OP-TEE* for Intel® Architecture
Describes OP-TEE* for Intel® Architecture
OP-TEE* is a set of software components supporting a Trusted Execution Environment (TEE) on client devices.
OP-TEE* for Intel® Architecture consists of:
- An operating system (the OP-TEE OS) that runs on a processor intended to provide a TEE.
- Drivers for the Linux* kernel to facilitate communication with applications running under the OP-TEE OS.
- A set of libraries for Rich Execution Environment (REE) client software to facilitate communication with trusted applications executed within the OP-TEE OS using the kernel drivers.
- A hypervisor that hosts and isolates the OP-TEE OS and the Rich OS based on Intel hardware virtualization technology.
The following diagram shows the stack of OP-TEE* for Intel® Architecture.
Two-VM Solution
- Trusted apps (TA) in OP-TEE OS running in a separate VM (Rich OS in the other)
- Trusted apps isolated with Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® Architecture (Intel® VT-x)
- Intel provides X86 OP-TEE driver and VMM (Virtual Machine Monitor)
- Hypervisor utilizes Intel® Kernel Guard Technology (Intel® KGT) open sourced in 2015 by Intel. The hypervisor creates the two Virtual Machines (VM) for Rich OS and OP-TEE OS.
OEMs can develop their own Rich OS client apps and corresponding OP-TEE app/services.
Project: