Sorry, you need to enable JavaScript to visit this website.

OP-TEE* for Intel® Architecture

Describes OP-TEE* for Intel® Architecture 

OP-TEE* is a set of software components supporting a Trusted Execution Environment (TEE) on client devices.
OP-TEE* for Intel® Architecture consists of:
  • An operating system (the OP-TEE OS) that runs on a processor intended to provide a TEE.
  • Drivers for the Linux* kernel to facilitate communication with applications running under the OP-TEE OS.
  • A set of libraries for Rich Execution Environment (REE) client software to facilitate communication with trusted applications executed within the OP-TEE OS using the kernel drivers.
  • A hypervisor that hosts and isolates the OP-TEE OS and the Rich OS based on Intel hardware virtualization technology.
 
The following diagram shows the stack of OP-TEE* for Intel® Architecture.
OP-TEE-IA Architecture
 
Two-VM Solution
  • Trusted apps (TA) in OP-TEE OS running in a separate VM (Rich OS in the other)
  • Trusted apps isolated with Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® Architecture (Intel® VT-x)
  • Intel provides X86 OP-TEE driver and VMM (Virtual Machine Monitor)
  • Hypervisor utilizes Intel® Kernel Guard Technology (Intel® KGT) open sourced in 2015 by Intel. The hypervisor creates the two Virtual Machines (VM) for Rich OS and OP-TEE OS. 

OEMs can develop their own Rich OS client apps and corresponding OP-TEE app/services.