SlideShare une entreprise Scribd logo

Porting tock to open titan

Télécharger en tant que PPTX, PDF
RISC-V International
RISC-V International

RISC-V Summit 2020 presentation

Technologie
1  sur  11
© 2020 Western Digital Corporation or its affiliates. All rights reserved. 4/19/2021 Porting Tock to OpenTitan Alistair Francis <alistair.francis@wdc.com> December 2020
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 2 Todays Talk • What is OpenTitan? • What is Tock? • What do Tock apps look like? • Status of Tock on OpenTitan • Deep dive into USB/CTAP support in Tock on OpenTitan
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 3 OpenTitan • OpenTitan is an open source silicon Root of Trust (RoT) project • Backed by lowRISC, ETH, Google, Nuvoton, Western Digital and others • OpenTitan uses the Ibex RV32 core as its main processor – Includes a variety of IP blocks for security, including AES, HMAC
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 4 Tock • Tock is an embedded operating system written in Rust • It’s designed for small platforms without an MMU – Tock's design centers around protection, both from potentially malicious applications and from device drivers • Tock uses the Rust language to enforce security and safety protections in the kernel
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 5 Tock Apps • Apps can be written in C (libtock-c) or Rust (libtock-rs) – C apps have better support – OpenTitan likes Rust as it provides more safety – Other languages are possible as well • Tock uses the ARM® MPU or RISC-V PMP to isolate apps • Apps only have access to their own memory and can’t interfere with the kernel or other apps – There are kernel calls and IPC to allow communication between apps OpenTitan Hardware OpenTitan Boot ROM Tock U2F App RNG App Other App
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 6 App interface to kernel • Four main system call categories – allow – subscribe – command – yield
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 7 Tock on OpenTitan • The majority of work happens on mainline Tock • Mainline Tock supports: – AES – Flash Controller – GPIOs – HMAC – I2C – Power Manager – Timers – UART – USB/CTAP • Upcoming work – ePMP – Key/Value filesystem – System call (syscall) Filtering – Storage ACLs
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8 CTAP2 Client To Authenticator Protocol • CTAP is a spec developed by the FIDO Alliance that specifies the protocol for a host to communicate with a cryptographic authenticator device. – Is used by browsers and Yubikeys for WebAuthn • Ctap Rust crate already exists: https://crates.io/crates/ctap2- authenticator This Photo by MesserWoland is licensed under CC BY-SA
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 9 Tock Kernel Changes for USB
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 10 Demo
© 2019 Western Digital Corporation or its affiliates. All rights reserved. 4/19/2021

Recommandé

RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the union
RISC-V International
 
Linux Device Driver’s
Linux Device Driver’sLinux Device Driver’s
Linux Device Driver’s
Rashmi Warghade
 
Andes RISC-V vector extension demystified-tutorial
Andes RISC-V vector extension demystified-tutorialAndes RISC-V vector extension demystified-tutorial
Andes RISC-V vector extension demystified-tutorial
RISC-V International
 
Review of QNX
Review of QNXReview of QNX
Review of QNX
Robert-Emmanuel Mayssat
 
Ipmi spec ch1~6_simon_20110422
Ipmi spec ch1~6_simon_20110422Ipmi spec ch1~6_simon_20110422
Ipmi spec ch1~6_simon_20110422
davidsmc
 
9: OllyDbg
9: OllyDbg9: OllyDbg
9: OllyDbg
Sam Bowne
 
Reducing boot time in embedded Linux
Reducing boot time in embedded LinuxReducing boot time in embedded Linux
Reducing boot time in embedded Linux
Chris Simmonds
 
Yocto Project introduction
Yocto Project introductionYocto Project introduction
Yocto Project introduction
Yi-Hsiu Hsu
 

Recommandé

RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the union
RISC-V International
 
Linux Device Driver’s
Linux Device Driver’sLinux Device Driver’s
Linux Device Driver’s
Rashmi Warghade
 
Andes RISC-V vector extension demystified-tutorial
Andes RISC-V vector extension demystified-tutorialAndes RISC-V vector extension demystified-tutorial
Andes RISC-V vector extension demystified-tutorial
RISC-V International
 
Review of QNX
Review of QNXReview of QNX
Review of QNX
Robert-Emmanuel Mayssat
 
Ipmi spec ch1~6_simon_20110422
Ipmi spec ch1~6_simon_20110422Ipmi spec ch1~6_simon_20110422
Ipmi spec ch1~6_simon_20110422
davidsmc
 
9: OllyDbg
9: OllyDbg9: OllyDbg
9: OllyDbg
Sam Bowne
 
Reducing boot time in embedded Linux
Reducing boot time in embedded LinuxReducing boot time in embedded Linux
Reducing boot time in embedded Linux
Chris Simmonds
 
Yocto Project introduction
Yocto Project introductionYocto Project introduction
Yocto Project introduction
Yi-Hsiu Hsu
 
CNIT 152 12 Investigating Windows Systems (Part 1 of 3)
CNIT 152 12 Investigating Windows Systems (Part 1 of 3)CNIT 152 12 Investigating Windows Systems (Part 1 of 3)
CNIT 152 12 Investigating Windows Systems (Part 1 of 3)
Sam Bowne
 
APT Saldırıları
APT SaldırılarıAPT Saldırıları
APT Saldırıları
Alper Başaran
 
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoTZephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
LinuxCon ContainerCon CloudOpen China
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
RedHunt Labs
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new black
Rob Fuller
 
CNIT 152: 12b Windows Registry
CNIT 152: 12b Windows RegistryCNIT 152: 12b Windows Registry
CNIT 152: 12b Windows Registry
Sam Bowne
 
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALAndroid's HIDL: Treble in the HAL
Android's HIDL: Treble in the HAL
Opersys inc.
 
LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)
Wang Hsiangkai
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM Virtualization
Marcel Winandy
 
Inside Android's UI
Inside Android's UIInside Android's UI
Inside Android's UI
Opersys inc.
 
Linux
LinuxLinux
Linux
Harikesh Kumar
 
Implementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSPImplementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSP
Cheng Wig
 
Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology
Jace Liang
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
PLUMgrid
 
Android Things : Building Embedded Devices
Android Things : Building Embedded DevicesAndroid Things : Building Embedded Devices
Android Things : Building Embedded Devices
Emertxe Information Technologies Pvt Ltd
 
Hacking QNX
Hacking QNXHacking QNX
Hacking QNX
ricardomcm
 
Linux red hat overview and installation
Linux red hat overview and installationLinux red hat overview and installation
Linux red hat overview and installation
devenderbhati
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
Sumit Singh
 
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
Linaro
 
Siber Güvenlik ve Etik Hacking Sunu - 6
Siber Güvenlik ve Etik Hacking Sunu - 6Siber Güvenlik ve Etik Hacking Sunu - 6
Siber Güvenlik ve Etik Hacking Sunu - 6
Murat KARA
 
The MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware LibrariesThe MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware Libraries
Intel® Software
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
Black Duck by Synopsys
 

Contenu connexe

Tendances

Linux red hat overview and installation
Linux red hat overview and installationLinux red hat overview and installation
Linux red hat overview and installation
devenderbhati
 
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
Linaro
 

Tendances (20)

CNIT 152 12 Investigating Windows Systems (Part 1 of 3)
CNIT 152 12 Investigating Windows Systems (Part 1 of 3)CNIT 152 12 Investigating Windows Systems (Part 1 of 3)
CNIT 152 12 Investigating Windows Systems (Part 1 of 3)
 
APT Saldırıları
APT SaldırılarıAPT Saldırıları
APT Saldırıları
 
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoTZephyr: Creating a Best-of-Breed, Secure RTOS for IoT
Zephyr: Creating a Best-of-Breed, Secure RTOS for IoT
 
OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019OSINT for Proactive Defense - RootConf 2019
OSINT for Proactive Defense - RootConf 2019
 
Windows Attacks AT is the new black
Windows Attacks AT is the new blackWindows Attacks AT is the new black
Windows Attacks AT is the new black
 
CNIT 152: 12b Windows Registry
CNIT 152: 12b Windows RegistryCNIT 152: 12b Windows Registry
CNIT 152: 12b Windows Registry
 
Android's HIDL: Treble in the HAL
Android's HIDL: Treble in the HALAndroid's HIDL: Treble in the HAL
Android's HIDL: Treble in the HAL
 
LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)LLVM Register Allocation (2nd Version)
LLVM Register Allocation (2nd Version)
 
Property-Based TPM Virtualization
Property-Based TPM VirtualizationProperty-Based TPM Virtualization
Property-Based TPM Virtualization
 
Inside Android's UI
Inside Android's UIInside Android's UI
Inside Android's UI
 
Linux
LinuxLinux
Linux
 
Implementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSPImplementing generic JNI hardware control for Kotlin based app on AOSP
Implementing generic JNI hardware control for Kotlin based app on AOSP
 
Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology Introduction of eBPF - 時下最夯的Linux Technology
Introduction of eBPF - 時下最夯的Linux Technology
 
EBPF and Linux Networking
EBPF and Linux NetworkingEBPF and Linux Networking
EBPF and Linux Networking
 
Android Things : Building Embedded Devices
Android Things : Building Embedded DevicesAndroid Things : Building Embedded Devices
Android Things : Building Embedded Devices
 
Hacking QNX
Hacking QNXHacking QNX
Hacking QNX
 
Linux red hat overview and installation
Linux red hat overview and installationLinux red hat overview and installation
Linux red hat overview and installation
 
Kali Linux
Kali LinuxKali Linux
Kali Linux
 
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
HKG18-411 - Introduction to OpenAMP which is an open source solution for hete...
 
Siber Güvenlik ve Etik Hacking Sunu - 6
Siber Güvenlik ve Etik Hacking Sunu - 6Siber Güvenlik ve Etik Hacking Sunu - 6
Siber Güvenlik ve Etik Hacking Sunu - 6
 

Similaire à Porting tock to open titan

Open Source for Industry 4.0 – Open IoT Summit NA 2018
Open Source for Industry 4.0 – Open IoT Summit NA 2018Open Source for Industry 4.0 – Open IoT Summit NA 2018
Open Source for Industry 4.0 – Open IoT Summit NA 2018
Benjamin Cabé
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
Srikanth Pilli
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
Linaro
 
Software Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal TechnologiesSoftware Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal Technologies
Open Networking Summits
 
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSIntroduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
MediaTek Labs
 

Similaire à Porting tock to open titan (20)

The MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware LibrariesThe MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware Libraries
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
Totem Cloud Rfid Solutions (3)
Totem Cloud Rfid Solutions (3)Totem Cloud Rfid Solutions (3)
Totem Cloud Rfid Solutions (3)
 
Totem cloud rfid solutions (3)
Totem cloud rfid solutions (3)Totem cloud rfid solutions (3)
Totem cloud rfid solutions (3)
 
Web rtc for iot, edge computing use cases
Web rtc for iot, edge computing use casesWeb rtc for iot, edge computing use cases
Web rtc for iot, edge computing use cases
 
Media processing with serverless architecture
Media processing with serverless architectureMedia processing with serverless architecture
Media processing with serverless architecture
 
Open Source for Industry 4.0 – Open IoT Summit NA 2018
Open Source for Industry 4.0 – Open IoT Summit NA 2018Open Source for Industry 4.0 – Open IoT Summit NA 2018
Open Source for Industry 4.0 – Open IoT Summit NA 2018
 
Is Linux ready for safety related applications?
Is Linux ready for safety related applications?Is Linux ready for safety related applications?
Is Linux ready for safety related applications?
 
Ryu SDN Framework
Ryu SDN FrameworkRyu SDN Framework
Ryu SDN Framework
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
 
Linux kernel status in RISC-V
Linux kernel status in RISC-VLinux kernel status in RISC-V
Linux kernel status in RISC-V
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT Security
 
Qualcomm @ Scilab Conference 2018
Qualcomm @ Scilab Conference 2018Qualcomm @ Scilab Conference 2018
Qualcomm @ Scilab Conference 2018
 
Software Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal TechnologiesSoftware Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal Technologies
 
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdfZephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
 
FieldServer for OEM Overview
FieldServer for OEM OverviewFieldServer for OEM Overview
FieldServer for OEM Overview
 
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSIntroduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
 
LCU13: George Grey Keynote LCU13
LCU13: George Grey Keynote LCU13LCU13: George Grey Keynote LCU13
LCU13: George Grey Keynote LCU13
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart Beat
 

Plus de RISC-V International

Plus de RISC-V International (20)

WD RISC-V inliner work effort
WD RISC-V inliner work effortWD RISC-V inliner work effort
WD RISC-V inliner work effort
 
RISC-V Zce Extension
RISC-V Zce ExtensionRISC-V Zce Extension
RISC-V Zce Extension
 
RISC-V Online Tutor
RISC-V Online TutorRISC-V Online Tutor
RISC-V Online Tutor
 
London Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VLondon Open Source Meetup for RISC-V
London Open Source Meetup for RISC-V
 
RISC-V Introduction
RISC-V IntroductionRISC-V Introduction
RISC-V Introduction
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-V
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V cores
 
Security and functional safety
Security and functional safetySecurity and functional safety
Security and functional safety
 
Reverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipReverse Engineering of Rocket Chip
Reverse Engineering of Rocket Chip
 
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor Family
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_gen
 
RISC-V 30908 patra
RISC-V 30908 patraRISC-V 30908 patra
RISC-V 30908 patra
 
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentor
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
 
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notes
 
Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...
 
Open j9 jdk on RISC-V
Open j9 jdk on RISC-VOpen j9 jdk on RISC-V
Open j9 jdk on RISC-V
 
Open source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process nodeOpen source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process node
 

Dernier

Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Dernier (20)

Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Porting tock to open titan

  • 1. © 2020 Western Digital Corporation or its affiliates. All rights reserved. 4/19/2021 Porting Tock to OpenTitan Alistair Francis <alistair.francis@wdc.com> December 2020
  • 2. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 2 Todays Talk • What is OpenTitan? • What is Tock? • What do Tock apps look like? • Status of Tock on OpenTitan • Deep dive into USB/CTAP support in Tock on OpenTitan
  • 3. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 3 OpenTitan • OpenTitan is an open source silicon Root of Trust (RoT) project • Backed by lowRISC, ETH, Google, Nuvoton, Western Digital and others • OpenTitan uses the Ibex RV32 core as its main processor – Includes a variety of IP blocks for security, including AES, HMAC
  • 4. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 4 Tock • Tock is an embedded operating system written in Rust • It’s designed for small platforms without an MMU – Tock's design centers around protection, both from potentially malicious applications and from device drivers • Tock uses the Rust language to enforce security and safety protections in the kernel
  • 5. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 5 Tock Apps • Apps can be written in C (libtock-c) or Rust (libtock-rs) – C apps have better support – OpenTitan likes Rust as it provides more safety – Other languages are possible as well • Tock uses the ARM® MPU or RISC-V PMP to isolate apps • Apps only have access to their own memory and can’t interfere with the kernel or other apps – There are kernel calls and IPC to allow communication between apps OpenTitan Hardware OpenTitan Boot ROM Tock U2F App RNG App Other App
  • 6. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 6 App interface to kernel • Four main system call categories – allow – subscribe – command – yield
  • 7. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 7 Tock on OpenTitan • The majority of work happens on mainline Tock • Mainline Tock supports: – AES – Flash Controller – GPIOs – HMAC – I2C – Power Manager – Timers – UART – USB/CTAP • Upcoming work – ePMP – Key/Value filesystem – System call (syscall) Filtering – Storage ACLs
  • 8. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8 CTAP2 Client To Authenticator Protocol • CTAP is a spec developed by the FIDO Alliance that specifies the protocol for a host to communicate with a cryptographic authenticator device. – Is used by browsers and Yubikeys for WebAuthn • Ctap Rust crate already exists: https://crates.io/crates/ctap2- authenticator This Photo by MesserWoland is licensed under CC BY-SA
  • 9. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 9 Tock Kernel Changes for USB
  • 10. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 10 Demo
  • 11. © 2019 Western Digital Corporation or its affiliates. All rights reserved. 4/19/2021

Notes de l'éditeur

  1. Tock is asynchronous and all operations are non-blocking The core kernel has access to the entire system and can use the Rust unsafe keyword The peripheral devices can use the unsafe keyword and can directly access hardware Capsules (where a lot of functionality is implemented) must be safe Rust No access to hardware or core kernel features Currently no hardware isolation in the kernel, just code design isolation (WD is working on improving this)
  2. Allow marks a region of memory as shared between the kernel and application. Passing a null pointer requests the corresponding driver to stop accessing the shared memory region. Subscribe assigns callback functions to be executed in response to various events. Command instructs the driver to perform a specific action. Yield transitions the current process from the Running to the Yielded state, and the process will not execute again until another callback re-schedules the process. All except for yield are non-blocking
  3. Setup Tock drivers and register callbacks Read bytes from USB and pass to CTAP library Send data returned from library after processing Crypto sign and attest operations. Currently done in software in userspace, eventually wan to offload to the Tock kernel and hardware accelerators HMAC is off loaded to Tock and HMAC hardware Currently no TRGN, so nonce is hardcoded Also no flash storage, so data is lost on reboot