Exploring mobile linux security with PinePhone Pro: OP-TEE sec enclave, Virtualization and beyond

Exploring mobile linux security with PinePhone Pro: OP-TEE security enclave, Virtualization and beyond The traditional security model of the desktop system is no longer suitable for today's threat landscape, and there is a long road ahead until we can have auditable and user-controlled mobile linux devices. This talk covers my journey exploring Open Source Security Enclave, Virtualization, and alternative Operating System on the PinePhone Pro with focus on security improvement for mobile linux device. Security Enclave or Secure element is a proven way to increase the security of a device against compromised OS and/or hardware attack, it works by isolating sensitive operations into a hardware backed secure environment with reduced attack surface. This technology is often used on mobile devices for user-hostile purposes such as DRM or lock-in, and operates in a privileged state while being hard to audit by the user, but this isn't always the case. With OP-TEE, it's possible to build a Trusted Execution Environment that is open to the user and auditable, while facilitating hardware-backed security features. In the end this can make attacking an open source device more expensive. I'm experimenting this with the PinePhone Pro as part of a grant by Linux Australia, although the pinephone pro does not offer a complete hardware-backed chain-of-trust at the current stage, it is still an open and available platform for exploring the way forward for secure linux mobile device and offers a testing platform with realistic use scenario. //////////// Slides Draft VerityMobile: Free and user friendly mobile hardware security framework What is Security Enclave and Trusted Execution Environment (TEE) How is TEE used by commercial vendors (Android/iOS) Why do we need it? / How do we use it? - Attack surface reduction - Increase overall security of a system - Many other use cases Making Hardware more expensive to attack, while remain open and auditable PinePhone Pro: How does rk3399 boot? - bootrom loads u-boot TPL into SRAM from SDcard - TPL init DRAM, return to bootrom - bootrom load u-boot SPL, which setup trustzone (fTPM) - SPL then run proper U-boot and pass exec to kernel PinePhone Pro: The Missing Root of Trust - Possible new hardware revision? Use Case for security enclave: - Hardware backed TLS crypto engine Work with OpenSSL/OpenVPN - Passkey with practially unlimited key storage Using fTPM to seal passkey identity It's still more secure than password even without proper root of trust, easy to rotate, hard to clone - TPM and measured boot - Auto decrypt root disk with key from TPM - Near-field and remote attestation U-Boot can interact with fTPM to perform measured boot fTPM can sign a proof for attestation - What can be explored? Constant measuring of kernel state, try to detect attack? Other Pathways: - Virtualization based security - seL4 and other microkernels - OpenBSD as guest VM (demo)