Collaborate Disseminate
I’m investigating how to control access to an API a TEE application presents.
I believe I can use SELinux to control which kernel modules can access the client TEE library, but I need finer-grain control to say that only one specific TEE a… Continue reading Can SELinux restrict who can call a specific TEE UUID
RoT: element within a system that is trusted and must always behave as expected because any misbehavior cannot be detected at runtime. It’s part of the TCB.
TCB: the smallest set of hardware, firmware, software, and other resources (e.g.,… Continue reading What is the difference between Root of Trust and Trusted Computing Base (TCB)?
I’m trying to make a device that will encrypt and store data. It should require a master password at startup, but then shouldn’t need anything else to decrypt the data throughout the lifetime of the program. It also should be secure, i.e. … Continue reading HSM for Secure Encrypted Data Storage
Recently I learned about TEE in Android, Trusty OS and its internals. I read through the articles on source.android.com and there is one thing I did not find there.
Trusty OS has its own API which allows TEE applications to expose ports an… Continue reading Security of Trusty OS (TEE) Non-Secure World API
There are different scenarios when it’s about secure computation/storage on mobile devices, e.g., "REE only", "REE + TEE", or "REE + SE" or "REE + TEE + SE".
REE – Real Execution Environment, i.e. de… Continue reading How to distribute Android mobile app functionality between OS, Trusted Execution Environment (TEE) and Secure Element (SE)?
From the perspective of security and privacy protection in Machine Learning (ML), I’m wondering why are there few applications combining AMD SEV and ML?
Speaking of SGX, there are multiple ML applications developed with SGX, e.g., addressi… Continue reading TEE applications: AMD SEV vs Intel SGX
What I found so far is that
Application requests TA service using qseecom kernel driver.
Monitor route that request and TA handles the request in Secure world and return the result.(generated private key).
The application get the result(s… Continue reading Access control for SMC call in TrustZone
I find that names and terms used in relation to Trusted (Trustworthy, Confidential,..) Computing are highly interchanged and thus creating confusion for laymen as am I.
Trusted Computing has been around since the 90’s and the idea is being… Continue reading Hardware roots of trust nowadays
Recent years had seen a rise in many open-sourced projects developing tools to support program execution in TEEs (SGX, OP-TEE in ARM, Microsoft Azure) across platforms (the CCC’s Enarx, SGX SDK,..) essentially enabling trusted app executio… Continue reading How can a hardware-based TEE supplement TPMs?
I would like to verify that users are running particular source code. Is there a way this could be achieved?
I want to verify that the original "algorithm" has been followed correctly if you will. What I need is for the user to s… Continue reading Is there a way to verify what code has been run? Maybe TEE?