Abstract: A method for protecting a cryptographic operation on a device from a side-channel attack, the device comprising a processor operable to execute a rich execution environment (REE) and a trusted execution environment (TEE), the method comprising: receiving, at the TEE, a request to perform a cryptographic operation, wherein the cryptographic operation is divisible into a plurality of chunks; issuing, by the TEE, a command to control a characteristic of a core of the processor on which the TEE is to be executed on upon subsequent invocation of the TEE; verifying, by the TEE upon subsequent invocation of the TEE, that the characteristic of the core on which the TEE is executing on corresponds to the command; and responsive to a positive verification, performing, by the TEE, the cryptographic operation on one or more chunks of the plurality of chunks.

Abstract: A trusted execution environment migration method for a device comprising a multicore processor, the processor operable to execute a rich execution environment (REE) and a trusted execution environment (TEE), the method comprising: executing a TEE scheduler in the REE on a first core of the multicore processor; subsequent to a migration of the TEE scheduler from the first core to a second core, issuing a request, by the TEE scheduler and to a transition submodule in the TEE, to execute an operations submodule in the TEE, wherein the transition submodule is operable to manage the transition of a core of the processor between execution of the REE and execution of the operations submodule in the TEE, and wherein the transition submodule is executed on the same core as the TEE scheduler; upon execution of the operations submodule, determining if the core on which the operations submodule is executing has changed since the previous execution of the operations submodule.

Abstract: A trusted execution environment scheduling method for a device comprising a multicore processor, the processor operable to execute a rich execution environment (REE) and a trusted execution environment (TEE), the method comprising: providing a REE global scheduler in the REE, the REE global scheduler operable to schedule threads for execution in the REE; providing a TEE scheduler in the TEE, the TEE scheduler operable to schedule threads for execution in the TEE, wherein the TEE scheduler determines a number of runnable TEE threads which are either presently, or are awaiting, execution in the TEE and stores the number of runnable TEE threads in a location accessible to threads executing in the REE; providing a plurality of worker threads in the REE, the worker threads being in an activated state or in an deactivated state, wherein when an activated worker thread of the plurality of worker threads is executed according to the schedule of the REE global scheduler the worker thread makes a call to the TEE to cau

Abstract: A software decryption key is injected into a computing device 2 having a secure execution environment 20 and a less secure execution environment 22. The key 38 is for decryption of software to be run on the computing device. A key injection software component 36 executed within the secure execution environment 20 is used to control storage of the software decryption key 38 in a protected state in which the software decryption key is unreadable in the clear from the key storage location by an external device or by program code executed in the less secure execution environment 22 of the computing device. Software provided to the device is decrypted based on the injected software decryption key 38.

Abstract: A trusted execution environment scheduling method for a device comprising a multicore processor, the processor operable to execute a rich execution environment (REE) and a trusted execution environment (TEE), the method comprising: providing a REE global scheduler in the REE, the REE global scheduler operable to schedule threads for execution in the REE; providing a TEE scheduler in the TEE, the TEE scheduler operable to schedule threads for execution in the TEE, wherein the TEE scheduler determines a number of runnable TEE threads which are either presently, or are awaiting, execution in the TEE and stores the number of runnable TEE threads in a location accessible to threads executing in the REE; providing a plurality of worker threads in the REE, the worker threads being in an activated state or in an deactivated state, wherein when an activated worker thread of the plurality of worker threads is executed according to the schedule of the REE global scheduler the worker thread makes a call to the TEE to cau

Abstract: A trusted execution environment migration method for a device comprising a multicore processor, the processor operable to execute a rich execution environment (REE) and a trusted execution environment (TEE), the method comprising: executing a TEE scheduler in the REE on a first core of the multicore processor; subsequent to a migration of the TEE scheduler from the first core to a second core, issuing a request, by the TEE scheduler and to a transition submodule in the TEE, to execute an operations submodule in the TEE, wherein the transition submodule is operable to manage the transition of a core of the processor between execution of the REE and execution of the operations submodule in the TEE, and wherein the transition submodule is executed on the same core as the TEE scheduler; upon execution of the operations submodule, determining if the core on which the operations submodule is executing has changed since the previous execution of the operations submodule.

Abstract: A software decryption key is injected into a computing device 2 having a secure execution environment 20 and a less secure execution environment 22. The key 38 is for decryption of software to be run on the computing device. A key injection software component 36 executed within the secure execution environment 20 is used to control storage of the software decryption key 38 in a protected state in which the software decryption key is unreadable in the clear from the key storage location by an external device or by program code executed in the less secure execution environment 22 of the computing device. Software provided to the device is decrypted based on the injected software decryption key 38.