Trusted execution environment: Difference between revisions

A '''trusted execution environment''' ('''TEE''') is a secure area of a [[Central processing unit|main processor]]. It helps code and data loaded inside it to be protected with respect to [[Information security#Confidentiality|confidentiality and integrity]]. Data integrity prevents unauthorized entities from outside the TEE from altering data, while code integrity prevents code in the TEE from being replaced or modified by unauthorized entities, which may also be the computer owner itself as in certain [[Digital_rights_management|DRM]] schemes described in [[Software_Guard_Extensions|SGX]]. This is done by implementing unique, immutable, and confidential architectural security such as [[Software Guard Extensions|Intel Software Guard Extensions]] (Intel SGX) which offers hardware-based memory encryption that isolates specific application code and data in memory. Intel SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels.<ref>{{cite web | url=https://blog.quarkslab.com/introduction-to-trusted-execution-environment-arms-trustzone.html | title=Introduction to Trusted Execution Environment: ARM's TrustZone }}</ref><ref>{{cite web| url=https://globalplatform.org/wp-content/uploads/2018/04/131023-3-TLabs-livre_blanc.pdf | title=Security evaluation of Trusted execution environments: Why and how? | access-date=2024-02-15}}</ref><ref name="oulpita.com">{{cite web |url=https://poulpita.com/2014/02/18/trusted-execution-environment-do-you-have-yours/ |title=Trusted Execution Environment, millions of users have one, do you have yours? |website=Poulpita |date=2014-02-18 |access pm-date=2017-05-17 |archive-date=2021-01-27 |archive-url=https://web.archive.org/web/20210127231827/https://poulpita.com/2014/02/18/trusted-execution-environment-do-you-have-yours/ |url-status=live }}</ref> A TEE as an isolated execution environment provides security features such as isolated execution, integrity of applications executing with the TEE, along with confidentiality of their assets.<ref>{{cite web|url=https://www.youtube.com/watch?v=PmtQtWpfW3w|title=The benefits of Trusted Execution Environment (TEE)|last=Ram Kumar Koppu|date=26 October 2013|publisher=[[YouTube]]|access-date=31 July 2014|archive-date=1 September 2020|archive-url=https://web.archive.org/web/20200901094254/https://www.youtube.com/watch?v=PmtQtWpfW3w|url-status=live}}</ref> In general terms, the TEE offers an execution space that provides a higher level of security for trusted applications running on the device than a rich operating system (OS) and more functionality than a 'secure element' (SE).