Lcu14 107- op-tee on ar mv8
-
Upload
linaro -
Category
Technology
-
view
990 -
download
7
description
Transcript of Lcu14 107- op-tee on ar mv8
LCU14 BURLINGAME
Jens Wiklander, LCU14
LCU14-107: OP-TEE on ARMv8
OP-TEE OverviewOP-TEE is an Open Source TEE and is the result of collaboration work between STMicroelectronics and Linaro (Security Working Group).
It contains the complete stack from normal world client API's (optee_client), the Linux kernel TEE driver (optee_linuxdriver) and the Trusted OS and the secure monitor (optee_os).
OP-TEE is an Open Source TEE and is the result of collaboration work between STMicroelectronics and Linaro (Security Working Group).
It contains the complete stack from normal world client API's (optee_client), the Linux kernel TEE driver (optee_linuxdriver) and the Trusted OS and the secure monitor (optee_os).
OP-TEE Overview
● ARMv8-A comes with ARM Trusted Firmware (ATF)
● ATF runs at EL3 and is in charge of● Trusted Boot● Power State Coordination Interface (PSCI)● Secure Monitor Calls (SMC) Calling Convention
● OP-TEE OS runs at Secure EL1 (S-EL1) and need to cooperate with ATF
ARM Trusted Firmware
● The secure monitor runs at EL3 and need to be located within ATF
● A secure monitor in ATF is called a Dispatcher
● The Dispatcher is responsible to act as a Secure Monitor and interface with the Trusted OS running at S-EL1
● There is already one Dispatcher in ATF, Test Secure Payload Dispatcher (TSPD)
● To interface with OP-TEE OS we need a new Dispatcher, OP-TEE Dispatcher (OPTEED)
Secure Monitor
● OPTEED works in principle like TSPD but● handles SMCs specific to OP-TEE● handles FIQ and IRQ routing specific to OP-TEE● starts OP-TEE OS in Aarch32
● The dispatcher is transparent to normal world● No dispatcher specific changes in the OP-TEE Linux Driver
OP-TEE Dispatcher
● OP-TEE OS runs in AArch32 mode to minimize the initial effort to port to ARMv8-A
● The internal Secure Monitor is replaced with an interface to work with the OP-TEE Dispatcher in ARM Trusted Firmware
OP-TEE OS
● Ported to AArch64 since normal world is running in AArch64 mode
● Linux driver is limited to SMC32 (as defined by ARM SMC Calling Convention) calls since OP-TEE OS is still in Aarch32
OP-TEE Client and Linux Driver
● OP-TEE source available at http://github.com/OP-TEE
● ATF source available at https://github.com/ARM-software/arm-trusted-firmware
● If the OP-TEE dispatcher has not been merged yet, it can be found in pull request: https://github.com/ARM-software/arm-trusted-firmware/pull/188
Source code
More about Linaro Connect: connect.linaro.org Linaro members: www.linaro.org/membersMore about Linaro: www.linaro.org/about/