SierraTEE for ARM® TrustZone® and MIPS

SierraTEE Trusted Execution Environment

Sierraware has developed SierraTEE, a secure operating system developed for MIPS and ARM TrustZone hardware security extensions. SierraTEE is a comprehensive implementation of ARM TrustZone as well as GlobalPlatform System and IPC APIs. It provides a simple, affordable way to integrate rich platforms like FFmpeg, OpenSSL, MiniDLNA, and others. The secure kernel is optimized for size and performance while maintaining POSIX compliance. SierraTEE covers a wide range of ARM architectures like ARM11, CortexA8, CortexA9, CortexA15, CortexA53, CortexA55 and CortexA75 and MIPS architecture like P5600. With a wide variety of applications built on for SierraTEE, it is the most advanced and popular ARM TrustZone implementation currently available.

What is SierraTEE?
SierraTEE for ARM TrustZone provides a minimal secure kernel which can be run in parallel with a more fully featured high level OS, such as Linux, Android, BSD - on the same core. It also provides drivers for the Rich OS ("normal world") to communicate with the secure kernel ("secure world").

User space applications operate in "normal" mode. The kernel runs in "system" mode. The trusted kernel operates in "monitor" mode. Therefore, even a "rooted" application cannot access protected regions within the system. Anything can be made as part of the trusted infrastructure, from regions of PCI-E address space to NAND memory. SierraTEE provides a secure and easy-to-implement solution for MIPS and ARM TrustZone.

SierraTEE uses the ARM TrustZone security extensions to completely protect the secure kernel, and any secure peripherals, from code running in the normal world. This means that even if an attacker manages to obtain full supervisor privileges in the Rich OS, he cannot gain access to the secure world.

It is supplied with a secure monitor, for switching between secure and normal world, and an example secure first-stage bootloader.

For systems without the security extensions, an emulation version can be used to provide a software environment fully compatible with SierraTEE on systems with the ARM TrustZone security extensions. Systems with a separate ARM processor dedicated for security can use a multi-core implementation running the secure kernel on its own CPU.

What is TrustZone?
The security extensions to ARMv6 and later (ARM11, CortexA8, A9, A15, A53, A55, A75) add the concepts of "secure" and "normal" states. To switch between the secure and normal states, ARM added a new instruction called Secure Monitor Call or SMC. TrustZone technology is implemented within the microprocessor, allowing the on and off-chip memory and the peripherals to be protected. Since the security elements are designed into the hardware, TrustZone avoids security issues surrounding proprietary, non-portable solutions outside the core.

What is MIPS OmniShield?
MIPS hardware virtualization extensions in its OmniShield-ready CPUs allow for CPU, memory and I/O virtualization through hardware. With Hypervisor executing in Hypervisor/root privilege, it enables the guest to continue to run in supervisor/user modes independent and isolated from other Guests or Root context.

By controlling the memory and privilege mappings, Sierravisor enables the TEE to operate at a higher level of access compared to the normal world OSes. The TEE and Hypervisor are deeply integrated allowing for traditional TEE Global Platform APIs to function seamlessly with no changes to user space applications and TAs.