Bringing Memory-Safety To Keystone Enclave
Bringing Memory-Safetyto Keystone EnclaveMingshen SunBaidu X-LabOpen-Source Enclaves Workshop (OSEW 2019)Berkeley, July 2019
https://mesatee.org
Rust and Keystone Enclave Open-Source Enclave (RISC-V Hardware/KeystoneEnclave): openness, simplicity, and flexibility Rust: Safety, performance, and productivity Outline:1. Briefly introduce our progress in bringing Rust toKeystone Enclave2. Discuss our efforts in implementing safeGlobalPlatform TEE APIs implemented in OP-TEE!3
Why Rust Memory-safety issues break security guarantees ofTrustZone. Qualcomm's Secure Execution Environment (QSEE)privilege escalation vulnerability and exploit(CVE-2015-6639) : lege-escalation-vulnerability.html Extracting Qualcomm's KeyMaster Keys - BreakingAndroid Full Disk Encryption: qualcommskeymaster-keys.html!4
Rust and Keystone Enclave SDK Overview: ne-Applications/SDK-Basics.html Host libraries (lib/host)Enclave Application libraries (lib/app)Edge libraries (lib/edge)Runtimes (rts/)!5
Rust Keystone Target: riscv64imac-unknown-none-elf!6
TEE Specs GlobalPlatform TEE specifications TEE System Architecture (GPD SPE 009): defines ageneral TEE architecture TEE Internal Core API Specification (GPD SPE 010) TEE Client API Specification (GPD SPE 007): definescommunication interface between Rich OS apps andtrusted apps.OP-TEE: open portable trusted execution environment incompliance with GlobalPlatform specs.!7
TrustZone ArchitectureEL0EL1Normal WorldSecure Worldclient appstrusted appsSVCSVCTrusted OSRich OSS-EL0S-EL1HVC/SMCEL2HypervisorSMCSMCSecure Monitor!8S-EL3
OP-TEE ImplementationSecure WorldNormal WorldGlobalPlatformOP-TEE Client C APItrusted appsclient appsTEESupplicantTEE Client SDKTEE TA SDKRich OS (OP-TEE driver)OP-TEE Trusted OSEL0EL1ARM Trusted Firmware (Secure Monitor)!9GlobalPlatformOP-TEE InternalCore C API
Safe SDK DesignSafe GlobalPlatformTEE Client APINormal WorldSecure Worldclient appstrusted appsTEE Client SDKTEE TA SDKRich OS (OP-TEE driver)OP-TEE Trusted OSSafe GlobalPlatformTEE Internal Core APIRust OP-TEETrustZone SDKARM Trusted Firmware (Secure Monitor)!10
Design of Client SDKclient appsClient apps targets: aarch64-unknown-linux-gnu -party cratesrust/libstd.libteecC libraryRust foundation layerRust crates!11Upstream projects
Design of TA SDKtrusted appsthird-party crates.compiler-builtinsTwo new targets in the Rust compiler/std: libstdlibutilC library st foundation layerRust crates!12Upstream projects
Project Structure optee-teec: client-side Rust library (LoC: 933)optee-utee: TA-side Rust library (LoC: 2827)optee: upstream optee library (optee client, optee os)rust: modified Rust including rust: 29 files changed, 1800 insertionslibc: 4 files changed, 131 insertionscompiler-builtins: 3 files changed, 3 insertions( ), 1deletion(-)examples: hello world, aes, hotp, random,secure storage, and serde (LoC: 3373)!13
Example - Demo in QEMU!14
GlobalPlatform TEE API SpecificationNormal WorldTEEC InitializeContextSecure World①TA CreateEntryPointTEEC OpenSessionTEEC InvokeCommandTEEC CloseSession②TA OpenSessionEntryPointTA InvokeCommandEntryPointTEEC OpenSession③TEEC InvokeCommandTEEC CloseSessionTEEC FinalizeContextTA CloseSessionEntryPointTA DestroyEntryPoint④!15
Example - Client (Current voke command()Context::new()ctx.open session()!16
Example - Trusted App (First Commit)#[no mangle]pub extern "C" fn TA CreateEntryPoint() - TEE Result {return TEE SUCCESS;}#[no mangle]pub extern "C" fn TA OpenSessionEntryPoint(paramTypes: ParamTypes,params: TEE Param,sessionContext: SessionP) - TEE Result {return TEE SUCCESS;}0 {unsafe { params[0].value.a 121; }},!17
Example - Trusted App (Current Design)#[ta create]#[ta open session]#[ta close session]#[ta destory]#[ta invoke command]!18
Example - Use SerdeUse serde to handle invokecommand!19
Other Examples hello world: minimal project structure aes: crypto, shared memory APIs hotp: crypto APIs random: crypto APIs secure storage: secure object related APIs serde: Rust third-party crates for de/serialization message passing interface!20
Thanks Rust and Keystone Enclave Safe GlobalPlatform APIs implemented in OP-TEE Baidu Rust Rust SGX SDK MesaTEE: A Framework for Universal Secure Computing MesaLock Linux, MesaLink, MesaPy, etc.
Backup Slides
Example - Client (Initial Design)raw::TEEC Contextraw::TEEC Sessionraw::TEEC Parameterraw::TEEC Operationraw::TEEC InitializeContextraw::TEEC OpenSessionraw::TEEC InvokeCommandraw::TEEC CloseSessionraw::TEEC FinalizeContextunsafe {}!23
Example - Project Structure host/: source code of the client app ta/: source code of stzone ta.lds: linker script Xargo.toml: "Cargo.toml" for cross compilation ta static.rs: some static data structure for TA proto/: shared data structure and configurations like a protocol Makefile: Makefile to build host and client uuid.txt: UUID for TA, randomly generated if the file does not exist.!24
Project Structure - rust/libstdsrc/librustc target/spec/aarch64 unknown optee /os std/sys/optee/rwlock.rssrc/libstd/sys/optee/stack /sys/optee/thread.rssrc/libstd/sys/optee/thread local.rssrc/libstd/sys/optee/time.rs!25
Example: alloc.rsThe underlying library of libc islibutil from OP-TEE!26
Example: thread.rsThread is not supported in OP-TEEOS. Currently, we will raise a panic.!27
Background ARM TrustZone providetrusted executionenvironment in mobilephone and embeddeddevices TrustZone secures mobilepayment, identificationauthentication, keymanagement, AI models,DRM,OS integrity, etc.!28
TrustZone ArchitectureAn Exploration of ARM TrustZone Technology: e!29
Project Structure Rust OP-TEE TrustZone SDK: zone-sdk Rust: https://github.com/mesalock-linux/rust Rust libc: https://github.com/mesalock-linux/libc.git Rust compiler-builtins: s.git Wiki: one-sdk/wiki!30
Other Examples hello world: minimal project structure aes: crypto, shared memory APIs hotp: crypto APIs random: crypto APIs secure storage: secure object related APIs serde: Rust third-party crates for de/serialization message passing interface!31
Roadmap April: open source May: trusted storage API design, cryptographicoperations API design, TEE arithmetical API design, andmore third-party Rust crates Jun: push modified Rust compiler/std to upstream andmake OP-TEE TrustZone as an official target. 2019 Q3/4: more trusted apps such as secure keyservice, remote attestation, fTPM, and machine learningalgorithm.!32
Rust and Keystone Enclave Open-Source Enclave (RISC-V Hardware/Keystone Enclave): openness, simplicity, and flexibility Rust: Safety, performance, and productivity Outline: 1. Briefly introduce our progress in bringing Rust to Keystone Enclave 2. Discuss our efforts in implementing safe GlobalPlatform TEE APIs implemented in OP-TEE!3
Medical-Only HMO, Keystone 65 Select Medical-Only HMO, and Keystone 65 Select Rx HMO have networks of doctors, hospitals, pharmacies, and other providers. Keystone 65 Basic Rx HMO, Keystone 65 Liberty Medical-Only HMO, Keystone 65 Select Medical-Only HMO, and Keystone 65 Select Rx HMO: If you use providers that are not in
Added KeyStone II specifics to SRTP examples (Page 3-8) Added mention of KeyStone II engine to Protocol Descriptions. (Page 2-5) Added Specifics for IPsec in KeyStone II devices at IPsec Examples. (Page 3-3) Included SRTP KeyStone II Updates (Page 2-21) Put KeyStone II specification in IPSEC Use (Page 2-11)
KE01053 Keystone Literature - English as a Second Language X KV01053 Keystone Literature - Visually Impaired X KH01053 Keystone Literature - Hearing Impaired X KAE01053 Keystone Literature - Alternative Education X K01005 Keystone – AP English Language and Composition X X X K01006 Keystone – AP Engl
Keystone First Keystone First . July 1, 2018 P.O. Box 7307 P.O. Box 7316 London, KY 40742 London, KY 40742 . Keystone First will send the Health Care Provider a letter acknowledging Keystone First's receipt of the request for a First Level Appeal Review within ten business days of Keystone .
Keystone 2013 AudCD Lev A Pearson 9780328733187 Keystone 2013 SE Lvl A Pearson 9781428434905 Keystone 2013 TE Lvl A Pearson 9781428434974 Video DVD Keystone A Pearson 9780132411820 Keystone 2013 WKBK Lvl A Pearson 9781428435049 Prentice Hall
Keystone Stonegate Country Manor’s smooth face looks like cut stone and presents a more refined look. Utilizing Keystone’s patented fiberglass pin connection method, Keystone Stonegate Country Manor offers the same freestanding wall options as Keystone Country Ma
8 Medical with Rx MEDICARE ADVANTAGE PLANS 0 0 Benefit & Cost Comparison IN THIS SECTION: 1Quarterly OTC allowance does not carry over.The maximum out-of-pocket for 2021 is 7,550 for Keystone 65 Basic, 6,500 for Keystone 65 Focus, and 4,900 for Keystone 65 Select. *All Keystone 65 Basic, Keystone 65 Pre
BEAR GRYLLS SURVIVAL ACADEMY In association with the Bear Grylls Survival Academy SERVING UP SKILLS AND FUN FOR ALL AGES An exciting challenge for guests, young and old to enjoy during their stay at Sani Resort. The Bear Grylls Survival Academy is a once-in-a-lifetime opportunity to learn expert survival skills within the unique natural surroundings of Sani resort. Guests take part in this .
