Using OP-TEE as a Cryptography Engine
This Embedded Linux Conference 2021 session was presented by Greg Malysa, Principal Engineer at Timesys.
Session Date & Time: Monday, September 27, 2021 | 2:30pm – 3:20pm PDT
Location: Room 4
Using OP-TEE as a Cryptography Engine
Session Description:
In modern embedded applications, security is paramount. The use of OP-TEE to provide a trusted execution environment (TEE) has emerged as a popular and effective solution for a tiered approach to security, securing sensitive operations against vulnerabilities in userspace and the Linux kernel itself. Out of the box, OP-TEE provides a cryptographic API based on the GlobalPlatform TEE Specification including a software-only implementation based on mbedTLS. This system is flexible and designed to be integrated into any system as a general cryptographic provider.
This talk focuses on the use of OP-TEE as a cryptography engine in two parts. In the first part, we will discuss some OP-TEE internals and provide an overview of how to integrate platform-specific hardware, such as cryptographic accelerators and hardware random number generators. In the second part, we will discuss building a platform-agnostic key storage system with OP-TEE as a Trusted Application (TA). This will cover the TEE-side TA implementation as well as the methods in which it can be accessed from Linux, including both integration with Linux kernel crypto API and direct userspace access by implementing a standalone library, an OpenSSL engine, or a PKCS#11 provider.
Greg Malysa
Have questions about how OP-TEE can be leveraged to provide secure services like cryptography and secure key storage for Linux, and want to talk to Greg? Feel free to reach out to him directly.
Could you benefit from a no-obligation, 30-minute security services consultation?
Contact us for a free 30-minute consultation to create your custom security plan. Simply fill out the form, and we will be in touch to schedule a call/meeting.
* Denotes required field.
