STM32 MPU OP-TEE overview

Revision as of 10:33, 2 April 2024 by Registered User
Applicable for STM32MP13x lines, STM32MP15x lines, STM32MP25x lines
Renaming.png This page is a candidate for renaming (move).
The requested new name is: STM32 MPU OP-TEE overview .
The supplied reason is: new OP-TEE wiki structure .
-- LPA.
Wiki maintainers: remember to update the pages that link this page before renaming (moving) it.

1. What's OP-TEE[edit source]

Zoom out to OpenSTLinux distribution

OP-TEE is an open source software component hosted by Trusted Firmware[1] organisation. It allows the development and integration of services and applications running on Cortex-A trusted execution environment (also called secure context), that is isolated from Cortex-A non-secure context running the Linux® -based OS.

Description extracted from the OP-TEE site[2]:

"OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. OP-TEE implements TEE Internal Core API v1.1.x which is the API exposed to Trusted Applications and the TEE Client API v1.0, which is the API describing how to communicate with a TEE. Those APIs are defined in the GlobalPlatform API specifications."

OP-TEE is delivered under a BSD style license and can run secure (trusted) applications, named TAs, without restriction on their licensing model. It allows customers to reuse STM32 MPU support developped by ST in the TEE of their choice.

For more details about OP-TEE open source project and internal architecture, please refer to OP-TEE overview (name to change)

2. OP-TEE roles in OSTL[edit source]

ST made the choice to implement OP-TEE in all STM32 MPU platforms (STM32MP1 and STM32MP2) for several reasons:

  • To have an open source solution for Cortex-A secure context which can be a reference implementation for customers
  • To have the same boot architecture for secure and non-secure device to ease customer life if he wants to activate security during his project development
  • To support firmware update including platform system configuration without impacting FSBL. Indeed OP-TEE binary is part of FIP image which can easily be updated at the same time of the Linux distribution. FSBL could be considered as immutable.


In OSTL implementation, OP-TEE is responsible for:

  • System configuration at boot time: that means preparing the platform for applications and coprocessor execution by configuring all system resources like clock tree, memory and peripheral firewall, bus QoS...
  • System resource management at runtime: that means providing services based on SCMI API to access resources that are either exclusively controlled by Cortex-A secure context or that are shared between several execution contexts. In this last case, system resource management services act as platform arbiter.
  • Secure services at runtime: Based on GlobalPlatform TEE API specifications, provide secure services like cryptographic operations, secure storage, random number generator, trusted coprocessor management or user trusted application support. All services could be enabled or disabled according to customer product requirements.

On STM32MP1 series, due to Armv7-a architecture limitation, OP-TEE is also implementing:

  • Low power Cortex-A management: Based on PSCI standard API, OP-TEE is providing Cortex-A and system low power support.

Optee-services.png

3. OP-TEE profiles[edit source]

To easily adapt OP-TEE content to customer product needs, ST proposes different profiles which can be selected by compilation flags.


3.1. System resource manager profile[edit source]

In the mode, OP-TEE is limited to system resources initialization and management.
It configures clock tree and firewall according to Device Tree configuration and provide SCMI server.
On STM32MP1 series, it also provide PSCI services for low power management.
The following figure shows an overview of OP-TEE services in this configuration.

Optee-system-profile.png

3.2. Secure Service profile[edit source]

In addition of system management services, this profile enables OP-TEE secure services including trusted applications (TAs) support.
The following figure shows an overview of OP-TEE services in this configuration.

Optee-secure-profile.png

Info white.png Information
Note that even if it is possible to disable system resource management support in OP-TEE, ST doesn't recommand this option in order to guarantee integrity of peripherals used by Cortex-A secure context

For more information about OP-TEE profiles activation, please refer to STM32MPU OP-TEE configuration


4. OP-TEE overview per STM32 MPU device[edit source]

OP-TEE content depends also on the microprocessor device and related peripherals that should be managed by Cortex-A secure context.

The next chapters provide an overview of OP-TEE for each supported STM32 MPU device.

In each figure, the implemented OP-TEE core drivers for each device are mentioned in UPPERCASE, with their respective software frameworks in lowercase.

The components are grouped per functional domains.
Each OP-TEE framework is further described in OP-TEE secure OS category articles.
Each STM32 MPU peripheral is introduced in peripherals overview articles.
Both those sections are reusing the same functional domain split.

The color code, explained in the legend, allows to see the code origin for each component. OpenSTLinux BSP legend.png


4.1. STM32MP13x lines More info.png[edit source]

4.2. STM32MP15x lines More info.png[edit source]

4.3. STM32MP25x lines More info.png[edit source]

On STM32MP25x lines More info.png, when Cortex-A35 main processor mode is selected, OP-TEE is the main TEE of the platform.
It is running in Cortex-A35 secure context (EL2S and EL1S execution level). It is associated to TF-A BL31 secure monitor which is running in Cortex-A35 EL3 and which is providing Cortex-A35 cluster low power functionalities via PSCI interface.

OP-TEE is in charge of:

  • System resources management:
    • Internal and external regulators
    • Clock tree (PLLs and Root clocks)
    • System peripheral clock gating
    • Oscillators calibration
    • Firewall configuration and dynamic management
    • Wakeup pins
  • Secure services
    • Cryptography
    • PKCS#11
    • Secure storage (in OTP and/or eMMC RPMB)
    • Trusted UI
    • stMM for secure UEFI
    • fTPM (firmware TPM) for TPM emulation
    • OTP for provisionning
    • SecCopro for secure coprocessor management

Like previously mentioned, the different features can be independently activated according to customer needs.

The following figure provides an overview of STM32MP25x lines More info.png OP-TEE.

STM32MP25 OP-TEE overview.png



5. References[edit source]

  1. https://www.trustedfirmware.org
  2. https://op-tee.org

Microprocessor unit

Open portable trusted execution environment

Cortex®

Linux® is a registered trademark of Linus Torvalds.

Operating system

Trusted execution environment

Arm® is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. Arm logo.png

TrustZone®
Arm® and TrustZone® are registered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

Application programming interface

First stage boot loader

Firmware image package is a packaging format used by TF-A

System control and management interface

Power state coordination interface

Trusted firmware for Arm® Cortex®-A

One time programmed

Former spelling for e•MMC ('e' in italic)

User interface

Trusted platform module

Retrieved from "https://wiki.st.com/stm32mpu/index.php?title=STM32_MPU_OP-TEE_overview&oldid=101164"