The purpose of this blog is to introduce the concept of Trusted Execution Environment (TEE) and how end users can leverage open source software to securely deploy applications that process confidential information.
Trusted Execution Environment (TEE) Overview
What are TEEs? What are the benefits of TEE?
TEE provides an isolated environment to ensure code/data integrity and confidentiality.
A typical embedded system running Linux or Android exposes a large number of security holes in both the kernel and user space packages.
Vulnerabilities could allow attackers to access sensitive information and/or insert malware.
TEE adds an extra layer of security, code/data running on TEE cannot be accessed/tampered from normal world OS (like Linux/Android).
Software running on TEE (secure world) usually includes a small security-oriented operating system (eg: OP-TEE OS) and trusted applications.
Trusted applications are designed to handle confidential information such as credit card PINs, private keys, customer data, DRM-protected media, etc., and provide services to normal-world OSs to use confidential information without compromising it.
How is TEE implemented?
TEE requires both software and hardware (built into the processor) support.
On the hardware side, ARM-based processors implement TEE using TrustZone technology. TrustZone enables a single physical processor core to securely and efficiently execute code from both the normal world (such as rich operating systems such as Linux/Android) and the secure world (such as secure operating systems such as OP-TEE). <