Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
If you use an Apple Macbook, it’s likely that you have a secret enclave for important secrets — such as your encryption keys. These keys define the core of the trust infrastructure on the device — and protect applications from stealing these secrets. The TEE also allows isolation between code which is fully trusted, and code that cannot be fully trusted. If this did not happen, we could install applications on our computer which would discover our login password and steal the encryption used used to key things secret and trusted.
On many cloud-based systems, too, we protect our most important secrets within Trusted Execution Environments (TEEs). Normally encryption keys are stored in the secure enclave and where trusted code operates on these. The encryption keys are then never exposed to other applications running within Rich Execution Environments (REEs).
In Figure 1, the TEE stores the actual encryption key that is used to encrypt data or digitally sign it. The applications which run in the REE will never see this code, as only trusted code can access the key. When an application then wants to encrypt or sign something, it presents the wrapped key and the data, and the TEE code will perform the trusted code and return back the encrypted or signed content:
