I am reading up on TEE in ARM. I am looking for pointers for the following quest

Question

I am reading up on TEE in ARM. I am looking for pointers for the following questions:

- How does the TEE load code from the OS securely and guarantee that its not malicious code?

I am guessing the code is signed and the TEE can verify the signature. So that brings up other questions --

- Who is loading the code? The loader in the OS or does the TEE have its own loader that allows it to load into the OS' environment?

- If the OS loader is loading it how can it be trusted on a rooted device?

I feel like I am missing something here. Can some one point me to the correct literature may be?

Explanation / Answer

In a nutshell, the TEE does have its own bootloader.

The basic idea is that the CPU boots from ROM. This ROM is programmed to load a software image from persistent storage, verify that it is signed by a public key which is stored in the ROM, and transfer the execution to this software image. On an ARM platform with TrustZone, the CPU starts in secure mode, so this first software

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.