• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Introduction to tee_tee_os_framework repository #
2
3## Introduction ##
4
5OpenTrustee provides a Trusted Execution Environment (TEE) that runs in a hardware isolated secure area, running simultaneously with regular operating systems such as OpenHarmony but isolated from each other. OpenTrustee has higher security than conventional operating systems and can provide protection for confidential data on devices.
6
7OpenTrustee is a complete TEE solution that includes multiple components. The system architecture is shown in the figure below:
8
9![](figures/overview-of-opentrustee.png)
10
11The tee_tee_os_framework component mainly includes the operating system framework of OpenTrustee, responsible for managing the entire lifecycle of TA (Trusted Application), processing interaction information between CA (Client Application) and TA, and managing drivers. In addition, it also provides core services such as encryption and decryption, secure storage, etc. Below are specific module introductions.
12
13### 1. The specific module introduction of tee_os_framework ###
14<table>
15<th>Name of module</th>
16<th>Functions</th>
17<tr>
18<td> gtask </td><td>TA lifetime control, create and destroy TA process, commication manager, session manager and agent manager of CA2TA, process error information for TA</td>
19</tr><tr>
20<td> teesmcmgr</td><td>dispatch smc command, including CA commands, system suspend and resume command, idle state management</td>
21</tr><tr>
22<td> tarunner</td><td> load,analysis and relocate the elf file of TA/drivers/services</td>
23</tr><tr>
24<td> drvmgr</td><td>management lifetime of drivers, including the create and destroy of drivers, interface permission control, driver process rights management, drivers access control, process incorrect state of drivers</td>
25</tr><tr>
26<td> permission service</td><td>permission management of SEC file</td>
27</tr><tr>
28<td> ssa</td><td>secure storage functions</td>
29</tr><tr>
30<td> huk service</td><td> hardware root key access control</td>
31</tr><tr>
32<td> teemiscdrv</td><td>base driver, get shared information from bootloader</td>
33</tr><tr>
34<td> cryptomgr</td><td>the framework code of encrypt/decrypt drivers </td>
35</tr><tr>
36<td> TEE base API</td><td>base interfaces of TA development, including encrypt/decrypt, secure storage, secure timer and GP interface of TA2TA</td>
37</tr><tr>
38<td> TEE driver API</td><td>interfaces for driver develepment, including interrupt, IO and DMA</td>
39</tr><tr>
40<td> sample</td><td>sample code for TEE load(teeloader) and sample code for ATF-TEE adapt code(tee_atf)</td>
41</tr><tr>
42<td> test</td><td>tee test suit </td>
43</tr>
44
45</table>
46
47### tee_os_framework code directories ###
48```
49base/tee/tee_os_framework
50├── framework
51│   ├── gtask
52│   ├── teesmcmgr
53│   ├── drvmgr
54│   └── tarunner
55├── lib
56│   ├── drvlib                    # libs for drvmgr and drivers
57│   ├── syslib                    # libs for TEE internal services
58│   └── teelib                    # libs for TA and services
59├── drivers
60│   ├── tee_misc_drv
61│   ├── include
62│   └── crypto_mgr
63├── service
64│   ├── permission_service
65│   ├── huk_service
66│   └── ssa
67├── config
68│   ├── release_config            # release config macros
69│   └── debug_config              # debug config macros
70├── build
71├── test
72└── sample
73```
74
75## Tee_os_framework Construction Guide ##
76The tee_tee_os_framework and tee_tee_os_kernel work together to build TEEOS, and the commands for building them separately are as follows:
77
78```Bash
79./build.sh --product-name rk3568 --build-target tee --ccache
80```
81
82Build the product as a TEEOS image:` base/tee/tee_os_kernel/kernel/bl32.bin`
83
84## Related code repositories ##
85
86[tee_os_kernel](https://gitcode.com/openharmony-sig/tee_tee_os_kernel)
87