UPGRADE YOUR BROWSER

We have detected your current browser version is not the latest one. Xilinx.com uses the latest web technologies to bring you the best online experience possible. Please upgrade to a Xilinx.com supported browser:Chrome, Firefox, Internet Explorer 11, Safari. Thank you!

cancel
Showing results for 
Search instead for 
Did you mean: 

Take Your Security to the Next Level with a Trusted Execution Environment

Xilinx Employee
Xilinx Employee
0 0 4,318

By Nathan Menhorn, Embedded software engineer at Xilinx

 

Multiple Layers of Protection

No longer is a single form of isolation enough to protect security-critical assets, such as crypto keys, algorithms, etc. In a Trusted Execution Environment (TEE) architecture, multiple layers of protection are in place to maximize the protection of security-critical assets. These layers of protection include both isolated hardware and isolated software. A TEE is applicable to most markets, but is extremely useful in connected devices such as automobiles, data center, and IoT, which have a higher probability of being attacked.

Blog_WP516_Security.png

 

Current Security Architectures

Running security-critical applications in a separate OS under a hypervisor or in a separate processor allows for high-performance security-critical applications but is extremely vulnerable to most common attacks. On the other hand, offloading security-critical applications to an external device such as a TPM or smart card provides a high level of security but is very limited in the algorithms that can be run as well as the performance. A Trusted Execution Environment (TEE) solves these two issues by providing a very high level of security while running on a high-performance SoC like the Zynq® UltraScale+™ MPSoC or Zynq UltraScale+ RFSoC.

 

EAL7 Certified TEE

Proven & Run, a Xilinx partner, has implemented their TEE solution on the Zynq UltraScale+ platform. Parts of the TEE, such as the secure OS called ProvenCore, have been Common Criteria certified to Evaluation Assurance Level (EAL) 7 – the highest certification level possible – and were developed using formal methods. Prove & Run’s TEE takes advantage of the advanced isolation enhancements of the Zynq UltraScale+ platform, which are not found in other SoCs.

 

To learn more about the architecture of a TEE as well as Prove & Run’s TEE solution running on the Zynq UltraScale+ platform, please take a few minutes to read the following white paper.