Trusted Execution Environments (TEEs): A TEE is a secure, integrity protected proccessing envirionment, consisting of proccessing, storage capabilities and memory. It is isolated from the "normal" proccessing envirionment. REE = Rich Execution Envirionment Where rich refers to the extensive functionality and hence the increased attack surface in mass market OSs. TEE's enables improved security and usablity for REE applications by ensuring sensitive operations are restricted to the TEE and sensitive data such as cryptographical keys never leave the TEE. A common way to realize TEE in mobile devices is by implementing a secure processor mode. An example of such implementation is ARM TrustZone, which is present in todays smartphones and tablets. Dispite TEE deployment in many in many of these devices, there has been no widely available means for developers to utilize TEE functionality in their applications apart from reasearch and proprietary efforts. With emerging standardization this situation is about to change. In the near future we expect to see common ways to utilize TEE fuctionality. TCB - Trusted Computing Base Two variants of boot time integrity verification are possible. Secure boot: During secure boot the device startup process is stopped if any modifications of the launched platform is detected. Commonly implemented by using code signing and making the begining of the boot sequence immutable by storing it in the TCB (e.g. in ROM of the mobile device processor chip) during manufacturing. The processor must unconditionally start executing this sequence first during boot. Authenticated boot: In authenticated boot components are measured and these values are logged in Boot time integrity is not sufficient since it does not account for changes/modifications done during runtime. To maintain runtime integrity there must a trusted firmware/software which countinously perform integrity checks on the platform (maybe perform automatic repairs to modified components). The integrity of the trusted firmware/software could be checked during boot. Secure Storage: A mechanism to store data on the device to disallow unautorized access by REE (Rich Execution Environment) components is called secure storage. Sensitive data kept in secure storage should not leak even if the REE is compromised by an attacker. A common way to implement secure storage is to augment the hardware device configuration with a confidential and integrity protected device-specific-key that can only be accessed by the authorized code. Such a key may be initialized during manufacturing and stored in a protected memory area on the processor chip. Additional coatings on the protected memory may be used to protect from physical key extraction. In addition the secure storage requires trusted implementations of cryptographic mechanisms, rollback protection (writeable non-volatile memory). To summerize, secure storage requires two trust anchors: a device key and cryptographic mechanisms.