View my previous post on Using the Quartermaster with Hashicorp’s Vault.
What is a TEE?
What is this Trusted Execution Environment? What problems does it solve? What problems does it introduce? Why am I asking so many questions?!
In this video I:
– Define a TEE and grumble about how its a horrible acronym because everyone wants to pronounce it T-E-E not “T”
– Define what a “execution environment” is before we introduce the trusted part
– Discuss what makes the TEE “trusted”
– Pontificate on why having two separate CPUs is not the same as this trusted/non-trusted thing
– Show the motivation for a technology like ARM TrustZone
– Mention some disadvantages of TEE and how exploits still happen despite this being trusted
– End the video a bit quickly, realizing I was over time, and appreciating that its very difficult to explain topics like this in 5 minutes or less, but I’m trying 🙂
For a full list of my available trainings, check out Advanced Security.
For consulting, contact us at Cryptotronix.
If you looking for quick overview of existing HW and SW TEE technologies from SVM, through TPM, TrustZone to DRTM then definitely recommend “Securing Software Architectures for Trusted Processor Environments” . Do you know better publication about TEE?
https://aaltodoc.aalto.fi/handle/123456789/10165
TEE security concept is nothing new. There are some very old papers that describe the same paradigm. Before TrustZone Intel Mangement Engine technology realized similar features. Anyway great you discussing give shout to those very interesting problems of TEE.
Thanks for the comment Piotr! I would recommend checking out some videos by Thomas Roth. He has found vulnerabilities in both TrustZone v7 and TrustZone for Cortex-M. He’s given them at a few conferences that should be public. But that’s the reference that comes top-of-mind.
BTW, I’ve liked the coreboot work y’all have been doing!
Thanks I will look into videos despite we are more blue team then red recently.
Keep posting good stuff it improve awareness.