Design And Implementation Of A High Trusted Running Environment For ARM TrustZone

With the rise of mobile office,intelligent mobile terminals,such as tablet computers and smart phones as mobile commerce tools,have brought convenience to all trades and professions.However,Because of the mobility of the intelligent mobile terminal,the opening of the use scene,the vulnerability of the wireless transmission and the complexity of the network environment,the intelligent mobile terminal is faced with an increasingly serious credible threat.Especially in the application fields,such as enterprises,institutions and government departments,which are highly sensitive to information,it involves the core data of different levels,and the credible threat is more severe.Information construction,especially mobile information construction,needs credible protection.As an important component of the state's credibility,information credibility has become the basic prerequisite for the healthy development of information technology.The establishment of credible information needs the support of information technology.Mobile information construction has broken the shackles of traditional wired networks,and it is more difficult to prevent them.This paper improves the reliability and credibility of the existing operating system based on the underlying hardware and existing open source projects.To protect private data and key equipment from the physical isolation of the normal world,and to solve the security risks faced by mobile computing environment.Firstly,implement the physical isolation between the normal world and the trusted world based on the physical isolation technology of open source project OP-TEE and ARM TrustZone.Then,improve the underlying hardware driver and interrupt response of OPTEE_OS to ensure the trusted startup of the system and the complete creation of Secure World.Further,according to the existing open source project OP-TEE,research and implementation of Secure World oriented micro kernel operating system TPOS.OPTEE_OS itself encapsulates Global Platform TEE client API and Global Platform TEE internal API.With the help of OPTEE_OS's API function,it can encapsulate TrustZone IP's static trusted applications and provide trusted services.Finally,implements the TUI of Secure World based on the Global Platform organization Trusted User Interface API Specification v1.0 standard.