On Thu, Oct 17, 2013 at 11:44 PM, cobaco <[email protected]> wrote: > I take it that by TEE you're talking about hardware enforced cryptographic > code signing, ala UEFI?
If by UEFI you refer to the model where firmware checks a signature on the boot loader, the boot loader checks a signature on the kernel and the kernel check signatures on all user-space code, you don't need to have that sort of thing implemented for the primary operating system that you are running in order to have a TEE. Instead, the hardware could enforce separation between the primary operating system and a second operating system that is the locked-down one and that is not mentioned in user-facing marketing. https://en.wikipedia.org/wiki/ARM_architecture#TrustZone -- Henri Sivonen [email protected] http://hsivonen.fi/
