Better Security Begins with Developer Education, Easy Access
TrustZone is an on-chip security enclave that provides hardware isolation and protection for sensitive material such as cryptographic keys, algorithms and data. TrustZone has been widely adopted on mobile phones, set-top boxes and billions of devices in the last decade. It is rapidly becoming the security technology of choice for connected embedded device makers looking to provide critical trusted functions to secure Internet of Things (IoT) products. Therefore, it is important that IoT developers understand this foundational security technology and its applications.
OP-TEE, an open source project managed by Linaro, is a trusted execution environment (TEE) project that makes use of ARM TrustZone technology. The availability of OP-TEE on the Raspberry Pi 3, which is based on Broadcom’s BCM2837 SoC, puts this technology in the hands of developers at the lowest possible cost.
“This work is about giving back to the community. It is critical for IoT devices that security be built-in, not bolted on. This begins with educating developers and makers and enabling them with the right tools. A practical bonus is that trusted applications they build for OP-TEE on the Raspberry Pi could be deployed on other TrustZone enabled chips,” said Philip Attfield, CEO of Sequitur Labs.
Single system Image: 64-bit Linux, ARM Trusted Firmware, OP-TEE
OpenOCD and configuration file for the Pi 3
Documentation including code samples and a quick start guide
“It is fantastic to see Linaro’s OP-TEE being made available to a broader audience. The Linaro Security Working Group (SWG) was created to help accelerate the delivery of high quality secure products across the ARM ecosystem and this effort by Sequitur Labs is a step in that direction,” said Joakim Bech, director of the Linaro Security Working Group. “The OP-TEE software package is now available for all new and previously shipped Raspberry Pi 3s. Developers only need to download the software components from the Linaro website. Support will be provided through forums on Linaro.”
Extending Raspberry Pi’s Appeal via Bare Metal Debugging
The additions made by Sequitur Labs also include a modified uBoot process making bare-metal debugging easy for developers via JTAG. This level of access makes it possible to investigate the Pi 3 in a very controlled state while having access to all the various parameters.
“Enabling the open source Trusted Execution Environment, OP-TEE, on the new Raspberry Pi 3 will allow IoT developers and students to learn the concepts of a GlobalPlatform TEE and how to develop trusted code on ARM Cortex®-A processors," said Rob Coombs, director of security marketing, ARM. “Billions of devices already use ARM TrustZone as a foundation for security and this project will broaden developer access to the Trusted Execution Environment that sits on top of it. It will enable the development of IoT devices with a deeper level of protection.”
The release of OP-TEE on the Raspberry Pi 3 and the Pi 3 hardware enables hardware-based security for product trial development and educational purposes. It provides a foundation on which to create commercial grade devices.
Sequitur Labs is developing seminal technologies to improve trust in a connected world. Sequitur has pioneered new ways to improve security and manageability of connected devices, simplifying system-wide security and bringing unprecedented flexibility, control and customizability to policy driven management of devices. To learn more visit us at www.sequiturlabs.com.
Linaro is leading collaboration on open source development in the ARM ecosystem. The company has over 200 engineers working on consolidating and optimizing open source software for the ARM architecture, including developer tools, the Linux kernel, ARM power management, and other software infrastructure. Linaro is distribution neutral: it wants to provide the best software foundations to everyone by working upstream, and to reduce non-differentiating and costly low level fragmentation. The effectiveness of the Linaro approach has been demonstrated by Linaro’s growing membership, and by Linaro consistently being listed as one of the top five company contributors, worldwide, to Linux kernels since 3.10.
To ensure commercial quality software, Linaro’s work includes comprehensive test and validation on member hardware platforms. The full scope of Linaro engineering work is open to all online. To find out more, please visit http://www.linaro.org and http://www.96Boards.org.