Trusted Execution environment
Pattern language
secure booting
solution
secure store
force
solution
force
solution
HW isolation mechanism
independent cpu
independent HW
independent memory
HW root of trust
trust chain
root of trusted key
asymmetric public key
unique symmetric device key/id/seed
context
Problem
越來越複雜的軟體系統導致有許多的無法預測的系統安全漏洞, CVE 一年大約有 300~500 個漏洞分別被接露在 iOS, Android, Linux 上, 要期待即時修補這些系統安全性是不現實的
隔離機密資料, 即使系統被 Root 也要保證資料不洩漏
hack one, only leak one
force
HW root of trust
different security level for different content
lv1
lv2
lv3
Only TEE can access both decrypted content and key
only TEE can access the key, but REE can access decrypted content
imply: REE can control the key, in the other word, REE got the control permission of key, even REE can't access the key directly.
REE can access both key and decrypted content
small code focus on security function only
specifically, only cryptography related feature.
feature in TEE
content protection
secure UI
security asset protection
credit card number
password of bank
movie
music
password input
we could use TEE to protect security assert in some feautre, especially, the device is rooted.
reference
ARM TBSA
global platform
synopsys BSIMM
Intel TPM
True Random number generator
Cryptography
threat modeling
security assert definition
stride method
normal function or feature
abnormal attack model
Immutable ROM boot
fingerprint
social security code
Launch secure communication with remote trusted server, and protect our security asset even the device is rooted
paymend
money transfer
playback music without content leakage
play movie with content leakage
boot from Trusted ROOT chain
setup the HW firewall before launching linux kernel
launch TEE and perform TEE feature in TEE
click to edit
click to edit
apply solution