Relation between OP-TEE and ATF

Question

I am confused with the terms and software packages related to ARM-A profile embedded systems. Could anyone explain the relation between ATF (Arm Trusted Firmware), OP-TEE, Secure World and TEE (Trusted Execution Environment)? Are ATF and OP-TEE interchangeable, maybe partly? What is their relation to Secure World and TEE?

Answer 1

Could anyone explain the relation between ATF (Arm Trusted Firmware), OP-TEE, Secure World and TEE (Trusted Execution Environment)?

Yes, someone can.

Are ATF and OP-TEE interchangeable, maybe partly?

The functions they intend to fulfill are not interchangeable. However, they function together, so they are related.

What is their relation to Secure World and TEE?

They both use the secure world (and your missing term TrustZone). TEE is just a moniker where OP-TEE is a concrete implementation.

---

ATF (Trusted firmware) is primarily concerned with a secure boot mechanics. When the system boots, everything must be trusted. The environment is minimal and if you assume things are setup properly, you can transition to a framework such as OP-TEE which is more hardware agnostic.

TEE is just an environment where some 'secure' or trusted execution happens. The ATF provides an environment to setup a structure to transition from normal world to secure world. Fundamentally, this is done with 'monitor' mode and the SMC instruction. It is a parallel to the SVC (previously SWI) which an OS uses to transition from user space to kernel space. Together with secure boot, the ATF support the OP-TEE. TEE and OP-TEE are like the terms 'OS' and Linux or Windows. TEE is an idea and OP-TEE is an implementation. The secure world is the 'world' in TrustZone where OP-TEE executes.

ATF sets up the environments for both TEE and the kernel (for Android, it is a version of Linux). It creates a monitor mode that securely allows calling from the Android kernel to the TEE environment. So, they work as an infrastructure to accomplish something that might be provided by a TPM (trusted protection module) in other systems, but the TrustZone technology is actually more flexible, depending on your security model.

---

Trusted Firmware-A (TF-A) is a reference implementation of secure world software for Arm A-Profile architectures (Armv8-A and Armv7-A), including an Exception Level 3 (EL3) Secure Monitor. It provides a suitable starting point for productization of secure world boot and runtime firmware, in either the AArch32 or AArch64 execution states. ^{ATF Readme}

OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API exposed to Trusted Applications and the TEE Client API v1.0, which is the API describing how to communicate with a TEE. Those APIs are defined in the GlobalPlatform API specifications. ^OP-TEE

See: trust-zone and use the term in searches to understand more.