SlideShare ist ein Scribd-Unternehmen logo

Porting tock to open titan

Als PPTX, PDF herunterladen
RISC-V International
RISC-V International

RISC-V Summit 2020 presentation

Technologie
1 von 11
© 2020 Western Digital Corporation or its affiliates. All rights reserved. 4/19/2021 Porting Tock to OpenTitan Alistair Francis <alistair.francis@wdc.com> December 2020
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 2 Todays Talk • What is OpenTitan? • What is Tock? • What do Tock apps look like? • Status of Tock on OpenTitan • Deep dive into USB/CTAP support in Tock on OpenTitan
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 3 OpenTitan • OpenTitan is an open source silicon Root of Trust (RoT) project • Backed by lowRISC, ETH, Google, Nuvoton, Western Digital and others • OpenTitan uses the Ibex RV32 core as its main processor – Includes a variety of IP blocks for security, including AES, HMAC
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 4 Tock • Tock is an embedded operating system written in Rust • It’s designed for small platforms without an MMU – Tock's design centers around protection, both from potentially malicious applications and from device drivers • Tock uses the Rust language to enforce security and safety protections in the kernel
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 5 Tock Apps • Apps can be written in C (libtock-c) or Rust (libtock-rs) – C apps have better support – OpenTitan likes Rust as it provides more safety – Other languages are possible as well • Tock uses the ARM® MPU or RISC-V PMP to isolate apps • Apps only have access to their own memory and can’t interfere with the kernel or other apps – There are kernel calls and IPC to allow communication between apps OpenTitan Hardware OpenTitan Boot ROM Tock U2F App RNG App Other App
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 6 App interface to kernel • Four main system call categories – allow – subscribe – command – yield
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 7 Tock on OpenTitan • The majority of work happens on mainline Tock • Mainline Tock supports: – AES – Flash Controller – GPIOs – HMAC – I2C – Power Manager – Timers – UART – USB/CTAP • Upcoming work – ePMP – Key/Value filesystem – System call (syscall) Filtering – Storage ACLs
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8 CTAP2 Client To Authenticator Protocol • CTAP is a spec developed by the FIDO Alliance that specifies the protocol for a host to communicate with a cryptographic authenticator device. – Is used by browsers and Yubikeys for WebAuthn • Ctap Rust crate already exists: https://crates.io/crates/ctap2- authenticator This Photo by MesserWoland is licensed under CC BY-SA
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 9 Tock Kernel Changes for USB
4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 10 Demo
© 2019 Western Digital Corporation or its affiliates. All rights reserved. 4/19/2021

Empfohlen

U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader
Emertxe Information Technologies Pvt Ltd
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panic
Joseph Lu
 
Linux Audio Drivers. ALSA
Linux Audio Drivers. ALSALinux Audio Drivers. ALSA
Linux Audio Drivers. ALSA
GlobalLogic Ukraine
 
USB Drivers
USB DriversUSB Drivers
USB Drivers
Anil Kumar Pugalia
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
Suraj Deshmukh
 
Video Drivers
Video DriversVideo Drivers
Video Drivers
Anil Kumar Pugalia
 
Bootloaders (U-Boot)
Bootloaders (U-Boot) Bootloaders (U-Boot)
Bootloaders (U-Boot)
Omkar Rane
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-V
RISC-V International
 

Empfohlen

U-Boot - An universal bootloader
U-Boot - An universal bootloader U-Boot - An universal bootloader
U-Boot - An universal bootloader
Emertxe Information Technologies Pvt Ltd
 
Understanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panicUnderstanding a kernel oops and a kernel panic
Understanding a kernel oops and a kernel panic
Joseph Lu
 
Linux Audio Drivers. ALSA
Linux Audio Drivers. ALSALinux Audio Drivers. ALSA
Linux Audio Drivers. ALSA
GlobalLogic Ukraine
 
USB Drivers
USB DriversUSB Drivers
USB Drivers
Anil Kumar Pugalia
 
macvlan and ipvlan
macvlan and ipvlanmacvlan and ipvlan
macvlan and ipvlan
Suraj Deshmukh
 
Video Drivers
Video DriversVideo Drivers
Video Drivers
Anil Kumar Pugalia
 
Bootloaders (U-Boot)
Bootloaders (U-Boot) Bootloaders (U-Boot)
Bootloaders (U-Boot)
Omkar Rane
 
Static partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-VStatic partitioning virtualization on RISC-V
Static partitioning virtualization on RISC-V
RISC-V International
 
Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
Yannick Gicquel
 
Board Bringup
Board BringupBoard Bringup
Board Bringup
Anil Kumar Pugalia
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
linuxlab_conf
 
Linux systems - Getting started with setting up and embedded platform
Linux systems - Getting started with setting up and embedded platformLinux systems - Getting started with setting up and embedded platform
Linux systems - Getting started with setting up and embedded platform
Emertxe Information Technologies Pvt Ltd
 
Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernel
Emertxe Information Technologies Pvt Ltd
 
Audio Drivers
Audio DriversAudio Drivers
Audio Drivers
Anil Kumar Pugalia
 
Embedded linux
Embedded linuxEmbedded linux
Embedded linux
Wingston
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Board Support Package Fact Sheet | Manual Guide
Board Support Package Fact Sheet | Manual GuideBoard Support Package Fact Sheet | Manual Guide
Board Support Package Fact Sheet | Manual Guide
Embitel Technologies (I) PVT LTD
 
05.2 virtio introduction
05.2 virtio introduction05.2 virtio introduction
05.2 virtio introduction
zenixls2
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers
Emertxe Information Technologies Pvt Ltd
 
Basic Linux Internals
Basic Linux InternalsBasic Linux Internals
Basic Linux Internals
mukul bhardwaj
 
Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOcean
Ceph Community
 
Project ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementationProject ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementation
Geoffroy Van Cutsem
 
Linux PCI device driver
Linux PCI device driverLinux PCI device driver
Linux PCI device driver
艾鍗科技
 
Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Secure storage updates - SFO17-309
Secure storage updates - SFO17-309
Linaro
 
Quickboot on i.MX6
Quickboot on i.MX6Quickboot on i.MX6
Quickboot on i.MX6
Gary Bisson
 
U-Boot presentation 2013
U-Boot presentation 2013U-Boot presentation 2013
U-Boot presentation 2013
Wave Digitech
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit Architecture
Ryo Jin
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
Linaro
 
The MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware LibrariesThe MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware Libraries
Intel® Software
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
Black Duck by Synopsys
 

Weitere ähnliche Inhalte

Was ist angesagt?

Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
linuxlab_conf
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Secure storage updates - SFO17-309
Secure storage updates - SFO17-309
Linaro
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
Linaro
 

Was ist angesagt? (20)

Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)Introduction to Optee (26 may 2016)
Introduction to Optee (26 may 2016)
 
Board Bringup
Board BringupBoard Bringup
Board Bringup
 
Jagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratchJagan Teki - U-boot from scratch
Jagan Teki - U-boot from scratch
 
Linux systems - Getting started with setting up and embedded platform
Linux systems - Getting started with setting up and embedded platformLinux systems - Getting started with setting up and embedded platform
Linux systems - Getting started with setting up and embedded platform
 
Embedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernelEmbedded Linux Kernel - Build your custom kernel
Embedded Linux Kernel - Build your custom kernel
 
Audio Drivers
Audio DriversAudio Drivers
Audio Drivers
 
Embedded linux
Embedded linuxEmbedded linux
Embedded linux
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
 
Board Support Package Fact Sheet | Manual Guide
Board Support Package Fact Sheet | Manual GuideBoard Support Package Fact Sheet | Manual Guide
Board Support Package Fact Sheet | Manual Guide
 
05.2 virtio introduction
05.2 virtio introduction05.2 virtio introduction
05.2 virtio introduction
 
Linux device drivers
Linux device drivers Linux device drivers
Linux device drivers
 
Basic Linux Internals
Basic Linux InternalsBasic Linux Internals
Basic Linux Internals
 
Ceph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOceanCeph Tech Talk: Ceph at DigitalOcean
Ceph Tech Talk: Ceph at DigitalOcean
 
Project ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementationProject ACRN: SR-IOV implementation
Project ACRN: SR-IOV implementation
 
Linux PCI device driver
Linux PCI device driverLinux PCI device driver
Linux PCI device driver
 
Secure storage updates - SFO17-309
Secure storage updates - SFO17-309Secure storage updates - SFO17-309
Secure storage updates - SFO17-309
 
Quickboot on i.MX6
Quickboot on i.MX6Quickboot on i.MX6
Quickboot on i.MX6
 
U-Boot presentation 2013
U-Boot presentation 2013U-Boot presentation 2013
U-Boot presentation 2013
 
Linux on ARM 64-bit Architecture
Linux on ARM 64-bit ArchitectureLinux on ARM 64-bit Architecture
Linux on ARM 64-bit Architecture
 
BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE BUD17-400: Secure Data Path with OPTEE
BUD17-400: Secure Data Path with OPTEE
 

Ähnlich wie Porting tock to open titan

Open Source for Industry 4.0 – Open IoT Summit NA 2018
Open Source for Industry 4.0 – Open IoT Summit NA 2018Open Source for Industry 4.0 – Open IoT Summit NA 2018
Open Source for Industry 4.0 – Open IoT Summit NA 2018
Benjamin Cabé
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
Srikanth Pilli
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
Linaro
 
Software Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal TechnologiesSoftware Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal Technologies
Open Networking Summits
 
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSIntroduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
MediaTek Labs
 

Ähnlich wie Porting tock to open titan (20)

The MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware LibrariesThe MRAA and UPM Middleware Libraries
The MRAA and UPM Middleware Libraries
 
Open Source and the Internet of Things
Open Source and the Internet of ThingsOpen Source and the Internet of Things
Open Source and the Internet of Things
 
Totem Cloud Rfid Solutions (3)
Totem Cloud Rfid Solutions (3)Totem Cloud Rfid Solutions (3)
Totem Cloud Rfid Solutions (3)
 
Totem cloud rfid solutions (3)
Totem cloud rfid solutions (3)Totem cloud rfid solutions (3)
Totem cloud rfid solutions (3)
 
Web rtc for iot, edge computing use cases
Web rtc for iot, edge computing use casesWeb rtc for iot, edge computing use cases
Web rtc for iot, edge computing use cases
 
Media processing with serverless architecture
Media processing with serverless architectureMedia processing with serverless architecture
Media processing with serverless architecture
 
Open Source for Industry 4.0 – Open IoT Summit NA 2018
Open Source for Industry 4.0 – Open IoT Summit NA 2018Open Source for Industry 4.0 – Open IoT Summit NA 2018
Open Source for Industry 4.0 – Open IoT Summit NA 2018
 
Is Linux ready for safety related applications?
Is Linux ready for safety related applications?Is Linux ready for safety related applications?
Is Linux ready for safety related applications?
 
Ryu SDN Framework
Ryu SDN FrameworkRyu SDN Framework
Ryu SDN Framework
 
Srikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latestSrikanth_PILLI_CV_latest
Srikanth_PILLI_CV_latest
 
Linux kernel status in RISC-V
Linux kernel status in RISC-VLinux kernel status in RISC-V
Linux kernel status in RISC-V
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
 
The Role of Standards in IoT Security
The Role of Standards in IoT SecurityThe Role of Standards in IoT Security
The Role of Standards in IoT Security
 
Qualcomm @ Scilab Conference 2018
Qualcomm @ Scilab Conference 2018Qualcomm @ Scilab Conference 2018
Qualcomm @ Scilab Conference 2018
 
Software Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal TechnologiesSoftware Defined Networks Network Function Virtualization Pivotal Technologies
Software Defined Networks Network Function Virtualization Pivotal Technologies
 
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdfZephyr Introduction - Nordic Webinar - Sept. 24.pdf
Zephyr Introduction - Nordic Webinar - Sept. 24.pdf
 
FieldServer for OEM Overview
FieldServer for OEM OverviewFieldServer for OEM Overview
FieldServer for OEM Overview
 
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOSIntroduction to the new MediaTek LinkIt™ Development Platform for RTOS
Introduction to the new MediaTek LinkIt™ Development Platform for RTOS
 
LCU13: George Grey Keynote LCU13
LCU13: George Grey Keynote LCU13LCU13: George Grey Keynote LCU13
LCU13: George Grey Keynote LCU13
 
Going Beyond the Device Heart Beat
Going Beyond the Device Heart BeatGoing Beyond the Device Heart Beat
Going Beyond the Device Heart Beat
 

Mehr von RISC-V International

Mehr von RISC-V International (20)

WD RISC-V inliner work effort
WD RISC-V inliner work effortWD RISC-V inliner work effort
WD RISC-V inliner work effort
 
RISC-V Zce Extension
RISC-V Zce ExtensionRISC-V Zce Extension
RISC-V Zce Extension
 
RISC-V Online Tutor
RISC-V Online TutorRISC-V Online Tutor
RISC-V Online Tutor
 
London Open Source Meetup for RISC-V
London Open Source Meetup for RISC-VLondon Open Source Meetup for RISC-V
London Open Source Meetup for RISC-V
 
RISC-V Introduction
RISC-V IntroductionRISC-V Introduction
RISC-V Introduction
 
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
Ziptillion boosting RISC-V with an efficient and os transparent memory comp...
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
Semi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V coresSemi dynamics high bandwidth vector capable RISC-V cores
Semi dynamics high bandwidth vector capable RISC-V cores
 
Security and functional safety
Security and functional safetySecurity and functional safety
Security and functional safety
 
Reverse Engineering of Rocket Chip
Reverse Engineering of Rocket ChipReverse Engineering of Rocket Chip
Reverse Engineering of Rocket Chip
 
RISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor FamilyRISC-V NOEL-V - A new high performance RISC-V Processor Family
RISC-V NOEL-V - A new high performance RISC-V Processor Family
 
RISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_genRISC-V 30910 kassem_ summit 2020 - so_c_gen
RISC-V 30910 kassem_ summit 2020 - so_c_gen
 
RISC-V 30908 patra
RISC-V 30908 patraRISC-V 30908 patra
RISC-V 30908 patra
 
RISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentorRISC-V 30907 summit 2020 joint picocom_mentor
RISC-V 30907 summit 2020 joint picocom_mentor
 
RISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmwareRISC-V 30906 hex five multi_zone iot firmware
RISC-V 30906 hex five multi_zone iot firmware
 
RISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notesRISC-V 30946 manuel_offenberg_v3_notes
RISC-V 30946 manuel_offenberg_v3_notes
 
RISC-V software state of the union
RISC-V software state of the unionRISC-V software state of the union
RISC-V software state of the union
 
Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...Ripes tracking computer architecture throught visual and interactive simula...
Ripes tracking computer architecture throught visual and interactive simula...
 
Open j9 jdk on RISC-V
Open j9 jdk on RISC-VOpen j9 jdk on RISC-V
Open j9 jdk on RISC-V
 
Open source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process nodeOpen source manufacturable pdk for sky water 130nm process node
Open source manufacturable pdk for sky water 130nm process node
 

Kürzlich hochgeladen

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Igalia
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

Porting tock to open titan

  • 1. © 2020 Western Digital Corporation or its affiliates. All rights reserved. 4/19/2021 Porting Tock to OpenTitan Alistair Francis <alistair.francis@wdc.com> December 2020
  • 2. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 2 Todays Talk • What is OpenTitan? • What is Tock? • What do Tock apps look like? • Status of Tock on OpenTitan • Deep dive into USB/CTAP support in Tock on OpenTitan
  • 3. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 3 OpenTitan • OpenTitan is an open source silicon Root of Trust (RoT) project • Backed by lowRISC, ETH, Google, Nuvoton, Western Digital and others • OpenTitan uses the Ibex RV32 core as its main processor – Includes a variety of IP blocks for security, including AES, HMAC
  • 4. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 4 Tock • Tock is an embedded operating system written in Rust • It’s designed for small platforms without an MMU – Tock's design centers around protection, both from potentially malicious applications and from device drivers • Tock uses the Rust language to enforce security and safety protections in the kernel
  • 5. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 5 Tock Apps • Apps can be written in C (libtock-c) or Rust (libtock-rs) – C apps have better support – OpenTitan likes Rust as it provides more safety – Other languages are possible as well • Tock uses the ARM® MPU or RISC-V PMP to isolate apps • Apps only have access to their own memory and can’t interfere with the kernel or other apps – There are kernel calls and IPC to allow communication between apps OpenTitan Hardware OpenTitan Boot ROM Tock U2F App RNG App Other App
  • 6. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 6 App interface to kernel • Four main system call categories – allow – subscribe – command – yield
  • 7. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 7 Tock on OpenTitan • The majority of work happens on mainline Tock • Mainline Tock supports: – AES – Flash Controller – GPIOs – HMAC – I2C – Power Manager – Timers – UART – USB/CTAP • Upcoming work – ePMP – Key/Value filesystem – System call (syscall) Filtering – Storage ACLs
  • 8. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 8 CTAP2 Client To Authenticator Protocol • CTAP is a spec developed by the FIDO Alliance that specifies the protocol for a host to communicate with a cryptographic authenticator device. – Is used by browsers and Yubikeys for WebAuthn • Ctap Rust crate already exists: https://crates.io/crates/ctap2- authenticator This Photo by MesserWoland is licensed under CC BY-SA
  • 9. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 9 Tock Kernel Changes for USB
  • 10. 4/19/2021 © 2019 Western Digital Corporation or its affiliates. All rights reserved. 10 Demo
  • 11. © 2019 Western Digital Corporation or its affiliates. All rights reserved. 4/19/2021

Hinweis der Redaktion

  1. Tock is asynchronous and all operations are non-blocking The core kernel has access to the entire system and can use the Rust unsafe keyword The peripheral devices can use the unsafe keyword and can directly access hardware Capsules (where a lot of functionality is implemented) must be safe Rust No access to hardware or core kernel features Currently no hardware isolation in the kernel, just code design isolation (WD is working on improving this)
  2. Allow marks a region of memory as shared between the kernel and application. Passing a null pointer requests the corresponding driver to stop accessing the shared memory region. Subscribe assigns callback functions to be executed in response to various events. Command instructs the driver to perform a specific action. Yield transitions the current process from the Running to the Yielded state, and the process will not execute again until another callback re-schedules the process. All except for yield are non-blocking
  3. Setup Tock drivers and register callbacks Read bytes from USB and pass to CTAP library Send data returned from library after processing Crypto sign and attest operations. Currently done in software in userspace, eventually wan to offload to the Tock kernel and hardware accelerators HMAC is off loaded to Tock and HMAC hardware Currently no TRGN, so nonce is hardcoded Also no flash storage, so data is lost on reboot