Thursday
Room 4
10:20 - 11:20
(UTC+02)
Talk (60 min)
Hardware-Backed Secret Storage on a Rockchip with OP-TEE as a TPM
TPM 2.0 chips are the go-to solution for hardware-backed secret storage on x86, but what if you're building an embedded ARM/Linux product without a discrete TPM? This talk shows how to use OP-TEE's fTPM to achieve the same security model on platforms like Rockchip SoCs, turning your TrustZone secure world into a standards-compliant TPM interface to encrypt storage.
We'll walk through a real-world implementation on Rockchip boards running Yocto and Mender with A/B flipping, demonstrating automatic LUKS unlock backed by OP-TEE. You'll see how standard Linux tooling (cryptsetup, systemd-cryptenroll) works with the fTPM TA, providing hardware-backed key storage.
Ed Watson
Ed Watson is an Embedded Linux Engineer working in Gothenburg, Sweden for Northern.tech (HQ in Oslo). He worked as a Senior Software Engineer developing 3D cell and organ printers and has a doctoral background in 3D and systems mathematical modelling. Ed specialises in embedded Linux, OTA device management, Yocto and systems architecture. He is known as a "fixer of things".