T6 Overview

Caution

T6 has been moved as part of liwenhaosuper's startup adventure, so there are almost certainly broken links. For the newest information, please visit TrustKernel.

Introduction

T6 is an open source operating system for TrustZone based Trusted Execution Environment(TEE) in ARM-based systems. T6 targets at mobile devices using ARM hardware security extension: TrustZone, which supports legacy operating systems(Android, Linux, etc.) to run simultaneously and provides a strong security property for the legacy operating systems and aims to provide an easy-to-use trusted computing platform for research community, a product-quality TEE for mobile device providers. The name "T6" standards for "Trusted kernel based on Xv6".

Background

The increasing popularity and openness of smartphones stimulate a broad range of products and companies as well as wide spread of malware. Compared to the popularity of smartphones, however, few of them provide a general and strong solution for protecting user secrets and sensitive application data. Existing solutions include Apple Touch ID and Samsung KNOX take a great step, but they keep the door closed to research community, which hinder the development progress in this area. In hardware, ARM proposed its security extension TrustZone several years ago and few researchers take the opportunity further forward. T6 tries to close this gap by providing a general, open source solution using TrustZone for research community.

Quick Start

Features of T6

The following are the features of T6:

Feature Support Option
TrustZone Extensions Provide general API and low level interfaces for TZPC, TZASC
Rich legacy OS Theoretically all, but we only test Android and Linux Kernel
TEE API Optionally provide Global Platform TEE API
Crypto API Both PolarSSL and OpenSSL
POSIX API Partial of libC (newlib)
Task isolation Kernel-User mode and address isolation
Multitask Support as multi processes
Dynamic third party trustlet loading Yes, the trustlet must be signed by us first
Secure network connection Yes, support both PolarSSL and OpenSSL
Secure User Input Yes
Secure Display Yes
Secure Boot Yes
Supported development board Samsung Exynos4,Samsung Exynos5,ARM Versatile Express, Freescale i.MX6 (still in progress)
Kenrel Code base( code size) About 8K LOC

Publications

Wenhao Li, Mingyang Ma, Jinchen Han, Yubin Xia, Binyu Zang, Cheng-Kang Chu, Tieyan Li, Feng Bao, "Building Trusted Path on Untrusted Device Drivers for Mobile Devices", Proceedings of the 5th Asia-Pacific Workshop on Systems. ACM, 2014.[PDF] [Slide] [Poster]

License

The source code is licensed under GNU GPL

Board Code Support

Get Board Specific TrustZone Protection Module Code

Originally, we provided all source code of T6 for public download, which helped several research teams start their research easily. Unfortunately, we got a legal notice saying "...It has chip IP that was no approved for Open Soure distribution ... Please delete the code immediately from all the servers and local copies". Now those code have been removed. If you want to know how to re-implement them, we would like to help. For people in China: if you have not got a board yet and want to start your research work quickly, you can refer to TaoBao for getting complete code and documents.

Require New Board Support

If you want T6 to support a new board, please let us know and we are glad to help. If you have not got a board, but planning to, we recommend you to use the Samsung Exynos4412, since we have already supported it in T6 and have had a comprehensive test. You need to make sure the board you got is TrustZone-unlocked.

Feedback

If you are interested in using T6 or have used T6, I would love to hear from you. If there's anything that I can do to make T6 easier to adopt, or any interesting features could be added, I'd like to hear about it. contact me via email (liwenhaosuper AT gmail.com)