~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/tee/ts-tee.rst

Version: ~ [ linux-6.11.5 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.58 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.114 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.169 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.228 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.284 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.322 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/tee/ts-tee.rst (Architecture alpha) and /Documentation/tee/ts-tee.rst (Architecture mips)


  1 .. SPDX-License-Identifier: GPL-2.0                 1 .. SPDX-License-Identifier: GPL-2.0
  2                                                     2 
  3 =================================                   3 =================================
  4 TS-TEE (Trusted Services project)                   4 TS-TEE (Trusted Services project)
  5 =================================                   5 =================================
  6                                                     6 
  7 This driver provides access to secure services      7 This driver provides access to secure services implemented by Trusted Services.
  8                                                     8 
  9 Trusted Services [1] is a TrustedFirmware.org       9 Trusted Services [1] is a TrustedFirmware.org project that provides a framework
 10 for developing and deploying device Root of Tr     10 for developing and deploying device Root of Trust services in FF-A [2] S-EL0
 11 Secure Partitions. The project hosts the refer     11 Secure Partitions. The project hosts the reference implementation of the Arm
 12 Platform Security Architecture [3] for Arm A-p     12 Platform Security Architecture [3] for Arm A-profile devices.
 13                                                    13 
 14 The FF-A Secure Partitions (SP) are accessible     14 The FF-A Secure Partitions (SP) are accessible through the FF-A driver [4] which
 15 provides the low level communication for this      15 provides the low level communication for this driver. On top of that the Trusted
 16 Services RPC protocol is used [5]. To use the      16 Services RPC protocol is used [5]. To use the driver from user space a reference
 17 implementation is provided at [6], which is pa     17 implementation is provided at [6], which is part of the Trusted Services client
 18 library called libts [7].                          18 library called libts [7].
 19                                                    19 
 20 All Trusted Services (TS) SPs have the same FF     20 All Trusted Services (TS) SPs have the same FF-A UUID; it identifies the TS RPC
 21 protocol. A TS SP can host one or more service     21 protocol. A TS SP can host one or more services (e.g. PSA Crypto, PSA ITS, etc).
 22 A service is identified by its service UUID; t     22 A service is identified by its service UUID; the same type of service cannot be
 23 present twice in the same SP. During SP boot e     23 present twice in the same SP. During SP boot each service in the SP is assigned
 24 an "interface ID". This is just a short ID to      24 an "interface ID". This is just a short ID to simplify message addressing.
 25                                                    25 
 26 The generic TEE design is to share memory at o     26 The generic TEE design is to share memory at once with the Trusted OS, which can
 27 then be reused to communicate with multiple ap     27 then be reused to communicate with multiple applications running on the Trusted
 28 OS. However, in case of FF-A, memory sharing w     28 OS. However, in case of FF-A, memory sharing works on an endpoint level, i.e.
 29 memory is shared with a specific SP. User spac     29 memory is shared with a specific SP. User space has to be able to separately
 30 share memory with each SP based on its endpoin     30 share memory with each SP based on its endpoint ID; therefore a separate TEE
 31 device is registered for each discovered TS SP     31 device is registered for each discovered TS SP. Opening the SP corresponds to
 32 opening the TEE device and creating a TEE cont     32 opening the TEE device and creating a TEE context. A TS SP hosts one or more
 33 services. Opening a service corresponds to ope     33 services. Opening a service corresponds to opening a session in the given
 34 tee_context.                                       34 tee_context.
 35                                                    35 
 36 Overview of a system with Trusted Services com     36 Overview of a system with Trusted Services components::
 37                                                    37 
 38    User space                  Kernel space        38    User space                  Kernel space                   Secure world
 39    ~~~~~~~~~~                  ~~~~~~~~~~~~        39    ~~~~~~~~~~                  ~~~~~~~~~~~~                   ~~~~~~~~~~~~
 40    +--------+                                      40    +--------+                                               +-------------+
 41    | Client |                                      41    | Client |                                               | Trusted     |
 42    +--------+                                      42    +--------+                                               | Services SP |
 43       /\                                           43       /\                                                    +-------------+
 44       ||                                           44       ||                                                          /\
 45       ||                                           45       ||                                                          ||
 46       ||                                           46       ||                                                          ||
 47       \/                                           47       \/                                                          \/
 48    +-------+                +----------+------     48    +-------+                +----------+--------+           +-------------+
 49    | libts |                |  TEE     | TS-TE     49    | libts |                |  TEE     | TS-TEE |           |  FF-A SPMC  |
 50    |       |                |  subsys  | drive     50    |       |                |  subsys  | driver |           |   + SPMD    |
 51    +-------+----------------+----+-----+------     51    +-------+----------------+----+-----+--------+-----------+-------------+
 52    |      Generic TEE API        |     |  FF-A     52    |      Generic TEE API        |     |  FF-A  |     TS RPC protocol     |
 53    |      IOCTL (TEE_IOC_*)      |     | drive     53    |      IOCTL (TEE_IOC_*)      |     | driver |        over FF-A        |
 54    +-----------------------------+     +------     54    +-----------------------------+     +--------+-------------------------+
 55                                                    55 
 56 References                                         56 References
 57 ==========                                         57 ==========
 58                                                    58 
 59 [1] https://www.trustedfirmware.org/projects/t     59 [1] https://www.trustedfirmware.org/projects/trusted-services/
 60                                                    60 
 61 [2] https://developer.arm.com/documentation/de     61 [2] https://developer.arm.com/documentation/den0077/
 62                                                    62 
 63 [3] https://www.arm.com/architecture/security-     63 [3] https://www.arm.com/architecture/security-features/platform-security
 64                                                    64 
 65 [4] drivers/firmware/arm_ffa/                      65 [4] drivers/firmware/arm_ffa/
 66                                                    66 
 67 [5] https://trusted-services.readthedocs.io/en     67 [5] https://trusted-services.readthedocs.io/en/v1.0.0/developer/service-access-protocols.html#abi
 68                                                    68 
 69 [6] https://git.trustedfirmware.org/TS/trusted     69 [6] https://git.trustedfirmware.org/TS/trusted-services.git/tree/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c?h=v1.0.0
 70                                                    70 
 71 [7] https://git.trustedfirmware.org/TS/trusted     71 [7] https://git.trustedfirmware.org/TS/trusted-services.git/tree/deployments/libts/arm-linux/CMakeLists.txt?h=v1.0.0
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php