Trusted products and services for embedded security. Join-us on Linkedin

Security Engineering

At ProvenRun, we have industry-recognized software experts, backed by years of experience in the digital security market, with world-class expertise in security and architecture, systems development, operations, hypervisors, security applications and formal methods.

We make this expertise available to our customers to help them develop custom solutions tuned to their specific needs such as the development or integration of custom secure boot and firmware, secure operating systems, hypervisors and security applications as required to implement a Trusted Computing Base that fits the security requirements.

Our main services include:

  • Secure Boot
  • TEE Development
  • Security Application Development
  • Custom Secure Development

Secure Boot

What is a secure boot

The first step to ensure the security of an embedded system is the secure boot. It is a process that ensures the authenticity and integrity of the software images that are loaded and executed on a device. In other words, it ensures that the boot, the operating system and other software are the legitimate manufacturer version and have not been altered or tampered with by any malicious actor or process. 

How we can help

ProvenRun has a solid experience in implementing secure boot and integration on a wide range of platforms. The secure boot process relies on a trust anchor, and ProvenRun can help define the technology that best fit our customer’s requirements, from a dedicated chip to a Trusted Execution Environment.

Our teams are recognized world class expert in secure code development, and use strong cryptography algorithms, two key elements for any secure boot implementation.

Get in touch

TEE Development

What is a Trusted Execution Environment?

A trusted execution environment (TEE) is an environment dedicated to running security-critical tasks. The TEE includes both trusted hardware and trusted software, referred to as the trusted world. The untrusted or non-secure world refers to both untrusted hardware and untrusted software. Because the TEE is isolated from the untrusted world, a high level of security is provided. Normally, a TEE runs alongside the untrusted world on the same processor or system-on-a-chip (SoC) and provides trusted services on behalf of the untrusted world. 

A secure OS for security critical services

To run any security-critical software in the TEE, a secure OS such as ProvenCore is used to handle the scheduling and operation of the secure software. The secure OS is different than a general-purpose OS such as Linux, Windows, or Real Time Operating Systems used in the industry – because the code base is extremely small, and maximum care has been taken to remove vulnerabilities.  

Trusted applications (TA) run inside the secure OS and provide any security-critical functionality needed by the product or system. In addition to the secure OS providing isolation from any untrusted software, using a secure OS also provides further isolation by isolating trusted applications from each other.

How to select your TEE?

The TEE concept was introduced in 2001 by Dominique Bolignano, President and Founder of ProvenRun. It is now widely deployed in the Mobile industry and is at the heart of any smartphone security architecture. 

  • The TEE for the mobile industry has been standardized by GlobalPlatform. GlobalPlatform defines in particular a minimal security level for TEE that is an equivalent of Common Criteria EAL2+ level. 
  • While the TEEs on the market (proprietary or Open Source such as OpTEE) have been designed for meeting GlobalPlatform basic security requirements, they need to be significantly reinforced to meet most of the new IoT security requirements. 

How we can help

At ProvenRun, we have world-class experts in TEE security engineering. We can help our customers with their TEE projects in many different ways such as:

Development of Trusted Applets: For your TEE, whether proprietary, OpTEE or ProvenCore.

TEE hardening: helping customers re-enforcing the security of their TEE to meet the security requirements for their market and project.

Addressing advanced use cases: Leveraging on the unique properties and features of our TEE ProvenCore.

Security Applications Development

Security development requires distinctive skills

Get in touch

How we can help

We can develop security applications such as:

  • Secure Firmware Update (OTA)
  • Architecture Firewalling
  • Secure Communications
  • Application Filtering
  • Intrusion detection and protection
  • Authentication
  • Secure storage
  • Etc.

With our market-leading security software development expertise and our market leading Trusted Computing Base software products (ProvenCore, ProvenCore-M and ProvenVisor), we can address the most innovative use cases to help customers achieve their project security requirements.

Custom Secure Development

How we can help

Our technical experts can provide immediate customer help with projects at any stage of development and deployment according to their custom needs such as:

  • New chipsets support
  • SoC and Board Support Package development
  • Driver and feature development and optimization
  • Hypervisor configuration and customization
  • Third-party software integration

Get in touch

Challenge coverage



Security needs to be integrated at the design stage (security-by-design) and embedded in the most effective way wherever it is required in the technical infrastructure. There are many ways to embed security in systems and devices and the selected solution will be the result of a trade-off between cost, security level and performance.

More info
Security Life-cycle

Security Life-cycle

Security needs to be insured along the full life-cycle of the infrastructure. For connected devices, this means that security requirements need to consider the device commissioning, de-commissioning and that the device software must be updated while in operation.

More info