T6 Overview


T6 has been moved as part of a startup adventure, this page will not be updated anymore. For the newest information, please visit TrustKernel.


T6 is an open source operating system for TrustZone based Trusted Execution Environment(TEE) in ARM-based systems. T6 targets at mobile devices using ARM hardware security extension: TrustZone, which supports legacy operating systems(Android, Linux, etc.) to run simultaneously and provides a strong security property for the legacy operating systems and aims to provide an easy-to-use trusted computing platform for research community, a product-quality TEE for mobile device providers. The name "T6" standards for "Trusted kernel based on Xv6".


The increasing popularity and openness of smartphones stimulate a broad range of products and companies as well as wide spread of malware. Compared to the popularity of smartphones, however, few of them provide a general and strong solution for protecting user secrets and sensitive application data. Existing solutions include Apple Touch ID and Samsung KNOX take a great step, but they keep the door closed to research community, which hinder the development progress in this area. In hardware, ARM proposed its security extension TrustZone several years ago and few researchers take the opportunity further forward. T6 tries to close this gap by providing a general, open source solution using TrustZone for research community.

Quick Start

Features of T6

The following are the features of T6:

Feature Support Option
TrustZone Extensions Provide general API and low level interfaces for TZPC, TZASC
Rich legacy OS Theoretically all, but we only test Android and Linux Kernel
TEE API Optionally provide Global Platform TEE API
Crypto API Both PolarSSL and OpenSSL
POSIX API Partial of libC (newlib)
Task isolation Kernel-User mode and address isolation
Multitask Support as multi processes
Dynamic third party trustlet loading Yes, the trustlet must be signed by us first
Secure network connection Yes, support both PolarSSL and OpenSSL
Secure User Input Yes
Secure Display Yes
Secure Boot Yes
Supported development board Samsung Exynos4,Samsung Exynos5,ARM Versatile Express, Freescale i.MX6
Kenrel Code base( code size) About 8K LOC


Wenhao Li, Mingyang Ma, Jinchen Han, Yubin Xia, Binyu Zang, Cheng-Kang Chu, Tieyan Li, Feng Bao, "Building Trusted Path on Untrusted Device Drivers for Mobile Devices", Proceedings of the 5th Asia-Pacific Workshop on Systems. ACM, 2014.[PDF] [Slide] [Poster]


The source code is licensed under GNU GPL

Board Code Support

Get Board Specific TrustZone Protection Module Code

Board specific modules including TrustZone Protection Controller (TZPC) or TrustZone Address Space Controller (TZASC) are not available for public download due to NDA issue. Contact us if you need more information about this.

Require New Board Support

If you want T6 to support a new board, please let us know and we are glad to help. If you have not got a board, but planning to, we recommend you to use the Samsung Exynos4412, since we have already supported it in T6 and have had a comprehensive test. You need to make sure the board you got is TrustZone-unlocked.


If you are interested in using T6 or have used T6, I would love to hear from you. If there's anything that I can do to make T6 easier to adopt, or any interesting features could be added, I'd like to hear about it. contact me via email (liwenhaosuper AT gmail.com)