Linaro Connect San Diego 2019

Trusted Execution Environments (TEEs) have an increasing role in the security of embedded systems and one of the leading open-source solutions is OP-TEE by Linaro. As more and more security-critical tasks are moved to the TEE, the complexity and thus risk of vulnerabilities increases as well. By now it are small operating systems running trusted applications and having a system call interface exposing drivers and other services.

In this talk we present a fuzzing framework for OP-TEE using an unmodified version of AFL with coverage tracking integrated in the TEE kernel using compile-time injected hooks. This framework can be used to test any code running in the kernel such as the interface exposed to the non-secure the world, as well as trusted applications embedded in the kernel and the system call interface by providing the coverage data to the non-secure world.

We discuss the challenges of fuzzing a (trusted) operating system running nonvirtualized on an actual device as well as our approach that allows using an unmodified version of AFL running as Linux application in the non-secure world. Additionally, we discuss how we created a useful set of initial inputs to seed AFL. The approach discussed in this talk is not limited to OP-TEE but could be used for any (trusted) operating system.

Last, we discuss some of the latest improvements to the framework, making it more efficient and some of the issues found by fuzzing OP-TEE.

**This Session has been cancelled**
Volodymyr will speak about his work on adding virtualization support to OP-TEE and about OP-TEE mediator in Xen hypervisor.

Till now all keys stored in OP-TEE secure storage are secured at rest by encrypting it with FEK.
But when these keys are being used for operations these keys are kept in plain format in OP-TEE internal structures.

This is because cryptographic operations in OP-TEE are currently done with software libraries(libtomcypt and mbedTLS), and cryptographic operations are nothing but mathematical operations, so software libraries need private keys in “plain format” for operations.

Keeping these keys in plain format makes them vulnerable to following attacks with respect to confidentiality and integrity which is main objective of Trusted Execution Environment.
- By exploiting any vulnerability in code such as buffer overrun or bugs like Heartbleed.
- Using side channel attacks such as cold boot attack - in which an attacker with physical access to a computer performs a memory dump of a computer's RAM by performing a hard reset of the target machine.

Since nature of hardware-based cryptography ensures that the information stored in hardware is better protected from external attacks, so above issue can be fixed when these keys are backed by some hardware component. We need some mechanism in which the keys doesn’t exist in plain format in secure memory.

Hardware component will export the private keys only in encrypted form to secure memory.
During operations takes private keys in encrypted form and convert them into plain format internally and do operations with them.
Even If attacker gets access to this key in secure memory somehow, will not be able to find out the actual key.

Protecting key confidentiality is essential for many kernel security use-cases such as disk encryption, file encryption and protecting the integrity of file metadata. Trusted and encrypted keys provides a mechanism to export keys to user-space for storage as an encrypted blob and for the user-space to later reload them onto Linux keyring without the user-space knowing the encryption key. The existing Trusted Keys implementation relied on a TPM device but what if you are working on a system without one?

This session will introduce a Trusted Keys implementation which relies on a much simpler trusted application running in a Trusted Execution Environment (TEE) for sealing and unsealing of Trusted Keys using a hardware unique key provided by the TEE.

ARM TrustZone shields the most critical security components from the normal world legacy OS, which grows larger and more complex over time and has become quite difficult to harden. However, in recent years we have also witnessed memory exploits targeting TrustZone systems as well. Such vulnerabilities can be utilized by the attackers as the bridge to further subvert the secure OS, thus take over the whole device.

As an important mission of the open source project under the MesaTEE platform, we aim to bring memory safety to ARM TrustZone. In particular, we enabled Rust programming for Trustlets, making them immune to memory exploits by nature while preserving native execution speed. Unlike the previous attempts, Rust OP-TEE TrustZone SDK is the first to:

- utilize the Rust programming language's security checks and type checks, so that developers can never misuse;
- enable Rust standard library and millions of Rust crates/libraries for developing Trustlets, so that developers can conveniently leverage the existing rich Rust ecosystem;
- provide automatic Trustlet lifecycle management via the "resource allocation is initialisation" (RAII) design pattern, preventing errors where a resource is not finalised and where a resource is used after finalisation, so that developers no longer bother calling session/context related APIs manually.

We will present our current implementation based on OP-TEE (complying to the GlobalPlatform TEE specifications), and will provide demonstrations for popular TrustZone applications like secure storage, key management, device identification, authentication, DRM, etc. Most importantly, we revolutionarily provide support for trusted and secure machine learning computation in TrustZone. To our best knowledge, we are the first to offer safe, fast, functional, and ergonomic development for Trustlets.