TEE Proposed For Merging In Linux 4.12: "Trusted" Execution Environment
The ARM folks have requested that the TEE subsystem and OP-TEE drivers be included in Linux 4.12, the Trusted Execution Environment.
The Trusted Execution Environment is is about communicating with a trusted OS running in a secure environment, separate from the Linux kernel itself. Of course, any time "trusted" computing is brought up in Linux/open-source there are a fair number of concerned individuals, especially in light of the recent major vulnerability in Intel AMT.
The TEE support in the Linux kernel allows communicating with the trusted environments on the system like a security co-processor or ARM TrustZone. As part of this pull request is also OP-TEE. TEE use-cases can be for content protection for media playback, financial transactions on mobile devices, authentication, and other software protections.
The TEE subsystem allows registering of TEE drivers, managing shared memory between Linux and the TEE, and providing a generic API for TEE.
More details via this pull request. As of writing, Linus has yet to pull the code but presumably will make it in given it's been through all of the code review and other formal processes by a number of stakeholders. This pull has the subsystem and initial OP-TEE driver for ARM TrustZone while more TEE hardware drivers are expected in the future.
The Trusted Execution Environment is is about communicating with a trusted OS running in a secure environment, separate from the Linux kernel itself. Of course, any time "trusted" computing is brought up in Linux/open-source there are a fair number of concerned individuals, especially in light of the recent major vulnerability in Intel AMT.
The TEE support in the Linux kernel allows communicating with the trusted environments on the system like a security co-processor or ARM TrustZone. As part of this pull request is also OP-TEE. TEE use-cases can be for content protection for media playback, financial transactions on mobile devices, authentication, and other software protections.
The TEE subsystem allows registering of TEE drivers, managing shared memory between Linux and the TEE, and providing a generic API for TEE.
More details via this pull request. As of writing, Linus has yet to pull the code but presumably will make it in given it's been through all of the code review and other formal processes by a number of stakeholders. This pull has the subsystem and initial OP-TEE driver for ARM TrustZone while more TEE hardware drivers are expected in the future.
6 Comments