trustlet

A trustlet is a small, isolated software module that runs inside a device’s trusted execution environment (TEE) and provides security-sensitive services to applications operating in the non-secure world. In TEEs based on technologies such as ARM TrustZone, the system separates hardware resources into a secure world and a non-secure world. The secure world hosts a trusted operating system and one or more trustlets, which are sometimes called trusted applications (TAs). These programs run with elevated privileges but are confined from other software and data in the non-secure world.

Trustlets implement security functions such as cryptographic operations, secure storage, attestation, key management, and sometimes digital

Lifecycle and provenance are important: trustlets are signed and provisioned by a trusted party, and the TEE

Terminology varies by ecosystem. The term “trustlet” is widely used to describe these secure-world modules, while