Global Platform (GP) is an industry wide association that publishes specifications for secure deployment and management of applications. Trusted Execution Environment (TEE) is a specification defined by GP that provides a secure environment for storing and processing sensitive information. TEE specification helps Original Equipment Manufacturers (OEMs) and Independent Software Vendors (ISVs) in creating and deploying sensitive applications such as secure transactions, digital rights management, Near-Field Communication (NFC) payments etc.
In order to provide GP TEE support on platforms, the two current methods include (i) a Virtual Memory Manager (VMM) based approach and (ii) an implementation of the TEE entirely within a security processor. The first approach has the disadvantage of creating a larger attack surface for exploitation since the entire VMM is included in the Trusted Code Base (TCB) and the trusted applications do not have isolation. The second approach is resource constrained such that it has the disadvantage of having limited scalability.