Secure Virtualization and TEE for MIPS IoT Devices
1. Secure OS and Hypervisor - TEE for MIPS
IoT Security and Virtualization
2. Sierraware
Leading provider of integrated hypervisor and TEE
▪ Delivered as source code. Flexible and easy to customize
▪ Unified TEE and Hypervisor implementation.
▪ Adheres to Global Platform specifications
▪ Products
– Residential gateways
– Set-top boxes,
– TVs
– Mobile phones
– Automotive and avionics
– Industrial control
3. Easy to deploy Isolated TEE Containers
Only solution with Virtualized Multi-TEE
▪ Ability to launch secondary TEE on demand
▪ Hybrid TEE architecture. Each TEE SecureOS can be built on different API
▪ Easy to deploy across geographical regions
▪ POSIX APIs for Integrating with DRM like Google Widevine, Microsoft Playready
▪ Fully compliant Global Platform APIs
MIPS - Hypervisor/Monitor
LinuxKernel
User
Secure World
Secondary TEE - China
TaskletTaskletTasklets
Secure World
Primary TEE - GP
TaskletTaskletTasklets
Sierra Secure Driver
4. SierraTEE: Virtualized Environment
MIPS
Crypto Engine Secure Memory
Secure
External bus
Secure Peripherals:
Flash, Keyboard,
Display
Normal World OS
Kernel
Secure Driver
Global Platform Client API
Secure OS
Dispatcher
Kernel
Unified Hypervisor and TEE Monitor HAL
Secure
Media Playback
Crypto Display File System
Device
Manager
Services
Mgr
Trustlet
Secure
Tasks
Global Platform Internal API
Secure UI and
GP Apps
5. SierraTEE universal solution.
▪ Simple and Elegant solution to solve Multi-TEE
and TEE Containerization requirements.
▪ Available on all platforms.
– ARM using Trustzone Monitor
– MIPS using Virtualization
▪ Identical source code across all architectures
▪ GP API Trustlets will work across all platforms
with no change in code.
7. TEE Containers.
▪ Satisfy Service provider compliance with
multi-tee solution.
▪ Easy to deploy across geographical location.
▪ Primary TEE and Secondary TEE can have
different API
– Example: GP on Primary TEE and China Pay on
Secondary TEE
8. DRM Media Playback
Secure WorldNormal World
DRM Decrypt
Audio/Video
Decoding
2
5
Media Player
Framework
Security Plugin
(NULL,
can be replaced with actual DRM)
2
3
4
Input Source
(Streaming/File)
1
9. Linux
IoT Management Solution
Domain Relay Agent
Application Provider
Secure Communication
GP Client API
SecureOS/TEE
Auth
Manager
ACL
ACL
System Loader
ADDProtected
Domain
Manager
D/B
Domains/Apps
10. Professional Services
▪ Porting software to
processors
▪ Integrating TEE
and SierraVisor
with applications
▪ Developing drivers,
encoders or apps
▪ Extensive experience
with processors and
kernel code
▪ Android, Linux, BSD,
and VxWorks
development
▪ Hardware & FPGA
▪ Phased approach
from planning and
development to testing
& certification
▪ Carefully defined
schedules and
communication with
customers to avoid
surprises & delays
Custom Services Design Expertise Project
Management
11. Technical Support
▪ Telephone and Email Support
▪ Online technical documentation
▪ Software updates for commercial products
▪ Previews of upcoming releases
▪ Ability to influence feature enhancements
▪ Commitment to Quality
– Service Level Agreement (SLA) details support response times
and escalation levels