Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OP-TEE Remote Attestation with VERAISON Verification #6921

Open
kunisuzaki opened this issue Jun 28, 2024 · 6 comments
Open

OP-TEE Remote Attestation with VERAISON Verification #6921

kunisuzaki opened this issue Jun 28, 2024 · 6 comments
Labels
enhancement

Comments

@kunisuzaki
Copy link

We have customized OP-TEE (a Secure OS for Arm Cortex-A TrustZone) to enable Remote Attestation with VERAISON Verification.
This setup runs seamlessly with Docker and QEMU.
Detailed information can be found in the HP https://github.com/iisec-suzaki/optee-ra
@etienne-lms etienne-lms mentioned this issue Jul 1, 2024
Closed
@jenswi-linaro
Copy link
Contributor

Hi @kunisuzaki,

Thanks for sharing, this is interesting. I took a quick look at the repository. You have a user TA that makes up the main interface towards the normal world. However the User TA in principle only forwards the requests to a Pseudo TA. Why is the user TA needed at all, couldn't the PTA provide the interface for the normal world instead? Or do you anticipate further changes in the user TA?

Cheers,
Jens

@kunisuzaki
Copy link
Author

Hello @jenswi-linaro,

Thank you for your interest.

The current User TA is just an example and only passes the RA evidence. As shown in the figure,, User TA and RP establish trust and secure communication once Remote Attestation is confirmed. You can customize the TA to suit your needs.

The PTA provides a general mechanism to make a RA evidence. It measures the hash of the TA and signs the hash. The RA evidence is verified by Veraison verifier.

@github-actions GitHub Actions
Copy link

github-actions bot commented Aug 6, 2024

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.

@github-actions github-actions bot added the Stale label Aug 6, 2024
@jbech-linaro
Copy link
Contributor

I'm removing the Stale label and adding the Enhancement label instead, since I believe this is something that we're interested in.

@jbech-linaro
Copy link
Contributor

@kunisuzaki , we discussed this in an OP-TEE maintainer email thread last week. If you're interested and have time, we'd like to suggest that you send patches for this inform of pull-requests. We believe that

  • The psuedo TA for this should go in under optee_os/core/pta/veraison_ra or something like that.

For user space TA and client app.

  • For a client app, we thought that perhaps optee_examples would be suitable.
  • The user space TA should go in under optee_os/ta or alternatively also land under optee_examples.

Please let us know that you think about this proposal.

@kunisuzaki
Copy link
Author

@jbech-linaro Thank you for your proposal.
We want to accept it and make a pull request.
Anyway ,we are now revising the optee-ra to use the least Verasion. Please wait for it.

@kunisuzaki kunisuzaki mentioned this issue Aug 26, 2024
Open
@graziadonghia graziadonghia mentioned this issue Sep 5, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kunisuzaki @jenswi-linaro @jbech-linaro