Embed Size (px)
DESCRIPTION
LCU14-107: OP-TEE on ARMv8 --------------------------------------------------- Speaker: Jens Wiklander Date: September 15, 2014 --------------------------------------------------- ★ Session Summary ★ SWG is porting OP-TEE to ARMv8 using Fixed Virtual Platform. Initially OP-TEE is running secure world in aarch32 mode, but with the normal world code running in aarch64 mode. Since ARMv8 uses ARM Trusted Firmware we have patched it with an OP-TEE dispatcher to be able to communicate between secure and normal world. --------------------------------------------------- ★ Resources ★ Zerista: http://lcu14.zerista.com/event/member/137710 Google Event: https://plus.google.com/u/0/events/c0ef114n77bhgbns9vb85g9n6ak Presentation: http://www.slideshare.net/linaroorg/lcu14-107-optee-on-ar-mv8 Video: https://www.youtube.com/watch?v=JViplz-ah9M&list=UUIVqQKxCyQLJS6xvSmfndLA Etherpad: http://pad.linaro.org/p/lcu14-107 --------------------------------------------------- ★ Event Details ★ Linaro Connect USA - #LCU14 September 15-19th, 2014 Hyatt Regency San Francisco Airport --------------------------------------------------- http://www.linaro.org http://connect.linaro.org
Citation preview
LCU14 BURLINGAME
Jens Wiklander, LCU14
LCU14-107: OP-TEE on ARMv8
OP-TEE OverviewOP-TEE is an Open Source TEE and is the result of collaboration work between STMicroelectronics and Linaro (Security Working Group).
It contains the complete stack from normal world client API's (optee_client), the Linux kernel TEE driver (optee_linuxdriver) and the Trusted OS and the secure monitor (optee_os).
OP-TEE is an Open Source TEE and is the result of collaboration work between STMicroelectronics and Linaro (Security Working Group).
It contains the complete stack from normal world client API's (optee_client), the Linux kernel TEE driver (optee_linuxdriver) and the Trusted OS and the secure monitor (optee_os).
OP-TEE Overview
● ARMv8-A comes with ARM Trusted Firmware (ATF)
● ATF runs at EL3 and is in charge of● Trusted Boot● Power State Coordination Interface (PSCI)● Secure Monitor Calls (SMC) Calling Convention
● OP-TEE OS runs at Secure EL1 (S-EL1) and need to cooperate with ATF
ARM Trusted Firmware
● The secure monitor runs at EL3 and need to be located within ATF
● A secure monitor in ATF is called a Dispatcher
● The Dispatcher is responsible to act as a Secure Monitor and interface with the Trusted OS running at S-EL1
● There is already one Dispatcher in ATF, Test Secure Payload Dispatcher (TSPD)
● To interface with OP-TEE OS we need a new Dispatcher, OP-TEE Dispatcher (OPTEED)
Secure Monitor
● OPTEED works in principle like TSPD but● handles SMCs specific to OP-TEE● handles FIQ and IRQ routing specific to OP-TEE● starts OP-TEE OS in Aarch32
● The dispatcher is transparent to normal world● No dispatcher specific changes in the OP-TEE Linux Driver
OP-TEE Dispatcher
● OP-TEE OS runs in AArch32 mode to minimize the initial effort to port to ARMv8-A
● The internal Secure Monitor is replaced with an interface to work with the OP-TEE Dispatcher in ARM Trusted Firmware
OP-TEE OS
● Ported to AArch64 since normal world is running in AArch64 mode
● Linux driver is limited to SMC32 (as defined by ARM SMC Calling Convention) calls since OP-TEE OS is still in Aarch32
OP-TEE Client and Linux Driver
● OP-TEE source available at http://github.com/OP-TEE
● ATF source available at https://github.com/ARM-software/arm-trusted-firmware
● If the OP-TEE dispatcher has not been merged yet, it can be found in pull request: https://github.com/ARM-software/arm-trusted-firmware/pull/188
Source code
More about Linaro Connect: connect.linaro.org Linaro members: www.linaro.org/membersMore about Linaro: www.linaro.org/about/
