Designing a Trusted Execution environment in Zephyr OS
The Internet of Things (IoT) promises to connect billions of embedded devices with each other and with the Cloud, building a connected world of “smart” things. Yet, the commercial success of IoT depends heavily on the security and trust that are built into the connected devices, which shall prevent their operation and sensitive data from being misused, corrupted by, or exposed to potential attackers.
A fundamental part of securing embedded devices is the design and the implementation of a Trusted Execution Environment (TEE) which guarantees that secure microcontroller resources (data and execution contexts) are safekept from non-trusted firmware running on the same System-on-Chip (SOC).
In this talk the audience shall become familiar with the principles and methodologies behind the design of a Trusted Execution Environment in operating systems for embedded devices. We build our case-study upon Zephyr RTOS, a modern operating system for embedded systems. Furthermore, we focus on ARMv8-M microcontrollers with TrustZone-M®, a technology that provides support for key TEE components, such as hardware isolation between Secure and Non-Secure execution contexts, physical register banking, and configurable security attribution for microcontroller resources.
Within our case-study we discuss fundamental challenges for TEE in Zephyr, notably, how to partition microcontroller resources into Secure and Non-Secure execution contexts and how to build, configure, and combine Secure and Non-Secure firmware components into the embedded device firmware.
Finally, we discuss, how Trusted Execution in Zephyr can be employed to provide high-level secure services for the embedded firmware developer, namely Secure Boot and Secure Storage.
Senior Research & Development Engineer
Ioannis Glaropoulos is a senior embedded software engineer working at Nordic Semiconductor. His primary focus is on Bluetooth core stack and ARM Cortex-M-related architecture & development for Nordic nRF5x series of ICs. He is active in the Zephyr Project as a contributor and Technical Steering Committee member. Previously he has held IoT research and engineering positions in the Swedish Institute of Computer Science (SICS) and Walt Disney Research Labs. His main interests include Real-Time Operating Systems for embedded devices, Trusted Execution & Secure Software design, and low-power wireless & mesh protocols for the Internet of Things.