~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/tee/amd-tee.rst

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/tee/amd-tee.rst (Version linux-6.11.5) and /Documentation/tee/amd-tee.rst (Version linux-6.8.12)


  1 .. SPDX-License-Identifier: GPL-2.0                 1 .. SPDX-License-Identifier: GPL-2.0
  2                                                     2 
  3 =============================================       3 =============================================
  4 AMD-TEE (AMD's Trusted Execution Environment)       4 AMD-TEE (AMD's Trusted Execution Environment)
  5 =============================================       5 =============================================
  6                                                     6 
  7 The AMD-TEE driver handles the communication w      7 The AMD-TEE driver handles the communication with AMD's TEE environment. The
  8 TEE environment is provided by AMD Secure Proc      8 TEE environment is provided by AMD Secure Processor.
  9                                                     9 
 10 The AMD Secure Processor (formerly called Plat     10 The AMD Secure Processor (formerly called Platform Security Processor or PSP)
 11 is a dedicated processor that features ARM Tru     11 is a dedicated processor that features ARM TrustZone technology, along with a
 12 software-based Trusted Execution Environment (     12 software-based Trusted Execution Environment (TEE) designed to enable
 13 third-party Trusted Applications. This feature     13 third-party Trusted Applications. This feature is currently enabled only for
 14 APUs.                                              14 APUs.
 15                                                    15 
 16 The following picture shows a high level overv     16 The following picture shows a high level overview of AMD-TEE::
 17                                                    17 
 18                                              |     18                                              |
 19     x86                                      |     19     x86                                      |
 20                                              |     20                                              |
 21  User space            (Kernel space)        |     21  User space            (Kernel space)        |    AMD Secure Processor (PSP)
 22  ~~~~~~~~~~            ~~~~~~~~~~~~~~        |     22  ~~~~~~~~~~            ~~~~~~~~~~~~~~        |    ~~~~~~~~~~~~~~~~~~~~~~~~~~
 23                                              |     23                                              |
 24  +--------+                                  |     24  +--------+                                  |       +-------------+
 25  | Client |                                  |     25  | Client |                                  |       | Trusted     |
 26  +--------+                                  |     26  +--------+                                  |       | Application |
 27      /\                                      |     27      /\                                      |       +-------------+
 28      ||                                      |     28      ||                                      |             /\
 29      ||                                      |     29      ||                                      |             ||
 30      ||                                      |     30      ||                                      |             \/
 31      ||                                      |     31      ||                                      |         +----------+
 32      ||                                      |     32      ||                                      |         |   TEE    |
 33      ||                                      |     33      ||                                      |         | Internal |
 34      \/                                      |     34      \/                                      |         |   API    |
 35  +---------+           +-----------+---------+     35  +---------+           +-----------+---------+         +----------+
 36  | TEE     |           | TEE       | AMD-TEE |     36  | TEE     |           | TEE       | AMD-TEE |         | AMD-TEE  |
 37  | Client  |           | subsystem | driver  |     37  | Client  |           | subsystem | driver  |         | Trusted  |
 38  | API     |           |           |         |     38  | API     |           |           |         |         |   OS     |
 39  +---------+-----------+----+------+---------+     39  +---------+-----------+----+------+---------+---------+----------+
 40  |   Generic TEE API        |      | ASP     |     40  |   Generic TEE API        |      | ASP     |      Mailbox       |
 41  |   IOCTL (TEE_IOC_*)      |      | driver  |     41  |   IOCTL (TEE_IOC_*)      |      | driver  | Register Protocol  |
 42  +--------------------------+      +---------+     42  +--------------------------+      +---------+--------------------+
 43                                                    43 
 44 At the lowest level (in x86), the AMD Secure P     44 At the lowest level (in x86), the AMD Secure Processor (ASP) driver uses the
 45 CPU to PSP mailbox register to submit commands     45 CPU to PSP mailbox register to submit commands to the PSP. The format of the
 46 command buffer is opaque to the ASP driver. It     46 command buffer is opaque to the ASP driver. It's role is to submit commands to
 47 the secure processor and return results to AMD     47 the secure processor and return results to AMD-TEE driver. The interface
 48 between AMD-TEE driver and AMD Secure Processo     48 between AMD-TEE driver and AMD Secure Processor driver can be found in [1].
 49                                                    49 
 50 The AMD-TEE driver packages the command buffer     50 The AMD-TEE driver packages the command buffer payload for processing in TEE.
 51 The command buffer format for the different TE     51 The command buffer format for the different TEE commands can be found in [2].
 52                                                    52 
 53 The TEE commands supported by AMD-TEE Trusted      53 The TEE commands supported by AMD-TEE Trusted OS are:
 54                                                    54 
 55 * TEE_CMD_ID_LOAD_TA          - loads a Truste     55 * TEE_CMD_ID_LOAD_TA          - loads a Trusted Application (TA) binary into
 56                                 TEE environmen     56                                 TEE environment.
 57 * TEE_CMD_ID_UNLOAD_TA        - unloads TA bin     57 * TEE_CMD_ID_UNLOAD_TA        - unloads TA binary from TEE environment.
 58 * TEE_CMD_ID_OPEN_SESSION     - opens a sessio     58 * TEE_CMD_ID_OPEN_SESSION     - opens a session with a loaded TA.
 59 * TEE_CMD_ID_CLOSE_SESSION    - closes session     59 * TEE_CMD_ID_CLOSE_SESSION    - closes session with loaded TA
 60 * TEE_CMD_ID_INVOKE_CMD       - invokes a comm     60 * TEE_CMD_ID_INVOKE_CMD       - invokes a command with loaded TA
 61 * TEE_CMD_ID_MAP_SHARED_MEM   - maps shared me     61 * TEE_CMD_ID_MAP_SHARED_MEM   - maps shared memory
 62 * TEE_CMD_ID_UNMAP_SHARED_MEM - unmaps shared      62 * TEE_CMD_ID_UNMAP_SHARED_MEM - unmaps shared memory
 63                                                    63 
 64 AMD-TEE Trusted OS is the firmware running on      64 AMD-TEE Trusted OS is the firmware running on AMD Secure Processor.
 65                                                    65 
 66 The AMD-TEE driver registers itself with TEE s     66 The AMD-TEE driver registers itself with TEE subsystem and implements the
 67 following driver function callbacks:               67 following driver function callbacks:
 68                                                    68 
 69 * get_version - returns the driver implementat     69 * get_version - returns the driver implementation id and capability.
 70 * open - sets up the driver context data struc     70 * open - sets up the driver context data structure.
 71 * release - frees up driver resources.             71 * release - frees up driver resources.
 72 * open_session - loads the TA binary and opens     72 * open_session - loads the TA binary and opens session with loaded TA.
 73 * close_session -  closes session with loaded      73 * close_session -  closes session with loaded TA and unloads it.
 74 * invoke_func - invokes a command with loaded      74 * invoke_func - invokes a command with loaded TA.
 75                                                    75 
 76 cancel_req driver callback is not supported by     76 cancel_req driver callback is not supported by AMD-TEE.
 77                                                    77 
 78 The GlobalPlatform TEE Client API [3] can be u     78 The GlobalPlatform TEE Client API [3] can be used by the user space (client) to
 79 talk to AMD's TEE. AMD's TEE provides a secure     79 talk to AMD's TEE. AMD's TEE provides a secure environment for loading, opening
 80 a session, invoking commands and closing sessi     80 a session, invoking commands and closing session with TA.
 81                                                    81 
 82 References                                         82 References
 83 ==========                                         83 ==========
 84                                                    84 
 85 [1] include/linux/psp-tee.h                        85 [1] include/linux/psp-tee.h
 86                                                    86 
 87 [2] drivers/tee/amdtee/amdtee_if.h                 87 [2] drivers/tee/amdtee/amdtee_if.h
 88                                                    88 
 89 [3] http://www.globalplatform.org/specificatio     89 [3] http://www.globalplatform.org/specificationsdevice.asp look for
 90     "TEE Client API Specification v1.0" and cl     90     "TEE Client API Specification v1.0" and click download.
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php