Home Verkennen Help
Registreren Inloggen
RD_Software
/
ark1668ed-bsp
2
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Boom: 4605e12628
Aftakkingen Labels
ark1668ed-bsp
/
linux
/
Documentation
/
tee
/
ts-tee.rst

ts-tee.rst 3.7 KB
Geschiedenis Ruwe

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071 
  1. .. SPDX-License-Identifier: GPL-2.0
    2. 

  2. 

  3. =================================
    4. 

  4. TS-TEE (Trusted Services project)
    5. 

  5. =================================
    6. 

  6. 

  7. This driver provides access to secure services implemented by Trusted Services.
    8. 

  8. 

  9. Trusted Services [1] is a TrustedFirmware.org project that provides a framework
    10. 

  10. for developing and deploying device Root of Trust services in FF-A [2] S-EL0
    11. 

  11. Secure Partitions. The project hosts the reference implementation of the Arm
    12. 

  12. Platform Security Architecture [3] for Arm A-profile devices.
    13. 

  13. 

  14. The FF-A Secure Partitions (SP) are accessible through the FF-A driver [4] which
    15. 

  15. provides the low level communication for this driver. On top of that the Trusted
    16. 

  16. Services RPC protocol is used [5]. To use the driver from user space a reference
    17. 

  17. implementation is provided at [6], which is part of the Trusted Services client
    18. 

  18. library called libts [7].
    19. 

  19. 

  20. All Trusted Services (TS) SPs have the same FF-A UUID; it identifies the TS RPC
    21. 

  21. protocol. A TS SP can host one or more services (e.g. PSA Crypto, PSA ITS, etc).
    22. 

  22. A service is identified by its service UUID; the same type of service cannot be
    23. 

  23. present twice in the same SP. During SP boot each service in the SP is assigned
    24. 

  24. an "interface ID". This is just a short ID to simplify message addressing.
    25. 

  25. 

  26. The generic TEE design is to share memory at once with the Trusted OS, which can
    27. 

  27. then be reused to communicate with multiple applications running on the Trusted
    28. 

  28. OS. However, in case of FF-A, memory sharing works on an endpoint level, i.e.
    29. 

  29. memory is shared with a specific SP. User space has to be able to separately
    30. 

  30. share memory with each SP based on its endpoint ID; therefore a separate TEE
    31. 

  31. device is registered for each discovered TS SP. Opening the SP corresponds to
    32. 

  32. opening the TEE device and creating a TEE context. A TS SP hosts one or more
    33. 

  33. services. Opening a service corresponds to opening a session in the given
    34. 

  34. tee_context.
    35. 

  35. 

  36. Overview of a system with Trusted Services components::
    37. 

  37. 

  38.    User space                  Kernel space                   Secure world
    39. 

  39.    ~~~~~~~~~~                  ~~~~~~~~~~~~                   ~~~~~~~~~~~~
    40. 

  40.    +--------+                                               +-------------+
    41. 

  41.    | Client |                                               | Trusted     |
    42. 

  42.    +--------+                                               | Services SP |
    43. 

  43.       /\                                                    +-------------+
    44. 

  44.       ||                                                          /\
    45. 

  45.       ||                                                          ||
    46. 

  46.       ||                                                          ||
    47. 

  47.       \/                                                          \/
    48. 

  48.    +-------+                +----------+--------+           +-------------+
    49. 

  49.    | libts |                |  TEE     | TS-TEE |           |  FF-A SPMC  |
    50. 

  50.    |       |                |  subsys  | driver |           |   + SPMD    |
    51. 

  51.    +-------+----------------+----+-----+--------+-----------+-------------+
    52. 

  52.    |      Generic TEE API        |     |  FF-A  |     TS RPC protocol     |
    53. 

  53.    |      IOCTL (TEE_IOC_*)      |     | driver |        over FF-A        |
    54. 

  54.    +-----------------------------+     +--------+-------------------------+
    55. 

  55. 

  56. References
    57. 

  57. ==========
    58. 

  58. 

  59. [1] https://www.trustedfirmware.org/projects/trusted-services/
    60. 

  60. 

  61. [2] https://developer.arm.com/documentation/den0077/
    62. 

  62. 

  63. [3] https://www.arm.com/architecture/security-features/platform-security
    64. 

  64. 

  65. [4] drivers/firmware/arm_ffa/
    66. 

  66. 

  67. [5] https://trusted-services.readthedocs.io/en/v1.0.0/developer/service-access-protocols.html#abi
    68. 

  68. 

  69. [6] https://git.trustedfirmware.org/TS/trusted-services.git/tree/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c?h=v1.0.0
    70. 

  70. 

  71. [7] https://git.trustedfirmware.org/TS/trusted-services.git/tree/deployments/libts/arm-linux/CMakeLists.txt?h=v1.0.0
    72.