TrustZone isolates device access with secure I/O, yet lacks support for USB devices, which constitute the most diverse peripherals. Existing approaches to integrate USB drivers into the TEE are impractical due to the complex USB pro- tocols, high-frequency DMA accesses, and varying vendor implementations. In this paper, we present µUSB, a system that derives a functional, micro USB driver for TrustZone from the observ- able concrete execution traces of a full-fledged, complex USB driver, an approach we dub record, lift, and replay. Based on the key insight of kernel specialization and the determin- istic nature of USB FSMs, µUSB proposes a lightweight mutational recorder and a novel program analysis technique, addressing two challenges: how to record USB execution sufficiently and analyze the traces deeply? Across four major USB classes and six diverse devices, µUSB generates performant, ready-to-use USB drivers for TrustZone, enabling in-TEE apps to, for the first time, leverage complex USB devices with near-native performance while still enjoying full TrustZone protection.
USENIX Symposium on Operating Systems Design and Implementation
2026-06-24
2026-06-25