Intel® x86 Architecture Distribution of Trusty* OS

Overview

Trusty* is a set of software components that support a trusted execution environment (TEE) on client devices. It originated from the Android* Open Source Project (AOSP) where a reference implementation is provided based on the Arm TrustZone*.

Trusty TEE Overview

Intel® x86 Architecture Distribution of Trusty* OS is the hardware virtualization-based Trusty solution for x86 systems from Intel. It has a fully compatible design and maximum reuse of Trusty.

The complete environment includes:

The Trusty operating system that runs on a processor intended to provide a TEE
Services and APIs including a little kernel (LK)
Drivers for the Android kernel (a Linux* kernel)
Libraries for Android software and trusted applications
Intel® Kernel Guard Technology (Intel® KGT) hypervisor to create two virtual machines (VM) for Android and the Trusty operating system

Intel KGT on GitHub*

Trusty and the LK provide support for virtual address space and privilege isolation. They work in an event-driven model by the request from the Android world.

Solution: Two Virtual Machines

Trusted applications are isolated with Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® Architecture (Intel® VT-x)
Intel provides a hardware abstraction layer, x86 adaptation layer, and virtual machine monitor (VMM)

Original equipment manufacturers (OEMs) can develop their own Android client applications and corresponding Trusty applications and services.

Architecture

Download on GitHub

Connect to the Team

Ask questions or share your thoughts.

Explore the world of Intel’s open platform projects, contributions, community initiatives, and more at open.intel.com.

<link rel="stylesheet" href="/etc.clientlibs/settings/wcm/designs/ver/240913/intel/clientlibs/pages/commons-page.min.css" type="text/css"><script src="/etc.clientlibs/settings/wcm/designs/ver/240913/intel/clientlibs/pages/commons-page.min.js" defer></script>

<link rel="preload" href="/etc.clientlibs/settings/wcm/designs/ver/240913/intel/clientlibs/pages/atomVideo.min.css" as="style"><link rel="stylesheet" href="/etc.clientlibs/settings/wcm/designs/ver/240913/intel/clientlibs/pages/atomVideo.min.css" type="text/css"><script src="/etc.clientlibs/settings/wcm/designs/ver/240913/intel/clientlibs/pages/atomVideo.min.js"></script>

<link rel="preload" href="/etc.clientlibs/settings/wcm/designs/ver/240913/intel/clientlibs/pages/colorBlock.min.css" as="style"><link rel="stylesheet" href="/etc.clientlibs/settings/wcm/designs/ver/240913/intel/clientlibs/pages/colorBlock.min.css" type="text/css">

<link rel="preload" href="/etc.clientlibs/settings/wcm/designs/ver/240913/intel/clientlibs/pages/contact-us.min.css" as="style"><link rel="stylesheet" href="/etc.clientlibs/settings/wcm/designs/ver/240913/intel/clientlibs/pages/contact-us.min.css" type="text/css">

<script>!function(){var e=setInterval(function(){"undefined"!=typeof $CQ&&($CQ(function(){CQ_Analytics.SegmentMgr.loadSegments("/etc/segmentation"),CQ_Analytics.ClientContextUtils.init("/etc/clientcontext/intel",window.location.pathname.substr(0,window.location.pathname.indexOf(".")))}),clearInterval(e))},100)}();</script>

<link rel="preload" as="style" href="/etc.clientlibs/settings/wcm/designs/intel/us/en/css/resources/css/intel.rwd.override.css"/>
<link rel="stylesheet" type="text/css" href="/etc.clientlibs/settings/wcm/designs/intel/us/en/css/resources/css/intel.rwd.override.css"/>