Trusted Execution environment

Pattern language

secure booting

solution

secure store

force

solution

force

solution

HW isolation mechanism

independent cpu

independent HW

independent memory

HW root of trust

trust chain

root of trusted key

asymmetric public key

unique symmetric device key/id/seed

context

Problem

越來越複雜的軟體系統導致有許多的無法預測的系統安全漏洞, CVE 一年大約有 300~500 個漏洞分別被接露在 iOS, Android, Linux 上, 要期待即時修補這些系統安全性是不現實的

隔離機密資料, 即使系統被 Root 也要保證資料不洩漏

hack one, only leak one

force

HW root of trust

different security level for different content

lv1

lv2

lv3

Only TEE can access both decrypted content and key

only TEE can access the key, but REE can access decrypted content
imply: REE can control the key, in the other word, REE got the control permission of key, even REE can't access the key directly.

REE can access both key and decrypted content

small code focus on security function only

specifically, only cryptography related feature.

feature in TEE

content protection

secure UI

security asset protection

credit card number

password of bank

movie

music

password input

we could use TEE to protect security assert in some feautre, especially, the device is rooted.

reference

ARM TBSA

global platform

synopsys BSIMM

Intel TPM

True Random number generator

Cryptography

threat modeling

security assert definition

stride method

normal function or feature

abnormal attack model

Immutable ROM boot

fingerprint

social security code

Launch secure communication with remote trusted server, and protect our security asset even the device is rooted

paymend

money transfer

playback music without content leakage

play movie with content leakage

boot from Trusted ROOT chain

setup the HW firewall before launching linux kernel

launch TEE and perform TEE feature in TEE

click to edit

click to edit

apply solution