组件(components)
1. SecureOS的调度器
术语:
(路径:services/spd)
SPD:Secure Payload Dispatcher
opteed:OP-TEE Dispatcher
tlkd:Trusted Little Kernel Dispatcher
trusty:Trusty Dispatcher
mtee: mtk tee Dispatcher
tbase: trustonic Dispatcher
teeid: beanpod Dispatcher
tspd: ?
TLK的介绍
TLK(trust little kernel)是NVIDIA基于LK开发的一个TEE OS,是一个免费的开源软件(FOSS:Free Open Source Software),LK的开源地址, TLK的主页
TLK features include:
Small, pre-emptive kernel
Supports multi-threading, IPCs, and thread scheduling
Added TrustZone features
Added Secure Storage
Under MIT/FreeBSD license
NVIDIA extensions to Little Kernel (LK) include:
User mode
Address-space separation for TAs
TLK Client Application (CA) library
TLK TA library
Crypto library (encrypt/decrypt, key handling) via OpenSSL
Linux kernel driver
Cortex A9/A15 support
Power Management
TrustZone memory carve-out (reconfigurable)
Page table management
Debugging support over UART (USB planned)
Trusty的介绍
术语:AOSP(Android Open Source Project)
Trusty是google开发的TEE软件,详细信息见AOSP官网的trusty主页
Android Open Source Project (AOSP) webpage for Trusty
2. SiP Services
术语:
SIP:Silicon Provider
SiP services是由芯片商或平台商提供的非标准的、平台相关的服务。设计标准需参考SMC Calling Convention
sip service的SMC id的范围:0xc2000000 – 0xc200ffff for 64-bit,0x82000000 – 0x8200ffff for 32-bit
ARM SIP service有:
- Performance Measurement Framework (PMF)
- Execution State Switching service
- DebugFS interface
2.1. Performance Measurement Framework (PMF)
2.2. Execution State Switching service
2.3. DebugFS interface
3. Debug FS
3.1. Overview
3.2. Virtual filesystem
3.3. SMC interface
3.4. Security considerations
3.5. Limitations
3.6. Applications
4. Exception Handling Framework
4.1. Introduction
4.2. The role of Exception Handling Framework
4.3. Interrupt handling
4.4. Registering handler
4.5. Interrupt handling example
4.6. Activating and Deactivating priorities
4.7. Transition of priority levels
4.8. Effect on SMC calls
4.9. Build-time flow
4.10. Run-time flow
4.11. Interrupt Prioritisation Considerations
4.12. Limitations
5. Firmware Configuration Framework
5.1. Introduction
5.2. Accessing properties
5.3. Defining properties
5.4. Loading the property device tree
5.5. Populating the properties
5.6. Namespace guidance
5.7. Properties binding information
6. Firmware Update (FWU)
6.1. Introduction
6.2. FWU Overview
6.3. Image Identification
6.4. FWU State Machine
6.5. BL1 SMC Interface
7. Measured Boot Driver (MBD)
7.1. Properties binding information
8. Platform Interrupt Controller API
8.1. Function: unsigned int plat_ic_get_running_priority(void); [optional]
8.2. Function: int plat_ic_is_spi(unsigned int id); [optional]
8.3. Function: int plat_ic_is_ppi(unsigned int id); [optional]
8.4. Function: int plat_ic_is_sgi(unsigned int id); [optional]
8.5. Function: unsigned int plat_ic_get_interrupt_active(unsigned int id); [optional]
8.6. Function: void plat_ic_enable_interrupt(unsigned int id); [optional]
8.7. Function: void plat_ic_disable_interrupt(unsigned int id); [optional]
8.8. Function: void plat_ic_set_interrupt_priority(unsigned int id, unsigned int priority); [optional]
8.9. Function: int plat_ic_has_interrupt_type(unsigned int type); [optional]
8.10. Function: void plat_ic_set_interrupt_type(unsigned int id, unsigned int type); [optional]
8.11. Function: void plat_ic_raise_el3_sgi(int sgi_num, u_register_t target); [optional]
8.12. Function: void plat_ic_set_spi_routing(unsigned int id, unsigned int routing_mode, u_register_t mpidr); [optional]
8.13. Function: void plat_ic_set_interrupt_pending(unsigned int id); [optional]
8.14. Function: void plat_ic_clear_interrupt_pending(unsigned int id); [optional]
8.15. Function: unsigned int plat_ic_set_priority_mask(unsigned int id); [optional]
8.16. Function: unsigned int plat_ic_get_interrupt_id(unsigned int raw); [optional]
9. Reliability, Availability, and Serviceability (RAS) Extensions
9.1. Overview
9.2. Platform APIs
9.3. Registering RAS error records
9.4. Registering RAS interrupts
9.5. Double-fault handling
9.6. Engaging the RAS framework
9.7. Interaction with Exception Handling Framework
10. Library at ROM
10.1. Introduction
10.2. Index file
10.3. Wrapper functions
10.4. Script
10.5. Patching of functions in library at ROM
10.6. Memory impact
10.7. Build library at ROM
11. SDEI: Software Delegated Exception Interface
11.1. Introduction
11.2. Defining events
11.3. Event definition example
11.4. Configuration within Exception Handling Framework
11.5. Determining client EL
11.6. Explicit dispatch of events
11.7. Porting requirements
11.8. Note on writing SDEI event handlers
12. Secure Partition Manager
12.1. Acronyms
12.2. Foreword
12.3. Sample reference stack
12.4. TF-A build options
12.5. Boot process
12.6. Hafnium in the secure world
12.7. References
13. Secure Partition Manager (MM)
13.1. Foreword
13.2. Background
13.3. Introduction
13.4. Description
13.5. Runtime model of the Secure Partition
14. PSA FF-A manifest binding to device tree
14.1. Version 1.0
14.2. Memory Regions
14.3. Device Regions
15. Translation (XLAT) Tables Library
15.1. About version 1 and version 2
15.2. Design concepts and interfaces
15.3. Library APIs
15.4. Library limitations
15.5. Implementation details
16. Chain of trust bindings
16.1. cot
16.2. Manifests and Certificate node bindings definition
16.3. Images and Image node bindings definition
16.4. non-volatile counter node binding definition
16.5. Future update to chain of trust binding
System Design
Platform Ports
Performance & Testing
Security Advisories
Design Documents
Change Log & Release Notes
Change Log for Upcoming Release
Glossary
License
Docs » Processes & PoliciesView page source
Processes & Policies
Contents