Session

Secure Runtime Library on IoT Device

While isolation levels greater than 1 are involved in PSA certificate, the existing runtime library for secure partition lacks security consideration and contains its own private data, this prevents secure partition calling these APIs because of potential information leakage.
A new runtime library needs to be available for secure partition with security consideration at the very start of design. The design should not break the isolation requirements listed in the PSA Firmware Framework specification. This runtime library also needs to be sharable for all secure partitions to save storage on IoT device, and it needs to be read-only to avoid tampering. And the most important part, no private data could exist inside of runtime library.
This new runtime library would keep security isolation consideration out of secure partition designers, which make the development environment unified for secure partition developers. And save the size for IoT software since this library is shared.

Ken Liu

Arm, Staff Software Engineer

View Speaker Profile