Linaro Connect Bangkok

This is a general talk covering various topics and features that Security Working Group has been working with since the previous Connect. I.e., expect to hear more about the current status and what the future plan is for various topics.

In this talk we are going to look into what it means to run a TEE in a TPM and answer questions like, what are the benefits and what the trade-offs when you are running a software based TPM in a TEE as a firmware TPM. For the second part of the talk we intend to have a more open discussion with the audience, where we want to discuss use cases and what kind changes that are necessary in boot components to be able talk to software based TPM instead of a real TPM.

Recently up-streamed changes to OP-TEE allow a board-port to provide a DTB overlay in-memory to be merged into a main DTB by a later boot phase.
This would be a brief description of how that works and why you might want to consider it for your project.

This session will cover how the recently added feature with Trusted Application shared memory works.

With this TAs can share of read-only code pages allowing efficient memory usage with several instances of the same TA or a common shared library.

Debugging trusted applications (and OP-TEE itself) can be difficult because, for very good reasons, secure software is often reluctant to disclose information about its operation to the non-secure world, meaning is does not have access to the rich facilities in operating systems such as GNU/Linux that would normally be used for system level debug.

In this session we will discuss the common debug techniques used to debug secure applications. We will also look at how it is possible to implement function tracing to help solve problems, especially on platforms where JTAG debug is unavailable.

This is a presentation on Dynamic Configuration and the associated Position Independent Executable Support (PIE) in Trusted Firmware-A (TF-A).

SFO17 had a BoF session (by Dan Handley) to discuss the implementation plan for dynamic configuration in firmware. General agreement was that this is a good feature to do and some of the envisaged use-cases were: 
* Dynamic config of secure firmware features
* Dynamic firmware config using hardware configuration, security policies
* Modification of hardware configuration as seen by other software
* Centralized static firmware configuration etc

The presentation will focus on the implementation of dynamic configuration and how it can be utilized by TF-A partners. Some illustrations wherein ARM platforms dynamically configure the firmware for functionality and memory savings will also be provided.

Position Independent Executable (PIE) support for TF-A has been a long pending request from TF-A partners. The presentation will describe the technical details on how this feature was implemented in AArch64 version of TF-A. It will also cover some limitations of the implemented `dynamic relocation fixup` code.