AOSP Insider
AOSP Framework & Internals
3 min read

Trusty TEE

Learn about Trusty TEE.

Android's most critical security operations, such as cryptographic key management and biometric authentication, cannot be trusted to the main Linux kernel. If the kernel is compromised (e.g., via a privilege escalation exploit), all secrets managed by it are exposed. To mitigate this, Android relies on a Trusted Execution Environment (TEE).

Trusted Execution Environment Concept

A TEE is a secure area of the main processor that guarantees code and data loaded inside it are protected with respect to confidentiality and integrity. It provides an isolated execution environment running in parallel with the Rich Execution Environment (REE), which is the standard Android OS.

The TEE is hardware-enforced, often utilizing technologies like ARM TrustZone. TrustZone partitions the CPU's execution state and memory into a "Secure World" (TEE) and a "Non-Secure World" (REE). The Android OS cannot read or modify memory assigned to the Secure World.

Trusty OS Architecture

Trusty is an open-source TEE operating system developed by Google. While device manufacturers can use other commercial TEEs (like Qualcomm's QSEE or Trustonic's Kinibi), Trusty provides a reference implementation and is heavily used in Pixel devices.

The Trusty OS is a minimal, secure microkernel. It is designed to be as small as possible to reduce its attack surface. It handles scheduling, memory management, and secure IPC for applications running within the TEE.

Trusty Apps (TAs)

Applications running inside the Trusty TEE are called Trusted Applications (TAs). These are highly specialized, secure applets written in C/C++ or Rust.

Common TAs include:

  • Keymaster / KeyMint TA: Manages cryptographic keys and performs operations.
  • Gatekeeper TA: Verifies user PINs/passwords.
  • Fingerprint / Biometric TAs: Processes biometric data matching securely.
  • Widevine DRM TA: Handles secure decryption of protected media content.

These TAs are signed by the device manufacturer or Google and are loaded into the Secure World during the boot process.

IPC Between Android and Trusty

Communication between the Android OS (Non-Secure World) and Trusty TAs (Secure World) requires a specialized IPC mechanism.

  1. The Client (Android side): A user-space process (usually a HAL) wants to send a command to a TA. It opens a special character device, typically /dev/trusty-ipc-dev0.
  2. The Driver: The Linux kernel contains a Trusty driver. When the HAL writes to the device node, the driver translates this into a Secure Monitor Call (SMC).
  3. The Secure Monitor: The SMC instruction causes a hardware context switch, transitioning the CPU from the Non-Secure World to the Secure World monitor, which then passes control to the Trusty kernel.
  4. The TA (Trusty side): Trusty routes the message to the appropriate TA. The TA processes the request, generates a response, and the process reverses, using another SMC to switch back to Android.

This bridge is carefully designed to allow data exchange without compromising the memory isolation of the Secure World.

Previous Lesson
Gatekeeper
Next Lesson
Encryption & File Based Encryption (FBE)