没有合适的资源?快使用搜索试试~ 我知道了~
GP TEE System Architecture v1.0
需积分: 10 9 下载量 157 浏览量
2017-11-27
18:03:04
上传
评论
收藏 333KB PDF 举报
温馨提示
试读
24页
GlobalPlatform Device Technology TEE System Architecture Version 1.0
资源推荐
资源详情
资源评论
Copyright 2011 GlobalPlatform Inc. All Rights Reserved.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights or other
intellectual property rights of which they may be aware which might be infringed by the implementation of the specification set
forth in this document, and to provide supporting documentation. The technology provided or described herein is subject to
updates, revisions, and extensions by GlobalPlatform. Use of this information is governed by the GlobalPlatform license
agreement and any use inconsistent with that agreement is strictly prohibited.
GlobalPlatform Device Technology
TEE System Architecture
Version 1.0
Public Release
December 2011
Document Reference: GPD_SPE_009
2/24 TEE System Architecture – Public Release v1.0
Copyright 2011 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
prohibited.
This page intentionally left blank.
TEE System Architecture – Public Release v1.0 3/24
Copyright 2011 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
prohibited.
Contents
1 Introduction ............................................................................................................................ 5
1.1 Audience ............................................................................................................................................... 5
1.2 IPR Disclaimer....................................................................................................................................... 5
1.3 Normative References .......................................................................................................................... 6
1.4 Terminology and Definitions .................................................................................................................. 7
1.5 Abbreviations and Notations ............................................................................................................... 10
1.6 Revision History .................................................................................................................................. 11
2 TEE Device Architecture Overview ..................................................................................... 12
2.1 Typical Chipset Architecture ............................................................................................................... 12
2.2 Hardware Architecture ........................................................................................................................ 13
2.2.1 TEE Resources ............................................................................................................................ 14
2.2.2 REE and TEE Resources Sharing ............................................................................................... 15
3 TEE Software Interfaces....................................................................................................... 17
3.1 The TEE Software Architecture........................................................................................................... 17
3.1.1 REE Interfaces to the TEE ........................................................................................................... 18
3.1.2 Trusted OS Components ............................................................................................................. 18
3.1.3 Trusted Applications ..................................................................................................................... 18
3.1.4 Shared Memory ............................................................................................................................ 19
3.2 The TEE Client API Architecture ......................................................................................................... 20
3.3 The TEE Internal API Architecture ...................................................................................................... 21
4 TEE API Availability .............................................................................................................. 22
4.1 Device States ...................................................................................................................................... 22
4.2 Boot Time Environment ....................................................................................................................... 22
4.2.1 Typical Boot Sequence ................................................................................................................ 23
4.3 Run-Time Environment ....................................................................................................................... 24
4.3.1 TEE Functionality Availability ....................................................................................................... 24
4/24 TEE System Architecture – Public Release v1.0
Copyright 2011 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
prohibited.
Figures
Figure 2-1: Chipset Architecture ...................................................................................................................... 12
Figure 2-2: Hardware Architectural View of REE and TEE ............................................................................. 15
Figure 2-3: Example Realizations of TEE........................................................................................................ 16
Figure 3-1: TEE System Architecture .............................................................................................................. 17
Figure 4-1: Simplified Platform Boot Sequence .............................................................................................. 23
Tables
Table 1-1: Normative References ...................................................................................................................... 6
Table 1-2: Terminology and Definitions ............................................................................................................. 7
Table 1-3: Abbreviations .................................................................................................................................. 10
Table 1-4: Revision History ............................................................................................................................. 11
TEE System Architecture – Public Release v1.0 5/24
Copyright 2011 GlobalPlatform Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
prohibited.
1 Introduction
Modern devices, such as the Smartphone, offer a Rich Execution Environment (REE), providing a hugely
extensive and versatile operating environment. This brings flexibility and capability, but at the same time
leaves that device vulnerable to a wide range of security threats. The Trusted Execution Environment (TEE)
is designed to reside alongside the REE and provide a safe area of the device to protect assets and execute
trusted code.
This document explains the hardware and software architectures behind the TEE. It introduces the security
concepts involved and finally it explains some concepts relevant to the TEE functional availability in a device.
At the highest level, a Trusted Execution Environment (TEE) is an environment where the following are true:
• Any code executing inside the TEE is trusted in authenticity and integrity.
• The other assets are also protected in confidentiality.
o The TEE shall resist to all known remote and software attacks, and a set of external hardware
attacks.
• Both assets and code are protected from unauthorized tracing and control through debug and test
features.
The architectural concepts and principles in this document do not and should not dictate any particular
hardware or software implementation and are broad enough to cover any possible implementation as long as
the security principles are adhered to. Hence, any hardware or software architectural diagram in this
document should be taken as an example and for reference only.
This TEE System Architecture is covering the first phase of a TEE standardization. Extension of the TEE
System Architecture is expected in a second phase, as described in the TEE White Paper [2], e.g. the
lifecycle of the Trusted Application.
1.1 Audience
This document is intended primarily for the use of developers of:
• Trusted Execution Environments
• Trusted Applications that make use of Trusted Execution Environments
• Client Applications that use the services of Trusted Applications by the means of the TEE Client API
1.2 IPR Disclaimer
GlobalPlatform draws attention to the fact that claims that compliance with this specification may involve the
use of a patent or other intellectual property right (collectively, “IPR”) concerning this specification may be
published at
https://www.globalplatform.org/specificationsipdisclaimers.asp. GlobalPlatform takes no position
concerning the evidence, validity, and scope of these IPR claims.
剩余23页未读,继续阅读
资源评论
嗨皮的熊先生
- 粉丝: 10
- 资源: 6
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功