lei zhou – Medium

Pinned

lei zhou
in
System Weakness

Case Study: Google Pixel 6 phone security & Privacy (Part 1 — Threat Analysis and Countermeasures)

Note: All technical information or diagrams referenced in this blog are publicly available online from vendor’s website. In case no…

9 min readDec 12, 2021

--

Case Study: Google Pixel 6 phone security & Privacy (Part 1 — Threat Analysis and Countermeasures)

--

lei zhou

Establish device trustworthiness via attestation and TPM2.0’s role

Android PlayIntergity API helps you check that service requests are coming from your genuine app binary running on a genuine Android device…

4 min readMay 2, 2024

--

Establish device trustworthiness via attestation and TPM2.0’s role

--

lei zhou

Confidential computing and open compute Project — Part 2: Interconnect and Security Protocol

With confidential computing’s threat model discussed in part 1, we are now deep-diving into heterogenous computing platform and understand…

6 min readApr 11, 2024

--

Confidential computing and open compute Project — Part 2: Interconnect and Security Protocol

--

lei zhou

Confidential computing and open compute Project(OCP) — Part One

Transport Layer Security(TLS) protects data communication on IP network, which provides following security properties:

3 min readMar 18, 2024

--

Confidential computing and open compute Project(OCP) — Part One

--

lei zhou

SCADA system’s threat model and Zero Trust Architecture as mitigation

SCADA system E2E full-stack use cases range from RTU, industrial field bus, PLC, frontend/backend integration and physical connectivity…

4 min readApr 13, 2023

--

SCADA system’s threat model and Zero Trust Architecture as mitigation

--

lei zhou

Linux kernel USB gadget driver framework

USB communication system comprises of two parts: USB host and multiple USB devices(up to 127 devices, USB hub can be used to connect to…

2 min readJan 7, 2023

--

Linux kernel USB gadget driver framework

--

lei zhou

Enable OP-TEE on OSD32MP1-BRK (STM32MP15x) platform

This article will discuss STM32MP1x Trusted Execution Environment(TEE) firmware stacks briefly and then details how to enable/bring-up…

4 min readJun 20, 2022

--

Enable OP-TEE on OSD32MP1-BRK (STM32MP15x) platform

--

lei zhou

Confidential computing solution case studies(Intel SGX, AMD SEV-SNP and ARM CCA comparison)

AMD SEV-SNP(Secure encryption virtualization-Secure nested paging). Virtual machine(VM) based confidential computing solution with…

9 min readMay 23, 2022

--

3

Confidential computing solution case studies(Intel SGX, AMD SEV-SNP and ARM CCA comparison)

--

3

lei zhou

Build highly secure IOT device: secure boot, measured boot and attestation, secure storage etc

Secure Boot is the mechanism that validates the integrity of every mutable code being loaded before passing control to it. Secure boot is…

7 min readApr 2, 2022

--

1

Build highly secure IOT device: secure boot, measured boot and attestation, secure storage etc

--

1

lei zhou

Blockchain, Hash and Merkle-tree: data immutability and integrity, append-only database

Hash chaining and merkle hash tree play important role in many applications to provide data immutability and system integrity protection…

5 min readFeb 13, 2022

--

Blockchain, Hash and Merkle-tree: data immutability and integrity, append-only database

--

lei zhou

lei zhou

Passion about platform security and distributed computing, from hardware root of trust, heterogenous SOC architecture , firmware, software, OS hardening.

Following

Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams