SierraTEE Trusted Execution Environment
Sierraware has developed SierraTEE, a secure operating system developed for ARM TrustZone hardware security extensions. SierraTEE is a comprehensive implementation of ARM TrustZone as well as GlobalPlatform System and IPC APIs. It provides a simple, affordable way to integrate rich platforms like FFmpeg, OpenSSL, MiniDLNA, and others. The secure kernel is optimized for size and performance while maintaining POSIX compliance. SierraTEE covers a wide range of ARM architectures like ARM11, CortexA8, CortexA9 and CortexA15. With a wide variety of applications built on for SierraTEE, it is the most advanced and popular ARM TrustZone implementation currently available.
What is TrustZone?
The security extensions to ARMv6 and later (ARM11, CortexA8, A9, A15) add the concepts of "secure" and "normal" states. To switch between the secure and normal states, ARM added a new instruction called Secure Monitor Call or SMC. TrustZone technology is implemented within the microprocessor, allowing the on and off-chip memory and the peripherals to be protected. Since the security elements are designed into the hardware, TrustZone avoids security issues surrounding proprietary, non-portable solutions outside the core.
What is SierraTEE?
SierraTEE for ARM TrustZone provides a minimal secure kernel which can be run in parallel with a more fully featured high level OS, such as Linux, Android, BSD - on the same core. It also provides drivers for the Rich OS ("normal world") to communicate with the secure kernel ("secure world").
User space applications operate in "normal" mode. The kernel runs in "system" mode. The trusted kernel operates in "monitor" mode. Therefore, even a "rooted" application cannot access protected regions within the system. Anything can be made as part of the trusted infrastructure, from regions of PCI-E address space to NAND memory. SierraTEE provides a secure and easy-to-implement solution for ARM TrustZone.
SierraTEE uses the ARM TrustZone security extensions to completely protect the secure kernel, and any secure peripherals, from code running in the normal world. This means that even if an attacker manages to obtain full supervisor privileges in the Rich OS, he cannot gain access to the secure world.
It is supplied with a secure monitor, for switching between secure and normal world, and an example secure first-stage bootloader.
For systems without the security extensions, an emulation version can be used to provide a software environment fully compatible with SierraTEE on systems with the ARM TrustZone security extensions. Systems with a separate ARM processor dedicated for security can use a multi-core implementation running the secure kernel on its own CPU.