Here are a couple of security highlights from Linaro Connect HKG18 in March.

HKG18-402 - Build secure key management services in OP-TEE “The session presents an initiative to build secure key management services in the OP-TEE project. Based on OP-TEE services (persistent storage, cryptography, time, etc) one could build a trusted application of store and use secure keys. An open source implementation for generic key services could be of interest. However there are many client APIs defined in the ecosystem which is a matter of concern for standardization of such services. The session will open a discussion on this and presents the current choice of the PKCS#11 Cryptoki. There can be lot of key attributes and cryptographic schemes to be supported. The session will present the current plans (starting from AES flavors) and what is currently missing in the OP-TEE (as certificate support, bootloader support). This session aims at getting feedback from the community on this topic, discuss about expected services and client APIs.” video/slides

Speaker: Etienne Carriere

HKG18-119 - Overview of integrating OP-TEE into HiKey620 AOSP

Building a complete Chain of Trust upon existing industry standards using open-source firmware “A brief overview of the process of integrating OP-TEE into HiKey620 AOSP builds.” video/slides

Speaker: Victor Chong