OP-TEE - Using TrustZone to Protect Our Own Secrets - Marc Kleine-Budde, Pengutronix e.K.

OP-TEE - Using TrustZone to Protect Our Own Secrets - Marc Kleine-Budde, Pengutronix e.K. The TrustZone feature in ARM v7/8 CPUs promises to protect sensitive data even with a compromised kernel. Although it could be used for securing VPN keys, running a TPM in software or handling feature licenses, TrustZone has been largely ignored by the Linux community. Currently, the most widespread use for TEEs (Trusted Execution Environments) seems to be proprietary DRM for video streaming on Android. This is about to change, because since the merge of the OP-TEE infrastructure in Linux 4.12, we how have a standardized interface with a fully open source implementation. We can now run small applications separately from the normal Linux world, protecting the user's data instead of hiding data from the user. In this presentation, Marc will explain the underlying technology and how it can be used. He will also report on which parts are still missing for full functionality. About Marc Kleine-Budde Marc Kleine-Budde started using Linux in 1995, he works for Pengutronix e.K. in Hildesheim after he got his diploma in Electrical Engineering specialized in Computer Engineering in 2005 at Leibniz University Hannover. At Pengutronix he is working on the Linux Kernel and low level userspace. Since 2012 he is maintainer of the CAN drivers in the Linux kernel.