Our presentation focuses on the critical role of secure initialization in the establishment of a Trusted Execution Environment.
The concepts are discussed in the light of the ARM TrustZone technology, although the considerations made may be valid for a wider range of TEEs.
We analyze past public attacks related to TEE initialization and we show how its security foundations go beyond the mere implementation of a Secure Boot chain of trust.
Security models used for TEE discussions often encompass a CPU-centric perspective at runtime.
We provide indications that such models should be augmented by including TEE lifecycle stages (e.g. Secure Cold/Warm Boot) and by considering the whole SoC as part of the security model.
We conclude that an holistic, system-level, view is required, along with careful design and implementation for establishing a secure TEE.