I am confused with the terms and software packages related to ARM-A profile embedded systems. Could anyone explain the relation between ATF (Arm Trusted Firmware), OP-TEE, Secure World and TEE (Trusted Execution Environment)? Are ATF and OP-TEE interchangeable, maybe partly? What is their relation to Secure World and TEE?
Relation between OP-TEE and ATF
512 Views Asked by mrn At
1
There are 1 best solutions below
Related Questions in ARM
- Why Device Tree Structure (DTS) file is needed both in bootloader and kernel source code?
- How can I use LD to place ARM reset vectors in a program segment
- Errors in makefile for qemu 0.14.1 in ubuntu 15.04 64 bit
- Text as parameter in inline assembly (ARM)?
- GSL: nm outputs "undefined Symbol (U)"
- How to address multiple definition compiler error
- Did anyone compiled GSL for androind?
- Linker Error on cross compiling Project in eclipse
- How to set privilaged mode in ARM Cortex-A8?
- Why is a write to a memory-mapped peripheral register not actioned (LPC43xx)?
- what's ARM TCM memory
- Traversing a string using arm assembly inside V8 source
- C Global declared in ISR
- Which is better? int8_t vs int32_t in 32 bits MCU
- Cannot find -lgtk-x11-2.0. Also, some modules are not found by cmake, though they are installed
Related Questions in EMBEDDED
- PHP don't use temp file for upload
- Sparkfun SC16IS750 does not work on Raspberry Pi
- Reserve memory space in m_text memory region of FLASH on embedded target
- SAE J1939 Standards Collection -- How much is necessary?
- How to call multiple slaves for Spi data transmission?
- Deployment over GPRS to embedded devices
- Changing just one byte in SD card sector
- Comparion of values won't work without delay
- Better to pass struct, or pointer to struct?
- STM32F4 Handling peripheral error while making a DMA Transfer (RX)
- USB programming, transfer file from iOS device to Embedded os device?
- using Diab, dcc 5.9.4 to compile a windows executable
- does b64_pton() work if input contains special characters? I am using it in C code
- u-boot select boot partition based on GPIO state
- Why is a write to a memory-mapped peripheral register not actioned (LPC43xx)?
Related Questions in CORTEX-A
- Not Run wince Lazarus TI Cortex-A9
- R/W register outside application address space with Android Native C++
- Why is the reset handler located at 0x0 for Cortex-A but not for Cortex-M3
- state of TTBR0/1 wrt to multiple guests in case of virtualization in arm
- Virtual to Physical mapping
- Cannot use GCC's builtin functions on Cortex-A9
- Trouble trying to disable L2 cache on BeagleBone Black
- Effect of non-temporal loads on future temporal loads on ARM processor
- What proceedures should i implement to prevent a Cortex-A55 core reset on a remote target when connecting and disconnecting different GDB sessions?
- configure already deployed yocto build / flashing os with wifi
- Are there any CPU-state bits indicating being in an exception/interrupt handler in ARM Cortex-A processors?
- How to verify VFPv4 feature in ARM toolchain
- Keyboard problem on Lichee Pi Zero with kernel 5.2+
- cortexa7 CPU(s) took too long time to execute a loop compared to cortexa15 CPU(s)
- How to use Gnu assembler Arm system register encoding with .equ or macro's
Related Questions in TRUSTZONE
- ARM Trustzone, Open Virtualization SDK Boot stuck
- arm trustzone monitor mode switch design
- Where is the smc call's immediate value is stored?
- Direct Memory Access with JTAG in Trust Zone
- Setting timer/counter in the Arm TrustZone
- ARM TrustZone's Secure/Normal world vs. OS's kernel/user mode or x86's Ring0/1/2/3?
- ARM TrustZone development
- How is SafeNet eToken 5110 different from SafeNet eToken 5100?
- set bandwidth API purpose
- TrustZone vs ROM as root-of-trust in Secure Boot
- How to determine if ARM processor running in a usual locked-down "world" or in Secore "world"?
- ARM-based commodity hardware without TrustZone?
- GIC v2 Virtualization Supported System
- How is working the process of direct access to memory in non-SecureOS and SecureOS in trustzone systems
- Time-consuming Problem of Memory Copy Between REE and QSEE
Related Questions in OP-TEE
- aarch64-linux-gnu-gcc: error: unrecognized command line option ‘-mthumb’
- Building libwebsockets for OP-TEE
- Add OP-TEE to Yocto
- IMX7D Sabre Yocto Project with OP-TEE examples
- How does OP-TEE works for intel architecture or mac architecture
- Is it possible to create a secure world OS without a normal world OS in ARM TrustZone?
- Can I open OP-TEE using QEMU-KVM instead of TCG
- Run an executable on host machine from docker container
- Parse a ECC private key buffer
- how to add optee in barebox for imx6ul
- Why does address read return nothing on second read? (using mmap)
- How to get a UTC timestamp in OP-TEE Trusted Application (TA) in datetime format?
- How does Linux scheduler of OP-TEE work after switching to Secure world
- Deriving DH shared secret
- How does Linaro schedule OPTEE?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Yes, someone can.
The functions they intend to fulfill are not interchangeable. However, they function together, so they are related.
They both use the secure world (and your missing term TrustZone). TEE is just a moniker where OP-TEE is a concrete implementation.
ATF (Trusted firmware) is primarily concerned with a secure boot mechanics. When the system boots, everything must be trusted. The environment is minimal and if you assume things are setup properly, you can transition to a framework such as OP-TEE which is more hardware agnostic.
TEE is just an environment where some 'secure' or trusted execution happens. The ATF provides an environment to setup a structure to transition from normal world to secure world. Fundamentally, this is done with 'monitor' mode and the SMC instruction. It is a parallel to the
SVC(previouslySWI) which an OS uses to transition from user space to kernel space. Together with secure boot, the ATF support the OP-TEE. TEE and OP-TEE are like the terms 'OS' and Linux or Windows. TEE is an idea and OP-TEE is an implementation. The secure world is the 'world' in TrustZone where OP-TEE executes.ATF sets up the environments for both TEE and the kernel (for Android, it is a version of Linux). It creates a monitor mode that securely allows calling from the Android kernel to the TEE environment. So, they work as an infrastructure to accomplish something that might be provided by a TPM (trusted protection module) in other systems, but the TrustZone technology is actually more flexible, depending on your security model.
See: trust-zone and use the term in searches to understand more.