Linaro Security Working Group

The Linaro Security Working Group (SWG) was created to help ensure an optimised and efficient software ecosystem exists to support ARM open source Linux distributions on security related topics, and to accelerate the delivery of high quality secure products across the ARM open source ecosystem.

In order to enable applications such as securely booting a server or decoding encrypted media, there needs to be a Trusted Execution Environment (TEE). the SWG will be creating reference designs showing how normal and trusted application code and libraries can be integrated within a particular platform such as Android. Initial activities include the development of an open source reference implementation of the W3C Encrypted Media Extension (EME) using platform security features for secure media playback on mobile and digital home devices; and an open source reference implementation of secure boot for the 64-bit ARM Cortex-A series processor cores to complement the ARM Trusted Firmware open source project, targeted at server applications. In addition there will be work on security features in the Linux kernel.

Mission statement

Avoid / prevent fragmentation of implementations underpinning security within ARM based systems

Objectives

• Key player in software related to security such as TEE solutions and kernel hardening on ARM systems.
• Stabilize ARMv7 TEE solution(s) running on Android.
• Active role in open sourcing a TEE for ARMv8-A.
• Active part of Linaro’s (LHG) mission creating DRM/EME reference implementations for Android and Comcast RDK.
• ARMv8 UEFI based Ubuntu/Fedora boot leverage a TEE.
• Kernel hardening.
• Include LAVA and CI in the all tasks.
• Actively monitor and contribute to relevant open source projects.

Process

The Security Working Group does all planning and tracking in JIRA which you can follow in detail if you have the required access (IT gives access).

Sub Teams

Not divided into any Sub-Teams yet, but we are collaborating with LEG (for UEFI) and LHG (for protected video path).

Contacting Us

In the tradition of Linux and the open source community, much of the technical discussion for our team takes place over email and informal conversations on

• IRC: #linaro-security on irc.freenode.net

Open source projects we are involved in

Below is a list of projects that we are working with in some way.

• OP-TEE

• ARM-Trusted-Firmware

• U-Boot

  • Verified U-Boot

• UEFI Tianocore EDK2

• EME

• Android DRM