TEE System Architecture – Public Release v1.1 3 / 43
Copyright 2011-2017 GlobalPlatform, Inc. All Rights Reserved.
The technology provided or described herein is subject to updates, revisions, and extensions by GlobalPlatform. Use of this
information is governed by the GlobalPlatform license agreement and any use inconsistent with that agreement is strictly
prohibited.
Contents
1 Introduction ............................................................................................................................ 5
1.1 Audience ............................................................................................................................................... 5
1.2 IPR Disclaimer....................................................................................................................................... 6
1.3 References ............................................................................................................................................ 6
1.4 Terminology and Definitions .................................................................................................................. 7
1.5 Abbreviations and Notations ............................................................................................................... 10
1.6 Revision History .................................................................................................................................. 11
2 TEE Device Architecture Overview ..................................................................................... 12
2.1 Typical Chipset Architecture ............................................................................................................... 13
2.2 Hardware Architecture ........................................................................................................................ 14
2.2.1 TEE High Level Security Requirements ....................................................................................... 14
2.2.2 TEE Resources ............................................................................................................................ 15
2.2.3 REE and TEE Resource Sharing ................................................................................................. 16
3 TEE Software Interfaces....................................................................................................... 18
3.1 The TEE Software Architecture........................................................................................................... 19
3.2 Components of a GPD TEE ................................................................................................................ 21
3.2.1 REE Interfaces to the TEE ........................................................................................................... 21
3.2.2 Trusted OS Components ............................................................................................................. 21
3.2.3 Trusted Applications (TAs) ........................................................................................................... 22
3.2.4 Shared Memory ............................................................................................................................ 22
3.2.5 TA to TA Communication ............................................................................................................. 22
3.3 Relationship between TEE APIs ......................................................................................................... 23
3.4 The TEE Client API Architecture ......................................................................................................... 24
3.5 The TEE Internal API Architecture ...................................................................................................... 25
3.5.1 The TEE Internal Core API .......................................................................................................... 25
3.5.2 The TEE Sockets API .................................................................................................................. 26
3.5.3 The TEE TA Debug API Architecture ........................................................................................... 27
3.5.4 The TEE Secure Element API Architecture ................................................................................. 28
3.5.5 The TEE Trusted User Interface API Architecture ....................................................................... 29
3.6 Variations of TEE Architecture Found on Real Devices ..................................................................... 30
3.6.1 A GPD TEE Can Have Proprietary Extensions ............................................................................ 30
3.6.2 A Device Can Have Many TEEs .................................................................................................. 31
3.6.3 Not All TEEs on a Device Need To Be GlobalPlatform Compliant .............................................. 33
4 TEE Management.................................................................................................................. 34
5 TEE Implementation Considerations .................................................................................. 38
5.1 Device States ...................................................................................................................................... 38
5.2 Boot Time Environment ....................................................................................................................... 39
5.2.1 Typical Boot Sequence ................................................................................................................ 39
5.3 Run-Time Environment ....................................................................................................................... 43
5.3.1 TEE Functionality Availability ....................................................................................................... 43
评论2
最新资源