Test-1

TEST 1

Test Case ID: BIS-1.4.1 Test Name: TC_TEST_TRUSTED_EXECUTION_IMPLEMENTATION

Objective

To determine whether Trusted Execution Environment (TEE), Secure Element (SE), or Trusted Platform Module (TPM) functionality is available on the DUT based on SoC datasheet and vendor documentation, and to verify correct implementation if present and enabled.

Assessment is based on three scenarios:

  • CASE 1: TEE/SE/TPM is not available → No further assessment.

  • CASE 2: TEE/SE/TPM is available and enabled → Verify usage through code review and confirm cryptographic functions are executed via TEE/SE/TPM APIs.

  • CASE 3: TEE/SE/TPM is available but not enabled → Marked as non-conformance; OEM required to enable and implement.

Tools Used

  • OEM-provided SoC datasheet and device technical documentation

  • User manual / technical specifications

  • Static code analysis tools (e.g., Fortify SCA, SonarQube)

  • TEE/TPM diagnostic commands and tools (e.g., dmesg, tpm2_getcap, tee-supplicant)

Test Execution Steps

  1. Document Review

    • Review the SoC datasheet and vendor technical documentation to determine TEE/SE/TPM support.

    • Check the user manual or technical specifications for implementation details.

  2. Lab Setup and Preparation

    • Prepare a secure lab environment with the necessary hardware and software tools to interact with TEE/SE/TPM.

  3. Execution Based on Scenario

    CASE 1: TEE/SE/TPM Not Available

    • Confirm absence of TEE/SE/TPM from SoC datasheet.

    • Document compliance and state no further testing required.

    CASE 2: TEE/SE/TPM Available and Enabled

    • Verify presence and operational status using CLI tools, logs, and system commands.

    • Perform static code analysis to ensure cryptographic functions utilize TEE/SE/TPM APIs.

    • Record any deviations or security gaps.

    CASE 3: TEE/SE/TPM Available but Not Enabled

    • Identify cause of non-enablement through code/configuration review.

    • Document non-conformance and required OEM actions to enable security features.

Expected Results for Pass

  • CASE 1: Report confirming absence of TEE/SE/TPM with no further testing required.

  • CASE 2: Report confirming correct implementation of TEE/SE/TPM APIs and secure usage; highlight potential issues and remediation path if needed.

  • CASE 3: Detailed non-conformance report if present but disabled.

Test Observations

(Insert findings here — e.g., "ARM TrustZone supported and enabled; static code review confirmed use of secure API for key management.")

Evidence Provided

  • Annotated SoC datasheet excerpts

  • Static code analysis reports showing TEE/SE/TPM API usage

  • System logs/screenshots confirming operational status

  • OEM-signed verification report

Test Case Result

Pass – Requirement met per applicable case ☐ Fail – Requirement not met per applicable case

Overall Test Result

(Summarize final conclusion — e.g., "TEE present and enabled; cryptographic operations confirmed to use secure APIs; requirement met.")

Previous1.4 Test Trusted Execution ImplementationNext1.5 – Verify Secure Storage of Sensitive Data

Last updated

Was this helpful?