T6 - Secure OS and TEE

T6 is a secure operating system and a trusted execution environment (TEE) platform designed and developed by TrustKernel since 2012. By design, T6 has leveraged hardware-grade isolation technology (ARM TrustZone, Intel SGX) and the advanced protection mechanisms of modern operating systems to effectively prevent sensitive information from advanced hackings. It ensures the openness and hardware-grade security of operating system itself and applications, biometrics, documents and passwords it hosts. T6 is mainly targeted at smart devices, PCs, servers, and the Internet of Things. By running with legacy operating systems (Android, Linux, etc.) simultaneously, T6 builds a secure system infrastructure in the existing open ecosystem. Now T6 has been widely deployed in Android phones, tablets and IoT devices.

Features Of T6

Comprehensive Chain Of Trust

By implementing secure boot, T6 ensures systems could not be tampered with. Besides, T6 supports loading third-parties trusted applications dynamically with signature checks, which could greatly reduce the attack surface of the system.

Various Platforms Support

T6 Supports Many Hardware Platforms, such as Samsung exynos, Freescale i.MX and ARM Versatile Express.

Secure Isolation, Achieve a Mutual-Distrust

Strong isolation among different trusted applications, untrusted and trusted applications as well as trusted applcations and the kernel could be guaranteed, while allowing them to run simultaneously.

Compatible with Global Platform API

T6 supports Global Platform TEE Client API v1.0 and Global Platform TEE Internal API v1.0, so that legacy trusted applications could run directly atop of T6 without any modification.

Compatible with most of existing commodity OSes

T6 doesn’t rely on any platform specific services provided by the OS running in the normal world and is compatible with systems like Android, Ubuntu and common RTOS without any modifications.

Rich User Mode Libraries Support For Trusted Applications

T6 provides a rich series of user-land libraries such as crypto, libC, openSSL, secure GUI, so that developers could focus on the implementation of their business specific application logic.

Tools Of T6

T6 SDK：TKCore

TKCore is a development environment for developers compatible with the T6 platform, for the development and integration of trusted applications. The SDK provides sophisticated development compilation tools and documentation that can help developers build trusted applications within a day. It also provides developers with 1-2 days of development and training programs to help developers speed up the development, testing and deployment of trusted applications.

T6 Mass production line tools: KPH

Key Provisioning Hub (KPH) is the TEE security key provisioning, certificate import and upload tool provided by TrustKernel to the device manufacturers. Through the self-developed (Hub) systems, device manufacturers can easily integrate KPH to the existing production line tools and stations, without changing the existing system of production line or adding additional stations and human maintenance. The production line tool has been widely deployed in dozens of device factories.

Case: trusted application deployed on T6

T6 has the ability to protect the security system for a wide variety of trusted applications. Here are some of the trusted applications that are commonly used by device manufacturers on T6.

Device unlock through fingerprint and iris identification

Identification and device unlocking based on biometric identifications such as fingerprint and iris have been widely used in smart devices, and these applications have been secured by T6.

Secure mobile payment

Sensitive operations such as key protection of mobile fingerprint-based secure payment and payment token signature protection in WeChat, Alipay etc., are operated in T6.

Android security reinforcing

With higher security level and stronger security capability, T6 greatly improves the security of the overall system by monitoring the key logic of the Android kernel in TEE.

SoftSIM

The premise of SoftSIM’s replacing physical SIM is security concern. TEE can ensure the security of SoftSIM and the normal operation of the business.

Secure private space

Secure private space is an innovative application by TrustKernel. Through building a TEE Shadow Space in the Android system, it provides users with a private application operation and file storage space.

Secure locking and unlocking of device communication

Through the implementation of TEE's security management capabilities, device vendors, operators, and companies can perform detailed security management of terminal equipment's communication capabilities.

T6-M: Further defense against advanced physical attack

Physical attacks are a big threat to mobile devices. The portability of mobile devices also makes it vulnerable to theft and loss. In a complex attack mode, an attacker can start an attack on a crypto disk that stores user's data. The attacker obtains the encryption key and successfully decrypts the disk. The current TEE and security operating system cannot withstand such attacks. Therefore, it is important and urgent to protect confidential data in storage from physical attack. In T6-m, all external storage is encrypted, so there is no data leakage under physical attack.

T6-m is the secure enhancement of T6 TEE and protects TEE from physical attacks. T6-m can resist physical attack by eliminating the dependence on external storage. It uses specialized memory encryption techniques for the entire TEE, including kernel and user-layer applications, without the need for hardware support. The corresponding price is that the overall performance of the secure operating system will be reduced by about half.

Zero plaintext in memory

T6-m ensures that all the data in external memory are encrypted thus even if the memory is physically scanned, attackers can only get cypher-text. Meanwhile, T6-m also checks the integrity of data to detect any data tampering.

System-level full protection

T6-m protects the entire system instead of a few components or trustlets. Thust here is no need to configure which parts of the system to protect.

Transparent to Trustlets

T6-m is totally transparent to trusted applications, which means that the developpers of trustlets are not aware of T6-m. Existing trustlets can run smoothly on T6-m just as on T6.

How to Get T6

For Researchers

We provide a flexible T6 SDK and a ready-to-use hardware platform for researchers to support their research.

For Manufacturers And Enterprise Users

For Manufacturers and enterprise users, we provide T6 as well as security solutions based on T6 in source code form. We can cooperate to have a deep customization on T6.

Common FAQs

What is TrustZone?

ARM TrustZone is an ARM platform-based technology designed to establish hardware trust. Unlike TPMs that are designed as fixed-function devices and have a predefined set of features, TrustZone can be considered a more flexible way to use the CPU as a TPM. The architecture divides hardware resources into two different execution environments, Normal World and Secure World. CPUs that support TrustZone technology will have two additional modes. Normal mode indicates that the current CPU is running in the normal world and secure mode indicates that the CPU is operating in the secure world. In both the normal world and the secure world, the CPU provides a User mode for the application and a Privileged mode for the operating system. The only difference is that in the secure world, the CPU also has a new monitor mode (Monitor mode) that monitors the CPU's switching between the two operating environments. Specifically, when the CPU needs to switch the operating environment, the CPU will first enter the monitoring mode and store the current operating environment state in this mode, and then switch the operating environment. The switching of the operating environment is mainly based on two types of behaviors. The first one is more common to occur, that is an instruction called “Secure Monitor Call (SMC)” is executed. The instruction will switch the current CPU operating environment between the secure and normal mode. The second mechanism is to switch the operating environment through specific hardware exception mechanisms, such as interrupt request (IRQ) and fast interrupt request (FIQ) that can be configured to switch the operating environment when it occurs. ARM TrustZone is not limited to CPU level, but also including division and isolation of system bus, peripheral devices and memory controllers. The hardware resources on mobile platform include memory, external devices and interruption that can be divided into different execution environments. At the same time, TrustZone technology ensure that programs (including operating systems) in the normal world cannot access the hardware resources allocated to the secure world. The programs in the security world can however access all hardware resources of the two worlds, and the dynamically divide hardware resources in such a manner.

What is SGX?

SGX stands for Intel Software Guard Extensions and is a hardware extension to Intel IA for enhancing software security. This approach does not identify and isolate all malware on the platform. Instead, it encapsulates the security operations of legitimate software in an enclave to protect it from malicious software attacks. Privileged or non-privileged software cannot access the enclave. That is, once the software and data are in the enclave, even the operating system and the VMM (hypervisor) cannot affect the code and data in the enclave environment.

Why secure OS?

The trusted kernel makes full use of the security features of hardware architectures such as ARM TrustZone and Intel SGX to provide system-wide protection for applications and systems. Taking mobile secure payment as an example, the existing malware in a large number of mobile phone operating systems makes our mobile phones insecure. These complex operating systems have many security flaws, and attackers can easily use these flaws to attack end-users, such as stealing a user's payment password, tampering with payment transactions, and transferring money into an attacker's account. The TrustZone trusted core can withstand similar attacks by providing a system-wide hardware and software protection architecture.

What is the Global Platform TEE API?

GlobalPlatform is a multi-industry, non-profit organization whose role is to develop, develop, and release security chip technical standards to facilitate the management of multi-application industrial environments and their secure, interoperable deployment. The TEE API consists of two parts, one is the TEE Client API, which is used to provide a unified interface for invoking the TEE security application service for applications running in the normal operating system. The other part is the TEE Internal API, which provides a unified interface for trusted applications running in TEE.