Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Publish "New Dasharo v0.9.0 Meteor Lake releases" #602

Merged
merged 25 commits into from
Aug 8, 2024
Merged

Publish "New Dasharo v0.9.0 Meteor Lake releases" #602

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
b0be14f
blog/static/authors/filip.golas.png: Add
philipandag Jul 23, 2024
5bab469
blog/content/authors/filip-golas/_index.html: Add
philipandag Jul 23, 2024
4d18807
blog/data/authors/filip.golas.json: Add
philipandag Jul 23, 2024
7a96cc8
blog/static/authors/filip.golas.png: Add
philipandag Jul 23, 2024
96d4d72
posts/2024-07-23-new-mtl-releases-blogpost: Add contributions info
philipandag Jul 23, 2024
a65ba18
static/img/: Add some images for new-mtl-releases-blogpost
philipandag Jul 24, 2024
dae7b7b
content/post/2024-07-23-new-mtl-releases.md: Peatures up to setup passwd
philipandag Jul 24, 2024
d5f10da
blog/static/img/: More images for new-mtl-releases-blogpost
philipandag Jul 24, 2024
7ae1210
blog/content/post/2024-07-23-new-mtl-releases.md: Describe more features
philipandag Jul 24, 2024
84919c4
posts/2024-07-23-new-mtl-releases.md: Describe Network Boot, lil' fixes
philipandag Jul 24, 2024
10df8eb
post/2024-07-23-new-mtl-releases.md: Add a short summary
philipandag Jul 24, 2024
3cfdf6b
blog: 2024-07-23-new-mtl-releases: add thumbnail
philipandag Jul 24, 2024
6ed9f72
blog/static/covers/novacustom-dasharo-v0.9.0: Larger font
philipandag Jul 24, 2024
860404c
post/2024-07-23-new-mtl-releases: Add two images, apply languagetool
philipandag Jul 24, 2024
e2076eb
Update blog/content/post/2024-07-23-new-mtl-releases.md
philipandag Jul 31, 2024
6528cf7
post/..new-mtl-releases.md: Fix PD limit feature description
philipandag Jul 31, 2024
f4f7267
new-mtl-releases.md: Change Vboot link title
philipandag Aug 6, 2024
c19ddf3
new-mtl-releases.md: `setup` to `Dasharo System Features`
philipandag Aug 6, 2024
ab692a6
new-mtl-releases.md: Rephrase info on known issues
philipandag Aug 6, 2024
a79a88a
post/2024-08-07-new-mtl-releases.md: bump publication date
mkopec Aug 7, 2024
d90da17
post/2024-08-07-new-mtl-releases.md: address Beata's review
mkopec Aug 7, 2024
180bd9b
Merge pull request #597 from 3mdeb/authors/filip-golas
artur-rs Aug 8, 2024
1409520
blog/content/post/2024-03-08-cross2024-ftpm-tee-ta.md: addressed review
tym2k1 Mar 19, 2024
8d9ce61
Merge pull request #591 from 3mdeb/cross_ftpm_review
artur-rs Aug 8, 2024
e496f1b
blog/content/post/2024-08-07-new-mtl-releases.md: fix broken docs link
artur-rs Aug 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions blog/content/authors/filip-golas/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
title: "Filip Gołaś"
name: "Filip Gołaś"
identifier: filip.golas
photo: "/authors/filip.golas.png"
facebook: ""
twitter: ""
linkedin: "https://www.linkedin.com/in/filip-go%C5%82a%C5%9B/"
github: "https://github.com/philipandag"
---

Embedded Developer Intern at 3mdeb, studying Computer Science
at Gdansk University of Technology. Interested in low-level
programming, networking and computer security.
Enjoying amateur astronomy, PC building and video games.
32 changes: 26 additions & 6 deletions blog/content/post/2024-03-08-cross2024-ftpm-tee-ta.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,20 +45,34 @@ in a protected execution environment called a trusted execution environment
For Arm Cortex-A, there exists the Arm TrustZone technology.
When used on an embedded device it creates two distinct memory "worlds": a
Normal World for the Operating System (referred to as Rich OS in documentation)
and a Secure World, perfect for implementing the Trusted Execution Environment.
and a Secure World, perfect for implementing the Trusted Execution
Environment<sup>[[1]](#figure-1%3A-arm-trustzone-for-arm-cortex-a)</sup>. <!-- markdownlint-disable-line MD033 MD051 MD013 -->
The transition between these worlds is managed by the Secure Monitor, operating
at a higher exception level (EL3), ensuring secure memory regions are
exclusively accessible from the Secure World. This mechanism supports running
exclusively accessible from the Secure
World<sup>[[2]](#figure-2%3A-cortex-a-exception-levels)</sup>. <!-- markdownlint-disable-line MD033 MD051 MD013 -->
This mechanism supports running
fTPM in the Secure World, enabling secure syscalls from user space. Secrets
stored in fTPM are secure as long as the Secure Monitor is not compromised.
<!-- markdownlint-disable-next-line MD033 MD013-->
<div style="text-align: center;"> <img src="../../static/img/TEE_ARM_Cortex-a.svg" alt="Cortex-A TrustZone"> </div>

![Cortex-A TrustZone Exception Levels](/img/TEE_ARM_Cortex-a_exception_levels.svg)
<!-- markdownlint-disable-next-line MD033 MD001 -->
##### <div style="text-align: center;">Figure 1: Arm TrustZone for ARM Cortex-A </div>

![Cortex-A TrustZone](/img/TEE_ARM_Cortex-a.svg)
<br> <!-- markdownlint-disable-line MD033 -->
<br> <!-- markdownlint-disable-line MD033 -->

<!-- markdownlint-disable-next-line MD033 MD013-->
<div style="text-align: center;"> <img src="../../static/img/TEE_ARM_Cortex-a_exception_levels.svg" alt="Cortex-A TrustZone Exception Levels"> </div>

<!-- markdownlint-disable-next-line MD033 MD001 -->
##### <div style="text-align: center;">Figure 2: Cortex-A Exception Levels </div>

Arm TrustZone also exists for the Cortex-M series but adopts a simpler and more
hardware-focused approach relying on hardware mechanisms to manage the CPU
state via interrupts.
state via
interrupts<sup>[[3]](#figure-3%3A-arm-trustzone-for-arm-cortex-m)</sup>. <!-- markdownlint-disable-line MD033 MD051 MD013 -->

fTPM requires a non-trivial amount of computational
resources and memory, which might be scarce in the environments where Cortex-M
Expand All @@ -67,6 +81,12 @@ due to the limited resources available on these devices. It's also rare for the
Cortex-M devices demand the complex security functionalities that fTPM
provides.

<!-- markdownlint-disable-next-line MD033 MD013 -->
<div style="text-align: center;"> <img src="../../static/img/TEE_ARM_Cortex-m.svg" alt="Cortex-M TrustZone"> </div>

<!-- markdownlint-disable-next-line MD033 MD001 -->
##### <div style="text-align: center;">Figure 3: Arm TrustZone for ARM Cortex-M </div>

## Fallbacks and Security Concerns

_The best-protected systems have dedicated hardware security measures included
Expand All @@ -79,7 +99,7 @@ this can improve the security of such devices there are hardware security
concerns that the device should fulfill from the beginning.

OP-TEE (Open Portable Trusted Execution Environment) is an open-source project
that provides a TEE designed for Arm architectures that utilizes Arm TrustZone.
that provides a TEE designed for ARM architectures that utilizes Arm TrustZone.
Its [official documentation specifies the Raspberry Pi 3 platform as not
suitable for a secure implementation of Trusted Execution Environment](
https://optee.readthedocs.io/en/latest/building/devices/rpi3.html#disclaimer).
Expand Down
Loading
Loading