T6-m -- Highly Secured TEE

Protect Your TEE from Physical Attacks

T6-m is a security enhancement of TEE and protects TEE from physical attacks. It eliminates the trust of external memory to defend against physical attacks. It enables full-time memory encryption for the entire TEE, including the kernel and user-level applications, without requiring specific hardware.

Physical attack is a big threat to mobile devices. The convenience for carrying also makes mobile devices highly vulnerable to theft and loss. In more sophisticated attacks, attackers issued cold boot attacks on a phone, which had an encrypted disk partition to store user’s data. They retrieved the encryption key stored in memory and successfully decrypted the disk partition. Thus, how to protect confidential record in memory against software or even physical attack, is an important and urgent problem. In T6-m, all the external memory is encrypted, so that no data will be leaked even under physical attack.

Features Of T6-m

Zero plaintext in memory

T6-m ensures that all the data in external memory are encrypted thus even if the memory is physically scanned, attackers can only get cypher-text. Meanwhile, T6-m also checks the integrity of data to detect any data tampering.

System-level full protection

T6-m protects the entire system instead of a few components or trustlets. Thust here is no need to configure which parts of the system to protect.

Transparent to Trustlets

T6-m is totally transparent to trusted applications, which means that the developpers of trustlets are not aware of T6-m. Existing trustlets can run smoothly on T6-m just as on T6.