Zephyr Project API 3.7.0
A Scalable Open Source RTOS
Loading...
Searching...
No Matches
TEE Interface

Trusted Execution Environment Interface. More...

Data Structures

struct  tee_version_info
 TEE version. More...
 
struct  tee_open_session_arg
 
  • Open session argument
More...
 
struct  tee_param
 Tee parameter. More...
 
struct  tee_invoke_func_arg
 Invokes a function in a Trusted Application. More...
 
struct  tee_shm
 Tee shared memory structure. More...
 
struct  tee_driver_api
 

Macros

#define TEE_UUID_LEN   16
 
#define TEE_GEN_CAP_GP   BIT(0) /* GlobalPlatform compliant TEE */
 
#define TEE_GEN_CAP_PRIVILEGED   BIT(1) /* Privileged device (for supplicant) */
 
#define TEE_GEN_CAP_REG_MEM   BIT(2) /* Supports registering shared memory */
 
#define TEE_GEN_CAP_MEMREF_NULL   BIT(3) /* Support NULL MemRef */
 
#define TEE_SHM_REGISTER   BIT(0)
 
#define TEE_SHM_ALLOC   BIT(1)
 
#define TEE_PARAM_ATTR_TYPE_NONE   0 /* parameter not used */
 
#define TEE_PARAM_ATTR_TYPE_VALUE_INPUT   1
 
#define TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT   2
 
#define TEE_PARAM_ATTR_TYPE_VALUE_INOUT   3 /* input and output */
 
#define TEE_PARAM_ATTR_TYPE_MEMREF_INPUT   5
 
#define TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT   6
 
#define TEE_PARAM_ATTR_TYPE_MEMREF_INOUT   7 /* input and output */
 
#define TEE_PARAM_ATTR_TYPE_MASK   0xff
 
#define TEE_PARAM_ATTR_META   0x100
 
#define TEE_PARAM_ATTR_MASK   (TEE_PARAM_ATTR_TYPE_MASK | TEE_PARAM_ATTR_META)
 
#define TEEC_ORIGIN_API   0x00000001
 Function error origins, of type TEEC_ErrorOrigin.
 
#define TEEC_ORIGIN_COMMS   0x00000002
 
#define TEEC_ORIGIN_TEE   0x00000003
 
#define TEEC_ORIGIN_TRUSTED_APP   0x00000004
 
#define TEEC_SUCCESS   0x00000000
 Return values.
 
#define TEEC_ERROR_STORAGE_NOT_AVAILABLE   0xF0100003
 
#define TEEC_ERROR_GENERIC   0xFFFF0000
 
#define TEEC_ERROR_ACCESS_DENIED   0xFFFF0001
 
#define TEEC_ERROR_CANCEL   0xFFFF0002
 
#define TEEC_ERROR_ACCESS_CONFLICT   0xFFFF0003
 
#define TEEC_ERROR_EXCESS_DATA   0xFFFF0004
 
#define TEEC_ERROR_BAD_FORMAT   0xFFFF0005
 
#define TEEC_ERROR_BAD_PARAMETERS   0xFFFF0006
 
#define TEEC_ERROR_BAD_STATE   0xFFFF0007
 
#define TEEC_ERROR_ITEM_NOT_FOUND   0xFFFF0008
 
#define TEEC_ERROR_NOT_IMPLEMENTED   0xFFFF0009
 
#define TEEC_ERROR_NOT_SUPPORTED   0xFFFF000A
 
#define TEEC_ERROR_NO_DATA   0xFFFF000B
 
#define TEEC_ERROR_OUT_OF_MEMORY   0xFFFF000C
 
#define TEEC_ERROR_BUSY   0xFFFF000D
 
#define TEEC_ERROR_COMMUNICATION   0xFFFF000E
 
#define TEEC_ERROR_SECURITY   0xFFFF000F
 
#define TEEC_ERROR_SHORT_BUFFER   0xFFFF0010
 
#define TEEC_ERROR_EXTERNAL_CANCEL   0xFFFF0011
 
#define TEEC_ERROR_TARGET_DEAD   0xFFFF3024
 
#define TEEC_ERROR_STORAGE_NO_SPACE   0xFFFF3041
 
#define TEEC_LOGIN_PUBLIC   0x00000000
 Session login methods, for use in tee_open_session() as parameter connectionMethod.
 
#define TEEC_LOGIN_USER   0x00000001
 
#define TEEC_LOGIN_GROUP   0x00000002
 
#define TEEC_LOGIN_APPLICATION   0x00000004
 
#define TEEC_LOGIN_USER_APPLICATION   0x00000005
 
#define TEEC_LOGIN_GROUP_APPLICATION   0x00000006
 

Typedefs

typedef int(* tee_get_version_t) (const struct device *dev, struct tee_version_info *info)
 Callback API to get current tee version.
 
typedef int(* tee_open_session_t) (const struct device *dev, struct tee_open_session_arg *arg, unsigned int num_param, struct tee_param *param, uint32_t *session_id)
 Callback API to open session to Trusted Application.
 
typedef int(* tee_close_session_t) (const struct device *dev, uint32_t session_id)
 Callback API to close session to TA.
 
typedef int(* tee_cancel_t) (const struct device *dev, uint32_t session_id, uint32_t cancel_id)
 Callback API to cancel open session of invoke function to TA.
 
typedef int(* tee_invoke_func_t) (const struct device *dev, struct tee_invoke_func_arg *arg, unsigned int num_param, struct tee_param *param)
 Callback API to invoke function to TA.
 
typedef int(* tee_shm_register_t) (const struct device *dev, struct tee_shm *shm)
 Callback API to register shared memory.
 
typedef int(* tee_shm_unregister_t) (const struct device *dev, struct tee_shm *shm)
 Callback API to unregister shared memory.
 
typedef int(* tee_suppl_recv_t) (const struct device *dev, uint32_t *func, unsigned int *num_params, struct tee_param *param)
 Callback API to receive a request for TEE supplicant.
 
typedef int(* tee_suppl_send_t) (const struct device *dev, unsigned int ret, unsigned int num_params, struct tee_param *param)
 Callback API to send a request for TEE supplicant.
 

Functions

int tee_get_version (const struct device *dev, struct tee_version_info *info)
 Get the current TEE version info.
 
int tee_open_session (const struct device *dev, struct tee_open_session_arg *arg, unsigned int num_param, struct tee_param *param, uint32_t *session_id)
 Open session for Trusted Environment.
 
int tee_close_session (const struct device *dev, uint32_t session_id)
 Close session for Trusted Environment.
 
int tee_cancel (const struct device *dev, uint32_t session_id, uint32_t cancel_id)
 Cancel session or invoke function for Trusted Environment.
 
int tee_invoke_func (const struct device *dev, struct tee_invoke_func_arg *arg, unsigned int num_param, struct tee_param *param)
 Invoke function for Trusted Environment Application.
 
int tee_add_shm (const struct device *dev, void *addr, size_t align, size_t size, uint32_t flags, struct tee_shm **shmp)
 Helper function to allocate and register shared memory.
 
int tee_rm_shm (const struct device *dev, struct tee_shm *shm)
 Helper function to remove and unregister shared memory.
 
int tee_shm_register (const struct device *dev, void *addr, size_t size, uint32_t flags, struct tee_shm **shm)
 Register shared memory for Trusted Environment.
 
int tee_shm_unregister (const struct device *dev, struct tee_shm *shm)
 Unregister shared memory for Trusted Environment.
 
int tee_shm_alloc (const struct device *dev, size_t size, uint32_t flags, struct tee_shm **shm)
 Allocate shared memory region for Trusted Environment.
 
int tee_shm_free (const struct device *dev, struct tee_shm *shm)
 Free shared memory region for Trusted Environment.
 
int tee_suppl_recv (const struct device *dev, uint32_t *func, unsigned int *num_params, struct tee_param *param)
 Receive a request for TEE Supplicant.
 
int tee_suppl_send (const struct device *dev, unsigned int ret, unsigned int num_params, struct tee_param *param)
 Send a request for TEE Supplicant function.
 

Detailed Description

Trusted Execution Environment Interface.

The generic interface to work with Trusted Execution Environment (TEE). TEE is Trusted OS, running in the Secure Space, such as TrustZone in ARM cpus. It also can be presented as the separate secure co-processors. It allows system to implement logic, separated from the Normal World.

Using TEE syscalls:

Macro Definition Documentation

◆ TEE_GEN_CAP_GP

#define TEE_GEN_CAP_GP   BIT(0) /* GlobalPlatform compliant TEE */

◆ TEE_GEN_CAP_MEMREF_NULL

#define TEE_GEN_CAP_MEMREF_NULL   BIT(3) /* Support NULL MemRef */

◆ TEE_GEN_CAP_PRIVILEGED

#define TEE_GEN_CAP_PRIVILEGED   BIT(1) /* Privileged device (for supplicant) */

◆ TEE_GEN_CAP_REG_MEM

#define TEE_GEN_CAP_REG_MEM   BIT(2) /* Supports registering shared memory */

◆ TEE_PARAM_ATTR_MASK

#define TEE_PARAM_ATTR_MASK   (TEE_PARAM_ATTR_TYPE_MASK | TEE_PARAM_ATTR_META)

◆ TEE_PARAM_ATTR_META

#define TEE_PARAM_ATTR_META   0x100

◆ TEE_PARAM_ATTR_TYPE_MASK

#define TEE_PARAM_ATTR_TYPE_MASK   0xff

◆ TEE_PARAM_ATTR_TYPE_MEMREF_INOUT

#define TEE_PARAM_ATTR_TYPE_MEMREF_INOUT   7 /* input and output */

◆ TEE_PARAM_ATTR_TYPE_MEMREF_INPUT

#define TEE_PARAM_ATTR_TYPE_MEMREF_INPUT   5

◆ TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT

#define TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT   6

◆ TEE_PARAM_ATTR_TYPE_NONE

#define TEE_PARAM_ATTR_TYPE_NONE   0 /* parameter not used */

◆ TEE_PARAM_ATTR_TYPE_VALUE_INOUT

#define TEE_PARAM_ATTR_TYPE_VALUE_INOUT   3 /* input and output */

◆ TEE_PARAM_ATTR_TYPE_VALUE_INPUT

#define TEE_PARAM_ATTR_TYPE_VALUE_INPUT   1

◆ TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT

#define TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT   2

◆ TEE_SHM_ALLOC

#define TEE_SHM_ALLOC   BIT(1)

◆ TEE_SHM_REGISTER

#define TEE_SHM_REGISTER   BIT(0)

◆ TEE_UUID_LEN

#define TEE_UUID_LEN   16

◆ TEEC_ERROR_ACCESS_CONFLICT

#define TEEC_ERROR_ACCESS_CONFLICT   0xFFFF0003

◆ TEEC_ERROR_ACCESS_DENIED

#define TEEC_ERROR_ACCESS_DENIED   0xFFFF0001

◆ TEEC_ERROR_BAD_FORMAT

#define TEEC_ERROR_BAD_FORMAT   0xFFFF0005

◆ TEEC_ERROR_BAD_PARAMETERS

#define TEEC_ERROR_BAD_PARAMETERS   0xFFFF0006

◆ TEEC_ERROR_BAD_STATE

#define TEEC_ERROR_BAD_STATE   0xFFFF0007

◆ TEEC_ERROR_BUSY

#define TEEC_ERROR_BUSY   0xFFFF000D

◆ TEEC_ERROR_CANCEL

#define TEEC_ERROR_CANCEL   0xFFFF0002

◆ TEEC_ERROR_COMMUNICATION

#define TEEC_ERROR_COMMUNICATION   0xFFFF000E

◆ TEEC_ERROR_EXCESS_DATA

#define TEEC_ERROR_EXCESS_DATA   0xFFFF0004

◆ TEEC_ERROR_EXTERNAL_CANCEL

#define TEEC_ERROR_EXTERNAL_CANCEL   0xFFFF0011

◆ TEEC_ERROR_GENERIC

#define TEEC_ERROR_GENERIC   0xFFFF0000

◆ TEEC_ERROR_ITEM_NOT_FOUND

#define TEEC_ERROR_ITEM_NOT_FOUND   0xFFFF0008

◆ TEEC_ERROR_NO_DATA

#define TEEC_ERROR_NO_DATA   0xFFFF000B

◆ TEEC_ERROR_NOT_IMPLEMENTED

#define TEEC_ERROR_NOT_IMPLEMENTED   0xFFFF0009

◆ TEEC_ERROR_NOT_SUPPORTED

#define TEEC_ERROR_NOT_SUPPORTED   0xFFFF000A

◆ TEEC_ERROR_OUT_OF_MEMORY

#define TEEC_ERROR_OUT_OF_MEMORY   0xFFFF000C

◆ TEEC_ERROR_SECURITY

#define TEEC_ERROR_SECURITY   0xFFFF000F

◆ TEEC_ERROR_SHORT_BUFFER

#define TEEC_ERROR_SHORT_BUFFER   0xFFFF0010

◆ TEEC_ERROR_STORAGE_NO_SPACE

#define TEEC_ERROR_STORAGE_NO_SPACE   0xFFFF3041

◆ TEEC_ERROR_STORAGE_NOT_AVAILABLE

#define TEEC_ERROR_STORAGE_NOT_AVAILABLE   0xF0100003

◆ TEEC_ERROR_TARGET_DEAD

#define TEEC_ERROR_TARGET_DEAD   0xFFFF3024

◆ TEEC_LOGIN_APPLICATION

#define TEEC_LOGIN_APPLICATION   0x00000004

◆ TEEC_LOGIN_GROUP

#define TEEC_LOGIN_GROUP   0x00000002

◆ TEEC_LOGIN_GROUP_APPLICATION

#define TEEC_LOGIN_GROUP_APPLICATION   0x00000006

◆ TEEC_LOGIN_PUBLIC

#define TEEC_LOGIN_PUBLIC   0x00000000

#include <include/zephyr/drivers/tee.h>

Session login methods, for use in tee_open_session() as parameter connectionMethod.

Type is uint32_t.

TEEC_LOGIN_PUBLIC No login data is provided. TEEC_LOGIN_USER Login data about the user running the Client Application process is provided. TEEC_LOGIN_GROUP Login data about the group running the Client Application process is provided. TEEC_LOGIN_APPLICATION Login data about the running Client Application itself is provided. TEEC_LOGIN_USER_APPLICATION Login data about the user and the running Client Application itself is provided. TEEC_LOGIN_GROUP_APPLICATION Login data about the group and the running Client Application itself is provided.

◆ TEEC_LOGIN_USER

#define TEEC_LOGIN_USER   0x00000001

◆ TEEC_LOGIN_USER_APPLICATION

#define TEEC_LOGIN_USER_APPLICATION   0x00000005

◆ TEEC_ORIGIN_API

#define TEEC_ORIGIN_API   0x00000001

#include <include/zephyr/drivers/tee.h>

Function error origins, of type TEEC_ErrorOrigin.

These indicate where in the software stack a particular return value originates from.

TEEC_ORIGIN_API The error originated within the TEE Client API implementation. TEEC_ORIGIN_COMMS The error originated within the underlying communications stack linking the rich OS with the TEE. TEEC_ORIGIN_TEE The error originated within the common TEE code. TEEC_ORIGIN_TRUSTED_APP The error originated within the Trusted Application code.

◆ TEEC_ORIGIN_COMMS

#define TEEC_ORIGIN_COMMS   0x00000002

◆ TEEC_ORIGIN_TEE

#define TEEC_ORIGIN_TEE   0x00000003

◆ TEEC_ORIGIN_TRUSTED_APP

#define TEEC_ORIGIN_TRUSTED_APP   0x00000004

◆ TEEC_SUCCESS

#define TEEC_SUCCESS   0x00000000

#include <include/zephyr/drivers/tee.h>

Return values.

Type is TEEC_Result

TEEC_SUCCESS The operation was successful. TEEC_ERROR_GENERIC Non-specific cause. TEEC_ERROR_ACCESS_DENIED Access privileges are not sufficient. TEEC_ERROR_CANCEL The operation was canceled. TEEC_ERROR_ACCESS_CONFLICT Concurrent accesses caused conflict. TEEC_ERROR_EXCESS_DATA Too much data for the requested operation was passed. TEEC_ERROR_BAD_FORMAT Input data was of invalid format. TEEC_ERROR_BAD_PARAMETERS Input parameters were invalid. TEEC_ERROR_BAD_STATE Operation is not valid in the current state. TEEC_ERROR_ITEM_NOT_FOUND The requested data item is not found. TEEC_ERROR_NOT_IMPLEMENTED The requested operation should exist but is not yet implemented. TEEC_ERROR_NOT_SUPPORTED The requested operation is valid but is not supported in this implementation. TEEC_ERROR_NO_DATA Expected data was missing. TEEC_ERROR_OUT_OF_MEMORY System ran out of resources. TEEC_ERROR_BUSY The system is busy working on something else. TEEC_ERROR_COMMUNICATION Communication with a remote party failed. TEEC_ERROR_SECURITY A security fault was detected. TEEC_ERROR_SHORT_BUFFER The supplied buffer is too short for the generated output. TEEC_ERROR_TARGET_DEAD Trusted Application has panicked during the operation. Standard defined error codes.

Typedef Documentation

◆ tee_cancel_t

tee_cancel_t

#include <include/zephyr/drivers/tee.h>

Callback API to cancel open session of invoke function to TA.

See tee_cancel() for argument definitions.

◆ tee_close_session_t

tee_close_session_t

#include <include/zephyr/drivers/tee.h>

Callback API to close session to TA.

See tee_close_session() for argument definitions.

◆ tee_get_version_t

tee_get_version_t

#include <include/zephyr/drivers/tee.h>

Callback API to get current tee version.

See tee_version_get() for argument definitions.

◆ tee_invoke_func_t

tee_invoke_func_t

#include <include/zephyr/drivers/tee.h>

Callback API to invoke function to TA.

See tee_invoke_func() for argument definitions.

◆ tee_open_session_t

tee_open_session_t

#include <include/zephyr/drivers/tee.h>

Callback API to open session to Trusted Application.

See tee_open_session() for argument definitions.

◆ tee_shm_register_t

tee_shm_register_t

#include <include/zephyr/drivers/tee.h>

Callback API to register shared memory.

See tee_shm_register() for argument definitions.

◆ tee_shm_unregister_t

tee_shm_unregister_t

#include <include/zephyr/drivers/tee.h>

Callback API to unregister shared memory.

See tee_shm_unregister() for argument definitions.

◆ tee_suppl_recv_t

tee_suppl_recv_t

#include <include/zephyr/drivers/tee.h>

Callback API to receive a request for TEE supplicant.

See tee_suppl_recv() for argument definitions.

◆ tee_suppl_send_t

tee_suppl_send_t

#include <include/zephyr/drivers/tee.h>

Callback API to send a request for TEE supplicant.

See tee_suppl_send() for argument definitions.

Function Documentation

◆ tee_add_shm()

int tee_add_shm ( const struct device dev,
void *  addr,
size_t  align,
size_t  size,
uint32_t  flags,
struct tee_shm **  shmp 
)

#include <include/zephyr/drivers/tee.h>

Helper function to allocate and register shared memory.

Allocates and registers shared memory for TEE

Parameters
devTEE device
addrAddress of the shared memory
alignRegion alignment
sizeSize of the shared memory region
flagsFlags to set registering parameters
shmpReturn shared memory structure
Return values
0On success, negative on error

◆ tee_cancel()

int tee_cancel ( const struct device dev,
uint32_t  session_id,
uint32_t  cancel_id 
)

#include <include/zephyr/drivers/tee.h>

Cancel session or invoke function for Trusted Environment.

Cancels session or invoke function for TA

Parameters
devTEE device
session_idsession to close
cancel_idcancel reason
Return values
-ENOSYSIf callback was not implemented
0On success, negative on error

◆ tee_close_session()

int tee_close_session ( const struct device dev,
uint32_t  session_id 
)

#include <include/zephyr/drivers/tee.h>

Close session for Trusted Environment.

Closes session to the Trusted Environment

Parameters
devTEE device
session_idsession to close
Return values
-ENOSYSIf callback was not implemented
0On success, negative on error

◆ tee_get_version()

int tee_get_version ( const struct device dev,
struct tee_version_info info 
)

#include <include/zephyr/drivers/tee.h>

Get the current TEE version info.

Returns info as tee version info which includes capabilities description

Parameters
devTEE device
infoStructure to return the capabilities
Return values
-ENOSYSIf callback was not implemented
0On success, negative on error

◆ tee_invoke_func()

int tee_invoke_func ( const struct device dev,
struct tee_invoke_func_arg arg,
unsigned int  num_param,
struct tee_param param 
)

#include <include/zephyr/drivers/tee.h>

Invoke function for Trusted Environment Application.

Invokes function to the TA

Parameters
devTEE device
argStructure with the invoke function arguments
num_paramNumber of the additional params to be passed
paramList of the params to pass to open_session call
Return values
-ENOSYSIf callback was not implemented
0On success, negative on error

◆ tee_open_session()

int tee_open_session ( const struct device dev,
struct tee_open_session_arg arg,
unsigned int  num_param,
struct tee_param param,
uint32_t session_id 
)

#include <include/zephyr/drivers/tee.h>

Open session for Trusted Environment.

Opens the new session to the Trusted Environment

Parameters
devTEE device
argStructure with the session arguments
num_paramNumber of the additional params to be passed
paramList of the params to pass to open_session call
session_idReturns id of the created session
Return values
-ENOSYSIf callback was not implemented
0On success, negative on error

◆ tee_rm_shm()

int tee_rm_shm ( const struct device dev,
struct tee_shm shm 
)

#include <include/zephyr/drivers/tee.h>

Helper function to remove and unregister shared memory.

Removes and unregisters shared memory for TEE

Parameters
devTEE device
shmPointer to tee_shm structure
Return values
0On success, negative on error

◆ tee_shm_alloc()

int tee_shm_alloc ( const struct device dev,
size_t  size,
uint32_t  flags,
struct tee_shm **  shm 
)

#include <include/zephyr/drivers/tee.h>

Allocate shared memory region for Trusted Environment.

Allocate shared memory for TEE

Parameters
devTEE device
sizeRegion size
flagsto allocate region
shmReturn shared memory structure
Return values
-ENOSYSIf callback was not implemented
0On success, negative on error

◆ tee_shm_free()

int tee_shm_free ( const struct device dev,
struct tee_shm shm 
)

#include <include/zephyr/drivers/tee.h>

Free shared memory region for Trusted Environment.

Frees shared memory for TEE

Parameters
devTEE device
shmShared memory structure
Return values
-ENOSYSIf callback was not implemented
0On success, negative on error

◆ tee_shm_register()

int tee_shm_register ( const struct device dev,
void *  addr,
size_t  size,
uint32_t  flags,
struct tee_shm **  shm 
)

#include <include/zephyr/drivers/tee.h>

Register shared memory for Trusted Environment.

Registers shared memory for TEE

Parameters
devTEE device
addrAddress of the shared memory
sizeSize of the shared memory region
flagsFlags to set registering parameters
shmReturn shared memory structure
Return values
-ENOSYSIf callback was not implemented
0On success, negative on error

◆ tee_shm_unregister()

int tee_shm_unregister ( const struct device dev,
struct tee_shm shm 
)

#include <include/zephyr/drivers/tee.h>

Unregister shared memory for Trusted Environment.

Unregisters shared memory for TEE

Parameters
devTEE device
shmShared memory structure
Return values
-ENOSYSIf callback was not implemented
0On success, negative on error

◆ tee_suppl_recv()

int tee_suppl_recv ( const struct device dev,
uint32_t func,
unsigned int *  num_params,
struct tee_param param 
)

#include <include/zephyr/drivers/tee.h>

Receive a request for TEE Supplicant.

Parameters
devTEE device
funcSupplicant function
num_paramsNumber of parameters to be passed
paramList of the params for send/receive
Return values
-ENOSYSIf callback was not implemented
0On success, negative on error

◆ tee_suppl_send()

int tee_suppl_send ( const struct device dev,
unsigned int  ret,
unsigned int  num_params,
struct tee_param param 
)

#include <include/zephyr/drivers/tee.h>

Send a request for TEE Supplicant function.

Parameters
devTEE device
retsupplicant return code
num_paramsNumber of parameters to be passed
paramList of the params for send/receive
Return values
-ENOSYSIf callback was not implemented
Returnvalue for sent request
0On success, negative on error