Client Application Authentication via OPTEE #3092
Comments
|
Hi @dashemsec I'm afraid that the answer as of today is that you cannot ensure that the CA is not rouge application. The trust model for the TEE is that we don't trust anything coming from the non-secure side. What makes that extra interesting is that most of the data being handled in the TEE/TA is indeed coming from the non-secure side in one or another way. If data is coming from somewhere outside the device itself, then you can have some handshake protocol exchanging keys and do authentication a bit more easy. But for local application running on the device we have no good way of authenticating the CA app. As @jonsmirl mentioned in another thread, this is indeed an issue in many cases and he proposed SE Linux. That's one step in the right direction, but based on the track record of root exploits in Linux then I'd say it's better than nothing, but probably not worth that much. If you have any ideas how to make this better, then please let us know, since we would like to improve this situation in one or another way. |
|
I'm closing the ticket, either because it has already been answered or that it is no longer relevant or it could be lack of response from the author. Having that said, feel free to re-open the ticket if you have more to add to the ticket. |
|
Hi @jbech-linaro , |
Hi,
Currently Do we have any mechanism in OPTEE, to authenticate that the CA requested for the TEE service is from a correct source?
Say, we have a private key stored in the secure storage area. Each persistent object is designated by its object name. So, any malware CA can trick the TA to operate on that object.
How to ensure that the CA is not a malware and the genuine one?
The text was updated successfully, but these errors were encountered: