Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

Similar documents
New Approaches to Connected Device Security

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Beyond TrustZone Part 1 - PSA

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

A Developer's Guide to Security on Cortex-M based MCUs

Accelerating intelligence at the edge for embedded and IoT applications

A Secure and Connected Intelligent Future. Ian Smythe Senior Director Marketing, Client Business Arm Tech Symposia 2017

2017 Arm Limited. How to design an IoT SoC and get Arm CPU IP for no upfront license fee

The Changing Face of Edge Compute

WAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Arm Limited

Compute solutions for mass deployment of autonomy

Designing Security & Trust into Connected Devices

Designing Security & Trust into Connected Devices

How to protect Automotive systems with ARM Security Architecture

Trustzone Security IP for IoT

A New Security Platform for High Performance Client SoCs

Implementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited

Securing IoT with the ARM mbed ecosystem

Designing Security & Trust into Connected Devices

Building firmware update: The devil is in the details

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

Arm Mbed Edge. Shiv Ramamurthi Arm. Arm Tech Symposia Arm Limited

ARM mbed Towards Secure, Scalable, Efficient IoT of Scale

Connect your IoT device: Bluetooth 5, , NB-IoT

Advanced IP solutions enabling the autonomous driving revolution

Arm TrustZone Armv8-M Primer

Building mbed Together: An Overview of mbed OS and How To Get Involved

ARM processors driving automotive innovation

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

The Next Steps in the Evolution of Embedded Processors

Accelerating IoT with ARM mbed

Connect Your IoT Device: Bluetooth 5, , NB-IoT

Arm Mbed Edge. Nick Zhou Senior Technical Account Manager. Arm Tech Symposia Arm Limited

ARM mbed mbed OS mbed Cloud

ARM instruction sets and CPUs for wide-ranging applications

ARM TrustZone for ARMv8-M for software engineers

ARM mbed Technical Overview

Accelerating IoT with ARM mbed

Resilient IoT Security: The end of flat security models

Bringing Intelligence to Enterprise Storage Drives

CCIX: a new coherent multichip interconnect for accelerated use cases

Using Virtual Platforms To Improve Software Verification and Validation Efficiency

Diversity of. connectivity required for scalable IoT devices. Sam Grove Principal Software Engineer Arm. Arm TechCon 2017.

Innovation is Thriving in Semiconductors

Unleash the DSP performance of Arm Cortex processors

Accelerating IoT with ARM mbed

Protecting your system from the scum of the universe

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

智能互联推动嵌入式系统创新. March 2015

DynamIQ Processor Designs Using Cortex-A75 & Cortex-A55 for 5G Networks

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

ServerReady and Open Standards Accelerating Delivery

Design Process. in an embedded system. Kasper Ornstein Mecklenburg SW/HW development engineer Arm Limited

Connecting Securely to the Cloud

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

Bringing the benefits of Cortex-M processors to FPGA

Mobile & IoT Market Trends and Memory Requirements

Security and Performance Benefits of Virtualization

Managing & Accelerating Innovation with Open Source at the Edge

Mobile & IoT Market Trends and Memory Requirements

Protecting your system from the scum of the universe

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

So you think developing an SoC needs to be complex or expensive? Think again

Confessions of a security hardware driver maintainer

Mobile & IoT Market Trends and Memory Requirements

The Next Steps in the Evolution of ARM Cortex-M

ARM mbed Technical Overview

Arm crossplatform. VI-HPS platform October 16, Arm Limited

A backward glance and a forward view

Tailoring TrustZone as SMM Equivalent

Provisioning secure Identity for Microcontroller based IoT Devices

Build the unified end to end IoT solution on ARM LEADING COLLABORATION IN THE ARM ECOSYSTEM

Fundamentals of HW-based Security

Introduction to Standards based approach to Server

ARM mbed: Internet of Possible

Why PartnerDirect. Choice, flexibility, simplicity

TZMP-1 Software Reference Implementation. Ken Liu 2018-Mar-12

ARM Trusted Firmware Evolution HKG15 February Andrew Thoelke Systems & Software, ARM

The Open Application Platform for Secure Elements.

ARM European Technical Symposium The security challenges that IoT and Mobile Computing Devices are facing. Pierre Garnier, COO

New Business. Opportunities for Cellular IoT. Loic Bonvarlet Director of Marketing Secure Identity Arm. Copyright 2018 Arm, All rights reserved.

SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD

How to Build Optimized ML Applications with Arm Software

Building secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On

Windows 10 IoT Overview. Microsoft Corporation

Improve the container image compatibility on Arm

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

Growth outside Cell Phone Applications

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

Comprehensive Arm Solutions for Innovative Machine Learning (ML) and Computer Vision (CV) Applications

ARMv8-M Architecture Technical Overview

Security for Secure IoT: Advanced Architectures for IoT Gateways. Simon Forrest Director of Segment Marketing, Consumer Electronics

ARM: Investing for future growth

Non-Trusted. software. data. hardware. Open Source Secure World Software Trusted Firmware. Trusted. software. data. Update October 2018

Azure Sphere: Fitting Linux Security in 4 MiB of RAM. Ryan Fairfax Principal Software Engineering Lead Microsoft

DynamIQ Processor Designs Using Cortex-A75 & Cortex- A55 for 5G Networks

IoT It s All About Security

Bringing Intelligence to Enterprise Storage Drives

Arm s Latest CPU for Laptop-Class Performance

Transcription:

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Part1 - PSA Tech Seminars 2017

Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security analyses Summary 2

Security cannot be optional Arm is announcing: The Platform Security Architecture (PSA) A framework for security for the smallest of connected devices Publically available holistic set of documents & specifications Trusted Firmware-M Open source reference firmware 3

Arm: The Industry s Architecture of Choice Extraordinary growth from sensors to server 50 billion chips shipped 50 billion chips shipped 2016 80% microcontrollers 100 billion chips expected to ship 4 years 22 years 4 years 1991 2013 2017 2021 4

Arm s growing investment in security Helping protect billions of devices 2000+ 2005+ 2010+ 2015+ Today Mbed, CryptoCell, Cortex-M33 TEE for Cortex-A TrustZone for Cortex-A SecurCore Smart Card for payment Apps processors gain TrustZone Enablement of premium content streaming & mobile payment PolarSSL & Sansa join Arm & TrustZone for Armv8-M Platform Security Architecture & Security enclave 5

Diversity is good but better with common ground rules A diverse collection of chips, device makers and services Needs a shared approach to security best practice OEM 1 OEM 2 OEM 3 6 SILICON PARTNER A SILICON PARTNER B SILICON PARTNER C SILICON PARTNER D

A framework to secure 1 trillion devices Announcing the Platform Security Architecture Analyse Threat models and security analyses PSA documents Architect Firmware architecture & hardware specifications Implement Source code & hardware IP Enabling products & contributions 7

Security is a shared responsibility Device SiPs Software Security Systems Cloud 8

Security starts with analysis Analysis leads to requirements System description Assets Threats Security Objectives Security Requirements Example Analyse Asset: metering data to be protected in integrity & confidentiality Threat: Remote SW attacks Security Objective: Strong Crypto Security Requirement: Hardware based key store Arm will deliver representative IoT device security analyses & requirements 9

Architecture incorporating common principles A recipe for building a secure system From analysis to architecture Identify key common principles 10 Common principles across multiple use cases Device identity Trusted boot sequence Secure over-the-air software update Certificate based authentication

PSA deliverables Security architecture derived from principles IoT Security analyses Wireless meter Asset tracker Connected camera Firmware specifications Firmware framework Secure update Boot sequence Hardware requirements 11 RNG Secure storage Crypto

Open source code to accelerate adoption Freely available reference implementation Trusted Firmware-M Reference firmware for the architecture specification Initially targeting Armv8-M In development now publically available first quarter 2018 Arm Mbed OS will provide an implementation of PSA Integrated with Mbed TLS and Mbed Cloud Client Targeting all Cortex-M processors Available in subsequent releases of Mbed OS 12

Platform Security Architecture Designed to secure low cost IoT devices where a full Trusted Execution Environment would not be appropriate. PSA protects sensitive assets (keys, credentials and firmware) by separating these from the application firmware and hardware. PSA defines a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources. PSA is architecture neutral and can be implemented on Cortex-M, Cortex-R & Cortex-A. The focus is Cortex-M based devices. Non-secure processing environment Application RTOS Platform hardware Secure processing environment Trusted Functions Secure partition manager Secure boot Root of Trust keys 13

Secure IPC PSA - Standardized Interfaces PSA specifies interfaces to decouple components. Enables reuse of components in other device platforms Reduces integration effort Partners can provide alternative implementations. Necessary to address different cost, footprint, regulatory or security needs PSA provides an architectural specification. Hardware, firmware and process requirements and interfaces Non-secure processing environment Application RTOS Platform hardware Secure processing environment Trusted Functions Secure partition API Secure partition manager Boot firmware Secure hardware requirements Root of Trust keys 14

Secure IPC Example IoT Device Implementation OEMs can choose their preferred implementations. Trusted Firmware-M will be a new OSS project. Non-secure processing environment Application Secure processing environment Device Management To reduce rework across our partners Secure partition API To speed up device or component validation against standards such as Common Criteria EAL Open to any RTOS and other partners. Arm mbed OS Arm Trusted Firmware v8-m TBSA-v8M Boot firmware Armv8-m based SoC Root of Trust keys 15

PSA Firmware Framework Concepts Secure Partition Manager (SPM) provides the boot, isolation and IPC services to the SPE Partition the unit of execution Secure function a set of related APIs invoked through secure IPC Trusted function a Secure Function that provides a Root of Trust service Non-secure Processing environment Non secure partition Application firmware OS libraries OS kernel Secure partition Secure function Secure function Secure Partition Manager Secure processing environment Secure partition Secure function Secure function Trusted partition Trusted function Trusted function Secure IPC Secure isolation Secure debug Isolation boundary 16

PSA Firmware Isolation Levels Level 2 Separate Root of Trust from Secure Partitions within SPE Level 1 Lower cost hardware only isolate the SPE Level 3 More robustness isolate all partitions from each other 17

Scaling IoT security From device to cloud 18

Key take-aways PSA provides security foundations for low cost IoT devices PSA makes security easier, quicker & cheaper to implement by providing: IoT Threat models & security analyses Architecture documents Source code: Trusted Firmware-M System IP, dev boards and tools Arm is helping our partners deliver security, deployable at scale Lead partner availability Now (NDA) General availability Q1 18 19

Thank You! Danke! Merci! 谢谢! ありがとう! Gracias! Kiitos! 20

The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. www.arm.com/company/policies/trademarks 21

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback