LVC21-215 PKCS#11 in OP TEE

The PKCS#11 standard defines a platform-independent API to cryptographic tokens such as hardware security modules (HSM) and smart cards. These API’s help software to use, create, modify and delete cryptographic objects, without ever exposing those objects to the application’s memory.

Use of HSM’s in embedded/IoT products is not very common as it costs money but there is a need to provide secure storage for private keys in HSM. These may be needed for managing device identity, secure updates, TLS connections etc. Creating a PKCS#11 API for Linux application allows them to leverage OP-TEE secure enclave to handle secrets with a well established standard interface.

In this session, we will give details on some implementation points, status of the work completed and the next planned steps.

For more info on the work Linaro does around Security, go to https://www.linaro.org/core-technolog...