跨平台的可信执行环境模块方案研究

针对现有TPM、MTM等可信计算模块不能跨平台使用，未考虑算法、协议、功能更新等问题，提出一种基于硬件的可信执行环境模块（TEEM, trusted execution environment module）架构，该架构利用ARM TrustZone技术构建一个运行在硬件安全隔离环境中的可信计算模块。该模块能够为多种平台提供可信计算功能，具备较强的移动性和便携性，并且允许用户根据需要灵活地配置、升级模块的功能和算法。设计并实现了基于TEEM架构的原型系统，原型系统的安全性分析和性能测试结果表明，TEEM能够为用户提供一个安全、稳定、高效的可信执行环境。

Research of a trusted execution environment module for multiple platforms

The current TPM,MTM and other trusted computing modules don’t take into account the variety of platforms and the update of the inside algorithms,protocols and functions.A hardware trusted execution environment module (TEEM) architecture,which uses ARM TrustZone technology to build a trusted computing module running in a secure isolated environment is designed.Proposed module not only supports variety of platforms,but also has strong mobility and portability.Moreover,it allows configuring and updating functions and algorithms of the module flexibly.A prototype system is implemented and its performance is tested.By analyzing the security of the system and the measurement results,it is shown that TEEM provides users with a safe,stable,efficient trusted execution environment.