TEE_SystemArch_v1.1_Public_Release(TEE系统架构规范)

5星 · 超过95%的资源需积分: 49 165 浏览量 2018-09-14 14:24:44 上传评论收藏 688KB PDF 举报

资源详情

资源评论

Recipients of this document are invited to submit, with their comments, notification of any relevant patents or other intellectual

property rights (collectively, “IPR”) of which they may be aware which might be necessarily infringed by the implementation of

the specification or other work product set forth in this document, and to provide supporting documentation. The technology

provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this information is

governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly prohibited.

GlobalPlatform Device Technology

TEE System Architecture

Version 1.1

Public Release

January 2017

Document Reference: GPD_SPE_009

TEE System Architecture – Public Release v1.1 3 / 43

The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this

information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly

prohibited.

Contents

1 Introduction ............................................................................................................................ 5

1.1 Audience ............................................................................................................................................... 5

1.2 IPR Disclaimer....................................................................................................................................... 6

1.3 References ............................................................................................................................................ 6

1.4 Terminology and Definitions .................................................................................................................. 7

1.5 Abbreviations and Notations ............................................................................................................... 10

1.6 Revision History .................................................................................................................................. 11

2 TEE Device Architecture Overview ..................................................................................... 12

2.1 Typical Chipset Architecture ............................................................................................................... 13

2.2 Hardware Architecture ........................................................................................................................ 14

2.2.1 TEE High Level Security Requirements ....................................................................................... 14

2.2.2 TEE Resources ............................................................................................................................ 15

2.2.3 REE and TEE Resource Sharing ................................................................................................. 16

3 TEE Software Interfaces....................................................................................................... 18

3.1 The TEE Software Architecture........................................................................................................... 19

3.2 Components of a GPD TEE ................................................................................................................ 21

3.2.1 REE Interfaces to the TEE ........................................................................................................... 21

3.2.2 Trusted OS Components ............................................................................................................. 21

3.2.3 Trusted Applications (TAs) ........................................................................................................... 22

3.2.4 Shared Memory ............................................................................................................................ 22

3.2.5 TA to TA Communication ............................................................................................................. 22

3.3 Relationship between TEE APIs ......................................................................................................... 23

3.4 The TEE Client API Architecture ......................................................................................................... 24

3.5 The TEE Internal API Architecture ...................................................................................................... 25

3.5.1 The TEE Internal Core API .......................................................................................................... 25

3.5.2 The TEE Sockets API .................................................................................................................. 26

3.5.3 The TEE TA Debug API Architecture ........................................................................................... 27

3.5.4 The TEE Secure Element API Architecture ................................................................................. 28

3.5.5 The TEE Trusted User Interface API Architecture ....................................................................... 29

3.6 Variations of TEE Architecture Found on Real Devices ..................................................................... 30

3.6.1 A GPD TEE Can Have Proprietary Extensions ............................................................................ 30

3.6.2 A Device Can Have Many TEEs .................................................................................................. 31

3.6.3 Not All TEEs on a Device Need To Be GlobalPlatform Compliant .............................................. 33

4 TEE Management.................................................................................................................. 34

5 TEE Implementation Considerations .................................................................................. 38

5.1 Device States ...................................................................................................................................... 38

5.2 Boot Time Environment ....................................................................................................................... 39

5.2.1 Typical Boot Sequence ................................................................................................................ 39

5.3 Run-Time Environment ....................................................................................................................... 43

5.3.1 TEE Functionality Availability ....................................................................................................... 43

4 / 43 TEE System Architecture – Public Release v1.1

The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this

information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly

prohibited.

Figures

Figure 2-1: Chipset Architecture ...................................................................................................................... 13

Figure 2-2: Hardware Architectural View of REE and TEE ............................................................................. 16

Figure 2-3: Example Hardware Realizations of TEE ....................................................................................... 17

Figure 3-1: TEE Software Architecture ............................................................................................................ 19

Figure 3-2: TEE APIs ....................................................................................................................................... 23

Figure 3-3: Example TEE Sockets API Architecture ....................................................................................... 26

Figure 3-4: Typical Device with Multiple SE Readers ..................................................................................... 28

Figure 3-5: TEE with TUI Architecture ............................................................................................................. 29

Figure 3-6: Compliant GPD TEE with Proprietary Extensions ........................................................................ 30

Figure 3-7: Example of System Hardware with Multiple TEEs ........................................................................ 31

Figure 3-8: Multiple GPD TEEs in One Device................................................................................................ 32

Figure 3-9: GPD TEE alongside Unknown TEE .............................................................................................. 33

Figure 4-1: TEE Management Framework Structure ...................................................................................... 35

Figure 4-2: Security Domain Management Relationships ............................................................................... 36

Figure 5-1: Boot Sequence: Trusted OS Early Boot ...................................................................................... 40

Figure 5-2: Boot Sequence: ROM-based Trusted OS .................................................................................... 41

Figure 5-3: Boot Sequence: Trusted OS On-demand Boot ............................................................................ 42

Tables

Table 1-1: Normative References ...................................................................................................................... 6

Table 1-2: Terminology and Definitions ............................................................................................................. 7

Table 1-3: Abbreviations and Notations .......................................................................................................... 10

Table 1-4: Revision History ............................................................................................................................. 11

Table 3-1: APIs within TEE Internal Core API ................................................................................................. 25

TEE System Architecture – Public Release v1.1 5 / 43

The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this

information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly

prohibited.

1 Introduction

Devices, from smartphones to servers, offer a Rich Execution Environment (REE), providing a hugely

extensible and versatile operating environment. This brings flexibility and capability, but leaves the device

vulnerable to a wide range of security threats. The Trusted Execution Environment (TEE) is designed to reside

alongside the REE and provide a safe area of the device to protect assets and execute trusted code.

This document explains the hardware and software architectures behind the TEE. It introduces TEE

management and explains concepts relevant to TEE functional availability in a device.

At the highest level, a Trusted Execution Environment (TEE) that meets the TEE Protection Profile [TEE PP]

is an environment where the following are true:

• All code executing inside the TEE has been authenticated.

• Unless explicitly shared with entities outside the TEE:

o The ongoing integrity of all TEE assets is assured through isolation, cryptography, or other

mechanisms.

o The ongoing confidentiality of the contents of all TEE data assets is assured through isolation or

other mechanisms such as cryptography. Data assets include keys.

• TEE capabilities such as isolation or cryptography, can be used to provide confidentiality of the TA

code asset.

• The TEE resists known remote and software attacks, and a set of external hardware attacks.

• Both code and other assets are protected from unauthorized tracing and control through debug and

test features.

Note: The architectural concepts and principles in this document do not and should not dictate any particular

hardware or software implementation and are broad enough to cover many possible implementations as long

as the security principles are adhered to. Hence, any hardware or software architectural diagram in this

document is provided as an example and for reference only.

This version of the TEE System Architecture has been extended to include the second phase of TEE

standardization, which introduced new APIs for supporting tasks such as Trusted User interface, SE and

Sockets communications, and remote management for Trusted Applications. Further extensions of the TEE

System Architecture are expected in subsequent phases, as described in the TEE White Paper

[TEE White Paper]; e.g. a more flexible Trusted User Interface API, biometrics fingerprint API, and secure

video content.

Since release of the first version of this document, many of the requirements to fulfil the goal of being a GPD

TEE have become available in specific specification documents. It is not the role of this high level architecture

document to duplicate those detailed requirements, and so many of the statements of this document are

intentionally reduced from normative language to informative language.

1.1 Audience

This document is intended primarily for the use of developers of:

• Trusted Execution Environments

• Trusted Applications that make use of Trusted Execution Environments

• Client Applications that use the services of Trusted Applications by means of the TEE Client API

[TEE Client API]

剩余42页未读，继续阅读

评论收藏

内容反馈

wsdx

2019-03-20

找了很久, 谢谢谢谢

TEE_SystemArch_v1.1_Public_Release(TEE 系统架构规范)

评论2

最新资源

TEE_SystemArch_v1.1_Public_Release(TEE 系统架构规范)

评论2

最新资源

相关推荐

GPD_TEE_SystemArch_v1.1_Public_Release

GP TEE System Architecture v1.0

架构设计规范

TEE 规范文档合集

GPD_TEE_SystemArch_v1.0.pdf

trustonic-tee-user-space:Trustonic可信执行环境的Android用户空间组件

trustonic-tee-driver:可信执行环境的Android驱动程序

GlobalPlatform TEE 规范文档合集

GP-TEE相关文档

TEE相关文档合集（GlobalPaltform组织）

GPD_TEE_SystemArch_v1.2_PublicRelease.pdf

GPD_TEE_SystemArch_1.2.zip

GlobalPlatform_TEE_Whitepaper

GPD_TEE Sockets API Annex B - UDP_v1.0.pdf

GP TEE Internal API v1.1

GP_TEE中的几种存储方式介绍

GP TEE Client API v1.0

GP规范中文版2.2

Global platform TEE说明文档

TEE_Client_API_Specification-V1.0_c.pdf

GP中文规范

雷蛇PUBG鼠标宏-雷蛇鼠标驱动

WishRecy数据恢复软件

Synaptics病毒专杀工具

软件测试实战项目(Web项目)

双闭环直流调速系统仿真

Windows 10系统连接共享打印机报错0x00000709、0x0000007c、0x0000011b.zip

idapro8.3全架构支持版本(附插件keypatch等)

S7-1200全系列最新固件V4.6