€•¼DŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ/translations/zh_CN/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/zh_TW/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/it_IT/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/ja_JP/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/ko_KR/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/sp_SP/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1h¡hhhžhhŸŒ9/var/lib/git/docbuild/linux/Documentation/tee/amd-tee.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ-AMD-TEE (AMD's Trusted Execution Environment)”h]”hŒ/AMD-TEE (AMD’s Trusted Execution Environment)”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h KubhŒ paragraph”“”)”}”(hŒThe AMD-TEE driver handles the communication with AMD's TEE environment. The TEE environment is provided by AMD Secure Processor.”h]”hŒƒThe AMD-TEE driver handles the communication with AMD’s TEE environment. The TEE environment is provided by AMD Secure Processor.”…””}”(hhËhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhÊ)”}”(hX4The AMD Secure Processor (formerly called Platform Security Processor or PSP) is a dedicated processor that features ARM TrustZone technology, along with a software-based Trusted Execution Environment (TEE) designed to enable third-party Trusted Applications. This feature is currently enabled only for APUs.”h]”hX4The AMD Secure Processor (formerly called Platform Security Processor or PSP) is a dedicated processor that features ARM TrustZone technology, along with a software-based Trusted Execution Environment (TEE) designed to enable third-party Trusted Applications. This feature is currently enabled only for APUs.”…””}”(hhÙhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K hh¶hžhubhÊ)”}”(hŒ>The following picture shows a high level overview of AMD-TEE::”h]”hŒ=The following picture shows a high level overview of AMD-TEE:”…””}”(hhçhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhŒ literal_block”“”)”}”(hX: | x86 | | User space (Kernel space) | AMD Secure Processor (PSP) ~~~~~~~~~~ ~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | +--------+ | +-------------+ | Client | | | Trusted | +--------+ | | Application | /\ | +-------------+ || | /\ || | || || | \/ || | +----------+ || | | TEE | || | | Internal | \/ | | API | +---------+ +-----------+---------+ +----------+ | TEE | | TEE | AMD-TEE | | AMD-TEE | | Client | | subsystem | driver | | Trusted | | API | | | | | OS | +---------+-----------+----+------+---------+---------+----------+ | Generic TEE API | | ASP | Mailbox | | IOCTL (TEE_IOC_*) | | driver | Register Protocol | +--------------------------+ +---------+--------------------+”h]”hX: | x86 | | User space (Kernel space) | AMD Secure Processor (PSP) ~~~~~~~~~~ ~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | +--------+ | +-------------+ | Client | | | Trusted | +--------+ | | Application | /\ | +-------------+ || | /\ || | || || | \/ || | +----------+ || | | TEE | || | | Internal | \/ | | API | +---------+ +-----------+---------+ +----------+ | TEE | | TEE | AMD-TEE | | AMD-TEE | | Client | | subsystem | driver | | Trusted | | API | | | | | OS | +---------+-----------+----+------+---------+---------+----------+ | Generic TEE API | | ASP | Mailbox | | IOCTL (TEE_IOC_*) | | driver | Register Protocol | +--------------------------+ +---------+--------------------+”…””}”hh÷sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1hõhŸh³h Khh¶hžhubhÊ)”}”(hX}At the lowest level (in x86), the AMD Secure Processor (ASP) driver uses the CPU to PSP mailbox register to submit commands to the PSP. The format of the command buffer is opaque to the ASP driver. It's role is to submit commands to the secure processor and return results to AMD-TEE driver. The interface between AMD-TEE driver and AMD Secure Processor driver can be found in [1].”h]”hXAt the lowest level (in x86), the AMD Secure Processor (ASP) driver uses the CPU to PSP mailbox register to submit commands to the PSP. The format of the command buffer is opaque to the ASP driver. It’s role is to submit commands to the secure processor and return results to AMD-TEE driver. The interface between AMD-TEE driver and AMD Secure Processor driver can be found in [1].”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K,hh¶hžhubhÊ)”}”(hŒ›The AMD-TEE driver packages the command buffer payload for processing in TEE. The command buffer format for the different TEE commands can be found in [2].”h]”hŒ›The AMD-TEE driver packages the command buffer payload for processing in TEE. The command buffer format for the different TEE commands can be found in [2].”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K2hh¶hžhubhÊ)”}”(hŒ5The TEE commands supported by AMD-TEE Trusted OS are:”h]”hŒ5The TEE commands supported by AMD-TEE Trusted OS are:”…””}”(hj!hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K5hh¶hžhubhŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒyTEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into TEE environment.”h]”hŒdefinition_list”“”)”}”(hhh]”hŒdefinition_list_item”“”)”}”(hŒ[TEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into TEE environment.”h]”(hŒterm”“”)”}”(hŒJTEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into”h]”hŒJTEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into”…””}”(hjGhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jEhŸh³h K7hjAubhŒ definition”“”)”}”(hhh]”hÊ)”}”(hŒTEE environment.”h]”hŒTEE environment.”…””}”(hjZhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K8hjWubah}”(h]”h ]”h"]”h$]”h&]”uh1jUhjAubeh}”(h]”h ]”h"]”h$]”h&]”uh1j?hŸh³h K7hj<ubah}”(h]”h ]”h"]”h$]”h&]”uh1j:hj6ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj1hžhhŸNh Nubj5)”}”(hŒETEE_CMD_ID_UNLOAD_TA - unloads TA binary from TEE environment.”h]”hÊ)”}”(hj‚h]”hŒETEE_CMD_ID_UNLOAD_TA - unloads TA binary from TEE environment.”…””}”(hj„hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K9hj€ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj1hžhhŸh³h Nubj5)”}”(hŒ?TEE_CMD_ID_OPEN_SESSION - opens a session with a loaded TA.”h]”hÊ)”}”(hj™h]”hŒ?TEE_CMD_ID_OPEN_SESSION - opens a session with a loaded TA.”…””}”(hj›hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K:hj—ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj1hžhhŸh³h Nubj5)”}”(hŒ;TEE_CMD_ID_CLOSE_SESSION - closes session with loaded TA”h]”hÊ)”}”(hj°h]”hŒ;TEE_CMD_ID_CLOSE_SESSION - closes session with loaded TA”…””}”(hj²hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K;hj®ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj1hžhhŸh³h Nubj5)”}”(hŒ>TEE_CMD_ID_INVOKE_CMD - invokes a command with loaded TA”h]”hÊ)”}”(hjÇh]”hŒ>TEE_CMD_ID_INVOKE_CMD - invokes a command with loaded TA”…””}”(hjÉhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khjóubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj1hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1j/hŸh³h K7hh¶hžhubhÊ)”}”(hŒCAMD-TEE Trusted OS is the firmware running on AMD Secure Processor.”h]”hŒCAMD-TEE Trusted OS is the firmware running on AMD Secure Processor.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K@hh¶hžhubhÊ)”}”(hŒnThe AMD-TEE driver registers itself with TEE subsystem and implements the following driver function callbacks:”h]”hŒnThe AMD-TEE driver registers itself with TEE subsystem and implements the following driver function callbacks:”…””}”(hj!hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KBhh¶hžhubj0)”}”(hhh]”(j5)”}”(hŒBget_version - returns the driver implementation id and capability.”h]”hÊ)”}”(hj4h]”hŒBget_version - returns the driver implementation id and capability.”…””}”(hj6hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KEhj2ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj/hžhhŸh³h Nubj5)”}”(hŒ1open - sets up the driver context data structure.”h]”hÊ)”}”(hjKh]”hŒ1open - sets up the driver context data structure.”…””}”(hjMhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KFhjIubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj/hžhhŸh³h Nubj5)”}”(hŒ$release - frees up driver resources.”h]”hÊ)”}”(hjbh]”hŒ$release - frees up driver resources.”…””}”(hjdhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KGhj`ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj/hžhhŸh³h Nubj5)”}”(hŒDopen_session - loads the TA binary and opens session with loaded TA.”h]”hÊ)”}”(hjyh]”hŒDopen_session - loads the TA binary and opens session with loaded TA.”…””}”(hj{hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KHhjwubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj/hžhhŸh³h Nubj5)”}”(hŒ>close_session - closes session with loaded TA and unloads it.”h]”hÊ)”}”(hjh]”hŒ>close_session - closes session with loaded TA and unloads it.”…””}”(hj’hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KIhjŽubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj/hžhhŸh³h Nubj5)”}”(hŒ0invoke_func - invokes a command with loaded TA. ”h]”hÊ)”}”(hŒ/invoke_func - invokes a command with loaded TA.”h]”hŒ/invoke_func - invokes a command with loaded TA.”…””}”(hj©hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KJhj¥ubah}”(h]”h ]”h"]”h$]”h&]”uh1j4hj/hžhhŸh³h Nubeh}”(h]”h ]”h"]”h$]”h&]”jjuh1j/hŸh³h KEhh¶hžhubhÊ)”}”(hŒ7cancel_req driver callback is not supported by AMD-TEE.”h]”hŒ7cancel_req driver callback is not supported by AMD-TEE.”…””}”(hjÃhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KLhh¶hžhubhÊ)”}”(hŒÙThe GlobalPlatform TEE Client API [3] can be used by the user space (client) to talk to AMD's TEE. AMD's TEE provides a secure environment for loading, opening a session, invoking commands and closing session with TA.”h]”hŒÝThe GlobalPlatform TEE Client API [3] can be used by the user space (client) to talk to AMD’s TEE. AMD’s TEE provides a secure environment for loading, opening a session, invoking commands and closing session with TA.”…””}”(hjÑhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KNhh¶hžhubhµ)”}”(hhh]”(hº)”}”(hŒ References”h]”hŒ References”…””}”(hjâhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjßhžhhŸh³h KSubhÊ)”}”(hŒ[1] include/linux/psp-tee.h”h]”hŒ[1] include/linux/psp-tee.h”…””}”(hjðhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KUhjßhžhubhÊ)”}”(hŒ"[2] drivers/tee/amdtee/amdtee_if.h”h]”hŒ"[2] drivers/tee/amdtee/amdtee_if.h”…””}”(hjþhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KWhjßhžhubj;)”}”(hhh]”j@)”}”(hŒ{[3] http://www.globalplatform.org/specificationsdevice.asp look for "TEE Client API Specification v1.0" and click download.”h]”(jF)”}”(hŒC[3] http://www.globalplatform.org/specificationsdevice.asp look for”h]”(hŒ[3] ”…””}”(hjhžhhŸNh NubhŒ reference”“”)”}”(hŒ6http://www.globalplatform.org/specificationsdevice.asp”h]”hŒ6http://www.globalplatform.org/specificationsdevice.asp”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”juh1jhjubhŒ look for”…””}”(hjhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jEhŸh³h KYhjubjV)”}”(hhh]”hÊ)”}”(hŒ7"TEE Client API Specification v1.0" and click download.”h]”hŒ;“TEE Client API Specification v1.0†and click download.”…””}”(hj9hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KZhj6ubah}”(h]”h ]”h"]”h$]”h&]”uh1jUhjubeh}”(h]”h ]”h"]”h$]”h&]”uh1j?hŸh³h KYhj ubah}”(h]”h ]”h"]”h$]”h&]”uh1j:hjßhžhhŸh³h Nubeh}”(h]”Œ references”ah ]”h"]”Œ references”ah$]”h&]”uh1h´hh¶hžhhŸh³h KSubeh}”(h]”Œ+amd-tee-amd-s-trusted-execution-environment”ah ]”h"]”Œ-amd-tee (amd's trusted execution environment)”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jŒŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jfjcj^j[uŒ nametypes”}”(jf‰j^‰uh}”(jch¶j[jßuŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.