Method and apparatus for maintaining secure time

摘要

An exemplary method of maintaining secure time in a computing device is disclosed in which one or more processors implements a Rich Execution Environment (REE), and a separate Trusted Execution Environment (TEE). The TEE maintains a real-time clock (RTC) that provides a RTC time to the REE. A RTC offset is stored in non-volatile memory, with the RTC offset indicating a difference between the RTC time and a protected reference (PR) time. Responsive to a request from the REE to read the RTC time, a current RTC time is returned to the REE. Responsive to a request from the REE to adjust the RTC time, the RTC time and the corresponding RTC offset are adjusted by a same amount, such that the PR time is not altered by the RTC adjustment. An exemplary computing device operable to implement the method is also disclosed.

主权项

1. A method of maintaining secure time in a computing device in which one or more processors implements a Rich Execution Environment (REE), and a separate Trusted Execution Environment (TEE), the method comprising:
maintaining in the TEE, a real-time clock (RTC) that provides a RTC time to the REE; storing a RTC offset in non-volatile memory, the RTC offset indicating a difference between the RTC time and a protected reference (PR) time, wherein the RTC time and the PR time are not the same; responsive to a request from the REE to read the RTC time, returning a current RTC time to the REE; responsive to a request from the REE to adjust the RTC time, adjusting the RTC time and the corresponding RTC offset by a same amount, such that the PR time is not altered by the RTC adjustment; and upon every use of the PR time from the TEE and every adjustment of the RTC time, storing a current PR time in the non-volatile memory.