4

A trusted execution environment (TEE) provides a way for one to deploy tamper-proof programs on a device. The most prominent example of TEEs seem to be Intel SGX for PCs.

What I wonder is, if there exists an equivalent solution for mobile devices. For example, I want to deploy an arbitrary application on a smartphone that even a malicious OS can't tamper with. Is there such a solution at the moment?

SpiderRico
  • 177
  • 5

1 Answers1

3

At least for ARM-based CPUs, there's TrustZone. While not the same, it is possible "SGX-like" instructions and capabilities will carry over in the future.

Each of the physical processor cores in these designs provides two virtual cores, one considered Non-secure and the other Secure, and a mechanism to robustly context switch between them, known as monitor mode. The value of the NS bit sent on the main system bus is indirectly derived from the identity of the virtual core that performed the instruction or data access. This enables trivial integration of the virtual processors into the system security mechanism; the Non-secure virtual processor can only access Non-secure system resources, but the Secure virtual processor can see all resources.

http://infocenter.arm.com/help/topic/com.arm.doc.prd29-genc-009492c/PRD29-GENC-009492C_trustzone_security_whitepaper.pdf

https://en.wikipedia.org/wiki/TrustZone#Security_extensions

dark_st3alth
  • 3,052
  • 8
  • 23
  • I should also make a note that a "transparent to the OS" feature like SGX isn't part of SecureZone. It would require the OS developer to allow code to run in the kernel, inside the secure virtual processor. – dark_st3alth Jun 15 '20 at 23:23
  • Thanks a lot for your answer. Just wanted to ask if it's possible to load an arbitrary program and then do remote attestation to ensure TEE is running my program with TrustZone? Or should be programs be embedded by the manufacturer ? – SpiderRico Jun 16 '20 at 06:43
  • From public documents, it is up to the OS and/or hardware provider if third-party code can access the secure virtual cores. DRM and Point of Sale devices likely use TrustZone, but is seems that access is rolled in during and by the device vendor. There's additional explanation here: https://www.microcontrollertips.com/embedded-security-brief-arm-trustzone-explained/ – dark_st3alth Jun 16 '20 at 19:07