Creating information security systems based on open portable trusted execution environment (OP-TEE), KVM/QEMU and intel trust domain extensions
DOI:
https://doi.org/10.30837/rt.2025.4.223.06Keywords:
OP-TEE, Intel x86, trust domain extensions, KVM, QEMUAbstract
The purpose of the article is to study one of the approaches of OP-TEE framework integration with Intel-X86 platforms using intel trust domain extensions technology. The subject of research is the integration of OP-TEE framework with Intel-X86 VT-d/VT-x using Intel TDX, KVM and QEMU.
The solution proposed in the article is based on the isolation of the secure world into a separate TD. The solution is based only on Linux or Android used as the host OS, so Kernel-based Virtual Machine (KVM) is used as the virtualization system.
For the standard open-source implementation of OP-TEE, there is a QEMU implementation for ARM TrustZone platforms that integrate easily and run in a KVM environment. So, we can run OP-TEE/QEMU/KVM as TD.
The article will be useful to specialists in the field of information security, dealing with data protection in the operating systems of computer systems.
References
ARM Security Technology, Building a Secure System using TrustZone, ARM, Technology Copyright © 2005-2009 ARM Limited. All rights reserved. PRD29-GENC-009492C.
TrustZone Explained: Architectural Features and Use Cases.
GlobalPlatform // TEE System Architecture Version 1.2 (Nov 2018), GPD SPE 009.
Intel® Processor and Intel® Core™ i3 N-Series, Datasheet. Vol. 1 of 2. https://edc.intel.com/content/www/us/en/design/products/platforms/processor-and-core-i3-n-series-datasheet-volume-1-of-2/001/intel-virtualization-technology-intel-vt-for-intel-64-and-intel-architecture-int/
Intel Virtualization Technology for Directed I/O Architecture Specification, March 2023, Revision 4.1
Arshad Nehal, Priyanka Ahlawat Securing IoT applications with OP-TEE from hardware level OS // 2019 3rd International conference on Electronics, Communication and Aerospace Technology (ICECA) 10.1109/ICECA.2019.8822040.
Kickstart Embedded. OP-TEE: What a Beginner Needs to Know. Sep. 13, 2022. [Online]. Available: https://kickstartembedded.com/2022/09/13/op-tee-part-1-what-a-beginner-needs-to-know/.
Intel Trust Domain Extensions, White Paper, 0720/RR/MESH/PDF 343961-003US, https://cdrdv2.intel.com/v1/dl/getContent/690419
Intel, "Intel Supervisor Mode Execution Protection (SMEP) Datasheet," [Online]. Available: https://edc.intel.com/content/www/us/en/design/products/platforms/processor-and-core-i3-n-series-datasheet-volume-1-of-2/001/intel-supervisor-mode-execution-protection-smep/.
Intel TDX Virtual Firmware Design Guide, Document Number: 344991-004US, Intel Corp, December 2023
Шулік П. В., Федюшин О.І. Організація довіренного середовища виконання з використанням QEMU та TRUST DOMAIN EXTENSIONS від INTEL // Сучасні напрями розвитку інформаційно-комунікаційних тех-нологій та засобів управління : тези доп. 15-ї міжнар. наук.-техн. конф., 24-25 квітня 2025р., м. Баку, м. Харків, м. Жиліна : [у 3 т.]. Т. 3 . Харків : Impress, 2025. С. 97. Doi: https://doi.org/10.32620/ICT.25.t3.
Шулік П. В. Використання віртуальних машин для організації захисту інформації на платформах INTEL // Сучасні напрями розвитку інформаційно-комунікаційних технологій та засобів управління : тези доп. 15-ї міжнар. наук.-техн. конф., 24-25 квітня 2025р., м. Баку, м. Харків, м. Жиліна : [у 3 т.]. Т. 3. Харків : Impress, 2025. С. 98. Doi:https://doi.org/10.32620/ICT.25.t3.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
