Linaro Still Working On TEE For The Linux Kernel, The Trusted Execution Environment
Besides the Greybus subsystem being right around the corner for the mainline Linux kernel, it might not be too much longer before the TEE subsystem is ready. TEE is now up to its 12th patch revision and is about trusted computing.
Linaro developers and other stakeholders continue working on TEE, the Trusted Execution Environment. The Trusted Execution Environment is for securely interfacing with a "trusted" OS running in a secure environment or on a separate co-processor. The TEE driver of this new Linux subsystem handles the communication between the host Linux OS and whatever is the trusted TEE implementation. Of course, given Linaro's involvement, the primary focus of TEE is on better supporting ARM TrustZone.
With the heavy fragmentation in the ARM Linux space and significant out-of-tree kernel use by vendors, there are already differing implementations of TEE for Linux while this Linaro effort is aiming to provide a generic/unified approach. With the v12 patches, it's looking like the work may be settling down and not too much further until it will be merged to mainline.
Provided example use-cases for TEE include enhancing security around the Integrity Measurement Architecture or using secure storage in a TEE for the private key during 2-factor authentication.
Those interested in learning more about this proposed generic TEE subsystem can see the v12 patch series. The documentation patch describes more technical details about this Trusted Execution Environment.
Linaro developers and other stakeholders continue working on TEE, the Trusted Execution Environment. The Trusted Execution Environment is for securely interfacing with a "trusted" OS running in a secure environment or on a separate co-processor. The TEE driver of this new Linux subsystem handles the communication between the host Linux OS and whatever is the trusted TEE implementation. Of course, given Linaro's involvement, the primary focus of TEE is on better supporting ARM TrustZone.
With the heavy fragmentation in the ARM Linux space and significant out-of-tree kernel use by vendors, there are already differing implementations of TEE for Linux while this Linaro effort is aiming to provide a generic/unified approach. With the v12 patches, it's looking like the work may be settling down and not too much further until it will be merged to mainline.
Provided example use-cases for TEE include enhancing security around the Integrity Measurement Architecture or using secure storage in a TEE for the private key during 2-factor authentication.
Those interested in learning more about this proposed generic TEE subsystem can see the v12 patch series. The documentation patch describes more technical details about this Trusted Execution Environment.
7 Comments