Increasingly, industry is using Linux on embedded systems to take advantage of its flexibility and existing (open source) functionality. This allows them to connect Cyber-Physical Systems, which have stringent safety requirements, to the Internet so that they can do remote management and monitoring. However, the flip side of the flexibility coin is decreased availability. Not only can a lot more go wrong in such a complex operating system, if an attacker would be able to get root access on such systems, all bets are off.
Our research project makes use of hardware Trusted Execution Environments (TEE), now readily available on even low-end commodity devices, to provide a secure and always available execution context for safety-critical programs. By integrating a real-time scheduler inside of OP-TEE OS running in an Arm TrustZone TEE, it is possible to safeguard the real-time execution requirements of these programs, even under the influence of Linux kernel panics and remote attackers with root privileges. This presentation will explain the system architecture that resulted from our research, its implementation on a common Arm processor and a quick demo showcasing the core functionality.