Products and Technologies

Enhance Device Security With T6

T6 is operating system for TrustZone based Trusted Execution Environment(TEE) in ARM-based systems. T6 targets at mobile devices using ARM hardware security extension: TrustZone, which supports legacy operating systems(Android, Linux, etc.) to run simultaneously and provides a strong security property for the legacy operating systems and aims to provide an easy-to-use trusted computing platform for research community, a product-quality TEE for mobile device providers. With T6, customers could provide high assurance system and applications including secure mobile payment, Digital Rights Management, Kernel Rootkit Detection and Prevention, Bring-Your-Own-Device (BYOD) Solutions to end users. We provide T6 in full source code form.


Features Of T6

Comprehensive Chain Of Trust

By implementing secure boot, T6 ensures systems could not be tampered with. Besides, T6 supports loading third-parties trusted applications dynamically with signature checks, which could greatly reduce the attack surface of the system.

Rich User Mode Libraries Support For Trusted Applications

T6 provides a rich series of user-land libraries such as crypto, libC, openSSL, secure GUI, so that developers could focus on the implementation of their business specific application logic.

Secure Isolation, Achieve a Mutual-Distrust

Strong isolation among different trusted applications, untrusted and trusted applications as well as trusted applcations and the kernel could be guaranteed, while allowing them to run simultaneously.

Compatible with Global Platform API

T6 supports Global Platform TEE Client API v1.0 and Global Platform TEE Internal API v1.0, so that legacy trusted applications could run directly atop of T6 without any modification.

Various Platforms Support

T6 Supports Many Hardware Platforms, such as Samsung exynos, Freescale i.MX and ARM Versatile Express.

Compatible with mainstream commodity OSes

T6 doesn’t rely on any platform specific services provided by the OS running in the normal world and is compatible with systems like Android, Ubuntu and common RTOS without any modifications.

How to Get T6

For Researchers

We provide a flexible T6 SDK and a ready-to-use hardware platform for researchers to support their research.


For Prototype Oriented Evaluation

For those who are ready for project prototype evaluation in TrustZone platform, we provide some relevant demonstration images for you to evaluate T6 and its related security solutions.


For Manufacturers And Enterprise Users

For Manufacturers and enterprise users, we provide T6 as well as security solutions based on T6 in source code form. We can cooperate to have a deep customization on T6.


Frequently Asked Questions

What is TrustZone?

Started from ARMv6, ARM TrustZone technology aims at establishing trust in ARM-based platforms. In contrast to TPMs, which were designed as fixed-function devices with a predefined feature set, TrustZone represented a much more flexible approach by leveraging the CPU as a freely programmable trusted platform module. To do that, ARM introduced a special CPU mode called “secure mode” in addition to the regular normal mode, thereby establishing the notions of a “secure world” and a “normal world”. The distinction between both worlds is completely orthogonal to the normal ring protection between user-level and kernel-level code and hidden from the operating system running in the normal world. Furthermore, it is not limited to the CPU but propagated over the system bus to peripheral devices and memory controllers. This way, such an ARM-based platform effectively becomes a kind of split personality. When secure mode is active, the software running on the CPU has a different view on the whole system than software running in non-secure mode. This way, system functions, in particular security functions and cryptographic credentials, can be hidden from the normal world. It goes without saying that this concept is vastly more flexible than TPM chips because the functionality of the secure world is defined by system software instead of being hard-wired. For more technical details on ARM TrustZone, please refer to our blog: TEE And ARM TrustZone for more information.

What is TrustZone Trusted Kernel For ?

TrustZone trusted kernel fully utilizes the security features of ARM TrustZone hardware architecture to provid full-system protection for the application and system. Take the mobile secure payment as an example, the existing numerous mobile phone malware in operating system such as Android, IOS makes our phone not secure at all. These complex OSes often have many security vulnerabilities and an attacker can easily exploit these vulnerabilities to attack end users, such as stealing a user’s payment password, tamper with the payment transaction amount even secretly the money into the attacker’s account without the user’s consent. TrustZone trusted kernel is able to guard against such attacks by providing a full system hardware and software security architecture.

What is Global Platform TEE API ?

Global Platform is a non-profit organization and it proposed a set of TEE architecture and TEE APIs, which defines the TEE architecture and provide a uniform application developers a set of API so that they can write portable security kernel security applications. TEE API contains two parts, one part is TEE Client API, which is used to provide a unified interface to the application running in the general operating system to invoke service of TEE security applications, the other part is TEE Internal API, a unified interface for providing for trusted applications running in TEE.

Could We Replace T6 With Linux As Trusted Kernel ?

Theoretically, this is possible, but we strongly recommend not to adopt this solution. The main reason of having so many security vulnerabilities in modern operating system is the high complexity of implementation and the large trusted computing base, it is difficult to eliminate these security vulnerabilities. Linux itself is a complex kernel, it also has many security holes, every year CVE will have at least a dozen Linux kernel security vulnerabilities, and the premise of trusted kernel is to high security, with a simple and well design, less code in implementation, the trusted kernel will be easier to achieve high security. In addition, there is also a implementation consideration: in our experience, bottom-up approach to implement a security kernel is easier than the top-down approach which starts from cutting an existing kernel.

Could T6 Be Flashed Into My Phone Directly ?

Currently no, this is because the majority of mobile phones are locked at the Bootloader level to prevent the user from modifying the firmware which is provided by the mobile phone manufacturers. Since T6 is a full system level protection, it needs to modify the Bootloader to have a secure boot. Now we need to cooperate with manufacturers in order to make the T6 to fit the corresponding models of mobile phone. Of course, we have been trying to make sure that T6 can directly be flashed into the mobile phone directly.

Does T6 Support Virtualization ?

Currently T6 does not use virtualization to provide more features. Because TrustZone and virtualization are two characteristics of orthogonal, T6 is compatible with existing virtualization solutions such as KVM-ARM, XVisor and XEN.

Does T6 Require Heavy Modifications on Existing Operating Systems?

Basically T6 doesn’t make any changes to the original operating system. For some specific business requirements, such as Rookit protection, T6 requires a light-weight modification to the operating system.

Does T6 Support Fingerprint Identification?