Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-16 09:34:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
arm-trusted-firmware/docs/components/spd/optee-dispatcher.rst
Jeffrey Kardatzke 05c69cf75e feat(optee): add loading OP-TEE image via an SMC 
This adds the ability to load the OP-TEE image via an SMC called from
non-secure userspace rather than loading it during boot. This should
only be utilized on platforms that can ensure security is maintained up
until the point the SMC is invoked as it breaks the normal barrier
between the secure and non-secure world.

Signed-off-by: Jeffrey Kardatzke <jkardatzke@google.com>
Change-Id: I21cfa9699617c493fa4190f01d1cbb714e7449cc
2023-01-31 10:38:16 -08:00

31 lines
1.5 KiB
ReStructuredText
Raw Blame History

OP-TEE Dispatcher
=================
`OP-TEE OS`_ is a Trusted OS running as Secure EL1.
To build and execute OP-TEE follow the instructions at
`OP-TEE build.git`_
There are two different modes for loading the OP-TEE OS. The default mode will
load it as the BL32 payload during boot, and is the recommended technique for
platforms to use. There is also another technique that will load OP-TEE OS after
boot via an SMC call by enabling the option for OPTEE_ALLOW_SMC_LOAD that was
specifically added for ChromeOS. Loading OP-TEE via an SMC call may be insecure
depending upon the platform configuration. If using that option, be sure to
understand the risks involved with allowing the Trusted OS to be loaded this
way. ChromeOS uses a boot flow where it verifies the signature of the firmware
before executing it, and then only if the signature is valid will the 'secrets'
used by the TEE become accessible. The firmware then verifies the signature of
the kernel using depthcharge, and the kernel verifies the rootfs using
dm-verity. The SMC call to load OP-TEE is then invoked immediately after the
kernel finishes loading and before any attack vectors can be opened up by
mounting writable filesystems or opening network/device connections. this
ensures the platform is 'closed' and running signed code through the point where
OP-TEE is loaded.
--------------
*Copyright (c) 2014-2023, Arm Limited and Contributors. All rights reserved.*
.. _OP-TEE OS: https://github.com/OP-TEE/build
.. _OP-TEE build.git: https://github.com/OP-TEE/build
Reference in a new issue View git blame Copy permalink