TEE
securityFull Name: Trusted Execution Environment
Definition
A Trusted Execution Environment (TEE) is a secure, hardware-isolated execution context within a device's main processor that provides confidentiality and integrity guarantees for code execution and data storage. Standardized by GlobalPlatform and typically implemented using ARM TrustZone technology on mobile devices, the TEE creates a separation between the Rich Execution Environment (REE, where the standard operating system runs) and a trusted environment where security-sensitive applications execute in isolation. The TEE has its own trusted operating system, dedicated memory regions, and cryptographic capabilities that are hardware-protected from access by the REE, even if the main operating system is fully compromised. In the EUDI Wallet ecosystem, the TEE serves as the primary hardware security foundation for Android-based wallet implementations, hosting the device-bound key management, credential signing operations, biometric data processing, and wallet integrity verification that collectively ensure the security and trustworthiness of the European digital identity infrastructure.
TEE Architecture and ARM TrustZone
The most prevalent TEE implementation on mobile devices is based on ARM TrustZone technology, which is integrated into ARM Cortex-A and Cortex-M processors used in the vast majority of Android smartphones. TrustZone partitions the processor into two virtual worlds: the Normal World (running the standard Android OS, called the Rich Execution Environment) and the Secure World (running the trusted OS and trusted applications, constituting the TEE). Hardware bus controllers enforce the partition, ensuring that Normal World software cannot access Secure World memory or peripherals.
The Secure World runs a separate, minimal operating system (such as Qualcomm's QSEE, Trustonic's Kinibi, or Google's Trusty) that manages trusted applications. These trusted applications are small, purpose-built programs that perform specific security functions such as key generation, cryptographic signing, biometric template matching, and secure storage operations. The attack surface of the TEE is dramatically smaller than the main OS because it runs far less code and exposes a minimal API to the Normal World.
Communication between the Normal World and Secure World happens through a controlled interface defined by the GlobalPlatform TEE Client API. The EUDI Wallet application running in the Normal World sends requests to the TEE through this API (for example, "sign this data with the wallet key"), and the TEE executes the operation and returns the result (the signature). The private key never crosses the boundary from Secure World to Normal World, ensuring its confidentiality even if the wallet application code in the Normal World is reverse-engineered or compromised.
TEE in EUDI Wallet Security Architecture
The EUDI Wallet's security architecture relies on the TEE for several critical functions. First, the Wallet Instance Attestation (WIA) key pair, which certifies the wallet instance to credential issuers and verifiers, is generated and stored within the TEE. This ensures that the attestation cannot be cloned to another device. Second, the device-bound keys associated with each credential (used for holder binding in credential presentations) are TEE-protected, preventing credential theft through software attacks.
Third, the biometric verification that gates access to the wallet's signing capabilities is processed within the TEE. When the user places their finger on the sensor or presents their face to the camera, the biometric template comparison happens inside the TEE, and only a success/failure result is communicated to the wallet application. This protects the biometric data from extraction and ensures that the biometric check cannot be bypassed by software manipulation in the Normal World.
Fourth, the TEE provides secure storage for wallet configuration data, cached credential metadata, and other sensitive information that the wallet needs to persist between sessions. This secure storage is encrypted with keys that are themselves TEE-protected, creating a layered defense where even gaining access to the device's file system does not reveal the stored data. The Android Keystore system, which EUDI Wallet implementations use for key management, uses the TEE (or StrongBox hardware when available) for all key operations.
TEE Certification and EUDI Wallet Compliance
The EUDI Wallet Architecture Reference Framework defines the concept of a Wallet Secure Cryptographic Device (WSCD), which specifies the minimum security requirements for the hardware that protects wallet keys and performs cryptographic operations. The TEE, when properly certified, can serve as the WSCD for EUDI Wallet implementations. The certification evaluates the TEE's resistance to software attacks, physical attacks, and side-channel attacks, ensuring it meets the assurance level required for government-issued identity credentials.
GlobalPlatform maintains a TEE security certification scheme that evaluates TEE implementations against defined security profiles. These certifications assess the TEE's boot integrity, memory isolation, cryptographic implementation correctness, trusted application isolation, and resistance to known attack categories. EUDI Wallet providers must verify that the devices their wallet supports have TEE implementations that meet the WSCD requirements, typically by checking the device's hardware attestation capabilities and certification status.
For devices that lack a sufficiently certified TEE (such as older smartphones), the EUDI Wallet ecosystem may support alternative security mechanisms. External secure elements connected via NFC (such as smart cards) can supplement or replace the device TEE for key storage and cryptographic operations. This ensures that the EUDI Wallet remains accessible to a broad range of devices while maintaining the security assurances required for digital identity credentials.