Talk:Trusted execution environment

Why is there no Trusted Execution Environment Page?

I'm very surprised that a 'Trusted Execution Environment' page has been removed from Wikipedia. TEE is a globally recognized term within the mobile / cellular phone development community that identifies a separate, secure operating system that can run alongside the regular mobile phone OS. This architecture is fully documented within the 'Global Platform' standards and adopted by the industry. Would there be an objection to me writing a new version of this page for consideration?

DarenPickering (talk) 14:37, 30 April 2013 (UTC)

Comments on latest text

Great to see this subject covered in wikipedia. A technology in use in millions of devices, a massive percentage of the mobile market, and no mention in wikipedia, was crazy.

Comments on current text:

1] Sorry but I have to object to ARM, MIPS and Intel (??) processor capabilities being referred to as "Implementations". AFAIK they are all potential components of a TEE, how the device design makes use of them defines whether they create a TEE or not. I could be wrong about Intel and MIPS but I assume they don't have secure boot built into the actual CPU/cores? If they don't then they aren't enough on there own to create a TEE and so aren't an implementation. You typically need to add ROM, some key chains and some sort of Trusted OS before you get device local assurance that you are running code you trust. --User:DonOnWikiP

Agreed. The implementations are delivered TEE products, such as Trustonic's tBase-200, Qualcomm's QSEE etc.^[1]

The listed implementations are chip technology which could facilitate a TEE, but are not one themselves by the GlobalPlatform definition. I think the criteria is very simple - does the vendor describe it as a TEE? In which case it can be cited. --User:WikiSimonB

2] Standards - The first standard org to mention and specify a TEE AFAIK is OMTP. I could revise the Standards section and add some references to the OMTP ATE docs (currently hosted by GSMA) ^[2]. That would give a bit more history and background to the article. --User:DonOnWikiP

Ok, I had a look for this, and OMTP TR1^[3] refers to a 'Trusted Environment', which is not a 'Trusted Execution Environment', but I did find a presentation from GlobalPlatform that suggests it's origins were in the OMTP TR1 'Trusted Environment' ^[4] --User:WikiSimonB

? In TR1 Chapter 4 : title "TRUSTED EXECUTION ENVIRONMENTS" --User:DonOnWikiP

Ah. Found a reference - the standard I linked to was TR0 - TR1 does indeed refer to TEE.^[5] There's probably the basis of a history section from these links. --User:WikiSimonB....

3] Currently the article does not (to me) really explain the parameters as to why someone would should trust a TEE. Now while their are many TEE designs, they all should be following something like the ATE secure boot chain for the device to have assurance in their software (I think that includes "I am in ROM" as a very short trusted boot), and they should all have some sort of stated isolation capabilities (ideally either the OMTP ATE set or the GP TEE PP, but manufacturer self certified (yuk) is good enough in some markets) --User:DonOnWikiP

Is this part of the formal definition, or just opinion? GlobalPlatform have a certification program which belongs in the article, in my view, but 'why someone would should trust a TEE' seems a bit subjective to me. --User:WikiSimonB

Fair comment, to define the standard of trustworthiness OMTP basically lists TEE assets (ch 4.3) and a set of requirements to protect those assets and hence to qualify as an OMTP defn of a TEE (ch 4.4). See ATE-TEE-620 and 630 for "Flexible Secure Boot" requirements. GlobalPlatform has created a protection profile which I believe was originally based on the OMTP requirements (See the GP TEE System Arch doc definition of a TEE) --User:DonOnWikiP

I have some other comments but this will do for starters. --User:DonOnWikiP

Please elaborate! --User:WikiSimonB

(Sorry if this post breaks some wiki etiquette - its years since I posted here) DonOnWikiP (talk) 19:49, 6 August 2014 (UTC)

References

1. http://www.cs.helsinki.fi/group/secures/CCS-tutorial/tutorial-slides.pdf
2. http://www.gsma.com/newsroom/technical-documents/omtp-documents/
3. http://www.gsma.com/newsroom/wp-content/uploads/2012/03/omtptrustedenvironmentomtptr0v12.pdf
4. http://docbox.etsi.org/workshop/2012/201201_SECURITYWORKSHOP/5_MobileWirelessSecurity/GLOBALPLATFORM_Colas.pdf
5. http://www.gsma.com/newsroom/wp-content/uploads/2012/03/omtpadvancedtrustedenvironmentomtptr1v11.pdf

This reads like an ad

There's no mention of the ineffectuality of DRM; the problematic way "trusted" refers to copyright holders "trusting" that they will get paid, but the actual owners of devices cannot "trust" that their rights will be respected; potential or actual security breaches of or caused by "trusted" components; etc. This is a wholly one-sided article which presents one viewpoint as fact, without context or criticism. Clement Cherlin (talk) 00:07, 27 April 2016 (UTC)

July 2021 edit request

I would like to request the following amendments/improvements to the page.

1. Add new section to page underneath Uses, called TEE Operating Systems. Code for table in my sandbox.

2. Rectify “citation needed” in second sentence with following link - ^[1]

3. Replace first paragraph of Details section with the following: The TEE typically consists of a hardware isolation mechanism, plus a secure operating system running on top of that isolation mechanism – however the term has been used more generally to mean a protected solution.^[2][3][4] Whilst a GlobalPlatform TEE requires hardware isolation, others such as EMVCo use the term TEE to refer to both hardware/software and only software-based solutions.^[5] FIDO uses the concept of TEE in the restricted operating environment for TEEs based on hardware isolation.^[6] Only trusted applications running in a TEE have access to the full power of a device's main processor, peripherals and memory, while hardware isolation protects these from user installed apps running in a main operating system. Software and cryptographic isolation inside the TEE protect the trusted applications contained within from each other.^[7]

4. Add new paragraph under Mobile Financial Services subsection: With the rise of cryptocurrency, TEEs are increasingly used to implement crypto-wallets, as they offer the ability to store tokens more securely than regular operating systems, and can provide the necessary computation and authentication applications.^[8]

5. Add new section:

References

1. Bernstein, Corinne. "Trusted Execution Environment (TEE)". Tech Target.
2. Sabt, M; Achemlal, M; Bouabdallah, A (2015). "Trusted Execution Environment: What It Is, and What It Is Not". 2015 IEEE Trustcom/BigDataSE/ISPA (PDF). IEEE. pp. 57–64. doi:10.1109/Trustcom.2015.357. ISBN 978-1-4673-7952-6. S2CID 206775888. {{cite book}}: |website= ignored (help)
3. Lee, S; Lee, JH (2018). "TEE based session key establishment protocol for secure infotainment systems". Design Automation for Embedded Systems. 22 (3). Springer: 215–224. doi:10.1007/s10617-018-9212-5. S2CID 52081114.
4. Shepherd, C; Arfaoui, G; Gurulian, I; Lee, R; Markantonakis, K; Akram, R; Sauveron, D; Conchon, E (2016). "Secure and Trusted Execution: Past, Present, and Future -- A Critical Review in the Context of the Internet of Things and Cyber-Physical Systems". 2016 IEEE Trustcom/BigDataSE/ISPA (PDF). IEEE. pp. 168–177. doi:10.1109/TrustCom.2016.0060. {{cite book}}: |website= ignored (help)
5. "Software-Based Mobile Payment Evaluation Process". EMVCo.
6. "FIDO Authenticator Allowed Restricted Operating Environments List". FIDO Alliance.
7. "Solutions - Trustonic- Securing Smart Devices & Mobile Applications". Trustonic.com.
8. "Ethereum Wallet in a Trusted Execution Environment / Secure Enclave". Medium.

 Done I did not find a citation needed template in the second sentence as specified. PK650 (talk) 22:07, 13 October 2021 (UTC)

Certification bodies

A Common Criteria protection profile is available to define the security baseline that a TEE must support.^[1]

GlobalPlatform has developed specific evaluation methodology to optimize ISO/IEC 15408 standards for the TEE ecosystem. A specific attack methodology is maintained by an expert group that consistently looks for new attacks and updates the list of attacks that a TEE must protect against.^[2]

SaffronSettee (talk) 15:39, 13 July 2021 (UTC)

References

1. "GlobalPlatform Device Committee TEE Protection Profile" (PDF). Common Criteria Portal.
2. "White paper" (PDF). Secure Alliance.