Found within the main apps processor is a secure area that resides in the application processor of an electronic device. You do not need to add in an additional hardware to enable this – no additional BOM costs
Provides Hardware secured services for applications
Secure installation of 3rd party services OTA
Secures sensitive code execution and storage
Secures interaction between the user and those services
The TEE can be seen as a bank vault. The strong door protects the vault itself (hardware isolation) within the vault safety deposit boxes have individual locks and keys (software and cryptographic isolation) provide further protection and isolation from other uses.
The TEE ensures the secure storage and processing of sensitive data and trusted applications through hardware isolation. It protects the integrity and confidentiality of key resources, such as the user interface and service provider assets.
A TEE manages and executes trusted applications built in by device makers as well as trusted applications installed by users. Trusted applications running in a TEE use the device application processor and memory providing a fast secure experience while hardware isolation protects these from user installed apps running in a main operating system. Software and cryptographic isolation inside the TEE protect the trusted applications contained within from each other.
The TEE is embedded in the device during manufacture enabling Device and chip makers use TEEs to build platforms that have trust built in from the start, while service and content providers rely on integral trust to start launching innovative services and new business opportunities.