Developer Guide

  • 10/27/2020
  • Public Content
Contents

Architecture

Trusted Execution Environment (TEE)
is a separate execution environment, consisting of firmware and hardware, that runs alongside, and provides security services for, the 
Rich Execution Environment (REE)
. The TEE isolates access to its hardware and software resources from the REE and its applications.
Intel® Dynamic Application Loader (
Intel® DAL) is a specific TEE with the
Intel®
Converged Security Engine (
Intel®
CSE) which is a general TEE.
The TEE offers safe execution of authorized security software and firmware known as 
Trusted Applications
 (TAs)
. TAs can be developed in Java* and downloaded to the TEE in run time. Inside the TEE, each TA is independent from the others. The TEE also enforces protection, confidentiality, integrity and access rights of the resources and data belonging to those TAs. A TA cannot access the security assets of another TA without authorization.
TAs are given controlled access to security resources and services via the TEE Internal API. These services may include: cryptography, secure storage, secure I/O. The TEE Internal API is provided in Java (via Intel DAL APIs). There is a possibility that Intel may extend it to C in the future.
A TA is typically accompanied by a 
Trusted Application Host Client
, which is host software that exposes the TA services as a rich, operating system-friendly API.
The TA life cycle is managed by the
Intel
DAL Admin Framework
 that resides in the Intel CSE firmware. The 
TEE Management Application
 is an executable that implements the host side of the management protocol.
The 
TEE Client API
 is a low level communication interface designed to enable host software running in the REE to access and exchange data with the TAs running inside the TEE.
The following diagram shows the high level architecture of a generic Trusted Execution Environment (TEE). 
For more details on Intel DAL components, click the appropriate link below:
  •  What they are, how they work, installation on end user's machine, and the Applet Manifest
  • Host Applications
    : What they are, how they work, how they send information to the host-applet interface
  • How it works, including TEE management and accounting for multiple versions of the applet
  • Using it on Linux* and Android*
 

Product and Performance Information

1

Performance varies by use, configuration and other factors. Learn more at www.Intel.com/PerformanceIndex.