Guest Speaker: Jon Geater, CTO Thales – Mon SEP 10, 8-9am PT

Interoperability of trust: Device Standards, Container Standards, and the Missing Link.

Different devices have different levels of trust and security. These can range from being based on cryptography and secure provisioning – anything from hardware TPM through Secure Element to TEE/SGX to soft agents – to secure Root of Trust code, or on occasion there is just a certificate. When we come to use those, we need to distinguish who has access to those capabilities. This can be done with TrustZone, virtualization or Linux containers with or without SELinux or Kubernetes. The gaps between those two ends can be quite significant.

In this presentation, Jon Geater will introduce a set of considerations for the group that make it hard for an operating company to gain a consistent idea of how trusted all their different devices are, especially in a large device population. From this, they can then identify which threats they do or do not need to worry about in any given circumstance.


Jon Geater

Chief Technology Officer, Thales e-Security, Inc.
Jon Geater is Chief Technology Officer for Thales eSecurity. Over his career he has had extensive experience of securing information systems from embedded components of a smart phone to international rail systems, smart energy networks, cloud computing platforms and worldwide payments infrastructure. He has held technology leadership roles in hi-tech companies such as Trustonic, ARM and nCipher.

Follow Jon on Twitter

[Contact mirko dot lindner at for details]

prpl Foundation members talk security and virtual platforms at 7th RISC-V workshop

By Art Swift – President, prpl Foundation

Over the past few days, prpl and our member companies Microsemi ( and Imperas ( had the pleasure of attending the sold-out 7th RISC-V workshop held at Western Digital’s conference center in San Jose. Microsemi and Imperas are members of both prpl and the RISC-V foundation. (

For those who don’t know, RISC-V is an open, free instruction set architecture (ISA) developed at the University of California – Berkeley. Support for the new architecture is growing rapidly, as evidenced by the many great presentations from academia and industry, but in certain important areas, RISC-V is still in the early phases of definition, specification, or ecosystem development.


Cesare Garlati, prpl’s chief security strategist and Richard Newell, Microsemi product architect at the 7th RISC-V workshop
Simon Davidmann, CEO of Imperas, during his lightning talk at the 7th RISC-V workshop (photo courtesy of Imperas)








In security for instance, Richard Newell, product architect at Microsemi, is co-chair of a RISC-V task group defining a set of security and cryptographic extensions for the RISC-V ISA. At the workshop, Richard gave two well-received talks. The first, “Security task group update and RISC-V security extension” outlined the current state of the proposed RISC-V security extensions; and the second, “Using Proposed Vector and Crypto Extensions For Fast and Secure Boot,” demonstrated the possibility for some dramatic benefits of these extensions if ratified.

The open and collaborative nature of both the RISC-V and prpl foundations has enabled a hearty exchange of ideas between the groups on security-related industry needs. Richard and his co-chair Joe Xie of NVIDIA recently invited Cesare Garlati, prpl’s chief security strategist, to give a presentation on the prpl security framework to the members of the RISC-V security task group. Cesare was invited back a second time, and we’ve invited Richard to present his RISC-V talk to the prpl virtualization and security working group. We are delighted to work in a friendly collaborative way to make sure that industry best practices for security are adopted across all processor architectures.

Given that many RISC-V based SoCs are now in development, chip simulation is another must-have technology area that the RISC-V ecosystem will need to be successful. It appears that prpl member company Imperas is in “the right place at the right time.” CEO Simon Davidmann took the opportunity at the RISC-V workshop to announce the release of its new RISC-V Processor Developer Suite™ which contains the models and tools necessary to validate and verify the functionality of a RISC-V processor.

As Simon noted in the Imperas press release, “Designing and delivering RISC-V processors is challenging. With the RISC-V Processor Developer Suite, Imperas is providing a solution that accelerates RISC-V development schedules and improves IP quality.”

Congrats to both Microsemi and Imperas for the great showing at the RISC-V workshops! We’re glad to have you participating in both prpl and RISC-V and look forward to the continuing exchange of ideas between the two open source and open standard based foundations!

Recap: Arm TechCon 2017 Hypervisor Panel with prpl and Imperas

A well-attended and lively recent ARM TechCon panel explored the topic “Hypervisors: A Real Trend in Embedded, or Just Hype?”  Moderated by Brian Bailey of Semiconductor Engineering (R), panelists (L to R) were: Cesare Garlati, prpl Foundation, chief security officer; Simon Davidmann, Imperas Software, founder and CEO; Jack Greenbaum, Green Hills Software, director of engineering, advanced products; and Chris Turner, ARM, Director of Emerging Technology & Strategy.

prpl arm techcon

The panel explored issues around security and functional safety in embedded system development, especially where software touches the hardware. Offering a range of perspectives in the hypervisor ecosystem, panelists addressed changing processor architectures, hardware virtualization extensions and TrustZone, hypervisors, and real time operating systems (RTOSs) as components of the security/safety solution for embedded systems.

Continue reading

prpl @ Smart Home Summit, Palo Alto, NOV 15-16 2017

*** Ask me about free pass and 30% off VIP discount ***

Track 1 – Future Smart Homes 12:00 – 12:40

Panel: Security at the edge: beyond security cameras and doorbells – properly secured devices defending the home

  • Security from the inside – protected devices and gateways
  • Intangible digital security to help defend the physical home
  • Creating a ‘bot army’ to defend your home
  • anticipating an unknown, unsecure future

Track 1 – Future Smart Homes 14:20 – 14:40

Presentation: How to Secure the Smart Home from Cyber Threats

  • Recent security threats targeting smart homes and smart devices
  • Analysis of the results of prpl Foundations’ Smart Home Security Report
  • Top 10 best practice tips for securing Smart Home

Continue reading

When IoT Attacks – The End of the World as We Know It?

Excerpts of my interview with Phil Muncaster @philmuncaster

InfoSecurity Magazine Q4/2017, 4 October 2017

Focus on the Firmware

A cursory look at OWASP’s IoT Security Guidance will highlight just how many elements in the IoT ecosystem could be exploited. Among others, these include the web interface, network, transport encryption layer, mobile app and device firmware. The latter is a key area of focus for the prpl Foundation, a non-profit which is trying to coral the industry into taking a new hardware-based approach to IoT security. Cesare Garlati, Chief Security Strategist, claims that hackers could exploit IoT chip firmware to re-flash the image, allowing them to reboot and execute arbitrary code.

Continue reading

Gatwick incident – Dronejacking will get worse before it gets better.

By Cesare Garlati – prpl Chief Security Strategist

With the recent news of a drone causing chaos at Gatwick airport, hacking IoT devices has resurfaced as a topic of discussion especially regarding the security issues should a multitude of devices be hacked.

In the optimal situation, there is no way that anyone should be able to access, much less hijack, the critical functions of an IoT device such as a drone. While the power for destruction from just one drone may seem paltry, directing these drones in large numbers at a target is a very real, and dangerous, possibility – as confirmed by this news.

The time to act is now to take control of security in IoT devices at the most basic level: the hardware.

Manufacturers need to move away from the attitude that “it works, let’s try to secure it and get it to market” to “if it’s not secure, it doesn’t work”. Unless the industry adopts this attitude, the security problems of IoT will continue to proliferate at an alarming rate and unfortunately, lives could quite literally be at stake.

*   *   *

More about what can be done today to secure IoT: prpl Security Guidance for IoT

More about what can be done today to secure the smart home: prpl Smart Home Security Report

prpl Foundation briefs German Defense Industry leaders as part of Annual Cyber Study tour

By Art Swift

President, prpl Foundation

Screen Shot 2017-07-06 at 13.21.51

Last week, we had the privilege of meeting with a delegation from the German defense industry to share how prpl members are working to build security in to the future IoT from the silicon level up. I was joined at this briefing by Cesare Garlati, prpl’s chief security strategist, and Majid Bemanian, director of vertical markets for prpl platinum member, Imagination Technologies.

Continue reading