A trusted computing base (TCB) refers to a generic term for protection apparatuses in a computer system. The TCB establishes a secure protection environment for the computer system. Although a smartphone system has abundant functions, the smartphone system needs support of a large amount of bottom-layer code. For example, in an ANDROID system, the entire ANDROID system has more than ten million lines of source code of a software stack of a TCB. Once malware intrudes the system using a security vulnerability of the existing software stack, security of a user input operation and input display cannot be ensured.
In real life, shopping using an electronic device has become a part of people's daily life. However, security in terms of payment further needs to be ensured. In an example of a bank payment application, for input, if malware secretly intercepts input data, a password entered by a user may be leaked out, and for display, if malware secretly changes display data by manipulating a display buffer, an account of the user may be stolen without the knowledge of the user.
Currently, to improve security of an operating system, a Trusted Execution Environment, such as TRUSTZONE technology, may be used. In the TRUSTZONE, a monitor mode, a secure mode, and a normal mode are set. The monitor mode has a highest security level, and switching between the secure mode and the normal mode may be implemented using the monitor mode. The normal mode is the same as a mode in which the operating system usually runs. The secure mode is totally isolated from the normal mode, but devices such as all physical memories in the normal mode may be accessed in the secure mode. For example, when a mobile phone is powered on, the mobile phone first enters the secure mode, and a program in the secure mode is responsible for switching to the normal mode, to start a system of the mobile phone. For an existing system, the existing system may run in the normal mode, and a program having a relatively high security level runs in the secure mode.
In an application scenario in which system security is improved using a TRUSTZONE mechanism, an existing system runs in the normal mode, and a secure processing function is provided in the secure mode, to implement secure isolation from the existing system. Because a program in the normal mode is non-trusted, if code of a driver device of the program is directly reused, data in the secure mode may be leaked out or tampered. To process, in the secure mode, a request of an application program, an existing method is to implement, in the secure mode, a driver code of an accessed device again. However, because many drivers in the existing system are all provided by a third party, source driver code cannot be obtained, and a limited quantity of device drivers is supported in the secure mode. Another method is to port all driver modules in the existing system to the secure mode. Using this method, a sufficient quantity of device drivers may be supported in the secure mode. However, as a result, a code amount in the secure mode rapidly increases, and a TCB becomes excessively large. It can be seen that a better solution still remains to be proposed to ensure security during the processing on the request of the application program.