Abstract: The present invention extends to methods, systems, and computer program products for configuring, enforcing, and monitoring separation of trusted execution environments. Firmware images consistent with configuration of multiple separate execution domains can be generated without requiring changes to existing application source code. A cryptographically signed firmware image can be loaded at a processor to form multiple separate execution domains at the processor. Communications can be secured across separate execution domains without using shared memory.