Zephyr API Documentation 4.0.0-rc2
A Scalable Open Source RTOS
|
Trusted Execution Environment Interface . More...
Data Structures | |
struct | tee_version_info |
TEE version. More... | |
struct | tee_open_session_arg |
| |
struct | tee_param |
Tee parameter. More... | |
struct | tee_invoke_func_arg |
Invokes a function in a Trusted Application. More... | |
struct | tee_shm |
Tee shared memory structure. More... | |
struct | tee_driver_api |
Macros | |
#define | TEE_UUID_LEN 16 |
#define | TEE_GEN_CAP_GP BIT(0) /* GlobalPlatform compliant TEE */ |
#define | TEE_GEN_CAP_PRIVILEGED BIT(1) /* Privileged device (for supplicant) */ |
#define | TEE_GEN_CAP_REG_MEM BIT(2) /* Supports registering shared memory */ |
#define | TEE_GEN_CAP_MEMREF_NULL BIT(3) /* Support NULL MemRef */ |
#define | TEE_SHM_REGISTER BIT(0) |
#define | TEE_SHM_ALLOC BIT(1) |
#define | TEE_PARAM_ATTR_TYPE_NONE 0 /* parameter not used */ |
#define | TEE_PARAM_ATTR_TYPE_VALUE_INPUT 1 |
#define | TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT 2 |
#define | TEE_PARAM_ATTR_TYPE_VALUE_INOUT 3 /* input and output */ |
#define | TEE_PARAM_ATTR_TYPE_MEMREF_INPUT 5 |
#define | TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT 6 |
#define | TEE_PARAM_ATTR_TYPE_MEMREF_INOUT 7 /* input and output */ |
#define | TEE_PARAM_ATTR_TYPE_MASK 0xff |
#define | TEE_PARAM_ATTR_META 0x100 |
#define | TEE_PARAM_ATTR_MASK (TEE_PARAM_ATTR_TYPE_MASK | TEE_PARAM_ATTR_META) |
#define | TEEC_ORIGIN_API 0x00000001 |
Function error origins, of type TEEC_ErrorOrigin. | |
#define | TEEC_ORIGIN_COMMS 0x00000002 |
#define | TEEC_ORIGIN_TEE 0x00000003 |
#define | TEEC_ORIGIN_TRUSTED_APP 0x00000004 |
#define | TEEC_SUCCESS 0x00000000 |
Return values. | |
#define | TEEC_ERROR_STORAGE_NOT_AVAILABLE 0xF0100003 |
#define | TEEC_ERROR_GENERIC 0xFFFF0000 |
#define | TEEC_ERROR_ACCESS_DENIED 0xFFFF0001 |
#define | TEEC_ERROR_CANCEL 0xFFFF0002 |
#define | TEEC_ERROR_ACCESS_CONFLICT 0xFFFF0003 |
#define | TEEC_ERROR_EXCESS_DATA 0xFFFF0004 |
#define | TEEC_ERROR_BAD_FORMAT 0xFFFF0005 |
#define | TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 |
#define | TEEC_ERROR_BAD_STATE 0xFFFF0007 |
#define | TEEC_ERROR_ITEM_NOT_FOUND 0xFFFF0008 |
#define | TEEC_ERROR_NOT_IMPLEMENTED 0xFFFF0009 |
#define | TEEC_ERROR_NOT_SUPPORTED 0xFFFF000A |
#define | TEEC_ERROR_NO_DATA 0xFFFF000B |
#define | TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C |
#define | TEEC_ERROR_BUSY 0xFFFF000D |
#define | TEEC_ERROR_COMMUNICATION 0xFFFF000E |
#define | TEEC_ERROR_SECURITY 0xFFFF000F |
#define | TEEC_ERROR_SHORT_BUFFER 0xFFFF0010 |
#define | TEEC_ERROR_EXTERNAL_CANCEL 0xFFFF0011 |
#define | TEEC_ERROR_TARGET_DEAD 0xFFFF3024 |
#define | TEEC_ERROR_STORAGE_NO_SPACE 0xFFFF3041 |
#define | TEEC_LOGIN_PUBLIC 0x00000000 |
Session login methods, for use in tee_open_session() as parameter connectionMethod. | |
#define | TEEC_LOGIN_USER 0x00000001 |
#define | TEEC_LOGIN_GROUP 0x00000002 |
#define | TEEC_LOGIN_APPLICATION 0x00000004 |
#define | TEEC_LOGIN_USER_APPLICATION 0x00000005 |
#define | TEEC_LOGIN_GROUP_APPLICATION 0x00000006 |
Typedefs | |
typedef int(* | tee_get_version_t) (const struct device *dev, struct tee_version_info *info) |
Callback API to get current tee version. | |
typedef int(* | tee_open_session_t) (const struct device *dev, struct tee_open_session_arg *arg, unsigned int num_param, struct tee_param *param, uint32_t *session_id) |
Callback API to open session to Trusted Application. | |
typedef int(* | tee_close_session_t) (const struct device *dev, uint32_t session_id) |
Callback API to close session to TA. | |
typedef int(* | tee_cancel_t) (const struct device *dev, uint32_t session_id, uint32_t cancel_id) |
Callback API to cancel open session of invoke function to TA. | |
typedef int(* | tee_invoke_func_t) (const struct device *dev, struct tee_invoke_func_arg *arg, unsigned int num_param, struct tee_param *param) |
Callback API to invoke function to TA. | |
typedef int(* | tee_shm_register_t) (const struct device *dev, struct tee_shm *shm) |
Callback API to register shared memory. | |
typedef int(* | tee_shm_unregister_t) (const struct device *dev, struct tee_shm *shm) |
Callback API to unregister shared memory. | |
typedef int(* | tee_suppl_recv_t) (const struct device *dev, uint32_t *func, unsigned int *num_params, struct tee_param *param) |
Callback API to receive a request for TEE supplicant. | |
typedef int(* | tee_suppl_send_t) (const struct device *dev, unsigned int ret, unsigned int num_params, struct tee_param *param) |
Callback API to send a request for TEE supplicant. | |
Functions | |
int | tee_get_version (const struct device *dev, struct tee_version_info *info) |
Get the current TEE version info. | |
int | tee_open_session (const struct device *dev, struct tee_open_session_arg *arg, unsigned int num_param, struct tee_param *param, uint32_t *session_id) |
Open session for Trusted Environment. | |
int | tee_close_session (const struct device *dev, uint32_t session_id) |
Close session for Trusted Environment. | |
int | tee_cancel (const struct device *dev, uint32_t session_id, uint32_t cancel_id) |
Cancel session or invoke function for Trusted Environment. | |
int | tee_invoke_func (const struct device *dev, struct tee_invoke_func_arg *arg, unsigned int num_param, struct tee_param *param) |
Invoke function for Trusted Environment Application. | |
int | tee_add_shm (const struct device *dev, void *addr, size_t align, size_t size, uint32_t flags, struct tee_shm **shmp) |
Helper function to allocate and register shared memory. | |
int | tee_rm_shm (const struct device *dev, struct tee_shm *shm) |
Helper function to remove and unregister shared memory. | |
int | tee_shm_register (const struct device *dev, void *addr, size_t size, uint32_t flags, struct tee_shm **shm) |
Register shared memory for Trusted Environment. | |
int | tee_shm_unregister (const struct device *dev, struct tee_shm *shm) |
Unregister shared memory for Trusted Environment. | |
int | tee_shm_alloc (const struct device *dev, size_t size, uint32_t flags, struct tee_shm **shm) |
Allocate shared memory region for Trusted Environment. | |
int | tee_shm_free (const struct device *dev, struct tee_shm *shm) |
Free shared memory region for Trusted Environment. | |
int | tee_suppl_recv (const struct device *dev, uint32_t *func, unsigned int *num_params, struct tee_param *param) |
Receive a request for TEE Supplicant. | |
int | tee_suppl_send (const struct device *dev, unsigned int ret, unsigned int num_params, struct tee_param *param) |
Send a request for TEE Supplicant function. | |
Trusted Execution Environment Interface .
The generic interface to work with Trusted Execution Environment (TEE). TEE is Trusted OS, running in the Secure Space, such as TrustZone in ARM cpus. It also can be presented as the separate secure co-processors. It allows system to implement logic, separated from the Normal World.
Using TEE syscalls:
#define TEE_GEN_CAP_GP BIT(0) /* GlobalPlatform compliant TEE */ |
#include <zephyr/drivers/tee.h>
#define TEE_GEN_CAP_MEMREF_NULL BIT(3) /* Support NULL MemRef */ |
#include <zephyr/drivers/tee.h>
#include <zephyr/drivers/tee.h>
#define TEE_GEN_CAP_REG_MEM BIT(2) /* Supports registering shared memory */ |
#include <zephyr/drivers/tee.h>
#define TEE_PARAM_ATTR_MASK (TEE_PARAM_ATTR_TYPE_MASK | TEE_PARAM_ATTR_META) |
#include <zephyr/drivers/tee.h>
#define TEE_PARAM_ATTR_META 0x100 |
#include <zephyr/drivers/tee.h>
#define TEE_PARAM_ATTR_TYPE_MASK 0xff |
#include <zephyr/drivers/tee.h>
#define TEE_PARAM_ATTR_TYPE_MEMREF_INOUT 7 /* input and output */ |
#include <zephyr/drivers/tee.h>
#define TEE_PARAM_ATTR_TYPE_MEMREF_INPUT 5 |
#include <zephyr/drivers/tee.h>
#define TEE_PARAM_ATTR_TYPE_MEMREF_OUTPUT 6 |
#include <zephyr/drivers/tee.h>
#define TEE_PARAM_ATTR_TYPE_NONE 0 /* parameter not used */ |
#include <zephyr/drivers/tee.h>
#define TEE_PARAM_ATTR_TYPE_VALUE_INOUT 3 /* input and output */ |
#include <zephyr/drivers/tee.h>
#define TEE_PARAM_ATTR_TYPE_VALUE_INPUT 1 |
#include <zephyr/drivers/tee.h>
#define TEE_PARAM_ATTR_TYPE_VALUE_OUTPUT 2 |
#include <zephyr/drivers/tee.h>
#define TEE_SHM_ALLOC BIT(1) |
#include <zephyr/drivers/tee.h>
#define TEE_SHM_REGISTER BIT(0) |
#include <zephyr/drivers/tee.h>
#define TEE_UUID_LEN 16 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_ACCESS_CONFLICT 0xFFFF0003 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_ACCESS_DENIED 0xFFFF0001 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_BAD_FORMAT 0xFFFF0005 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_BAD_PARAMETERS 0xFFFF0006 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_BAD_STATE 0xFFFF0007 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_BUSY 0xFFFF000D |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_CANCEL 0xFFFF0002 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_COMMUNICATION 0xFFFF000E |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_EXCESS_DATA 0xFFFF0004 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_EXTERNAL_CANCEL 0xFFFF0011 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_GENERIC 0xFFFF0000 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_ITEM_NOT_FOUND 0xFFFF0008 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_NO_DATA 0xFFFF000B |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_NOT_IMPLEMENTED 0xFFFF0009 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_NOT_SUPPORTED 0xFFFF000A |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_OUT_OF_MEMORY 0xFFFF000C |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_SECURITY 0xFFFF000F |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_SHORT_BUFFER 0xFFFF0010 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_STORAGE_NO_SPACE 0xFFFF3041 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_STORAGE_NOT_AVAILABLE 0xF0100003 |
#include <zephyr/drivers/tee.h>
#define TEEC_ERROR_TARGET_DEAD 0xFFFF3024 |
#include <zephyr/drivers/tee.h>
#define TEEC_LOGIN_APPLICATION 0x00000004 |
#include <zephyr/drivers/tee.h>
#define TEEC_LOGIN_GROUP 0x00000002 |
#include <zephyr/drivers/tee.h>
#define TEEC_LOGIN_GROUP_APPLICATION 0x00000006 |
#include <zephyr/drivers/tee.h>
#define TEEC_LOGIN_PUBLIC 0x00000000 |
#include <zephyr/drivers/tee.h>
Session login methods, for use in tee_open_session() as parameter connectionMethod.
Type is uint32_t.
TEEC_LOGIN_PUBLIC No login data is provided. TEEC_LOGIN_USER Login data about the user running the Client Application process is provided. TEEC_LOGIN_GROUP Login data about the group running the Client Application process is provided. TEEC_LOGIN_APPLICATION Login data about the running Client Application itself is provided. TEEC_LOGIN_USER_APPLICATION Login data about the user and the running Client Application itself is provided. TEEC_LOGIN_GROUP_APPLICATION Login data about the group and the running Client Application itself is provided.
#define TEEC_LOGIN_USER 0x00000001 |
#include <zephyr/drivers/tee.h>
#define TEEC_LOGIN_USER_APPLICATION 0x00000005 |
#include <zephyr/drivers/tee.h>
#define TEEC_ORIGIN_API 0x00000001 |
#include <zephyr/drivers/tee.h>
Function error origins, of type TEEC_ErrorOrigin.
These indicate where in the software stack a particular return value originates from.
TEEC_ORIGIN_API The error originated within the TEE Client API implementation. TEEC_ORIGIN_COMMS The error originated within the underlying communications stack linking the rich OS with the TEE. TEEC_ORIGIN_TEE The error originated within the common TEE code. TEEC_ORIGIN_TRUSTED_APP The error originated within the Trusted Application code.
#define TEEC_ORIGIN_COMMS 0x00000002 |
#include <zephyr/drivers/tee.h>
#define TEEC_ORIGIN_TEE 0x00000003 |
#include <zephyr/drivers/tee.h>
#define TEEC_ORIGIN_TRUSTED_APP 0x00000004 |
#include <zephyr/drivers/tee.h>
#define TEEC_SUCCESS 0x00000000 |
#include <zephyr/drivers/tee.h>
Return values.
Type is TEEC_Result
TEEC_SUCCESS The operation was successful. TEEC_ERROR_GENERIC Non-specific cause. TEEC_ERROR_ACCESS_DENIED Access privileges are not sufficient. TEEC_ERROR_CANCEL The operation was canceled. TEEC_ERROR_ACCESS_CONFLICT Concurrent accesses caused conflict. TEEC_ERROR_EXCESS_DATA Too much data for the requested operation was passed. TEEC_ERROR_BAD_FORMAT Input data was of invalid format. TEEC_ERROR_BAD_PARAMETERS Input parameters were invalid. TEEC_ERROR_BAD_STATE Operation is not valid in the current state. TEEC_ERROR_ITEM_NOT_FOUND The requested data item is not found. TEEC_ERROR_NOT_IMPLEMENTED The requested operation should exist but is not yet implemented. TEEC_ERROR_NOT_SUPPORTED The requested operation is valid but is not supported in this implementation. TEEC_ERROR_NO_DATA Expected data was missing. TEEC_ERROR_OUT_OF_MEMORY System ran out of resources. TEEC_ERROR_BUSY The system is busy working on something else. TEEC_ERROR_COMMUNICATION Communication with a remote party failed. TEEC_ERROR_SECURITY A security fault was detected. TEEC_ERROR_SHORT_BUFFER The supplied buffer is too short for the generated output. TEEC_ERROR_TARGET_DEAD Trusted Application has panicked during the operation. Standard defined error codes.
#include <zephyr/drivers/tee.h>
Callback API to cancel open session of invoke function to TA.
See tee_cancel() for argument definitions.
#include <zephyr/drivers/tee.h>
Callback API to close session to TA.
See tee_close_session() for argument definitions.
typedef int(* tee_get_version_t) (const struct device *dev, struct tee_version_info *info) |
#include <zephyr/drivers/tee.h>
Callback API to get current tee version.
See tee_version_get() for argument definitions.
typedef int(* tee_invoke_func_t) (const struct device *dev, struct tee_invoke_func_arg *arg, unsigned int num_param, struct tee_param *param) |
#include <zephyr/drivers/tee.h>
Callback API to invoke function to TA.
See tee_invoke_func() for argument definitions.
typedef int(* tee_open_session_t) (const struct device *dev, struct tee_open_session_arg *arg, unsigned int num_param, struct tee_param *param, uint32_t *session_id) |
#include <zephyr/drivers/tee.h>
Callback API to open session to Trusted Application.
See tee_open_session() for argument definitions.
#include <zephyr/drivers/tee.h>
Callback API to register shared memory.
See tee_shm_register() for argument definitions.
#include <zephyr/drivers/tee.h>
Callback API to unregister shared memory.
See tee_shm_unregister() for argument definitions.
typedef int(* tee_suppl_recv_t) (const struct device *dev, uint32_t *func, unsigned int *num_params, struct tee_param *param) |
#include <zephyr/drivers/tee.h>
Callback API to receive a request for TEE supplicant.
See tee_suppl_recv() for argument definitions.
typedef int(* tee_suppl_send_t) (const struct device *dev, unsigned int ret, unsigned int num_params, struct tee_param *param) |
#include <zephyr/drivers/tee.h>
Callback API to send a request for TEE supplicant.
See tee_suppl_send() for argument definitions.
int tee_add_shm | ( | const struct device * | dev, |
void * | addr, | ||
size_t | align, | ||
size_t | size, | ||
uint32_t | flags, | ||
struct tee_shm ** | shmp ) |
#include <zephyr/drivers/tee.h>
Helper function to allocate and register shared memory.
Allocates and registers shared memory for TEE
dev | TEE device |
addr | Address of the shared memory |
align | Region alignment |
size | Size of the shared memory region |
flags | Flags to set registering parameters |
shmp | Return shared memory structure |
0 | On success, negative on error |
#include <zephyr/drivers/tee.h>
Cancel session or invoke function for Trusted Environment.
Cancels session or invoke function for TA
dev | TEE device |
session_id | session to close |
cancel_id | cancel reason |
-ENOSYS | If callback was not implemented |
0 | On success, negative on error |
#include <zephyr/drivers/tee.h>
Close session for Trusted Environment.
Closes session to the Trusted Environment
dev | TEE device |
session_id | session to close |
-ENOSYS | If callback was not implemented |
0 | On success, negative on error |
int tee_get_version | ( | const struct device * | dev, |
struct tee_version_info * | info ) |
#include <zephyr/drivers/tee.h>
Get the current TEE version info.
Returns info as tee version info which includes capabilities description
dev | TEE device |
info | Structure to return the capabilities |
-ENOSYS | If callback was not implemented |
0 | On success, negative on error |
int tee_invoke_func | ( | const struct device * | dev, |
struct tee_invoke_func_arg * | arg, | ||
unsigned int | num_param, | ||
struct tee_param * | param ) |
#include <zephyr/drivers/tee.h>
Invoke function for Trusted Environment Application.
Invokes function to the TA
dev | TEE device |
arg | Structure with the invoke function arguments |
num_param | Number of the additional params to be passed |
param | List of the params to pass to open_session call |
-ENOSYS | If callback was not implemented |
0 | On success, negative on error |
int tee_open_session | ( | const struct device * | dev, |
struct tee_open_session_arg * | arg, | ||
unsigned int | num_param, | ||
struct tee_param * | param, | ||
uint32_t * | session_id ) |
#include <zephyr/drivers/tee.h>
Open session for Trusted Environment.
Opens the new session to the Trusted Environment
dev | TEE device |
arg | Structure with the session arguments |
num_param | Number of the additional params to be passed |
param | List of the params to pass to open_session call |
session_id | Returns id of the created session |
-ENOSYS | If callback was not implemented |
0 | On success, negative on error |
#include <zephyr/drivers/tee.h>
Helper function to remove and unregister shared memory.
Removes and unregisters shared memory for TEE
dev | TEE device |
shm | Pointer to tee_shm structure |
0 | On success, negative on error |
#include <zephyr/drivers/tee.h>
Allocate shared memory region for Trusted Environment.
Allocate shared memory for TEE
dev | TEE device |
size | Region size |
flags | to allocate region |
shm | Return shared memory structure |
-ENOSYS | If callback was not implemented |
0 | On success, negative on error |
#include <zephyr/drivers/tee.h>
Free shared memory region for Trusted Environment.
Frees shared memory for TEE
dev | TEE device |
shm | Shared memory structure |
-ENOSYS | If callback was not implemented |
0 | On success, negative on error |
int tee_shm_register | ( | const struct device * | dev, |
void * | addr, | ||
size_t | size, | ||
uint32_t | flags, | ||
struct tee_shm ** | shm ) |
#include <zephyr/drivers/tee.h>
Register shared memory for Trusted Environment.
Registers shared memory for TEE
dev | TEE device |
addr | Address of the shared memory |
size | Size of the shared memory region |
flags | Flags to set registering parameters |
shm | Return shared memory structure |
-ENOSYS | If callback was not implemented |
0 | On success, negative on error |
#include <zephyr/drivers/tee.h>
Unregister shared memory for Trusted Environment.
Unregisters shared memory for TEE
dev | TEE device |
shm | Shared memory structure |
-ENOSYS | If callback was not implemented |
0 | On success, negative on error |
int tee_suppl_recv | ( | const struct device * | dev, |
uint32_t * | func, | ||
unsigned int * | num_params, | ||
struct tee_param * | param ) |
#include <zephyr/drivers/tee.h>
Receive a request for TEE Supplicant.
dev | TEE device |
func | Supplicant function |
num_params | Number of parameters to be passed |
param | List of the params for send/receive |
-ENOSYS | If callback was not implemented |
0 | On success, negative on error |
int tee_suppl_send | ( | const struct device * | dev, |
unsigned int | ret, | ||
unsigned int | num_params, | ||
struct tee_param * | param ) |
#include <zephyr/drivers/tee.h>
Send a request for TEE Supplicant function.
dev | TEE device |
ret | supplicant return code |
num_params | Number of parameters to be passed |
param | List of the params for send/receive |
-ENOSYS | If callback was not implemented |
Return | value for sent request |
0 | On success, negative on error |