€•§6Œsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ/translations/zh_CN/tee/ts-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/zh_TW/tee/ts-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/it_IT/tee/ts-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/ja_JP/tee/ts-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/ko_KR/tee/ts-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ/translations/sp_SP/tee/ts-tee”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ xml:space”Œpreserve”uh1h¡hhhžhhŸŒ8/var/lib/git/docbuild/linux/Documentation/tee/ts-tee.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ!TS-TEE (Trusted Services project)”h]”hŒ!TS-TEE (Trusted Services project)”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h KubhŒ paragraph”“”)”}”(hŒOThis driver provides access to secure services implemented by Trusted Services.”h]”hŒOThis driver provides access to secure services implemented by Trusted Services.”…””}”(hhËhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhÊ)”}”(hX'Trusted Services [1] is a TrustedFirmware.org project that provides a framework for developing and deploying device Root of Trust services in FF-A [2] S-EL0 Secure Partitions. The project hosts the reference implementation of the Arm Platform Security Architecture [3] for Arm A-profile devices.”h]”hX'Trusted Services [1] is a TrustedFirmware.org project that provides a framework for developing and deploying device Root of Trust services in FF-A [2] S-EL0 Secure Partitions. The project hosts the reference implementation of the Arm Platform Security Architecture [3] for Arm A-profile devices.”…””}”(hhÙhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K hh¶hžhubhÊ)”}”(hX\The FF-A Secure Partitions (SP) are accessible through the FF-A driver [4] which provides the low level communication for this driver. On top of that the Trusted Services RPC protocol is used [5]. To use the driver from user space a reference implementation is provided at [6], which is part of the Trusted Services client library called libts [7].”h]”hX\The FF-A Secure Partitions (SP) are accessible through the FF-A driver [4] which provides the low level communication for this driver. On top of that the Trusted Services RPC protocol is used [5]. To use the driver from user space a reference implementation is provided at [6], which is part of the Trusted Services client library called libts [7].”…””}”(hhçhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhÊ)”}”(hX‹All Trusted Services (TS) SPs have the same FF-A UUID; it identifies the TS RPC protocol. A TS SP can host one or more services (e.g. PSA Crypto, PSA ITS, etc). A service is identified by its service UUID; the same type of service cannot be present twice in the same SP. During SP boot each service in the SP is assigned an "interface ID". This is just a short ID to simplify message addressing.”h]”hXAll Trusted Services (TS) SPs have the same FF-A UUID; it identifies the TS RPC protocol. A TS SP can host one or more services (e.g. PSA Crypto, PSA ITS, etc). A service is identified by its service UUID; the same type of service cannot be present twice in the same SP. During SP boot each service in the SP is assigned an “interface IDâ€. This is just a short ID to simplify message addressing.”…””}”(hhõhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhÊ)”}”(hXzThe generic TEE design is to share memory at once with the Trusted OS, which can then be reused to communicate with multiple applications running on the Trusted OS. However, in case of FF-A, memory sharing works on an endpoint level, i.e. memory is shared with a specific SP. User space has to be able to separately share memory with each SP based on its endpoint ID; therefore a separate TEE device is registered for each discovered TS SP. Opening the SP corresponds to opening the TEE device and creating a TEE context. A TS SP hosts one or more services. Opening a service corresponds to opening a session in the given tee_context.”h]”hXzThe generic TEE design is to share memory at once with the Trusted OS, which can then be reused to communicate with multiple applications running on the Trusted OS. However, in case of FF-A, memory sharing works on an endpoint level, i.e. memory is shared with a specific SP. User space has to be able to separately share memory with each SP based on its endpoint ID; therefore a separate TEE device is registered for each discovered TS SP. Opening the SP corresponds to opening the TEE device and creating a TEE context. A TS SP hosts one or more services. Opening a service corresponds to opening a session in the given tee_context.”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhÊ)”}”(hŒ7Overview of a system with Trusted Services components::”h]”hŒ6Overview of a system with Trusted Services components:”…””}”(hjhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K$hh¶hžhubhŒ literal_block”“”)”}”(hXºUser space Kernel space Secure world ~~~~~~~~~~ ~~~~~~~~~~~~ ~~~~~~~~~~~~ +--------+ +-------------+ | Client | | Trusted | +--------+ | Services SP | /\ +-------------+ || /\ || || || || \/ \/ +-------+ +----------+--------+ +-------------+ | libts | | TEE | TS-TEE | | FF-A SPMC | | | | subsys | driver | | + SPMD | +-------+----------------+----+-----+--------+-----------+-------------+ | Generic TEE API | | FF-A | TS RPC protocol | | IOCTL (TEE_IOC_*) | | driver | over FF-A | +-----------------------------+ +--------+-------------------------+”h]”hXºUser space Kernel space Secure world ~~~~~~~~~~ ~~~~~~~~~~~~ ~~~~~~~~~~~~ +--------+ +-------------+ | Client | | Trusted | +--------+ | Services SP | /\ +-------------+ || /\ || || || || \/ \/ +-------+ +----------+--------+ +-------------+ | libts | | TEE | TS-TEE | | FF-A SPMC | | | | subsys | driver | | + SPMD | +-------+----------------+----+-----+--------+-----------+-------------+ | Generic TEE API | | FF-A | TS RPC protocol | | IOCTL (TEE_IOC_*) | | driver | over FF-A | +-----------------------------+ +--------+-------------------------+”…””}”hj!sbah}”(h]”h ]”h"]”h$]”h&]”h±h²uh1jhŸh³h K&hh¶hžhubhµ)”}”(hhh]”(hº)”}”(hŒ References”h]”hŒ References”…””}”(hj2hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj/hžhhŸh³h K9ubhÊ)”}”(hŒ>[1] https://www.trustedfirmware.org/projects/trusted-services/”h]”(hŒ[1] ”…””}”(hj@hžhhŸNh NubhŒ reference”“”)”}”(hŒ:https://www.trustedfirmware.org/projects/trusted-services/”h]”hŒ:https://www.trustedfirmware.org/projects/trusted-services/”…””}”(hjJhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jLuh1jHhj@ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K;hj/hžhubhÊ)”}”(hŒ4[2] https://developer.arm.com/documentation/den0077/”h]”(hŒ[2] ”…””}”(hj_hžhhŸNh NubjI)”}”(hŒ0https://developer.arm.com/documentation/den0077/”h]”hŒ0https://developer.arm.com/documentation/den0077/”…””}”(hjghžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jiuh1jHhj_ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K=hj/hžhubhÊ)”}”(hŒH[3] https://www.arm.com/architecture/security-features/platform-security”h]”(hŒ[3] ”…””}”(hj|hžhhŸNh NubjI)”}”(hŒDhttps://www.arm.com/architecture/security-features/platform-security”h]”hŒDhttps://www.arm.com/architecture/security-features/platform-security”…””}”(hj„hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j†uh1jHhj|ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K?hj/hžhubhÊ)”}”(hŒ[4] drivers/firmware/arm_ffa/”h]”hŒ[4] drivers/firmware/arm_ffa/”…””}”(hj™hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KAhj/hžhubhÊ)”}”(hŒa[5] https://trusted-services.readthedocs.io/en/v1.0.0/developer/service-access-protocols.html#abi”h]”(hŒ[5] ”…””}”(hj§hžhhŸNh NubjI)”}”(hŒ]https://trusted-services.readthedocs.io/en/v1.0.0/developer/service-access-protocols.html#abi”h]”hŒ]https://trusted-services.readthedocs.io/en/v1.0.0/developer/service-access-protocols.html#abi”…””}”(hj¯hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”j±uh1jHhj§ubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KChj/hžhubhÊ)”}”(hŒ‚[6] https://git.trustedfirmware.org/TS/trusted-services.git/tree/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c?h=v1.0.0”h]”(hŒ[6] ”…””}”(hjÄhžhhŸNh NubjI)”}”(hŒ~https://git.trustedfirmware.org/TS/trusted-services.git/tree/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c?h=v1.0.0”h]”hŒ~https://git.trustedfirmware.org/TS/trusted-services.git/tree/components/rpc/ts_rpc/caller/linux/ts_rpc_caller_linux.c?h=v1.0.0”…””}”(hjÌhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jÎuh1jHhjÄubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KEhj/hžhubhÊ)”}”(hŒt[7] https://git.trustedfirmware.org/TS/trusted-services.git/tree/deployments/libts/arm-linux/CMakeLists.txt?h=v1.0.0”h]”(hŒ[7] ”…””}”(hjáhžhhŸNh NubjI)”}”(hŒphttps://git.trustedfirmware.org/TS/trusted-services.git/tree/deployments/libts/arm-linux/CMakeLists.txt?h=v1.0.0”h]”hŒphttps://git.trustedfirmware.org/TS/trusted-services.git/tree/deployments/libts/arm-linux/CMakeLists.txt?h=v1.0.0”…””}”(hjéhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jëuh1jHhjáubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KGhj/hžhubeh}”(h]”Œ references”ah ]”h"]”Œ references”ah$]”h&]”uh1h´hh¶hžhhŸh³h K9ubeh}”(h]”Œts-tee-trusted-services-project”ah ]”h"]”Œ!ts-tee (trusted services project)”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”Œentry”Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j1Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(j jjjuŒ nametypes”}”(j ‰j‰uh}”(jh¶jj/uŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nhžhub.