T6 - Secure OS and TEE
Empowering security applications and scenarios, building security device terminals
T6 is a secure operating system and a trusted execution environment (TEE) platform designed and developed by TrustKernel since 2012. By design, T6 has leveraged hardware-grade isolation technology (ARM TrustZone, Intel SGX) and the advanced protection mechanisms of modern operating systems to effectively prevent sensitive information from advanced hackings. It ensures the openness and hardware-grade security of operating system itself and applications, biometrics, documents and passwords it hosts. T6 is mainly targeted at smart devices, PCs, servers, and the Internet of Things. By running with legacy operating systems (Android, Linux, etc.) simultaneously, T6 builds a secure system infrastructure in the existing open ecosystem. Now T6 has been widely deployed in Android phones, tablets and IoT devices.
By implementing secure boot, T6 ensures systems could not be tampered with. Besides, T6 supports loading third-parties trusted applications dynamically with signature checks, which could greatly reduce the attack surface of the system.
T6 Supports Many Hardware Platforms, such as Samsung exynos, Freescale i.MX and ARM Versatile Express.
Strong isolation among different trusted applications, untrusted and trusted applications as well as trusted applcations and the kernel could be guaranteed, while allowing them to run simultaneously.
T6 supports Global Platform TEE Client API v1.0 and Global Platform TEE Internal API v1.0, so that legacy trusted applications could run directly atop of T6 without any modification.
T6 doesn’t rely on any platform specific services provided by the OS running in the normal world and is compatible with systems like Android, Ubuntu and common RTOS without any modifications.
T6 provides a rich series of user-land libraries such as crypto, libC, openSSL, secure GUI, so that developers could focus on the implementation of their business specific application logic.
TKCore is a development environment for developers compatible with the T6 platform, for the development and integration of trusted applications. The SDK provides sophisticated development compilation tools and documentation that can help developers build trusted applications within a day. It also provides developers with 1-2 days of development and training programs to help developers speed up the development, testing and deployment of trusted applications.
Key Provisioning Hub (KPH) is the TEE security key provisioning, certificate import and upload tool provided by TrustKernel to the device manufacturers. Through the self-developed (Hub) systems, device manufacturers can easily integrate KPH to the existing production line tools and stations, without changing the existing system of production line or adding additional stations and human maintenance. The production line tool has been widely deployed in dozens of device factories.
T6 has the ability to protect the security system for a wide variety of trusted applications. Here are some of the trusted applications that are commonly used by device manufacturers on T6.
Identification and device unlocking based on biometric identifications such as fingerprint and iris have been widely used in smart devices, and these applications have been secured by T6.
Sensitive operations such as key protection of mobile fingerprint-based secure payment and payment token signature protection in WeChat, Alipay etc., are operated in T6.
With higher security level and stronger security capability, T6 greatly improves the security of the overall system by monitoring the key logic of the Android kernel in TEE.
The premise of SoftSIM’s replacing physical SIM is security concern. TEE can ensure the security of SoftSIM and the normal operation of the business.
Secure private space is an innovative application by TrustKernel. Through building a TEE Shadow Space in the Android system, it provides users with a private application operation and file storage space.
Through the implementation of TEE's security management capabilities, device vendors, operators, and companies can perform detailed security management of terminal equipment's communication capabilities.
Physical attacks are a big threat to mobile devices. The portability of mobile devices also makes it vulnerable to theft and loss. In a complex attack mode, an attacker can start an attack on a crypto disk that stores user's data. The attacker obtains the encryption key and successfully decrypts the disk. The current TEE and security operating system cannot withstand such attacks. Therefore, it is important and urgent to protect confidential data in storage from physical attack. In T6-m, all external storage is encrypted, so there is no data leakage under physical attack.
T6-m is the secure enhancement of T6 TEE and protects TEE from physical attacks. T6-m can resist physical attack by eliminating the dependence on external storage. It uses specialized memory encryption techniques for the entire TEE, including kernel and user-layer applications, without the need for hardware support. The corresponding price is that the overall performance of the secure operating system will be reduced by about half.
We provide a flexible T6 SDK and a ready-to-use hardware platform for researchers to support their research.
For Manufacturers and enterprise users, we provide T6 as well as security solutions based on T6 in source code form. We can cooperate to have a deep customization on T6.
Copyright © 2013-2021 TrustKernel Team, Shanghai Pingbo Info Tech
Co., Ltd., All Rights Reserved |