Increasing popularity of connected devices in recent years has led devices manufacturers to deal with security issues in a more serious way than before. In order to address these issues appropriately, a specification has emerged to define a way to ensure the integrity and confidentiality of data running in the entity implementing this specification.

Trusted Execution Environment

A Trusted Execution Environment (TEE) is a secure area inside a main processor. It runs in parallel of the operating system, in an isolated environment. It guarantees that the code and data loaded in the TEE are protected with respect to confidentiality and integrity. This alongside-system is intended to be more secure than the classic system (called REE or Rich Execution Environment) by using both hardware and software to protect data and code.

Trusted applications running in a TEE have access to the full power of a device's main processor and memory, whereas hardware isolation protects these components from user installed applications running in the main operating system. Software and cryptographic isolations inside the TEE protect the different contained trusted applications from each other.

This starts a series of two blogposts discussing hardware technologies that can be used to support TEE implementations:

TrustZone from ARM

SGX from Intel

As suggested by the title, this blogpost tells you more about TrustZone.

ARM processors with TrustZone implement architectural Security Extensions in which each of the physical processor cores provides two virtual cores, one being considered non-secure, and called Non Secure World, the other being considered Secure and called Secure World, and a mechanism to context switch between the two, known as the monitor mode.

A schema from ARM:

As illustrated by this figure, TrustZone consist in a monitor, an optional OS and optional applications, all running in Secure World. A Trustzone implementation could be all those components like on the Qualcomm or Trustonic implementations, or only a Monitor as the Nintendo Switch implementation does.

Implementing a TrustZone OS provides a more flexible model for adding trusted functionality which are meant to provide additional secure service to the Normal World.

These features are available as signed third-party applications (called trustlet), and are securely loaded and executed in Secure World by the operating system running in TrustZone (the SecureOS).

One of these secure loading features (namely the Qualcomm one) was fully retro engineered by Gal Beniamini, before Qualcomm made it public.

The trustlet integrity checking process is relatively standard and consists of a hash table, each hash represents the hash of a segment of the ELF binary. This hash table is then signed by the trustlet issuer, and this signature can be verified through a certificate chain placed directly after the signature. This chain of trust can be validated thanks to the root certificate of which a SHA256 is placed in a fuse (QFuse), ensuring its integrity.

Source: Qualcomm

TrustZone is used for many purposes, including DRM, accessing platform hardware features such as stored RSA public key hash in eFuse, Hardware Credential Storage, Secure Boot, Secure Element Emulation, etc.