Trusted Execution Environment Provisioning
charter-ietf-teep-00-01

Document Proposed charter Trusted Execution Environment Provisioning WG (teep)
Title Trusted Execution Environment Provisioning
Last updated 2018-02-14
State Internal review Initial chartering
WG State BOF
IESG Responsible AD Kathleen Moriarty
Charter Edit AD Kathleen Moriarty
Telechat date On agenda of 2018-02-22 IESG telechat
Needs a YES.
Send notices to (None)

Charter
charter-ietf-teep-00-01

The Trusted Execution Environment (TEE) is a secure area of a processor.
The TEE provides security features such as isolated execution, integrity of
Trusted Applications along with confidentiality of their assets. In general
terms, the TEE offers an execution space that provides a higher level of
security than a "rich" operating system and more functionality than a secure
element. For example, implementations of the TEE concept have been developed by
ARM, and Intel using the TrustZone and the SGX technology, respectively.

To programmatically install, update, and delete applications in a TEE, this
protocol runs between a service within the TEE, a relay application or service
access point on the device's network stack and a server-side infrastructure
that interacts with and optionally maintains the applications. Some tasks are
security sensitive and the server side requires information about the device
characteristics in the form of attestation and the device-side may require
information about the server.

Privacy considerations have to be taken into account with authentication
features and attestation.

This working group aims to develop an application layer protocol providing TEEs
with a lifecycle management of trusted applications and security domain
management.

A security domain allows a service provider's applications to be isolated so
that one security domain cannot be influenced by another, unless it exposes an
API to allow it.

The solution approach must take a wide range of TEE and relevant technologies
into account and will focus on the use of public key cryptography.

The group will produce the following deliverables. The first draft is an
architecture document describing the involved entities, their relationships,
assumptions, the keying framework and relevant use cases. Second, a solution
document that describes the above-described functionality will be developed.
The choice of encoding format(s) will be decided in the working group. The
group may document several attestation technologies considering the different
hardware capabilities, performance, privacy, and operational properties.

The group will maintain a close relationship with the IETF SUIT working group,
GlobalPlatform, Trusted Computing Group, and other relevant standards to ensure
proper use of existing TEE-relevant application layer interfaces.

Proposed milestones

Date Milestone
Jul 2019 Begin WGLC for Solution document
Dec 2018 Begin WGLC for Architecture document
Mar 2018 Adopt a solution document
Mar 2018 Adopt an Architecture document