October 31 - November 1 - Co-Located Events
October 28-30 - Conference
Lyon Convention Centre - Lyon, France
More information for Open Source Summit + Embedded Linux Conference Europe 2019

Sign up or log in to bookmark your favorites and sync them to your phone or calendar.

Embedded Linux Conference [clear filter]
Wednesday, October 30


Under Lock & Key: Using Hardware Protected Keys with the Linux Crypto API - Gilad Ben Yossef, Arm
The Linux Crypto API which provides potentially hardware accelerated cryptographic services to the Linux kernel and user space programs running under it, has a little known but extremely useful feature hidden away in the bowls of this under documented mechanism: the ability to perform cryptographic operations with keys which are locked away in a hardware vault and are not accessible for reading by software running on the main CPU.

This feature, introduced silently (possibly too silently) by IBM for use with their s390 mainframes in 2016, has since been adopted for use in embedded systems by the author when compatible hardware is present and has the potential to provide a critical layer of security for secret keys in these complicated times haunted by the spectre of speculative execution side channel attacks.

The presentation will explain the feature in depth, explain how to tell if your system of choice supports it, show case how to use the feature and some of the gotchas involved.

avatar for Gilad Ben Yossef

Gilad Ben Yossef

Principal Software Engineer, Arm
Gilad Ben-Yossef is a principal software engineer working at Arm on upstream kernel security at large and Arm TrustZone CryptoCell support in particular. Gilad is the co-author of O’Reilly’s “Building Embedded Linux Systems” 2nd edition, co-founder of the Israeli FOSS NGO... Read More →

Wednesday October 30, 2019 11:30 - 12:05
Forum 1
  • Session Slides Included Yes


Authenticated and Encrypted Storage on Embedded Linux - Jan Lübbe, Pengutronix e.K.
The Linux kernel provides many building blocks for authenticating and/or encrypting data (and code) on storage devices: dm-crypt, dm-verity, dm-integrity, fscrypt, ecryptfs, IMA/EMV, fsverity, and UBIFS authentication. As is often the case with cryptographic tools, understanding the trade-offs and limitations are necessary to select the appropriate combination for any given project.

This talk will give an overview of both mature and recently implemented mechanisms, with a focus on which embedded-specific use cases they are best suited for. As the design of a system’s storage has direct influences on performance, security and ease of development & debugging and is difficult to change in the field, finding a good compromise in these axes early in a project can avoid expensive refactoring later.

avatar for Jan Lübbe

Jan Lübbe

CTO, Pengutronix e.K.
After building Linux smartphones with OpenMoko and deploying open source GSM networks to cruise ships, Jan Lübbe joined Pengutronix in 2012 as a kernel hacker. Since then he helps customers understand Linux and how it can solve their problems. While not hacking Linux, Jan builds... Read More →

Wednesday October 30, 2019 16:15 - 16:50
Forum 1
  • Session Slides Included Yes