This repository contains the code for a fuzzing prototype for the OP-TEE system call interface using AFL.

Trusted Gateway: hardened router architecture with ARM TrustZone protected firewall, routing, and NIC modules.

Plug & Trust middleware to use secure element SE050

Tutorial and base project: TEE on AMD Zynq UltraScale+ using Arm TrustZone

A TEE solution for Raspberry Pi using OP-TEE, built on TF-A, U-Boot, and buildroot. This is our implementation to get a version of this working, and is not supported by the above projects.

DBStore trusted service and demo of the HCE Mobile Ticketing application

OAT (IEEE S&P 2020) control-flow attestation on Raspberry Pi 3 with ARM TrustZone / OP-TEE — LLVM IR compile-time instrumentation, SHA-256 hash chain, shadow stack for ROP detection, and offline verifier. Verified against paper Table III on syringe pump benchmark.

Practical group work made for Secure Execution Environments @ UA - Portugal.

Implementation of BLAST: Whole-Program Control-Flow Path Attestation (CCS 2023) on Raspberry Pi 3 with ARM TrustZone / OP-TEE

Testing the security of an OP-TEE installation

Example of an encrypted connection via TLS with mutual authentication using X.509 certificates

This project implements Control-Flow Attestation (C-FLAT) for embedded systems using ARM TrustZone, OP-TEE, and LLVM. It specifically targets the detection of runtime attacks such as Return-Oriented Programming (ROP) and non-control-data exploits in cyber-physical systems.

Upstream-first Buildroot external tree for STM32MP135D, targeting the MyIR MYD-YF135-256N-256D SOM