Linaro Developer Services has deep hands-on expertise in the areas of secure boot, secure operating systems and Arm’s SystemReady specifications.

Secure Boot

Linaro Developer Services help companies plan, implement and optimize secure bootloaders for their commercial product platforms, using:

Trusted Firmware

U-Boot

EDK2

OP-TEE

Linaro is a contributor to each of these projects. In addition, the Linaro Community Projects Division hosts the Trusted Firmware project.

We have direct experience using these projects to deliver optimized trusted boot solutions to a number of customers; on Arm servers, set top boxes, embedded/IoT systems and in server BMC environments using OpenBMC.

We have worked with customers to implement challenging product boot performance requirements. Such work often involved profiling and characterizing system boot performance, determining those areas that affect boot performance, developing a solution to boost the boot performance and the implementation and validation of the solution to ensure the performance meets the requirements for the system.

SystemReady

Linaro Developer Services are also able to confidently design and deliver secure boot solutions that meet SystemReady and PSA Level 1 certifications. We have worked with Arm to extend the work of Linaro’s Edge and Fog Computing group (LEDGE) on the Trusted Substrate project to develop and upstream a SystemReady IR secure boot solution on NXP chipsets that have been adopted by NXP as part of their product BSP.

We also maintain SystemReady IR, ES and SR solutions for the Socionext DeveloperBox.

Trustzone, OP-TEE, Trusted Services

OP-TEE is a secure OS that is easily portable, provides a small footprint, and leverages Arm® TrustZone® technology to provide isolation from the normal world. OP-TEE is GlobalPlatform TEE System Architecture specification compliant.

Linaro has extensive experience with the Open Portable Trusted Execution Environment (OP-TEE). The core maintainers for the OP-TEE project, as well as the maintainers for the TEE framework in the Linux kernel and U-Boot are employed by Linaro.

Trusted Services is a Trusted Firmware project implementing a secure partition manager, and a number of trusted services that run in secure partitions within OP-TEE.

Linaro Developer Services has experience porting and enhancing OP-TEE on various SoCs, as well as using the Arm Trusted Services project to implement a PSA root of trust (RoT) to obtain PSA level 1 certification for an NXP based platform.

All of this experience working with security on Arm is available to you through Linaro Developer Services. We can help you leverage open source to ensure you benefit from the latest upstream features and security fixes.

Let Linaro Developer Services help your company with all aspects of security related to product implementation on Arm.