Bao-Enclave: Virtualization-based Enclaves for Arm. (arXiv:2209.05572v1 [cs.CR])

General-purpose operating systems (GPOS), such as Linux, encompass several
million lines of code. Statistically, a larger code base inevitably leads to a
higher number of potential vulnerabilities and inherently a more vulnerable
system. To minimize the impact of vulnerabilities in GPOS, it has become common
to implement security-sensitive programs outside the domain of the GPOS, i.e.,
in a Trusted Execution Environment (TEE). Arm TrustZone is the de-facto
technology for implementing TEEs in Arm devices. However, over the last decade,
TEEs …

arm enclave virtualization