| 123456789101112131415161718192021222324252627282930313233343536373839 |
- .. SPDX-License-Identifier: GPL-2.0
- .. tee:
- ==================================================
- TEE (Trusted Execution Environment) Userspace API
- ==================================================
- include/uapi/linux/tee.h defines the generic interface to a TEE.
- User space (the client) connects to the driver by opening /dev/tee[0-9]* or
- /dev/teepriv[0-9]*.
- - TEE_IOC_SHM_ALLOC allocates shared memory and returns a file descriptor
- which user space can mmap. When user space doesn't need the file
- descriptor any more, it should be closed. When shared memory isn't needed
- any longer it should be unmapped with munmap() to allow the reuse of
- memory.
- - TEE_IOC_VERSION lets user space know which TEE this driver handles and
- its capabilities.
- - TEE_IOC_OPEN_SESSION opens a new session to a Trusted Application.
- - TEE_IOC_INVOKE invokes a function in a Trusted Application.
- - TEE_IOC_CANCEL may cancel an ongoing TEE_IOC_OPEN_SESSION or TEE_IOC_INVOKE.
- - TEE_IOC_CLOSE_SESSION closes a session to a Trusted Application.
- There are two classes of clients, normal clients and supplicants. The latter is
- a helper process for the TEE to access resources in Linux, for example file
- system access. A normal client opens /dev/tee[0-9]* and a supplicant opens
- /dev/teepriv[0-9].
- Much of the communication between clients and the TEE is opaque to the
- driver. The main job for the driver is to receive requests from the
- clients, forward them to the TEE and send back the results. In the case of
- supplicants the communication goes in the other direction, the TEE sends
- requests to the supplicant which then sends back the result.
|
