Linaro launched a Security Working Group to create open source Android and Linux reference designs for Trusted Execution Environment (TEE) technology.
Linaro is a not-for-profit company, owned by ARM and some of its top Cortex-A licensees, yet it acts much like an open source project. In addition to its core role of developing standardized Linux and Android toolchain for ARM-based devices, the 200-engineer organization sponsors a variety of Engineering Groups (see farther below).
Now Linaro is tackling the issue of security, which grows more important as ARM begins moving into servers, but is also crucial to most embedded applications. The Security Working Group (SWG) is designed “to help ensure an optimised and efficient software ecosystem exists to support ARM open source Linux distributions on security related topics, and to accelerate the delivery of high quality secure products across the ARM open source ecosystem,” says ARM. The work will apply to Internet of Things, digital home, and mobile devices, all the way up to “advanced multi-node hyperscale servers,” says Linaro.
The initial goal is to provide a standardized open source alternative to ARM’s TrustZone security technology and build open source reference designs for tasks such as securely booting a server or decoding encrypted media. The SWG plans to build its designs using Trusted Execution Environment (TEE) technology. Widely implemented by mobile vendors and mobile chip manufacturers, TEE is a secure area that resides in the main processor, typically a mobile SoC, designed to ensure that sensitive data is stored and processed in a trusted environment.
Simplified TEE architecture
According to GlobalPlatform, which is also trying to standardize APIs for TEE, the technology works with the mobile OS, as well as a secure element (SE), acting as a mid-tier security layer between them. The more highly secure SE is comprised of software and tamper resistant hardware, and is typically found in NFC chips used for mobile proximity payments. The TEE may also offer a trusted UI to securely transmit a PIN for high-value transactions, and can filter access to applications stored directly on the SE.
The SWG doesn’t mention GlobalPlatform in its announcement, but one of the five “open questions” on the SWG web page is whether or not to use GlobalPlatform APIs. The SWG says it will ensure that its reference applications interoperate with a variety of TEEs, including open source implementations from Nvidia and Linaro member STMicroelectronics (TEE presentation PDF), as well commercial offerings from Trustonic.
The TEE reference design solution will include an open source reference implementation of the W3C Encrypted Media Extension (EME), which extends the HTMLMediaElement with APIs for controlling playback of protected content. The SWG will apply EME to secure media playback on mobile and digital home devices.
The SWG group will also develop an open source reference implementation of secure boot for ARMv8, 64-bit Cortex-A processors. This will complement the ARM Trusted Firmware open source project, targeted at server applications, says the group. There will also be work done on improving security features in the Linux kernel.
The SWG’s other four open questions include which TEE solutions to work with, as well as questions over the ownership and location of source code. The group is also trying to decide on reference hardware. Suggestions have included the InSignal manufactured Samsung Exynos 5420-based Arndale Octa Board and a “Juno-board.”
Qualcomm joins Linaro — is Nvidia next?
The involvement of Nvidia suggests the potential for this Linaro hold-out to eventually join the group. The Core members of Linaro are ARM and HiSilicon, while Club members include Broadcom, Fujitsu, LG, Samsung, ST, and Texas Instruments. This week, Qualcomm joined as a Core Member, and will collaborate with the group via its Qualcomm Innovation Center (QuIC) subsidiary.
Linaro deserves a lot of the credit for cleaning up the chaotic ARM codebase in the Linux kernel in recent years. Linaro is “consistently being listed as one of the top three company contributors to recent Linux kernels,” says the organization.
Other Linaro Engineering Groups include the Linaro Networking Group (LNG) and the Linaro Enterprise Group (LEG) for servers. There are also groups devoted to kernel, power management, toolchain, graphics, and LAVA (testing) technology.
Earlier this month, Linaro surveyed upcoming plans for Android enhancements. Goals include optimizing for ARMv7 SoCs, enabling mobile-specific features in bootloaders like U-Boot and UEFI EDK II, and solving problems in booting Android code compiled with Clang. Linaro also plans to optimize Android implementations of SQLite, as well as improve battery life.
“STMicroelectronics is working closely with the Linaro Security Working Group to make its Trusted Execution Environment freely available for ARM TrustZone,” stated Christophe Lorieau, Director of System, Software, & Customer Support, Unified Platform Division, STMicroelectronics.
“We’re pleased to work with Linaro and the Security Working Group to bring a common open-source solution to market,” stated Hadi Nahari, Chief Security Architect, Tegra Software at Nvidia.
More information on Linaro’s Security Working Group may be found at Linaro’s SWG web-page.