Linaro Ltd, the open source collaborative engineering organization developing software for the Arm® ecosystem, today announced together with Riscure their collaboration enabling developers to deliver secure and robust TEE-based solutions. Under the terms of this partnership, Riscure, the globally recognized expert in embedded security research, will contribute to OP-TEE security with regular code review and fuzzing campaigns. OP-TEE is an open source project maintained by the Trusted Firmware project. Both projects are hosted by Linaro and work to provide security for Arm-based solutions. Riscure has created an open-source fuzzing tool specifically designed for OP-TEE.
Linaro brings together embedded and IoT industry leaders with the open source community to deliver great tools and reduce industry wide fragmentation across the Arm software ecosystem. One of the security foundations of any embedded device or IoT project is a Trusted Execution Environment, and that is where a contribution from Riscure, as the subject matter expert, will provide benefit to all relevant parties.
The partnership will focus on the security of OP-TEE, the open portable trusted execution platform that provides essential protection measures and integrates with hardware security features (i.e. root of trust). Riscure, with more than 15 years of experience in embedded and connected device security, having performed dozens of security evaluations on TEE and TEE based solutions, will contribute expertise, code review and open source tooling to improve the robustness of the global TEE ecosystem.
Joakim Bech, Principal Engineer of the Security Working Group at Linaro, commented: “Having Riscure onboard means a lot to both Linaro and the OP-TEE project itself. The expertise Riscure brings into the OP-TEE project is highly valuable and beneficial to all users and companies of OP-TEE. All in all, we believe that we will end up with a more stable and more secure product as a result of the collaboration between Riscure and Linaro.”
In the past years, Riscure evaluated the security of dozens of OP-TEE implementations, integrated in different vendor products. In direct collaboration with Linaro, Riscure evaluated the main public branch of OP-TEE recently, focusing on core functionality and interfaces with the Rich Execution Environment. The project resulted in a number of improvements in OP-TEE code. Also, during this effort, a dedicated tool for fuzzing TEE core functions was developed. The results of this project will be shared at the the end of September at the Linaro Connect conference.
Tim Hartog, Director Mobile and IoT Security at Riscure, commented: “Riscure is pleased to work directly with Linaro on the security of OP-TEE. Based on our extensive experience in TEE security and products utilizing TEE, we are confident this partnership will drive forward the security of millions of connected devices.”
Linaro and Riscure will continue to collaborate to further enhance the security of OP-TEE and other software elements relevant for IoT and embedded industry. The results will be shared with the interested parties in the form of reports, during the future events and dedicated webinars, starting from late 2019.
Linaro leads collaboration in the Arm ecosystem and helps companies work with the latest open source technology. The company has over 250 engineers working on more than 70 open source projects, developing and optimizing software and tools, ensuring smooth product roll outs, and reducing maintenance costs. Work happens across segments including datacenter & cloud, edge & fog, IoT & embedded, consumer, machine intelligence, telecom & networking, autonomous vehicles, and high performance computing. Linaro is distribution neutral: it wants to provide the best software foundations to everyone by working upstream, and to reduce non-differentiating and costly low-level fragmentation. The effectiveness of the Linaro approach has been demonstrated by Linaro consistently being listed as one of the top five company contributors, worldwide, to Linux kernels since 3.10.
To ensure commercial quality software, Linaro’s work includes comprehensive test and validation on member hardware platforms. The full scope of Linaro engineering work is open to all online. To find out more, please visit https://www.linaro.org and https://www.96Boards.org.
Founded in 2001, Riscure is a leading global advisor on the security of connected and IoT devices, as well as a recognized vendor of advanced security tools and security training. Riscure helps customers around the world to build robust hardware and software solutions and to speed up the process of secure development and certification. Riscure serves Semiconductor, Mobile and Electronic Payment, Automotive and Premium Content industries as well as Government sector. Riscure is headquartered in Delft, The Netherlands with offices in San Francisco, USA, and Shanghai, China. If you are interested in applying Riscure experience to your TEE, IoT or embedded device project, please get in touch with us via firstname.lastname@example.org