Trusted side of the TEE

@Etienne Carriere Etienne Carriere authored on 1 Jun 2020
Etienne Carriere committed on 2 Jun 2020
.github docs: add a GitHub pull request template 7 years ago
core plat-stm32mp1: pm: new CFG_STM32MP15_PM_CONTEX_VERSION 4 years ago
documentation documentation: clarify $(ARCH) 6 years ago
keys TA as ELF + signature 9 years ago
lib stm32mp1: add full support for platform 5 years ago
mk stm32mp1: add full support for platform 5 years ago
scripts stm32mp1: add full support for platform 5 years ago
ta ta: link.mk: evaluate $(sm) values in targets 6 years ago
.gitignore Open-source the TEE Core 10 years ago
.shippable.yml plat-ls:add LS2088ARDB platform flavors 6 years ago
.travis.yml ci: travis: print statistics (ccache, df) 6 years ago
CHANGELOG.md Update CHANGELOG.md for 3.3.0 6 years ago
CONTRIBUTING.md CONTRIBUTING: add contributing guide to STMicroelectronics/optee_os repository 4 years ago
LICENSE Changing from old STM CLA to the new DCO 9 years ago
MAINTAINERS plat-ls:add LS2088ARDB platform flavors 6 years ago
Makefile Add support for compiling in-tree TAs 6 years ago
Notice.md doc: update documentation against out dated information 6 years ago
README.md Allow mixed declaration and code 6 years ago
typedefs.checkpatch Take some GP types into account when running patch check tool 7 years ago
README.md

OP-TEE Trusted OS

Contents

  1. Introduction
  2. License
  3. Platforms supported
  4. Get and build OP-TEE software
  5. Coding standards

1. Introduction

The optee_os git repository contains the source code of a Trusted Execution Environment (TEE) as companion to a non-secure OS on ARMĀ® Cortex-A cores using the TrustZoneĀ® technology. This component meets the TEE System Architecture specifications and provides the TEE Internal Core API v1.1 as defined by the GlobalPlatform Device technology TEE specifications for the development of Trusted Applications. For a general overview of OP-TEE and to find out how to contribute, please see the Notice.md file.

The Trusted OS is accessible from the Rich OS (Linux) using the GlobalPlatform TEE Client API Specification v1.0, which also is used to trigger secure execution of applications within the TEE.


2. License

The software is distributed mostly under the BSD 2-Clause open source license, apart from some files in the optee_os/lib/libutils directory which are distributed under the BSD 3-Clause or public domain licenses.


3. Platforms supported

Several platforms are supported. In order to manage slight differences between platforms, a PLATFORM_FLAVOR flag has been introduced. The PLATFORM and PLATFORM_FLAVOR flags define the whole configuration for a chip the where the Trusted OS runs. Note that there is also a composite form which makes it possible to append PLATFORM_FLAVOR directly, by adding a dash in-between the names. The composite form is shown below for the different boards. For more specific details about build flags etc, please read the file build_system.md. Some platforms have different sub-maintainers, please refer to the file MAINTAINERS for contact details for various platforms.

The Maintained? column shows:

  • A green image if the platform is actively maintained: either tested successfully with the latest release (N), or is a newly supported platform.
  • An orange image if the platform was last tested successfully with release N-1.
  • A red image if the last successful test report is older.
Platform Composite PLATFORM flag Publicly available? Maintained?
ARM Juno Board PLATFORM=vexpress-juno Yes Actively Maintained
Atmel ATSAMA5D2-XULT Board PLATFORM=sam Yes Actively Maintained
DeveloperBox (Socionext Synquacer SC2A11) PLATFORM=synquacer Yes Actively Maintained
FSL ls1021a PLATFORM=ls-ls1021atwr Yes Actively maintained
NXP ls1043ardb PLATFORM=ls-ls1043ardb Yes Actively Maintained
NXP ls1046ardb PLATFORM=ls-ls1046ardb Yes Actively Maintained
NXP ls1012ardb PLATFORM=ls-ls1012ardb Yes Actively Maintained
NXP ls1088ardb PLATFORM=ls-ls1088ardb Yes Actively Maintained
NXP ls2088ardb PLATFORM=ls-ls2088ardb Yes Actively Maintained
NXP ls1012afrwy PLATFORM=ls-ls1012afrwy Yes Actively Maintained
FSL i.MX6 Quad SABRE Lite Board PLATFORM=imx-mx6qsabrelite Yes Actively Maintained
FSL i.MX6 Quad SABRE SD Board PLATFORM=imx-mx6qsabresd Yes Actively maintained
SolidRun i.MX6 Quad Hummingboard Edge PLATFORM=imx-mx6qhmbedge Yes Actively Maintained
SolidRun i.MX6 Dual Hummingboard Edge PLATFORM=imx-mx6dhmbedge Yes Actively Maintained
SolidRun i.MX6 Dual Lite Hummingboard Edge PLATFORM=imx-mx6dlhmbedge Yes Actively Maintained
SolidRun i.MX6 Solo Hummingboard Edge PLATFORM=imx-mx6shmbedge Yes Actively Maintained
FSL i.MX6 UltraLite EVK Board PLATFORM=imx-mx6ulevk Yes Actively Maintained
NXP i.MX7Dual SabreSD Board PLATFORM=imx-mx7dsabresd Yes Actively Maintained
NXP i.MX7Solo WaRP7 Board PLATFORM=imx-mx7swarp7 Yes Actively Maintained
ARM Foundation FVP PLATFORM=vexpress-fvp Yes Actively Maintained
HiSilicon D02 PLATFORM=d02 No Actively Maintained
HiKey Board (HiSilicon Kirin 620) PLATFORM=hikey or PLATFORM=hikey-hikey Yes Actively Maintained
HiKey960 Board (HiSilicon Kirin 960) PLATFORM=hikey-hikey960 Yes Actively Maintained
Marvell ARMADA 7K Family PLATFORM=marvell-armada7k8k Yes Actively Maintained
Marvell ARMADA 8K Family PLATFORM=marvell-armada7k8k Yes Actively Maintained
Marvell ARMADA 3700 Family PLATFORM=marvell-armada3700 Yes Actively Maintained
MediaTek MT8173 EVB Board PLATFORM=mediatek-mt8173 No Not maintained v3.0.0
Poplar Board (HiSilicon Hi3798C V200) PLATFORM=poplar Yes Actively Maintained
QEMU PLATFORM=vexpress-qemu_virt Yes Actively Maintained
QEMUv8 PLATFORM=vexpress-qemu_armv8a Yes Actively Maintained
Raspberry Pi 3 PLATFORM=rpi3 Yes Actively maintained
Renesas RCAR PLATFORM=rcar No Actively maintained
Rockchip RK322X PLATFORM=rockchip-rk322x No Actively maintained
STMicroelectronics b2260 - h410 (96boards fmt) PLATFORM=stm-b2260 No Actively maintained
STMicroelectronics b2120 - h310 / h410 PLATFORM=stm-cannes No Actively maintained
STMicroelectronics stm32mp1 PLATFORM=stm32mp1 No Actively maintained
Allwinner A64 Pine64 Board PLATFORM=sunxi-sun50i_a64 Yes Actively Maintained
Texas Instruments AM65x PLATFORM=k3-am65x Yes Actively maintained
Texas Instruments DRA7xx PLATFORM=ti-dra7xx Yes Actively maintained
Texas Instruments AM57xx PLATFORM=ti-am57xx Yes Actively maintained
Texas Instruments AM43xx PLATFORM=ti-am43xx Yes Actively maintained
Xilinx Zynq 7000 ZC702 PLATFORM=zynq7k-zc702 Yes Not maintained v2.3.0
Xilinx Zynq UltraScale+ MPSOC PLATFORM=zynqmp-zcu102 Yes Not maintained v2.4.0
Spreadtrum SC9860 PLATFORM=sprd-sc9860 No Not maintained v2.1.0

4. Get and build OP-TEE software

Please see build for instructions how to run OP-TEE on various devices.


5. Coding standards

In this project we are trying to adhere to the same coding convention as used in the Linux kernel (see CodingStyle). We achieve this by running checkpatch from Linux kernel. However there are a few exceptions that we had to make since the code also follows GlobalPlatform standards. The exceptions are as follows:

  • CamelCase for GlobalPlatform types are allowed.
  • And we also exclude checking third party code that we might use in this project, such as LibTomCrypt, MPA, newlib (not in this particular git, but those are also part of the complete TEE solution, see Notice.md. The reason for excluding and not fixing third party code is because we would probably deviate too much from upstream and therefore it would be hard to rebase against those projects later on and we don't expect that it is easy to convince other software projects to change coding style. Automatic variables should always be initialized. Mixed declarations and statements are allowed, and may be used to avoid assigning useless values. Please leave one blank line before and after such declarations.

Regarding the checkpatch tool, it is not included directly into this project. Please use checkpatch.pl from the Linux kernel git in combination with the local [checkpatch script].