Kinibi is a portable and open Trusted Execution Environment (TEE) aimed at executing trusted applications on a device. It includes built in cryptographic algorithms and a secure file system for secure data persistence. It is a versatile environment that can be integrated on different System on Chip (SoC) supporting the ARM TrustZone technology.
Kinibi uses ARM TrustZone to separate the platform into two distinct areas, the Normal World with a conventional rich operation system, and the Secure World.
Kinibi is an open environment which provides an API for developers to develop trusted applications and client applications
A trusted application executes in the secure world in the Kinibi runtime environment. The security services provided by a trusted application are called by normal world client applications.
Trusted applications are:
- Written in the C programming language
- Cross compiled to run on the target platform.
- Contain security critical code
- Digitally signed and encrypted
- Single threaded
- Developed using the Trustonic SDK
A client application is a library for the functionality provided by one or more trusted applications. A client application runs in the normal world.
The client application is responsible for:
Initiating a context to the TEE
Opening and closing sessions to one or more trusted applications
Registering and unregistering shared memory
Invoking commands on sessions, passing command data and memory buffers to a trusted application
Handling trusted application return codes and data returned either directly or in memory.
A secure driver enables a trusted Application to access peripherals in a controlled and coordinated manner. Secure drivers hide the hardware complexity from trusted applications.
Kinibi uses a microkernel architecture and as such secure drivers are implemented as separate processes. Essentially a secure driver is a user mode task similar to a Trusted Application.
Secure drivers are:
- Developed using the Trustonic DDK
- Support threads
- Digitally signed