T6 has been moved as part of a startup adventure, this page will not be updated anymore. For the newest information, please visit TrustKernel.
T6 is an open source operating system for TrustZone based Trusted Execution Environment(TEE) in ARM-based systems. T6 targets at mobile devices using ARM hardware security extension: TrustZone, which supports legacy operating systems(Android, Linux, etc.) to run simultaneously and provides a strong security property for the legacy operating systems and aims to provide an easy-to-use trusted computing platform for research community, a product-quality TEE for mobile device providers. The name "T6" standards for "Trusted kernel based on Xv6".
The increasing popularity and openness of smartphones stimulate a broad range of products and companies as well as wide spread of malware. Compared to the popularity of smartphones, however, few of them provide a general and strong solution for protecting user secrets and sensitive application data. Existing solutions include Apple Touch ID and Samsung KNOX take a great step, but they keep the door closed to research community, which hinder the development progress in this area. In hardware, ARM proposed its security extension TrustZone several years ago and few researchers take the opportunity further forward. T6 tries to close this gap by providing a general, open source solution using TrustZone for research community.
The following are the features of T6:
|TrustZone Extensions||Provide general API and low level interfaces for TZPC, TZASC|
|Rich legacy OS||Theoretically all, but we only test Android and Linux Kernel|
|TEE API||Optionally provide Global Platform TEE API|
|Crypto API||Both PolarSSL and OpenSSL|
|POSIX API||Partial of libC (newlib)|
|Task isolation||Kernel-User mode and address isolation|
|Multitask||Support as multi processes|
|Dynamic third party trustlet loading||Yes, the trustlet must be signed by us first|
|Secure network connection||Yes, support both PolarSSL and OpenSSL|
|Secure User Input||Yes|
|Supported development board||Samsung Exynos4,Samsung Exynos5,ARM Versatile Express, Freescale i.MX6|
|Kenrel Code base( code size)||About 8K LOC|
Wenhao Li, Mingyang Ma, Jinchen Han, Yubin Xia, Binyu Zang, Cheng-Kang Chu, Tieyan Li, Feng Bao, "Building Trusted Path on Untrusted Device Drivers for Mobile Devices", Proceedings of the 5th Asia-Pacific Workshop on Systems. ACM, 2014.[PDF] [Slide] [Poster]
The source code is licensed under GNU GPL
Board specific modules including TrustZone Protection Controller (TZPC) or TrustZone Address Space Controller (TZASC) are not available for public download due to NDA issue. Contact us if you need more information about this.
If you want T6 to support a new board, please let us know and we are glad to help. If you have not got a board, but planning to, we recommend you to use the Samsung Exynos4412, since we have already supported it in T6 and have had a comprehensive test. You need to make sure the board you got is TrustZone-unlocked.
If you are interested in using T6 or have used T6, I would love to hear from you. If there's anything that I can do to make T6 easier to adopt, or any interesting features could be added, I'd like to hear about it. contact me via email (liwenhaosuper AT gmail.com)