Trusted Compute Engine (TCE) protects device confidential data and provides inherent guarantees of secure software execution, primarily by ensuring that code and data has not been tampered with, and that programs execute exactly as coded by the developer. The TCE has both hardware and software components.
The hardware consists of:
The TCE software provides the following:
Other components can be included within the trusted hardware boundary and TCB (Trusted Code Base) to support specific use cases. For example, a GPS receiver can be included in the trust boundary to provide trusted location and time. Or I/O for a display, keypad or fingerprint reader can be included in the trust boundary to provide a "trusted path" (secure HMI).
The TCE provides the following security functions: