Trusted side of the TEE

@Jerome Forissier Jerome Forissier authored on 28 Jun 2017
core core: fix print_kernel_stack() 7 years ago
documentation Generate binaries for loaders supporting separate binary loading 7 years ago
keys TA as ELF + signature 9 years ago
lib libmpa: Implement Montgomery ladder 7 years ago
mk Update minor revision to 5 for release tag 2.5.0-rc1 7 years ago
scripts Generate binaries for loaders supporting separate binary loading 7 years ago
ta core: provide a hash tree for secure storage 7 years ago
.gitignore Open-source the TEE Core 10 years ago
.travis.yml arm: imx: add i.MX7D support 7 years ago
CHANGELOG.md Update CHANGELOG.md for 2.5.0 7 years ago
LICENSE Changing from old STM CLA to the new DCO 9 years ago
MAINTAINERS.md arm: imx: add i.MX7D support 7 years ago
Makefile make clean: don't fail on non-empty directory 7 years ago
Notice.md Notice.md: improve description of the sign-off tag 7 years ago
README.md README.md: give full PLAFORM string for i.MX6 boards 7 years ago
typedefs.checkpatch Take some GP types into account when running patch check tool 7 years ago
README.md

OP-TEE Trusted OS

Contents

  1. Introduction
  2. License
  3. Platforms supported
  4. Get and build OP-TEE software
  5. Coding standards
    1. checkpatch

1. Introduction

The optee_os git, contains the source code for the TEE in Linux using the ARMĀ® TrustZoneĀ® technology. This component meets the GlobalPlatform TEE System Architecture specification. It also provides the TEE Internal core API v1.1 as defined by the GlobalPlatform TEE Standard for the development of Trusted Applications. For a general overview of OP-TEE and to find out how to contribute, please see the Notice.md file.

The Trusted OS is accessible from the Rich OS (Linux) using the GlobalPlatform TEE Client API Specification v1.0, which also is used to trigger secure execution of applications within the TEE.


2. License

The software is distributed mostly under the BSD 2-Clause open source license, apart from some files in the optee_os/lib/libutils directory which are distributed under the BSD 3-Clause or public domain licenses.


3. Platforms supported

Several platforms are supported. In order to manage slight differences between platforms, a PLATFORM_FLAVOR flag has been introduced. The PLATFORM and PLATFORM_FLAVOR flags define the whole configuration for a chip the where the Trusted OS runs. Note that there is also a composite form which makes it possible to append PLATFORM_FLAVOR directly, by adding a dash in-between the names. The composite form is shown below for the different boards. For more specific details about build flags etc, please read the file build_system.md. Some platforms have different sub-maintainers, please refer to the file MAINTAINERS.md for contact details for various platforms.

Platform Composite PLATFORM flag Publicly available?
Allwinner A80 Board PLATFORM=sunxi No
ARM Juno Board PLATFORM=vexpress-juno Yes
FSL ls1021a PLATFORM=ls-ls1021atwr Yes
FSL i.MX6 Quad SABRE Lite Board PLATFORM=imx-mx6qsabrelite Yes
FSL i.MX6 Quad SABRE SD Board PLATFORM=imx-mx6qsabresd Yes
FSL i.MX6 UltraLite EVK Board PLATFORM=imx-mx6ulevk Yes
NXP i.MX7Dual SabreSD Board PLATFORM=imx-mx7dsabresd Yes
ARM Foundation FVP PLATFORM=vexpress-fvp Yes
HiSilicon D02 PLATFORM=d02 No
HiKey Board (HiSilicon Kirin 620) PLATFORM=hikey Yes
MediaTek MT8173 EVB Board PLATFORM=mediatek-mt8173 No
QEMU PLATFORM=vexpress-qemu_virt Yes
QEMUv8 PLATFORM=vexpress-qemu_armv8a Yes
Raspberry Pi 3 PLATFORM=rpi3 Yes
Renesas RCAR PLATFORM=rcar No
STMicroelectronics b2260 - h410 (96boards fmt) PLATFORM=stm-b2260 No
STMicroelectronics b2120 - h310 / h410 PLATFORM=stm-cannes No
Texas Instruments DRA7xx PLATFORM=ti-dra7xx Yes
Texas Instruments AM57xx PLATFORM=ti-am57xx Yes
Texas Instruments AM43xx PLATFORM=ti-am43xx Yes
Xilinx Zynq 7000 ZC702 PLATFORM=zynq7k-zc702 Yes
Xilinx Zynq UltraScale+ MPSOC PLATFORM=zynqmp-zcu102 Yes
Spreadtrum SC9860 PLATFORM=sprd-sc9860 No

4. Get and build OP-TEE software

Please see build for instructions how to run OP-TEE on various devices.


5. Coding standards

In this project we are trying to adhere to the same coding convention as used in the Linux kernel (see CodingStyle). We achieve this by running checkpatch from Linux kernel. However there are a few exceptions that we had to make since the code also follows GlobalPlatform standards. The exceptions are as follows:

  • CamelCase for GlobalPlatform types are allowed.
  • And we also exclude checking third party code that we might use in this project, such as LibTomCrypt, MPA, newlib (not in this particular git, but those are also part of the complete TEE solution). The reason for excluding and not fixing third party code is because we would probably deviate too much from upstream and therefore it would be hard to rebase against those projects later on (and we don't expect that it is easy to convince other software projects to change coding style).

5.1 checkpatch

Since checkpatch is licensed under the terms of GNU GPL License Version 2, we cannot include this script directly into this project. Please use checkpatch directly from the Linux kernel git in combination with the local [checkpatch script].