半導體技術的進步,嵌入式平台的計算能力愈來愈強大,加上5G 超高速、低延時通訊技術,使得物聯網應用正快速發展,物聯網安全 也越趨重要。為了提昇物聯網安全性,各大處理器廠商都在自家處理 器加上可信執行環境(Trust Execution Environment) 技術,讓有隱私或 安全議題的應用程式在可信執行環境中執行以保護其安全性,而且置 放於可信執行環境中執行的應用程式亦必須是可信的應用程式(Trusted Application)。當設備製造商開始使用可信執行環境在來作為開發平台 時,如何建構出一個同時兼顧安全性與開放性的平台軟體生態圈讓第 三方進來開發可信應用程式,是必然會面臨到的問題與挑戰。本論文 中完善OPTEE 中所欠缺的針對第三方所開發的可信應用程式的來源 驗證機制,同時提供了一個具體而微的實作範例。;The Internet of Things (IoT) is rapidly evolving in recent years. IoT devices will be able to generate large amounts of securityand privacysensitive data. In order to enhance the security of the Internet of Things, processor manufacturers have added Trusted Execution Environment (TEE) to their processors to enhance the security of the Internet of Things. Building the TEE software ecosystem is the important thing for device manufacturers, software vendor, cloud service provider and customers. To building TEE software ecosystem will be facing a problem which most secure operating system in TEE like OPTEE, by default all Trusted Applications (TA) are signed with the single RSA key (private key). Device manufacturers need to provide the same private key to many software vendors for TA signing. However, ask all software vendors to protect the same private key safely is difficultly. In this paper, we implement third parties the trusted application verify mechanism of OPTEE. It solves problem of the OPTEE only support a single key and reduce loading of private key management in device manufacturers .
