When secure mode is active, the software running on the cpu has a different view on the whole system than software running in nonsecure mode. Trusted execution environment tee technology enables modern devices to provide a massive range of functionality, while at the same time meeting the requirements of software developers and service providers who care about privacy, attestation, authentication, validation, manageability and all the other aspects of security. Bkk16110 a gentle introduction to trusted execution and optee. Arm trustzone technology based trusted execution environment tee as an important component of delivering secure services including premium content and applications. The more software, the larger the number of places where there may be a security. Mar 11, 2014 a whitepaper that looks at trustzone based trusted execution environment tee in context of the 4 compartment security model. Tee in trustzone shares processor time with normal world and is called as a library. Bkk16110 a gentle introduction to trusted execution and.
The combination of trustzone based hardware isolation, trusted boot and a trusted os make up a trusted execution environment tee, which can be used alongside other security technology. Complies fully with globalplatform tee specifications sierraware, an embedded virtualization. Porting software to processors integrating tee and sierravisor with applications developing drivers, encoders or apps extensive experience with arm processors. It also details the security objectives that are to be met in order to counter these threats and the security functional requirements that a. To ensure that useful trustzone information is provided to all tee providers on an equitable basis arm maintains a list of companies developing tees. T6 is a secure operating system and a trusted execution environment tee platform designed and developed by trustkernel since 2012. Full and participating globalplatform members are eligible to contribute to this group. Trustzone globalplatform readytouse modules open virtualization api is available for both bootloader and linux secure tasklets can perform key operations like decrypting os images and upgrading firmware multiple modes of operation support both trustzone enabled and normal processors. Arm recommends investigating commercial tee solutions from trusted os suppliers that are members of globalplatform. It states that the tee is a secure area of the main processor of a device. In 2012, two major events made tee a more common standard. Implementation of globalplatform smart card specification. Globalplatform based trusted execution environment and trustzone ready pdf. Contribute to torvaldslinux development by creating an account on github.
El0 usermode, el1 kernelmode and el2 hypervisormode. Globalplatform tee trusted execution environment seminar. Trustzone tee is a hybrid approach that utilizes both hardware and software to protect data. Sierraware provides scalable and ultrasecure technologies including virtual mobile infrastructure vmi, arm trustzone tee software, and malware protection for mobile devices. Devices running on arm, such as smartphones, can use trustzone to perform the hardwarelevel isolation to keep the tee secure. Globalplatform well known for its work in the secure element standards.
A tee trusted execution environment is an environment for executing code in a. Trusted execution environment, trustzone and mobile security owasp goteborg. Sierraware software suite sierratee trustzone globalplatform tee true 64 bit tee sierravisor. A trusted execution environment tee is a secure area of a main processor. A development environment for arm trustzone with globalplatform support department of electrical and information technology, faculty of engineering, lth, lund university, june 2014. The armv8a profile provides trustzone extensions that can be used for socs with an integrated v6 or above mmu. A trusted architecture for kvm arm v7 and v8 virtual. But the majority of the entry points are calling globalplatform internal api functions. The globalplatform specifications require the tee implementation to be separated from the ree by hardware platform protections. The open virtualization project enables odms to integrate arm trustzone software into their devices. Globalplatform update the document defining the trusted execution environment tee new clarifications and detail in the document describing the trusted execution environment tee. Thesis to obtain the master of science degree in information systems and computer engineering supervisors. Details of licensing terms and contacts under eu commitments.
Globalplatform trusted execution environment tee committee. Trusted execution environment tee committee globalplatform. Globalplatform tee globalplatform s trusted execution environment tee is a secure area that guarantees that sensitive data are stored, processed and protected in a trusted environment. Tools and software needed to develop and debug trusted applications. An opensource portable trusted execution environment. Chapter 5 trustzone software architecture an introduction to some of the possible software design choices when using an arm processor implementing the arm security extensions. Security tapas, oct20, 2015 peter gullberg, principal engineer digital banking, gemalto. Openvirtualization project for arm trustzone simply secure 2. The paper then describes how a correctly implemented trustzone based tee system can be secure by default, and robust against software attack. Trustframe, a software development framework for trustzone. White paper globalplatform based trusted execution. This talk is intended as an introduction to trusted execution, and the opensource trusted execution environment optee in particular.
Security tapas, oct20, 2015 peter gullberg, principal engineer digital banking, gemalto tee allows applications to. Hyperv prevents administrator code running on the computer or server, as well as local administrators and cloud service administrators from viewing the contents of the vsm enclave or modifying its execution. Tools and software needed to develop and debug trusted applications may be expensive or nonexistent. It complies with the globalplatforms tee system architecture speci. It translates globalplatform tee client api calls to the kernel. The oneday industry gathering provides delegates with an insight into the vast opportunities presented by this technology for the deployment of trusted. Rust optee trustzone sdk provides abilities to build safe trustzone applications in rust.
Understanding the prevailing security vulnerabilities. Dec 02, 2019 virtual secure mode vsm is a softwarebased tee thats implemented by hyperv in windows 10 and windows server 2016. In the past, globalplatform tees have been used to implement. Trustzone adds a new el3 secure monitor mode, which is the most privileged level and controls the entire system. Globalplatform is a standarddefining organization that provides software apis, compliance, and certification schemes for the trusted execution environment tee for trustzone with cortexa processors.
Trustzone ready is introduced as arms free program that maps high level security use cases into system on chip requirements. The tee apis are standardized set of apis for trusted execution environment the tee client api the tee internal api trustzone. Advance and maintain the globalplatform tee functional and security certification programs to facilitate. Globalplatform tee trusted execution environment seminar september 30, 2014 santa clara, ca the globalplatform presents the trusted execution environment tee. It therefore offers a level of security sufficient for many applications. Software architecture of trustzone assisted tee the typical software architecture of a trustzone assisted tee runs the untrusted os inside nw named rich execution figure 1. Open virtualization arm trustzone and arm hypervisor open. Opentee which conforms to globalplatform spec ifications. Trustzone enables the development of separate rich operating system and trusted execution environments by creating additional operating modes to the normal domain.
Arm trustzone currently widely deployed trustzone m for cortex m class microcontrollers 2016 ca. Trustzone globalplatform readytouse modules open virtualization api is available for both bootloader and linux. Explore developer resources, software, tools and training for using trustzone with. Xilinx trustzone documentation as trustzone is a system topic, several documents are necessary to fully understand the. In addition, it enables capability to write trustzone applications with rusts standard library and many third.
The interface from client applications to access the tee, and for the use of trusted applications executing within the tee are standardised by globalplatform 4. A trusted execution environment is a small secure kernel, and normally developed with standard apis, developed to the tee specification evolved by the global platform industry forum. Keeping data secure even when the operating system kernel is compromised requires special hardware support. Only trusted applications running in a tee have access to the full power of a devices main processor, peripherals and memory, while hardware isolation protects these from. A trusted execution environment tee is an area on the main processor of a device that is separated from the systems main operating system. Getting started with a new os usually involves a large learning curve, especially when the focus is on device security. Mainly this comprises the installation and the removal of applications. Globalplatform based trusted execution environment and. In trustzone terminology, this entire environment is referred to as the rich execution environment ree. Rust op tee trustzone sdk provides abilities to build safe trustzone applications in rust. The recently reported clkscrew attack breaks trustzone through software by overclocking cpu to generate hardware faults. Towards enhancing web application security using trusted. The open virtualization source code has been developed and released to the open source community by embedded virtualization leader sierraware. Open tee is a virtual trusted execution environment and its main advantage is that it is implemented based on globalplatform s specifications 4 and any applications developed for open tee will.
Opentee an open virtual trusted execution environment. A foss stack for secure hardware tokens hadi nahari chief security architect nvidia. Common criteria under its trusted computing category, this document specifies the typical threats the hardware and software of the tee needs to withstand. Globalplatform tee biometrics struggle a little alongside androids idea of biometrics because, unlike androids interface to biometrics, globalplatform tee acknowledges the possibility of multiple users of a device. Trustzone technology within cortexa based application processors is commonly used to run trusted boot and trusted os to create a trusted execution environment tee. Arm trustzone and kvm coexistence with rtos for automotive. Optee is an open source project which contains a full implementation to make a complete trusted execution environment. Chapter 6 trustzone system design an example system design using digital rights management and mobile payment as example use cases. Optee is a trusted execution environment tee designed as companion to a nonsecure linux kernel running on arm. Also called tee or secure os, it is the socalled secure world operating system part of the trustzone speci.
Rot software tee tee trusted execution environment tee. The sequitur labs port of linaros optee environment to the raspberry pi 3 aims to encourage prototyping of arm trustzone hardware security on iot devices. Globalplatform technical director, gil bernabeu, provides an introduction to trusted execution environment tee technology, including key use cases such as the protection of mobile payment and premium content, fidobased authentication and iot. Configurations to serve a specific class of devices. Globalplatform update the document defining the trusted execution environment tee. In 2014, linaro started working with stmicroelectronics to transform the proprietary tee solution into an open source tee solution instead. It ensures that data is stored, processed and protected in a secure environment. Programming arm trustzone architecture on the xilinx zynq7000 all programmable soc. Towards enhancing web application security using trusted execution cornelius namiluko, andrew j. Globalplatform based trusted execution environment and trustzone r. It introduces the globalplatform tee specifications, explains how trusted execution is implemented by arm trustzone and optee, and outlines how trusted boot software manages the secure boot of an. The tee committee defines an open security architecture for consumer and connected devices using a tee to secure those devices and enable the development and deployment of secure. These include interactions with persistent secure stor.
Introduces trusted execution and globalplatform standards. A tee provider can run the tee implementation on the devices main hardware platform, using the same processor and memory for both the ree and tee systems e. In 2014, linaro started working with stmicroelectronics to transform the proprietary tee solution into an open source. The trustzone trusted core can withstand similar attacks by providing a systemwide hardware and software protection architecture. Typical use cases include the protection of authentication mechanisms, cryptography, mobile device management, payment, key material, and digital rights management drm. Not all code running in arm trustzone technology isolated. But trustzone also allows the cpu to run in the secure mode at lower privileges, allowing privilege isolation within the tee. Nuno miguel carvalho dos santos examination committee. Secure boot, and remote management, root of trust along with tee biometrics architectures. Optee currently adheres to globalplatform apis, namely the. It introduces the globalplatform tee specifications, explains how trusted execution is implemented by arm trustzone and optee, and outlines how trusted boot software manages the secure boot of an arm platform. Trusted execution environments and arm trustzone azeria labs. Opentee an open virtual trusted execution environment arxiv.
Tee linux kernel support and open source security free. The trusted execution environment tee committee is chaired by christophe colas from trustonic. Trustzone is one of the ways to separate tee from the main guest os. Lowest level of communication with op tee builds on arm smc calling convention smccc 2, which is the foundation for op tee s smc interface. Below is a software architecture diagram of the optee. Globalplatform tee globalplatforms trusted execution environment tee is a secure area that guarantees that sensitive data are stored, processed and protected in a trusted environment. The device committee creates trusted chip technology for ensuring confidentiality and integrity to trusted code and data. Tee software typically consists of a small operating system and its.
Optee, opensource security for the massmarket linaro. Linaros threeyear old optee open source port of the tee trusted execution environment for arm trustzone security is now available on the lowestcost platform yet. In addition, it enables capability to write trustzone applications with rusts standard library and many thirdparty libraries i. The second half looks at how a well designed apps processor can use trustzone technology and the tee to provide a system that is secure by default. Trustzone is built on secure and nonsecure worlds that are hardware separated.
Tee does not allocate processor time for itself all the time, it spends as much time as it needs to fulfill the request and then transfers control to normal world. Tee implementation options if the main features of tee are that it is separated and difficult to break, then we can come up with different options for implementing tee. It must offer isolated safe execution of authorized security software 2. The globalplatform tee client api 5 is implemented on top of the generic. Globalplatform device committee tee protection profile. By design, t6 has leveraged hardwaregrade isolation technology arm trustzone, intel sgx and the most advanced protection mechanisms of modern operating systems to effectively prevent sensitive information from advanced hackings. Arm trustzone, globalplatform, trusted execution environment, webinos. Tee provides protection for any connected thing, such as a trusted application ta, by enabling an isolated, cryptographic electronic structure and.
Use trustzone we get the separation of tee and the main os within a single processor core. Op tee is an open source project which contains a full implementation to make a complete trusted execution environment. Provides information on key concepts and architecture. This is a stricter trust model that then needs to be limited when helping the standard android systems outside the tee. Next generation mobile security for today and tomorrow conference is the markets only comprehensive event focused on the advancing tee landscape. Virtual secure mode vsm is a software based tee thats implemented by hyperv in windows 10 and windows server 2016. The os and client have a bsd 2clause license and are global platform compliant. You can use the inform arm form below to be added to this list. Programming arm trustzone architecture on the xilinx zynq. The availability of optee, an open source operating system, enables developers to make use of trustzone to deploy applications in a trusted environment. Only trusted applications running in a tee have access to the full power of a devices main processor, peripherals and memory, while hardware isolation protects these from user installed apps running in a main.
Open virtualization arm trustzone and arm hypervisor. The project has roots in a proprietary solution, initially created by stericsson and then owned and maintained by stmicroelectronics. The latest documentation explaining the hardware and software architectures behind the trusted execution environment tee and introducing tee management and functional availability in a device. The globalplatform presents the trusted execution environment tee. The globalplatform card specification is a standard for the management of the contents on a smart card. Bare metal hypervisor hypervisor for arm paravirtualization for arm11, a8, a9 hardware virtualization for 64bit and 32bit. Thanks to the enhanced security offered by the trusted execution environment many additional opportunities are open to service providers. A couple of years ago, when optee was being developed, the developers were engaged in globalplatform testing, in the so called testfest for simplicity lets call it optee even though it strictly isnt correct, since back then the tee solution didnt really have a name, it was the stericsson tee solution.
Tee committee formerly device committee the trusted execution environment tee committee is chaired by christophe colas from trustonic. Trustframe, a software development framework for trustzone enabled hardware joao pedro cohen rocheteau e silva ramos. The sdk is based on the optee project which follows globalplatform tee specifications and provides ergonomic apis. A new configuration defining the minimum implementation requirements of the globalplatform card specification for ses. In practice, trustzone virtual cores are implemented by fast context switching performed inside the secure monitor. Trustzone technology for armv8a arm trustzone is used on billions of applications processors to protect highvalue code and data. Sierratee has been designed for a wide range of products that require trusted virtualization, such as settop boxes, military radios, wireless and wired routers, mobile phones and other consumer devices. By contrast, the trustzone virtual core hosts and runs a trusted execution environment tee in the secure world swd. Accelerate your trusted software development using optee. It is frequently used to provide a security boundary for a globalplatform trusted execution environment.
Despite the fact that there is the crypto api defined by globalplatform, in op tee, this particular trusted application also contains an aesecb and a sha256 224 implementation within the ta itself, that is mostly due to historic reasons. There are a wide variety of possible software architectures for the secure world, and the implementation of these is almost totally dependent on the application the user is targeting. The tees in the scope of this pp implement the core functionalities defined in globalplatform tee internal api specification iapi. In this paper, we describe opentee, a virtual, hardwareindependent tee implemented in software. Globalplatform and the trusted computer group tcg founded a joint working group focusing. Sep 03, 2014 the globalplatform organization went a step further by defining standard apis. Trustframe, a software development framework for trustzoneenabled hardware joao pedro cohen rocheteau e silva ramos. Arm trustzone is compliant with the globalplatform tee system architecture speci. The sdk is based on the op tee project which follows globalplatform tee specifications and provides ergonomic apis.