Trusted Execution Environments On-Demand via Reconfigurable FPGA
View Demo
·
Report Bug
·
Request Feature
Table of Contents
Security is becoming paramount for IoT end-to-end solution designs. One well-established strategy to provide increased integrity and confidentiality for applications, from the edge to the cloud, is to rely on Trusted Execution Environments (TEE). One of the most common TEE design approaches is to create a virtual secure processor in the main application processor by leveraging specific security-oriented hardware extensions. Another approach that has also been taken by industry to provide a TEE is to use dedicated external secure elements. However, both of these approaches yield different weaknesses.
In this project, we introduce a novel TEE design aiming at disrupting the way TEEs are currently being built and deployed. We propose a newly refined TEE approach, named Trusted Execution Environments On-Demand (TEEOD), which leverages reconfigurable FPGA technology to provide additional security guarantees for security-critical applications. TEEOD approach implements secure enclaves in the programmable logic (PL) by instantiating a customized and dedicated security processor per application on a per-need basis.
- First open Vivado and select
Tools -> Run Tcl Script...
and selecting the<project_dir>/hw/project_teeod.tcl
- Generate bitstream.
- Using the generated bitstream, build petalinux following this Guide.
- After succesfully build linux, it's time to generate the host and the TA applications. First, genereate the teeodc libray, by running the Makefile in client-api folder.
- Run the Makefile that is inside the folder apps/bitcoin-wallet you should obtain an bitcoin_wallet.elf (client application) and an TA.bin.
- Copy the wallet and the TA.bin to any folder in choose inside the petalinux running on the Ultra96v2
- Run the follow commands:
./wallet 1 1234 #check if there is a master key run
./wallet 2 1234 #generate a new master key
./wallet 3 1234 -a <mnemonic> #generate a new master key from a mnemonic
./wallet 4 1234 #erase the generated master key
./wallet 5 1234 -a <account_id> #sign a transaction
./wallet 6 1234 #get the bitcoin address
Use this space to show useful examples of how a project can be used. Additional screenshots, code examples and demos work well in this space. You may also link to more resources.
For more examples, please refer to the Documentation
See the open issues for a list of proposed features (and known issues).
Sérgio Pereira - @Linkedin - sergio.pereira@dei.uminho.pt