€•EŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ/translations/zh_CN/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/zh_TW/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/it_IT/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/ja_JP/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/ko_KR/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/pt_BR/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/sp_SP/tee/amd-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1hµhhh²hh³Œ9/var/lib/git/docbuild/linux/Documentation/tee/amd-tee.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ-AMD-TEE (AMD's Trusted Execution Environment)”h]”hŒ/AMD-TEE (AMD’s Trusted Execution Environment)”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´KubhŒ paragraph”“”)”}”(hŒThe AMD-TEE driver handles the communication with AMD's TEE environment. The TEE environment is provided by AMD Secure Processor.”h]”hŒƒThe AMD-TEE driver handles the communication with AMD’s TEE environment. The TEE environment is provided by AMD Secure Processor.”…””}”(hhßh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhÞ)”}”(hX4The AMD Secure Processor (formerly called Platform Security Processor or PSP) is a dedicated processor that features ARM TrustZone technology, along with a software-based Trusted Execution Environment (TEE) designed to enable third-party Trusted Applications. This feature is currently enabled only for APUs.”h]”hX4The AMD Secure Processor (formerly called Platform Security Processor or PSP) is a dedicated processor that features ARM TrustZone technology, along with a software-based Trusted Execution Environment (TEE) designed to enable third-party Trusted Applications. This feature is currently enabled only for APUs.”…””}”(hhíh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K hhÊh²hubhÞ)”}”(hŒ>The following picture shows a high level overview of AMD-TEE::”h]”hŒ=The following picture shows a high level overview of AMD-TEE:”…””}”(hhûh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhŒ literal_block”“”)”}”(hX: | x86 | | User space (Kernel space) | AMD Secure Processor (PSP) ~~~~~~~~~~ ~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | +--------+ | +-------------+ | Client | | | Trusted | +--------+ | | Application | /\ | +-------------+ || | /\ || | || || | \/ || | +----------+ || | | TEE | || | | Internal | \/ | | API | +---------+ +-----------+---------+ +----------+ | TEE | | TEE | AMD-TEE | | AMD-TEE | | Client | | subsystem | driver | | Trusted | | API | | | | | OS | +---------+-----------+----+------+---------+---------+----------+ | Generic TEE API | | ASP | Mailbox | | IOCTL (TEE_IOC_*) | | driver | Register Protocol | +--------------------------+ +---------+--------------------+”h]”hX: | x86 | | User space (Kernel space) | AMD Secure Processor (PSP) ~~~~~~~~~~ ~~~~~~~~~~~~~~ | ~~~~~~~~~~~~~~~~~~~~~~~~~~ | +--------+ | +-------------+ | Client | | | Trusted | +--------+ | | Application | /\ | +-------------+ || | /\ || | || || | \/ || | +----------+ || | | TEE | || | | Internal | \/ | | API | +---------+ +-----------+---------+ +----------+ | TEE | | TEE | AMD-TEE | | AMD-TEE | | Client | | subsystem | driver | | Trusted | | API | | | | | OS | +---------+-----------+----+------+---------+---------+----------+ | Generic TEE API | | ASP | Mailbox | | IOCTL (TEE_IOC_*) | | driver | Register Protocol | +--------------------------+ +---------+--------------------+”…””}”hj sbah}”(h]”h ]”h"]”h$]”h&]”hÅhÆuh1j h³hÇh´KhhÊh²hubhÞ)”}”(hX}At the lowest level (in x86), the AMD Secure Processor (ASP) driver uses the CPU to PSP mailbox register to submit commands to the PSP. The format of the command buffer is opaque to the ASP driver. It's role is to submit commands to the secure processor and return results to AMD-TEE driver. The interface between AMD-TEE driver and AMD Secure Processor driver can be found in [1].”h]”hXAt the lowest level (in x86), the AMD Secure Processor (ASP) driver uses the CPU to PSP mailbox register to submit commands to the PSP. The format of the command buffer is opaque to the ASP driver. It’s role is to submit commands to the secure processor and return results to AMD-TEE driver. The interface between AMD-TEE driver and AMD Secure Processor driver can be found in [1].”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K,hhÊh²hubhÞ)”}”(hŒ›The AMD-TEE driver packages the command buffer payload for processing in TEE. The command buffer format for the different TEE commands can be found in [2].”h]”hŒ›The AMD-TEE driver packages the command buffer payload for processing in TEE. The command buffer format for the different TEE commands can be found in [2].”…””}”(hj'h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K2hhÊh²hubhÞ)”}”(hŒ5The TEE commands supported by AMD-TEE Trusted OS are:”h]”hŒ5The TEE commands supported by AMD-TEE Trusted OS are:”…””}”(hj5h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K5hhÊh²hubhŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒyTEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into TEE environment.”h]”hŒdefinition_list”“”)”}”(hhh]”hŒdefinition_list_item”“”)”}”(hŒ[TEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into TEE environment.”h]”(hŒterm”“”)”}”(hŒJTEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into”h]”hŒJTEE_CMD_ID_LOAD_TA - loads a Trusted Application (TA) binary into”…””}”(hj[h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jYh³hÇh´K7hjUubhŒ definition”“”)”}”(hhh]”hÞ)”}”(hŒTEE environment.”h]”hŒTEE environment.”…””}”(hjnh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K8hjkubah}”(h]”h ]”h"]”h$]”h&]”uh1jihjUubeh}”(h]”h ]”h"]”h$]”h&]”uh1jSh³hÇh´K7hjPubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhjJubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjEh²hh³Nh´NubjI)”}”(hŒETEE_CMD_ID_UNLOAD_TA - unloads TA binary from TEE environment.”h]”hÞ)”}”(hj–h]”hŒETEE_CMD_ID_UNLOAD_TA - unloads TA binary from TEE environment.”…””}”(hj˜h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K9hj”ubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjEh²hh³hÇh´NubjI)”}”(hŒ?TEE_CMD_ID_OPEN_SESSION - opens a session with a loaded TA.”h]”hÞ)”}”(hj­h]”hŒ?TEE_CMD_ID_OPEN_SESSION - opens a session with a loaded TA.”…””}”(hj¯h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K:hj«ubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjEh²hh³hÇh´NubjI)”}”(hŒ;TEE_CMD_ID_CLOSE_SESSION - closes session with loaded TA”h]”hÞ)”}”(hjÄh]”hŒ;TEE_CMD_ID_CLOSE_SESSION - closes session with loaded TA”…””}”(hjÆh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K;hjÂubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjEh²hh³hÇh´NubjI)”}”(hŒ>TEE_CMD_ID_INVOKE_CMD - invokes a command with loaded TA”h]”hÞ)”}”(hjÛh]”hŒ>TEE_CMD_ID_INVOKE_CMD - invokes a command with loaded TA”…””}”(hjÝh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khjubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjEh²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1jCh³hÇh´K7hhÊh²hubhÞ)”}”(hŒCAMD-TEE Trusted OS is the firmware running on AMD Secure Processor.”h]”hŒCAMD-TEE Trusted OS is the firmware running on AMD Secure Processor.”…””}”(hj'h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K@hhÊh²hubhÞ)”}”(hŒnThe AMD-TEE driver registers itself with TEE subsystem and implements the following driver function callbacks:”h]”hŒnThe AMD-TEE driver registers itself with TEE subsystem and implements the following driver function callbacks:”…””}”(hj5h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KBhhÊh²hubjD)”}”(hhh]”(jI)”}”(hŒBget_version - returns the driver implementation id and capability.”h]”hÞ)”}”(hjHh]”hŒBget_version - returns the driver implementation id and capability.”…””}”(hjJh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KEhjFubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjCh²hh³hÇh´NubjI)”}”(hŒ1open - sets up the driver context data structure.”h]”hÞ)”}”(hj_h]”hŒ1open - sets up the driver context data structure.”…””}”(hjah²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KFhj]ubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjCh²hh³hÇh´NubjI)”}”(hŒ$release - frees up driver resources.”h]”hÞ)”}”(hjvh]”hŒ$release - frees up driver resources.”…””}”(hjxh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KGhjtubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjCh²hh³hÇh´NubjI)”}”(hŒDopen_session - loads the TA binary and opens session with loaded TA.”h]”hÞ)”}”(hjh]”hŒDopen_session - loads the TA binary and opens session with loaded TA.”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KHhj‹ubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjCh²hh³hÇh´NubjI)”}”(hŒ>close_session - closes session with loaded TA and unloads it.”h]”hÞ)”}”(hj¤h]”hŒ>close_session - closes session with loaded TA and unloads it.”…””}”(hj¦h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KIhj¢ubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjCh²hh³hÇh´NubjI)”}”(hŒ0invoke_func - invokes a command with loaded TA. ”h]”hÞ)”}”(hŒ/invoke_func - invokes a command with loaded TA.”h]”hŒ/invoke_func - invokes a command with loaded TA.”…””}”(hj½h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KJhj¹ubah}”(h]”h ]”h"]”h$]”h&]”uh1jHhjCh²hh³hÇh´Nubeh}”(h]”h ]”h"]”h$]”h&]”j%j&uh1jCh³hÇh´KEhhÊh²hubhÞ)”}”(hŒ7cancel_req driver callback is not supported by AMD-TEE.”h]”hŒ7cancel_req driver callback is not supported by AMD-TEE.”…””}”(hj×h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KLhhÊh²hubhÞ)”}”(hŒÙThe GlobalPlatform TEE Client API [3] can be used by the user space (client) to talk to AMD's TEE. AMD's TEE provides a secure environment for loading, opening a session, invoking commands and closing session with TA.”h]”hŒÝThe GlobalPlatform TEE Client API [3] can be used by the user space (client) to talk to AMD’s TEE. AMD’s TEE provides a secure environment for loading, opening a session, invoking commands and closing session with TA.”…””}”(hjåh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KNhhÊh²hubhÉ)”}”(hhh]”(hÎ)”}”(hŒ References”h]”hŒ References”…””}”(hjöh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjóh²hh³hÇh´KSubhÞ)”}”(hŒ[1] include/linux/psp-tee.h”h]”hŒ[1] include/linux/psp-tee.h”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KUhjóh²hubhÞ)”}”(hŒ"[2] drivers/tee/amdtee/amdtee_if.h”h]”hŒ"[2] drivers/tee/amdtee/amdtee_if.h”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KWhjóh²hubjO)”}”(hhh]”jT)”}”(hŒ{[3] http://www.globalplatform.org/specificationsdevice.asp look for "TEE Client API Specification v1.0" and click download.”h]”(jZ)”}”(hŒC[3] http://www.globalplatform.org/specificationsdevice.asp look for”h]”(hŒ[3] ”…””}”(hj'h²hh³Nh´NubhŒ reference”“”)”}”(hŒ6http://www.globalplatform.org/specificationsdevice.asp”h]”hŒ6http://www.globalplatform.org/specificationsdevice.asp”…””}”(hj1h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j3uh1j/hj'ubhŒ look for”…””}”(hj'h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1jYh³hÇh´KYhj#ubjj)”}”(hhh]”hÞ)”}”(hŒ7"TEE Client API Specification v1.0" and click download.”h]”hŒ;“TEE Client API Specification v1.0†and click download.”…””}”(hjMh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KZhjJubah}”(h]”h ]”h"]”h$]”h&]”uh1jihj#ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jSh³hÇh´KYhj ubah}”(h]”h ]”h"]”h$]”h&]”uh1jNhjóh²hh³hÇh´Nubeh}”(h]”Œ references”ah ]”h"]”Œ references”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KSubeh}”(h]”Œ+amd-tee-amd-s-trusted-execution-environment”ah ]”h"]”Œ-amd-tee (amd's trusted execution environment)”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jzjwjrjouŒ nametypes”}”(jz‰jr‰uh}”(jwhÊjojóuŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nh²hub.