• Learn about Trusted Execution Environments and their application;
• Describe ARM's trusted boot process & the TrustZone architecture;
• Install OP-TEE trusted operating system within ARM CPU's secure domain;
• Build & run trusted applications;

A Trusted Execution Environment (TEE) is an isolated execution context whose internal state (memory, CPU registers etc.) is secured and cannot be reached by normal software. This means untrusted applications, and even the usually-privileged Operating System (often considered as being vulnerable to cyber attacks) cannot read / write from a TEE's protected space and cannot access secure peripherals (e.g., fingerprint reader, protected screens).

Trusted Execution Environments are implemented by a combined hardware + software approach: the CPU architecture must be extended to discern normal vs. secure execution and deny requests to secure memory addresses, while trusted software is used to retain an appropriate level of flexibility for a highly secure solution (for increased compatibility with various hardware / peripherals, enforce application-specific rules, maintain upgradeability - especially in the case of bug disclosures).