A trusted execution environment (TEE) is a secure area of a main processor. It guarantees code and data loaded inside to be protected with respect to confidentiality and integrity. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain

DRM DRM may refer to: Government, military and politics * Defense reform movement, U.S. campaign inspired by Col. John Boyd * Democratic Republic of Madagascar, a former socialist state (1975–1992) on Madagascar * Direction du renseignement militai ...

schemes described in SGX. This is done by implementing unique, immutable, and confidential architectural security such as Intel Software Guard Extensions (Intel SGX) which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels. A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets. In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).

History

The

Open Mobile Terminal Platform The Open Mobile Terminal Platform (OMTP) was a forum created by mobile network operators to discuss standards with manufacturers of mobile phones and other mobile devices. During its lifetime, the OMTP included manufacturers such as Huawei, LG ...

(OMTP) first defined TEE in their "Advanced Trusted Environment:OMTP TR1" standard, defining it as a "set of hardware and software components providing facilities necessary to support Applications" which had to meet the requirements of one of two defined security levels. The first security level, Profile 1, was targeted against only software attacks and while Profile 2, was targeted against both software and hardware attacks. Commercial TEE solutions based on ARM

TrustZone ARM (stylised in lowercase as arm, formerly an acronym for Advanced RISC Machines and originally Acorn RISC Machine) is a family of reduced instruction set computer (RISC) instruction set architectures for computer processors, configure ...

technology, conforming to the TR1 standard, were later launched, such as Trusted Foundations developed by Trusted Logic. Work on the OMTP standards ended in mid 2010 when the group transitioned into the

Wholesale Applications Community The Wholesale Applications Community (WAC) was an organisation that was set up to create a unified and open platform to allow mobile software developers to more easily write applications usable on a variety of devices, operating systems and networ ...

(WAC). The OMTP standards, including those defining a TEE, are hosted by

GSMA The GSM Association (commonly referred to as 'the GSMA' or ''Global System for Mobile Communications'', originally ''Groupe Spécial Mobile'') is an industry organisation that represents the interests of mobile network operators worldwide. More ...

Details

The TEE typically consists of a hardware isolation mechanism, plus a secure operating system running on top of that isolation mechanism – however the term has been used more generally to mean a protected solution. Whilst a GlobalPlatform TEE requires hardware isolation, others such as EMVCo use the term TEE to refer to both hardware/software and only software-based solutions. FIDO uses the concept of TEE in the restricted operating environment for TEEs based on hardware isolation. Only trusted applications running in a TEE have access to the full power of a device's main processor, peripherals and memory, while hardware isolation protects these from user installed apps running in a main operating system. Software and cryptographic isolation inside the TEE protect the trusted applications contained within from each other. Service providers,

mobile network operator A mobile network operator (MNO), also known as a wireless service provider, wireless carrier, cellular company, or mobile network carrier, is a provider of wireless communications services that owns or controls all the elements necessary to sell ...

s (MNO), operating system developers, application developers, device manufacturers, platform providers and silicon vendors are the main stakeholders contributing to the standardization efforts around the TEE. To prevent simulation of hardware with user-controlled software, a so-called "hardware root of trust" is used. This is a set of private keys that are embedded directly into the chip during manufacturing; one-time programmable memory such as

eFuse In computing, an eFuse (electronic fuse) is a microscopic fuse put into a computer chip. This technology was invented by IBM in 2004 to allow for the dynamic real-time reprogramming of chips. In the abstract, computer logic is generally "etched ...

s are usually used on mobile devices. These cannot be changed, even after device resets, and whose public counterparts reside in a manufacturer database, together with a non-secret hash of a public key belonging to the trusted party (usually a chip vendor) which is used to sign trusted firmware alongside the circuits doing cryptographic operations and controlling access. The hardware is designed in a way which prevents all software not signed by the trusted party's key from accessing the privileged features. The public key of the vendor is provided at runtime and hashed; this hash is then compared to the one embedded in the chip. If the hash matches, the public key is used to verify a

digital signature A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. A valid digital signature, where the prerequisites are satisfied, gives a recipient very high confidence that the message was created b ...

of trusted vendor-controlled firmware (such as a chain of bootloaders on Android devices or 'architectural enclaves' in SGX). The trusted firmware is then used to implement remote attestation. When an application is attested, its untrusted component loads its trusted component into memory; the trusted application is protected from modification by untrusted components with hardware. A nonce is requested by the untrusted party from verifier's server, and is used as a part of a cryptographic authentication protocol, proving integrity of the trusted application. The proof is passed to the verifier, which verifies it. A valid proof cannot be computed in a simulated hardware (i.e.

QEMU QEMU is a free and open-source emulator (Quick EMUlator). It emulates the machine's processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest ...

) because in order to construct it, access to the keys baked into hardware is required; only trusted firmware has access to these keys and/or the keys derived from them or obtained using them. Because only the platform owner is meant to have access to the data recorded in the foundry, the verifying party must interact with the service set up by the vendor. If the scheme is implemented improperly, the chip vendor can track which applications are used on which chip and selectively deny service by returning a message indicating that authentication has not passed. To simulate hardware in a way which enables it to illicitly pass remote authentication, an attacker would have to extract keys from the hardware, which is costly because of the equipment and technical skill required to execute it. For example, using focused ion beams, scanning electron microscopes, microprobing, and chip decapsulation or even impossible, if the hardware is designed in such a way that reverse-engineering destroys the keys. In most cases, the keys are unique for each piece of hardware, so that a key extracted from one chip cannot be used by others (for example physically unclonable functions). Though deprivation of ownership is not an inherent property of TEEs (it is possible to design the system in a way that allows only the user who has obtained ownership of the device first to control the system), in practice all such systems in consumer electronics are intentionally designed so as to allow chip manufacturers to control access to attestation and its algorithms. It allows manufacturers to grant access to TEEs only to software developers who have a (usually commercial) business agreement with the manufacturer, and to enable such use cases as

tivoization Tivoization is the practice of designing hardware that incorporates software under the terms of a copyleft software license like the GNU General Public License (GNU GPL), but uses hardware restrictions or digital rights management (DRM) to preven ...

and DRM.

Uses

There are a number of use cases for the TEE. Though not all possible use cases exploit the deprivation of ownership, TEE is usually used exactly for this.

Premium Content Protection/Digital Rights Management

Note: Much TEE literature covers this topic under the definition "premium content protection" which is the preferred nomenclature of many copyright holders. Premium content protection is a specific use case of Digital Rights Management (DRM), and is controversial among some communities, such as the

Free Software Foundation The Free Software Foundation (FSF) is a 501(c)#501(c)(3), 501(c)(3) non-profit organization founded by Richard Stallman on October 4, 1985, to support the free software movement, with the organization's preference for software being distributed ...

. It is widely used by copyrights holders to restrict the ways in which end users can consume content such as 4K high definition films. The TEE is a suitable environment for protecting digitally encoded information (for example, HD films or audio) on connected devices such as smart phones, tablets and HD televisions. This suitability comes from the ability of the TEE to deprive owner of the device from reading stored secrets, and the fact that there is often a protected hardware path between the TEE and the display and/or subsystems on devices. The TEE is used to protect the content once it is on the device: while the content is protected during transmission or streaming by the use of encryption, the TEE protects the content once it has been decrypted on the device by ensuring that decrypted content is not exposed to the environment not approved by app developer OR platform vendor.

Mobile financial services

Mobile Commerce applications such as: mobile wallets, peer-to-peer payments, contactless payments or using a mobile device as a point of sale (POS) terminal often have well-defined security requirements. TEEs can be used, often in conjunction with

near field communication Near-field communication (NFC) is a set of communication protocols that enables communication between two electronic devices over a distance of 4 cm (1 in) or less. NFC offers a low-speed connection through a simple setup that can be u ...

(NFC), SEs and trusted backend systems to provide the security required to enable financial transactions to take place In some scenarios, interaction with the end user is required, and this may require the user to expose sensitive information such as a PIN, password or biometric identifier to the

mobile OS A mobile operating system is an operating system for mobile phones, tablet computer, tablets, smartwatches, smartglasses, or other non-laptop personal computing, personal mobile computing devices. While computers such as typical laptops are "mobi ...

as a means of authenticating the user. The TEE optionally offers a trusted user interface which can be used to construct user authentication on a mobile device. With the rise of cryptocurrency, TEEs are increasingly used to implement crypto-wallets, as they offer the ability to store tokens more securely than regular operating systems, and can provide the necessary computation and authentication applications.

Authentication

The TEE is well-suited for supporting biometric ID methods (facial recognition, fingerprint sensor and voice authorization), which may be easier to use and harder to steal than PINs and passwords. The authentication process is generally split into three main stages: * Storing a reference "template" identifier on the device for comparison with the "image" extracted in next stage. * Extracting an "image" (scanning the fingerprint or capturing a voice sample, for example). * Using a matching engine to compare the "image" and the "template". A TEE is a good area within a mobile device to house the matching engine and the associated processing required to authenticate the user. The environment is designed to protect the data and establish a buffer against the non-secure apps located in mobile OSes. This additional security may help to satisfy the security needs of service providers in addition to keeping the costs low for handset developers.

Enterprise, government, and cloud

The TEE can be used by governments, enterprises, and cloud service providers to enable the secure handling of confidential information on mobile devices and on server infrastructure. The TEE offers a level of protection against software attacks generated in the

and assists in the control of access rights. It achieves this by housing sensitive, ‘trusted’ applications that need to be isolated and protected from the mobile OS and any malicious malware that may be present. Through utilizing the functionality and security levels offered by the TEE, governments and enterprises can be assured that employees using their own devices are doing so in a secure and trusted manner. Likewise, server-based TEEs help defend against internal and external attacks against backend infrastructure.

Secure modular programming

With the rise of software assets and reuses,

modular programming Modular programming is a software design technique that emphasizes separating the functionality of a program into independent, interchangeable modules, such that each contains everything necessary to execute only one aspect of the desired function ...

is the most productive process to design software architecture, by decoupling the functionalities into small independent modules. As each module contains everything necessary to execute its desired functionality, the TEE allows to organize the complete system featuring a high level of reliability and security, while preventing each module from vulnerabilities of the others. In order for the modules to communicate and share data, TEE provide means to securely have payloads sent/received between the modules, using mechanisms such as objects serialization, in conjunction with proxies. See

Component-based software engineering Component-based software engineering (CBSE), also called component-based development (CBD), is a branch of software engineering that emphasizes the separation of concerns with respect to the wide-ranging functionality available throughout a give ...

TEE Operating Systems

Hardware support

The following hardware technologies can be used to support TEE implementations: *

AMD Advanced Micro Devices, Inc. (AMD) is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets. While it initially manufactur ...

: ** Platform Security Processor (PSP) ** AMD Secure Encrypted Virtualization and the Secure Nested Paging extension *

ARM In human anatomy, the arm refers to the upper limb in common usage, although academically the term specifically means the upper arm between the glenohumeral joint (shoulder joint) and the elbow joint. The distal part of the upper limb between th ...

: **

** Realm Management Extension / Confidential Compute Architecture (CCA) * IBM: ** IBM Secure Service Container, formerly zACI, first introduced in IBM z13 generation machines (including all LinuxONE machines) in driver level 27. ** IBM Secure Execution, introduced in IBM z15 and LinuxONE III generation machines on April 14, 2020. *

Intel Intel Corporation is an American multinational corporation and technology company headquartered in Santa Clara, California. It is the world's largest semiconductor chip manufacturer by revenue, and is one of the developers of the x86 seri ...

: **

Trusted Execution Technology Intel Trusted Execution Technology (Intel TXT, formerly known as LaGrande Technology) is a computer hardware technology whose primary goals are: * Attestation of the authenticity of a platform and its operating system. * Assuring that an authent ...

** SGX Software Guard Extensions ** "Silent Lake" (available on Atom processors) *

RISC-V RISC-V (pronounced "risk-five" where five refers to the number of generations of RISC architecture that were developed at the University of California, Berkeley since 1981) is an open standard instruction set architecture (ISA) based on estab ...

: ** MultiZone™ Security Trusted Execution Environment ** Keystone Customizable TEE Framework ** Penglai Scalable TEE for RISC-V

References

{{Reflist, 30em Security Security technology Mobile security Mobile software Standards