Versions Compared

Old Version 16

changes.mady.by.user Wells Lu

Saved on

compared with

New Version 17

changes.mady.by.user Wells Lu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Open Portable Trusted Execution Environment, or OP-TEE, is an open-source project that provides a Trusted Execution Environment (TEE) for secure computing on ARM-based processors. A TEE is a secure area within a processor that ensures the confidentiality and integrity of the code and data running inside it. OP-TEE specifically targets ARM TrustZone technology, which is a hardware-based security feature available on ARM Cortex-A processors.

...

Folders

Descriptions

optee_client/

This directory houses client libraries, including libteec and libckteec, along with the TEE supplicant. These libraries facilitate communication between non-secure applications and trusted applications running in the TEE.

optee_examples/

Several official examples demonstrating the usage of OP-TEE are located here. These examples serve as reference implementations for developers integrating OP-TEE into their applications.

optee_os/

This directory is the top-level directory within the OP-TEE source code repository. It serves as the main container for all source code, configuration files, scripts, and documentation related to OP-TEE.

optee_build.sh

This script facilitates the building of the OP-TEE image.

optee_clean.sh

This script simplifies the cleaning process within the "optee/" directory.

Within the "optee_os/" directory, you would typically find the following:

Folders

Descriptions

core/

Contains the core components of OP-TEE, including the trusted OS (TEE Core), which is responsible for handling secure operations, managing trusted applications, and providing secure services to these applications.

keys/

Contains cryptographic keys and certificates used for secure operations within the TEE.

lib/

Contains libraries and related code used within the TEE. These libraries provide essential functionalities and services to trusted applications running within the TEE.

scripts/

Contains various scripts used for development, build automation, testing, and maintenance tasks related to OP-TEE.

out/arm

This directory is generated during the build process as an output directory where build artifacts, such as compiled binaries, object files, and logs, are stored.

ta/

This directory is the location where Trusted Applications (TAs) are stored. Trusted Applications are software components executed within the TEE. These applications run with higher security privileges and can access sensitive resources securely.

sp7350.mk

Makefile of OP-TEE OS of sp7350 platform.

Within the "core/" directory, further subdivisions include:

Folders

Descriptions

arch/arm/

Contains ARM-specific code, such as context switching, exception handling, and low-level initialization.

arch/arm/plat/sp/

Contains SP7350-specific code and configurations. This includes code related to bootstrapping, device drivers, and hardware-specific functionalities.

crypto/

Contains the implementation of cryptographic algorithms and related functionalities used within the TEE.

drivers/

Contains device driver implementations for hardware peripherals and components that interface with the TEE.

include/

Contains header files (.h files) that define interfaces, data structures, constants, and function prototypes used by various core components of the TEE.

kernel/

This directory contains the core kernel-level components of the TEE. These components are responsible for managing the execution environment, scheduling tasks, handling interrupts, and providing essential operating system functionalities within the TEE.

lib/

Contains libraries and related code used within the core components of the TEE. These libraries provide essential functionalities and services to various components running within the TEE.

mm/

Contains code related to memory management within the TEE. This includes functionalities for managing memory resources, implementing memory protection mechanisms, and handling memory operations securely.

pta/

Contains code related to PTAs (Primary Trusted Applications) within the Trusted Execution Environment (TEE). PTAs are trusted applications that are integral to the functioning of the TEE itself.

tee/

Contains the core components of the TEE. These components are responsible for providing a secure execution environment for Trusted Applications (TAs).

...

OP-TEE Log and explanation

Log The log of OP-TEE is redirected directed to UART0. Refer to log below, The following log details the initialization process of OP-TEE (BL32) is initializing.:

Line 1: BL21 BL31 is initializing BL32 (OP-TEE).

Line 3: Banner The banner (version) is of OP-TEE.

Line 4-5: Indicate that the primary CPU (core 0) has completed initialization in secure mode and then switches back to normal world boot.

Code Block
INFO:    BL31: Initializing BL32
I/TC: 
I/TC: OP-TEE version: 150e2ba (gcc version 9.2.1 20191025 (GNU Toolchain for the A-profile Architecture 9.2-2019.12 (arm-9.10))) #1 Sat Jan 13 06:09:33 PM UTC 2024 aarch64
I/TC: Primary CPU initializing
I/TC: Primary CPU switching to normal world boot
INFO:    BL31: Preparing for EL3 exit to normal world

Within In the Linux kernel, secondary CPU CPUs (core 1, 2, and 3) was initializiing in secure modeare initialized in secure mode:

Line 1: smp is brining up secondary CPUs.

Line 2-7: Secondary CPUs, including core 1, 2, and 3, have completed initialization in secure mode and switch to normal world boot.

Line 15: All 4 cores are activated.

Line 19: OP-TEE driver is probing.

Line 22: OP-TEE driver has completed initialization.

Code Block
[    0.048856] smp: Bringing up secondary CPUs ...
I/TC: Secondary CPU 1 initializing
I/TC: Secondary CPU 1 switching to normal world boot
I/TC: Secondary CPU 2 initializing
I/TC: Secondary CPU 2 switching to normal world boot
I/TC: Secondary CPU 3 initializing
I/TC: Secondary CPU 3 switching to normal world boot
[    0.061428] Detected VIPT I-cache on CPU1
[    0.061466] CPU1: Booted secondary processor 0x0000000100 [0x412fd050]
[    0.069598] Detected VIPT I-cache on CPU2
[    0.069624] CPU2: Booted secondary processor 0x0000000200 [0x412fd050]
[    0.077738] Detected VIPT I-cache on CPU3
[    0.077760] CPU3: Booted secondary processor 0x0000000300 [0x412fd050]
[    0.077810] smp: Brought up 1 node, 4 CPUs
[    0.113583] SMP: Total of 4 processors activated.
   :
   :
   :
[    1.703819] optee: probing for conduit method.
[    1.706853] hub 1-1:1.0: USB hub found
[    1.707673] optee: revision 3.13 (150e2ba5)
[    1.711652] optee: initialized driver

...