Exploring mobile linux security with PinePhone Pro: OP-TEE sec enclave, Virtualization and beyond
Echidna (Gegair) | Tue 16 Apr 11:40 a.m.–12:25 p.m.
Presented by
-
Yifei Zhan
https://segments.zhan.science/posts/
Yifei is a Computer Science student at Swinburne University. He has been doing Linux programming since the age of 14 and also has a great interest in hardware hacking and no fear of taking a soldering iron to expensive computer gear. He has a great interest in security and has experimented with many options for security on phones.
Yifei Zhan
https://segments.zhan.science/posts/
Abstract
Exploring mobile linux security with PinePhone Pro: OP-TEE security enclave,
Virtualization and beyond
The traditional security model of the desktop system is no longer suitable for
today's threat landscape, and there is a long road ahead until we can have
auditable and user-controlled mobile linux devices. This talk covers my journey
exploring Open Source Security Enclave, Virtualization, and alternative Operating
System on the PinePhone Pro with focus on security improvement for mobile linux
device.
Security Enclave or Secure element is a proven way to increase the security of a
device against compromised OS and/or hardware attack, it works by isolating
sensitive operations into a hardware backed secure environment with reduced
attack surface.
This technology is often used on mobile devices for user-hostile purposes such
as DRM or lock-in, and operates in a privileged state while being hard to audit
by the user, but this isn't always the case. With OP-TEE, it's possible to build
a Trusted Execution Environment that is open to the user and auditable, while
facilitating hardware-backed security features. In the end this can make
attacking an open source device more expensive.
I'm experimenting this with the PinePhone Pro as part of a grant by Linux
Australia, although the pinephone pro does not offer a complete hardware-backed
chain-of-trust at the current stage, it is still an open and available platform
for exploring the way forward for secure linux mobile device and offers a
testing platform with realistic use scenario.
//////////// Slides Draft
VerityMobile: Free and user friendly mobile hardware security framework
What is Security Enclave and Trusted Execution Environment (TEE)
How is TEE used by commercial vendors (Android/iOS)
Why do we need it? / How do we use it?
- Attack surface reduction
- Increase overall security of a system
- Many other use cases
Making Hardware more expensive to attack, while remain open and auditable
PinePhone Pro: How does rk3399 boot?
- bootrom loads u-boot TPL into SRAM from SDcard
- TPL init DRAM, return to bootrom
- bootrom load u-boot SPL, which setup trustzone (fTPM)
- SPL then run proper U-boot and pass exec to kernel
PinePhone Pro: The Missing Root of Trust
- Possible new hardware revision?
Use Case for security enclave:
- Hardware backed TLS crypto engine
Work with OpenSSL/OpenVPN
- Passkey with practially unlimited key storage
Using fTPM to seal passkey identity
It's still more secure than password even without proper root of trust, easy to rotate, hard to clone
- TPM and measured boot
- Auto decrypt root disk with key from TPM
- Near-field and remote attestation
U-Boot can interact with fTPM to perform measured boot
fTPM can sign a proof for attestation
- What can be explored?
Constant measuring of kernel state, try to detect attack?
Other Pathways:
- Virtualization based security
- seL4 and other microkernels
- OpenBSD as guest VM (demo)
Exploring mobile linux security with PinePhone Pro: OP-TEE security enclave, Virtualization and beyond The traditional security model of the desktop system is no longer suitable for today's threat landscape, and there is a long road ahead until we can have auditable and user-controlled mobile linux devices. This talk covers my journey exploring Open Source Security Enclave, Virtualization, and alternative Operating System on the PinePhone Pro with focus on security improvement for mobile linux device. Security Enclave or Secure element is a proven way to increase the security of a device against compromised OS and/or hardware attack, it works by isolating sensitive operations into a hardware backed secure environment with reduced attack surface. This technology is often used on mobile devices for user-hostile purposes such as DRM or lock-in, and operates in a privileged state while being hard to audit by the user, but this isn't always the case. With OP-TEE, it's possible to build a Trusted Execution Environment that is open to the user and auditable, while facilitating hardware-backed security features. In the end this can make attacking an open source device more expensive. I'm experimenting this with the PinePhone Pro as part of a grant by Linux Australia, although the pinephone pro does not offer a complete hardware-backed chain-of-trust at the current stage, it is still an open and available platform for exploring the way forward for secure linux mobile device and offers a testing platform with realistic use scenario. //////////// Slides Draft VerityMobile: Free and user friendly mobile hardware security framework What is Security Enclave and Trusted Execution Environment (TEE) How is TEE used by commercial vendors (Android/iOS) Why do we need it? / How do we use it? - Attack surface reduction - Increase overall security of a system - Many other use cases Making Hardware more expensive to attack, while remain open and auditable PinePhone Pro: How does rk3399 boot? - bootrom loads u-boot TPL into SRAM from SDcard - TPL init DRAM, return to bootrom - bootrom load u-boot SPL, which setup trustzone (fTPM) - SPL then run proper U-boot and pass exec to kernel PinePhone Pro: The Missing Root of Trust - Possible new hardware revision? Use Case for security enclave: - Hardware backed TLS crypto engine Work with OpenSSL/OpenVPN - Passkey with practially unlimited key storage Using fTPM to seal passkey identity It's still more secure than password even without proper root of trust, easy to rotate, hard to clone - TPM and measured boot - Auto decrypt root disk with key from TPM - Near-field and remote attestation U-Boot can interact with fTPM to perform measured boot fTPM can sign a proof for attestation - What can be explored? Constant measuring of kernel state, try to detect attack? Other Pathways: - Virtualization based security - seL4 and other microkernels - OpenBSD as guest VM (demo)