Developing Secure Services for IoT with OP-TEE: A First Look at Performance and Usability

  • Christian GöttelEmail author
  • Pascal Felber
  • Valerio Schiavoni
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11534)


The implementation, deployment and testing of secure services for Internet of Things devices is nowadays still at an early stage. Several frameworks have recently emerged to help developers realize such services, abstracting the complexity of the many types of underlying hardware platforms and software libraries. Assessing the performance and usability of a given framework remains challenging, as they are largely influenced by the application and workload considered, as well as the target hardware. Since 15 years, Arm processors are providing support for TrustZone, a set of security instructions that realize a trusted execution environment inside the processor. Op-Tee is a free-software framework to implement trusted applications and services for TrustZone. In this short paper we show how one can leverage Op-Tee for implementing a secure service (i.e., a key-value store). We deploy and evaluate the performance of this trusted service on common Raspberry Pi hardware platforms.

We report our experimental results with the data store and also compare it against Op-Tee’s built-in secure storage.


Op-Tee ArmTrustZone Secure storage IoT 



The research leading to these results has received funding from the European Union’s Horizon 2020 research and innovation programme under the LEGaTO Project (, grant agreement No. 780681.


  1. 1.
    Arm Limited: ARM GNU Toolchain. Accessed 22 Feb 2019
  2. 2.
    Arm Limited: Fundamentals of ARMv8-A, March 2017. Accessed 22 Feb 2019
  3. 3.
    Arm Limited: Trustzone technology for the ARMv8-M architecture, March 2017. Accessed 22 Feb 2019
  4. 4.
  5. 5.
    Arm Limited: mbed TLS, February 2019. Accessed 22 Feb 2019
  6. 6.
    Bellard, F.: QEMU, January 2019. Accessed 22 Feb 2019
  7. 7.
    GlobalPlatform Inc.: TEE Client API Specification Version 1.0, July 2010, \({\rm GPD}\_{\rm SPE}\_007\)Google Scholar
  8. 8.
    GlobalPlatform Inc.: TEE Internal Core API Specification Version 1.2, October 2018, \({\rm GPD}\_{\rm SPE}\_010\)Google Scholar
  9. 9.
    GlobalPlatform Inc.: TEE System Architecture Version 1.2, November 2018, \({\rm GPD}\_{\rm SPE}\_009\)Google Scholar
  10. 10.
    GlobalPlatform Inc.: GlobalPlatform Homepage, February 2019. Accessed 22 Feb 2019
  11. 11.
    Google LLC: Android Trusty, February 2019. Accessed 22 Feb 2019
  12. 12. ARM Everywhere. Accessed 22 Feb 2019
  13. 13.
    Kylheku, K.: Kazlib, November 2000. Accessed 22 Feb 2019
  14. 14.
    Linaro Limited: Linaro Trusted Firmware. Accessed 22 Feb 2019
  15. 15.
    Linaro Limited: OP-TEE Sanity Testsuite, June 2018. Accessed 22 Feb 2019
  16. 16.
    Linaro Limited: Secure Storage in OP-TEE, May 2018. Accessed 22 Feb 2019
  17. 17.
    Linaro Limited: Open Portable Trusted Execution Environment, February 2019. Accessed 22 Feb 2019
  18. 18.
    NVIDIA Corporation: TLK Repository, October 2015. Accessed 22 Feb 2019
  19. 19.
    Pettersen, R., Johansen, H.D., Johansen, D.: Secure edge computing with ARM TrustZone. In: Ramachandran, M., Muñoz, V.M., Kantere, V., Wills, G., Walters, R., Chang, V. (eds.) Proceedings of the 2nd International Conference on Internet of Things, Big Data and Security, vol. 1, pp. 102–109 (2017).
  20. 20.
    Trusted Computing Group, February 2019. Accessed 22 Feb 2019
  21. 21.
    Trustonic: Trustonic Kinibi, February 2019. Accessed 22 Feb 2019

Copyright information

© IFIP International Federation for Information Processing 2019

Authors and Affiliations

  1. 1.University of NeuchâtelNeuchâtelSwitzerland

Personalised recommendations