Trusted Execution Environment (TEE)




NVIDIA partner logo NXP partner logo






Trusted Execution Environment

When it comes to embedded systems, a Trusted Execution Environment (TEE) is a "secure area" of the system that is protected from the rest of the system using encryption. Data in a TEE can only be read or tampered with by authorized code outside the environment, which means that unauthorized pieces of software can not access data or execute programs that reside in the TEE.

Applications that reside inside a TEE are known as Trusted Applications (TAs). They are considered secure since they are encrypted to the outside world. This means that data handled by a TA can only be accessed by certain components of the system, so data processed by a TA can not be manipulated or altered.

TEE often relies on a hardware isolation mechanism to separate the secure and non-secure worlds. TEE implementations in embedded systems are usually based on the ARM TrustZone technology as it provides a low cost and efficient alternative to having a dedicated security core in an SoC. This technology works by having two virtual processors and hardware-based access control, allowing two "worlds": a secure and a non-secure world. These two worlds operate independently, and data leakage from one world to the other is prevented.

An example of a TEE implementation based on the ARM TrustZone technology is OP-TEE. This open-source implementation is used by several embedded platforms, such as NVIDIA Jetson. OP-TEE's main components are optee_os, which works in the secure world, and optee_client, which is in the non-secure or normal world.

The secure world, optee_os, is a TEE operating system running at ARMv8 secure EL-1 level. It provides generic OS-level functions like interrupt handling, thread handling, crypto services, and shared memory. It implements the GlobalPlatform TEE Internal Core API. You can use this API to build Trusted Applications (TAs) that run in the secure world at ARMv8 secure EL-0 level.

On the other hand, optee_client is the normal world of OP-TEE and implements the normal user-space library. However, the GlobalPlatform TEE Client API is implemented here, and it defines an interface with which Client Applications (CAs) can communicate with a TA in the secure world.

The implementation of OP-TEE in Jetson platforms is illustrated in the following image:

 
Fig 1. OP-TEE architecture in Jetson Platforms. Extracted from link

And OP-TEE works in the following way:

1. When a client application (CA) must perform a secure operation, it sends a request to a trusted application (TA) by calling functions in the TEE Client API library.

2. The TEE Client API library routes the request to the OP-TEE Linux Kernel Driver.

3. The OP-TEE Linux Driver routes the client application request to Arm Trusted Firmware (ATF).

4. A monitor routes the request to the OP-TEE OS.

5. The OP-TEE OS framework determines which trusted application (TA) is to handle the request.

6. The OP-TEE OS framework passes control to the TA to handle the request.

7. Upon completion, execution control returns along the reverse path to the client application, which receives a return value and any processed data.

Potential applications

OP-TEE OS may offer the following features in which developers can build potential applications:

  • Memory Segregation: establish memory boundaries between the normal world and the trusted world.
  • Inter-world Communication: a way to receive data, interrupts, and events from the normal world.
  • Crypto and Storage: to facilitate cryptography and secure storage.