Versions Compared

Old Version 10

changes.mady.by.user Wells Lu

Saved on

compared with

New Version 11

changes.mady.by.user Wells Lu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents
stylenone

...

Software architecture

Trusted

...

OS (

...

TEE Core)

Trusted OS is the heart of the OP-TEE

...

, often referred to as the TEE

...

GlobalPlatform TEE Standard: OP-TEE follows the GlobalPlatform TEE standard, providing a standardized interface for communication between the Rich Execution Environment (REE) and the Trusted Execution Environment (TEE).

...

TEE Core: The TEE Core is the heart of OP-TEE, responsible for managing the TEE and executing trusted applications.

...

Core. It provides the foundational layer for secure execution of trusted applications and services. It manages the secure world of the system, handling secure bootstrapping, memory isolation, and secure context switching between trusted and non-trusted execution environments. It also provides essential services such as cryptographic operations, secure storage, and secure inter-process communication between trusted applications and other components.

TEE Internal API

OP-TEE defines internal APIs that allow developers to access various TEE functionalities, including cryptographic services, secure storage, and secure communication between trusted applications.

...

TEE Client

...

API

This layer provides a set of APIs that enable communication between non-secure (normal world) applications and trusted applications running in the TEE. Non-secure applications can use these APIs to securely invoke services provided by

...

Software architecture

...

trusted applications and access secure resources managed by the TEE Core.

Linux TEE framework

The Linux TEE (Trusted Execution Environment) framework is a subsystem within the Linux kernel designed to support the integration of TEE into the Linux operating system. The Linux TEE framework enables communication and interaction between the Linux kernel and TEE, facilitating the execution of trusted applications and services within the TEE.

Linux TEE driver

The Linux TEE driver serves as the interface between the Linux kernel and specific TEE implementations. It provides a standardized interface for communication and interaction with the TEE from the Linux kernel.

Implementation of TEE of SP7350 platform

Start-up flow

Theoretically speaking, during the boot process, OP-TEE must be started as early as possible (the execution of the bootloader, for example, U-Boot, prior to OP-TEE will bring a defect and touch sensitive data). In SP7350 software, the OP-TEE, BL31 (TF-A), and U-Boot images are loaded by x-boot from the boot storage devices. x-boot then hand over the control to BL31. BL31, as a secure monitor, starts OP-TEE and U-Boot.

...

.

Reserved memory for OP-TEE

The SP7350 platform reserves a two-megabyte area beginning at 0x300000 in the device tree source (dts) for OP-TEE. Please refer to the dts node provided below:

Code Block
	reserved-memory {
		:
		/*OP-TEE reserve memory: 0x300000-0x4fffff, total 2M */
		optee_reserve@300000 {
			reg = <0x0 0x300000 0x0 0x200000>;
			no-map;
		};
		:
		:
	};
	:

Besides, there is optee subnode in firmware node in the device tree source for OP-TEE.

Code Block
	firmware {
		optee {
			compatible = "linaro,optee-tz";
			method = "smc";
		};
	};

...