mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-18 16:44:27 +08:00
50709576d8
Add a separate documentation directory for TEE subsystem since it is a standalone subsystem which already offers devices consumed by multiple different subsystem drivers. Split overall TEE subsystem documentation modularly where: - The userspace API has been moved to Documentation/userspace-api/tee.rst. - The driver API has been moved to Documentation/driver-api/tee.rst. - The first module covers the overview of TEE subsystem. - The further modules are dedicated to different TEE implementations like: - OP-TEE - AMD-TEE - and so on for future TEE implementation support. Acked-by: Rijo Thomas <Rijo-john.Thomas@amd.com> Acked-by: Jens Wiklander <jens.wiklander@linaro.org> Signed-off-by: Sumit Garg <sumit.garg@linaro.org> Signed-off-by: Jonathan Corbet <corbet@lwn.net> Link: https://lore.kernel.org/r/20231128072352.866859-1-sumit.garg@linaro.org
40 lines
1.6 KiB
ReStructuredText
40 lines
1.6 KiB
ReStructuredText
.. SPDX-License-Identifier: GPL-2.0
|
|
.. tee:
|
|
|
|
==================================================
|
|
TEE (Trusted Execution Environment) Userspace API
|
|
==================================================
|
|
|
|
include/uapi/linux/tee.h defines the generic interface to a TEE.
|
|
|
|
User space (the client) connects to the driver by opening /dev/tee[0-9]* or
|
|
/dev/teepriv[0-9]*.
|
|
|
|
- TEE_IOC_SHM_ALLOC allocates shared memory and returns a file descriptor
|
|
which user space can mmap. When user space doesn't need the file
|
|
descriptor any more, it should be closed. When shared memory isn't needed
|
|
any longer it should be unmapped with munmap() to allow the reuse of
|
|
memory.
|
|
|
|
- TEE_IOC_VERSION lets user space know which TEE this driver handles and
|
|
its capabilities.
|
|
|
|
- TEE_IOC_OPEN_SESSION opens a new session to a Trusted Application.
|
|
|
|
- TEE_IOC_INVOKE invokes a function in a Trusted Application.
|
|
|
|
- TEE_IOC_CANCEL may cancel an ongoing TEE_IOC_OPEN_SESSION or TEE_IOC_INVOKE.
|
|
|
|
- TEE_IOC_CLOSE_SESSION closes a session to a Trusted Application.
|
|
|
|
There are two classes of clients, normal clients and supplicants. The latter is
|
|
a helper process for the TEE to access resources in Linux, for example file
|
|
system access. A normal client opens /dev/tee[0-9]* and a supplicant opens
|
|
/dev/teepriv[0-9].
|
|
|
|
Much of the communication between clients and the TEE is opaque to the
|
|
driver. The main job for the driver is to receive requests from the
|
|
clients, forward them to the TEE and send back the results. In the case of
|
|
supplicants the communication goes in the other direction, the TEE sends
|
|
requests to the supplicant which then sends back the result.
|