Open-TEE - An Open Virtual Trusted Execution Environment

TL;DR

Open-TEE is a software-based, open-source virtual Trusted Execution Environment that enables developers to easily develop, debug, and port trusted applications across different hardware TEEs, simplifying TEE adoption.

Contribution

It introduces a hardware-independent, software-based TEE that conforms to GlobalPlatform standards, facilitating easier development and debugging of trusted applications.

Findings

Open-TEE is efficient and easy to use.

It enables development and debugging with common tools.

Open-TEE is freely available as open source.

Abstract

Hardware-based Trusted Execution Environments (TEEs) are widely deployed in mobile devices. Yet their use has been limited primarily to applications developed by the device vendors. Recent standardization of TEE interfaces by GlobalPlatform (GP) promises to partially address this problem by enabling GP-compliant trusted applications to run on TEEs from different vendors. Nevertheless ordinary developers wishing to develop trusted applications face significant challenges. Access to hardware TEE interfaces are difficult to obtain without support from vendors. Tools and software needed to develop and debug trusted applications may be expensive or non-existent. In this paper, we describe Open-TEE, a virtual, hardware-independent TEE implemented in software. Open-TEE conforms to GP specifications. It allows developers to develop and debug trusted applications with the same tools they use for developing software in general. Once a trusted application is fully debugged, it can be compiled for any actual hardware TEE. Through performance measurements and a user study we demonstrate that Open-TEE is efficient and easy to use. We have made Open- TEE freely available as open source.