Open Portable Trusted Execution Environment, or OP-TEE, is an open-source project that provides a Trusted Execution Environment (TEE) for secure computing on ARM-based processors. A TEE is a secure area within a processor that ensures the confidentiality and integrity of the code and data running inside it. OP-TEE specifically targets ARM TrustZone technology, which is a hardware-based security feature available on ARM Cortex-A processors.
OP-TEE is widely used in various applications, including mobile devices, Internet of Things (IoT) devices, and other systems where the secure execution of code and protection of sensitive data are critical. As an open-source project, OP-TEE encourages collaboration and contributions from the community to enhance its security features and support a broader range of ARM-based platforms.
For further information, refer to:
Contents
Software architecture
Trusted OS (TEE Core)
Trusted OS is the heart of the OP-TEE, often referred to as the TEE Core. It provides the foundational layer for secure execution of trusted applications and services. It manages the secure world of the system, handling secure bootstrapping, memory isolation, and secure context switching between trusted and non-trusted execution environments. It also provides essential services such as cryptographic operations, secure storage, and secure inter-process communication between trusted applications and other components.
TEE Internal API
OP-TEE defines internal APIs that allow developers to access various TEE functionalities, including cryptographic services, secure storage, and secure communication between trusted applications.
Trusted applications
Trusted applications are designed to execute sensitive or security-critical operations within the TEE. They ensure the confidentiality, integrity, and authenticity of the data and processes they manage.
Client applications
Client applications utilize the "TEE Client API" to communicate with trusted applications within OP-TEE, thereby accessing security services provided by these trusted applications.
TEE Client API
This layer provides a set of APIs that enable communication between non-secure (normal world) applications and trusted applications running within the TEE. Non-secure applications can use these APIs to securely invoke services provided by trusted applications and access secure resources managed by the TEE Core.
Linux TEE framework
The Linux TEE (Trusted Execution Environment) framework is a subsystem within the Linux kernel designed to support the integration of TEE into the Linux operating system. The Linux TEE framework enables communication and interaction between the Linux kernel and TEE, facilitating the execution of trusted applications and services within the TEE.
Linux OP-TEE driver
The Linux OP-TEE driver serves as the interface between the Linux kernel and specific TEE implementations. It provides a standardized interface for communication and interaction with the TEE from the Linux kernel.
Implementation of OP-TEE in SP7350 platform
Loading and initialization
During the boot process, OP-TEE must be initiated at the earliest feasible stage to prevent potential security vulnerabilities. In the SP7350 software environment, the x-boot (the first-stage bootloader loads the OP-TEE, BL31 (Trusted Firmware-A), and U-Boot images from the boot storage devices. Subsequently, control is transferred to BL31, acting as a secure monitor, which initiates OP-TEE.
Reserved memory for OP-TEE
In the SP7350 platform's device tree source (dts), a two-megabyte area starting at memory address 0x300000 is reserved for OP-TEE. Below is a snippet illustrating the reserved memory configuration:
reserved-memory {
:
/*OP-TEE reserve memory: 0x300000-0x4fffff, total 2M */
optee_reserve@300000 {
reg = <0x0 0x300000 0x0 0x200000>;
no-map;
};
:
:
};
Linux TEE framework and OP-TEE driver
To integrate the Linux TEE framework and the OP-TEE driver into the SP7350 platform, the following configurations are required in the device tree source (dts):
firmware {
optee {
compatible = "linaro,optee-tz";
method = "smc";
};
};
This configuration snippet specifies the firmware node, within which the optee subnode is defined. The subnode is configured with compatibility attributes "linaro,optee-tz," indicating compatibility with the OP-TEE trusted zone, and the communication method "smc" (Secure Monitor Call).
Enabling the Linux TEE framework (CONFIG_TEE=y) and the OP-TEE driver (CONFIG_OPTEE=y) in the kernel configuration are essential prerequisites for this configuration to take effect.
Source files
The source files of OP-TEE are organized within the "optee/" directory at the top level of the project. Below is a breakdown of the main subdirectories:
Folders | Descriptions |
optee_client/ | This directory houses client libraries, including libteec and libckteec, along with the TEE supplicant. These libraries facilitate communication between non-secure applications and trusted applications running in the TEE. |
optee_examples/ | Several official examples demonstrating the usage of OP-TEE are located here. These examples serve as reference implementations for developers integrating OP-TEE into their applications. |
optee_os/ | The Trusted OS (Operating System) component of OP-TEE resides in this directory. It encompasses core components responsible for secure operations, management of trusted applications, and provision of secure services within the TEE environment. |
optee_build.sh | This script facilitates the building of the OP-TEE image. |
optee_clean.sh | This script simplifies the cleaning process within the "optee/" directory. |
“optee_os/core” directory contains the core components of OP-TEE, including the trusted OS (TEE Core), which is responsible for handling secure operations, managing trusted applications, and providing secure services to these applications.
Folders | Descriptions |
arch/arm/ | Contains ARM-specific code, such as context switching, exception handling, and low-level initialization. |
arch/arm/plat/sp/ | Contains SP7350-specific code and configurations. This includes code related to bootstrapping, device drivers, and hardware-specific functionalities. |