Seonglae ChoTrusted Execution Environment
Isolated Vault, need Sandboxing (only about data in-use)
What if someone install custom OS kernel and try to steal something
Trusted Execution Environments are supported by modern CPU
The kernel cannot access TEE after it is created. Also we need to prevent some rogues creating malicious environment.
- ARMv9 Confidential Computing Architecture (CCA)
- Intel Software Guard eXtensions (SGX)
- AMD SEV
- IntelTDX
Two main adversaries considered in the TEE threat model
- Privileged attackers like system software if OS is not trusted.
- Physical attackers
Key Primitives of TEE
- Software Attestation
- Run-time Protection
- Sealing