The Design And Implementation Of Trusted Execution Environment And Management Platform For Mobile Terminal

With the popularity of mobile terminals,more and more people use mobile terminals to deal with personal privacy data.So the security demand of the mobile terminal increased dramatically.In recent years,the concept of trusted execution environment(TEE)began to appear on the mobile terminal.Correspondingly,the open source operating system,such as Android,is called the rich execution environment(REE).REE is considered unsafe but TEE is considered to be safe.Because the common application is operated in REE but the application relating to sensitive information is operated in TEE.TEE and REE are completely isolated.Without authorization applications operated in REE cannot access TEE resources.ARM TrustZone hardware architecture achieves the isolation between TEE and REE by its hardware isolation technology.According to the Global Platform specifications,this paper accomplished Trusted OS secure startup and interrupt management based on ARM TrustZone hardware architecture.Write the TEE Client API and its test program.Through this API,test program achieved in allocating and registering the TEE memory resources.With the development of the TEE,different manufacturers of TEE,trusted applications will come out quickly.We need a platform to check the manufacturers'qualification and provide downloading and management.Users can manage their own TEE resources through this platform.And provide support for the maintenance of the product provider.In this paper,the functional requirements of the trusted execution environment management platform are analyzed in detail and the overall design is completed.Its function is mainly divided into the presentation layer,the carrier layer and the ability layer.The carrier layer selects the appropriate secure channel and communication protocol,and realizes the authentication and authorization mechanism of the management operation by the way of authorization token.This paper focuses on the design of the life cycle of the TEE,security domain and trusted application,and their administratin operation's parameters,command format and implementation requirements.