It could be argued that if the TEE doesn’t meet these standards then it is not a TEE, but it would be more correct to say it is not a GlobalPlatform certifiable TEE, and so you are placing your Trust in a particular Manufacturers’ ideas, rather than the combination of:
- A manufacturer,
- Their compliance to standards defined by a consortium of security experts,
- And (optionally as noted) the ability of test houses to certify against that standard.
Luckily most manufacturers in the Android space (i.e. all the top 10 by volume in 2018) support GlobalPlatform functionality in their TEEs, allowing security critical components of service provider software to be rolled out across that generic smartphone space.
Where is a TEE?
So, the above generally describes the usage model that is as found in Smartphones and Tablets.
TEEs appear in Smartwatches, Set-top boxes, and (prepare yourself for a huge shock) even constrained Internet of Things (IoT) devices.
In simple IoT devices, the REE and the TEE may not have a full OS but rather suites of software libraries. While such simple devices do not generally have end-user installed software, they go through a chain of manufacturing where each entity may not entirely trust the next entity. A well-managed TEE can enable those entities to work together even without that trust.
Trusted Execution Environment (TEE) technology enables modern devices to provide a massive range of functionality, while at the same time meeting the requirements of software developers and service providers who care about privacy, attestation, authentication, validation, manageability and all the other aspects of security.