). – No POSIX API, No dynamic link library • TA becomes a static linked binary. • Trusted OS needs the help of normal OS – Because Trusted OS has no File System, no device driver (except some special devices, e.g., UART) • When a TA want to save a data, the data is encrypted and saved on FS of normal OS. 9
- 10. Trusted OS • Open Source Trusted OS – OP-TEE (Linaro) https://github.com/OP-TEE – Open-TEE (Aalto University[TrustCom15]) https://open-tee.github.io/ – Trusty (Google) https://source.android.com/security/trusty/index.html – SierraTEE (Sierra) https://www.sierraware.com/open-source-ARM-TrustZone.html • Enterprise Trusted OS – Apple’s Secure Enclave – Qualcomm’s QSEE – Samsung’s Knox https://www.samsungknox.com/en – Trastonic Kinibi and MobiCore 10
- 11. How to run a TA on OP-TEE 11 Secure World Normal World Secure Monitor Exception Level EL0: User EL1: Privilege EL2: Hypervisor EL3: Secure Linux with op-tee driver TA with libutee.a OP-TEE (signature check) (dispatch by UUID) TA-Client TEE-Supplicant /dev/tee0 /dev/teeprev0 Load a TA Use a TA Helper of TAsignatureMajor Roll • TA-Client loads a TA on OP-TEE – TA needs a signature to load on OP-TEE – TA has a UUID to communicate with TA- Client and TEE-Supplicant • TA-Client sends a request to TA • TA replies an answer to TA-Client • TA sends a request to TEE- Supplicant (e.g., to save an encrypted data on File System) TEE internal API only (No POSIX sys call) TA libtee.so
- 12. Memory Map of OP-TEE • ARM Hikey Board 2GB • Software size: Our experience – Secure world • Secure Monitor 33KB • OP-TEE 281KB • TA 1,200KB – Normal World (on Linux) • TA-Client 17KB • TEE-Supplicant 197KB 12 0x7FFFFFFF (2GB) OP-TEE & TA 0x7F000000 16MB 0x7EC0000 Shared Memory 4 MB 0x7E80000 Linux Kernel with SMC driver 4 MB 0x7E00000 8 MB Secure Data Path Buffer Reserved Secure World Normal World
- 13. OP-TEE on RISC-V using seL4 • Rahul Mahadev’s Google Summer of Code • http://mahadevrahul.blogspot.com/ – The Trust Zone features and secure monitor are implemented as a seL4 library. – OP-TEE is paravirtualized, all calls referencing ARM Trusted Firmware and secure monitor are replaced with new calls. 13 seL4 Rich OS (Linux) Library to emulate Trust Zone VMM Paravirtualized OP-TEE TAApp
- 14. Conclusions • My talk is software view of TEE • When we implement OP-TEE on RISC-V, we must develop – Boot sequence: Trusted Boot Firmware, Secure Monitor – Linux kernel driver – Libraries (libutee.a for TA and libtee.so for Linux Apps) – Linux application to assist TA (TEE-supplicant) 14 See Micro51 RISC-V workshop for hardware view Slide of RISC-V Day Tokyo 2018 and Micro51 RISC-V workshop will be opened at https://www.slideshare.net/suzaki