![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||
|
![]() | The following Wikipedia contributor has declared a personal or professional connection to the subject of this article. Relevant policies and guidelines may include
conflict of interest,
autobiography, and
neutral point of view.
|
![]() | The following Wikipedia contributor may be personally or professionally connected to the subject of this article. Relevant policies and guidelines may include conflict of interest, autobiography, and neutral point of view. |
I'm very surprised that a 'Trusted Execution Environment' page has been removed from Wikipedia. TEE is a globally recognized term within the mobile / cellular phone development community that identifies a separate, secure operating system that can run alongside the regular mobile phone OS. This architecture is fully documented within the 'Global Platform' standards and adopted by the industry. Would there be an objection to me writing a new version of this page for consideration?
DarenPickering ( talk) 14:37, 30 April 2013 (UTC)
Great to see this subject covered in wikipedia. A technology in use in millions of devices, a massive percentage of the mobile market, and no mention in wikipedia, was crazy.
Comments on current text:
1] Sorry but I have to object to ARM, MIPS and Intel (??) processor capabilities being referred to as "Implementations". AFAIK they are all potential components of a TEE, how the device design makes use of them defines whether they create a TEE or not. I could be wrong about Intel and MIPS but I assume they don't have secure boot built into the actual CPU/cores? If they don't then they aren't enough on there own to create a TEE and so aren't an implementation. You typically need to add ROM, some key chains and some sort of Trusted OS before you get device local assurance that you are running code you trust. -- User:DonOnWikiP
2] Standards - The first standard org to mention and specify a TEE AFAIK is OMTP. I could revise the Standards section and add some references to the OMTP ATE docs (currently hosted by GSMA) [2]. That would give a bit more history and background to the article. -- User:DonOnWikiP
3] Currently the article does not (to me) really explain the parameters as to why someone would should trust a TEE. Now while their are many TEE designs, they all should be following something like the ATE secure boot chain for the device to have assurance in their software (I think that includes "I am in ROM" as a very short trusted boot), and they should all have some sort of stated isolation capabilities (ideally either the OMTP ATE set or the GP TEE PP, but manufacturer self certified (yuk) is good enough in some markets) -- User:DonOnWikiP
I have some other comments but this will do for starters. --
User:DonOnWikiP
(Sorry if this post breaks some wiki etiquette - its years since I posted here) DonOnWikiP ( talk) 19:49, 6 August 2014 (UTC)
References
There's no mention of the ineffectuality of DRM; the problematic way "trusted" refers to copyright holders "trusting" that they will get paid, but the actual owners of devices cannot "trust" that their rights will be respected; potential or actual security breaches of or caused by "trusted" components; etc. This is a wholly one-sided article which presents one viewpoint as fact, without context or criticism. Clement Cherlin ( talk) 00:07, 27 April 2016 (UTC)
![]() | This edit request by an editor with a conflict of interest has now been answered. |
I would like to request the following amendments/improvements to the page.
1. Add new section to page underneath Uses, called TEE Operating Systems. Code for table in my sandbox.
2. Rectify “citation needed” in second sentence with following link - [1]
3. Replace first paragraph of Details section with the following: The TEE typically consists of a hardware isolation mechanism, plus a secure operating system running on top of that isolation mechanism – however the term has been used more generally to mean a protected solution. [2] [3] [4] Whilst a GlobalPlatform TEE requires hardware isolation, others such as EMVCo use the term TEE to refer to both hardware/software and only software-based solutions. [5] FIDO uses the concept of TEE in the restricted operating environment for TEEs based on hardware isolation. [6] Only trusted applications running in a TEE have access to the full power of a device's main processor, peripherals and memory, while hardware isolation protects these from user installed apps running in a main operating system. Software and cryptographic isolation inside the TEE protect the trusted applications contained within from each other. [7]
4. Add new paragraph under Mobile Financial Services subsection: With the rise of cryptocurrency, TEEs are increasingly used to implement crypto-wallets, as they offer the ability to store tokens more securely than regular operating systems, and can provide the necessary computation and authentication applications. [8]
5. Add new section:
References
{{
cite book}}
: |website=
ignored (
help)
{{
cite book}}
: |website=
ignored (
help)
A Common Criteria protection profile is available to define the security baseline that a TEE must support. [1]
GlobalPlatform has developed specific evaluation methodology to optimize ISO/IEC 15408 standards for the TEE ecosystem. A specific attack methodology is maintained by an expert group that consistently looks for new attacks and updates the list of attacks that a TEE must protect against. [2]
SaffronSettee ( talk) 15:39, 13 July 2021 (UTC)
References
![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | |||||||||||||||||||||
|
![]() | The following Wikipedia contributor has declared a personal or professional connection to the subject of this article. Relevant policies and guidelines may include
conflict of interest,
autobiography, and
neutral point of view.
|
![]() | The following Wikipedia contributor may be personally or professionally connected to the subject of this article. Relevant policies and guidelines may include conflict of interest, autobiography, and neutral point of view. |
I'm very surprised that a 'Trusted Execution Environment' page has been removed from Wikipedia. TEE is a globally recognized term within the mobile / cellular phone development community that identifies a separate, secure operating system that can run alongside the regular mobile phone OS. This architecture is fully documented within the 'Global Platform' standards and adopted by the industry. Would there be an objection to me writing a new version of this page for consideration?
DarenPickering ( talk) 14:37, 30 April 2013 (UTC)
Great to see this subject covered in wikipedia. A technology in use in millions of devices, a massive percentage of the mobile market, and no mention in wikipedia, was crazy.
Comments on current text:
1] Sorry but I have to object to ARM, MIPS and Intel (??) processor capabilities being referred to as "Implementations". AFAIK they are all potential components of a TEE, how the device design makes use of them defines whether they create a TEE or not. I could be wrong about Intel and MIPS but I assume they don't have secure boot built into the actual CPU/cores? If they don't then they aren't enough on there own to create a TEE and so aren't an implementation. You typically need to add ROM, some key chains and some sort of Trusted OS before you get device local assurance that you are running code you trust. -- User:DonOnWikiP
2] Standards - The first standard org to mention and specify a TEE AFAIK is OMTP. I could revise the Standards section and add some references to the OMTP ATE docs (currently hosted by GSMA) [2]. That would give a bit more history and background to the article. -- User:DonOnWikiP
3] Currently the article does not (to me) really explain the parameters as to why someone would should trust a TEE. Now while their are many TEE designs, they all should be following something like the ATE secure boot chain for the device to have assurance in their software (I think that includes "I am in ROM" as a very short trusted boot), and they should all have some sort of stated isolation capabilities (ideally either the OMTP ATE set or the GP TEE PP, but manufacturer self certified (yuk) is good enough in some markets) -- User:DonOnWikiP
I have some other comments but this will do for starters. --
User:DonOnWikiP
(Sorry if this post breaks some wiki etiquette - its years since I posted here) DonOnWikiP ( talk) 19:49, 6 August 2014 (UTC)
References
There's no mention of the ineffectuality of DRM; the problematic way "trusted" refers to copyright holders "trusting" that they will get paid, but the actual owners of devices cannot "trust" that their rights will be respected; potential or actual security breaches of or caused by "trusted" components; etc. This is a wholly one-sided article which presents one viewpoint as fact, without context or criticism. Clement Cherlin ( talk) 00:07, 27 April 2016 (UTC)
![]() | This edit request by an editor with a conflict of interest has now been answered. |
I would like to request the following amendments/improvements to the page.
1. Add new section to page underneath Uses, called TEE Operating Systems. Code for table in my sandbox.
2. Rectify “citation needed” in second sentence with following link - [1]
3. Replace first paragraph of Details section with the following: The TEE typically consists of a hardware isolation mechanism, plus a secure operating system running on top of that isolation mechanism – however the term has been used more generally to mean a protected solution. [2] [3] [4] Whilst a GlobalPlatform TEE requires hardware isolation, others such as EMVCo use the term TEE to refer to both hardware/software and only software-based solutions. [5] FIDO uses the concept of TEE in the restricted operating environment for TEEs based on hardware isolation. [6] Only trusted applications running in a TEE have access to the full power of a device's main processor, peripherals and memory, while hardware isolation protects these from user installed apps running in a main operating system. Software and cryptographic isolation inside the TEE protect the trusted applications contained within from each other. [7]
4. Add new paragraph under Mobile Financial Services subsection: With the rise of cryptocurrency, TEEs are increasingly used to implement crypto-wallets, as they offer the ability to store tokens more securely than regular operating systems, and can provide the necessary computation and authentication applications. [8]
5. Add new section:
References
{{
cite book}}
: |website=
ignored (
help)
{{
cite book}}
: |website=
ignored (
help)
A Common Criteria protection profile is available to define the security baseline that a TEE must support. [1]
GlobalPlatform has developed specific evaluation methodology to optimize ISO/IEC 15408 standards for the TEE ecosystem. A specific attack methodology is maintained by an expert group that consistently looks for new attacks and updates the list of attacks that a TEE must protect against. [2]
SaffronSettee ( talk) 15:39, 13 July 2021 (UTC)
References