tree: fecc120fc599a76a98d1ec2e432f4d0c292f5d4c [path history] [tgz]
  1. binder-proxy/
  2. lib/
  3. manager/
  4. manager-config/
  5. meta/
  6. runtime/
  7. ta/
  8. tee-client-api-experimental/
  9. tee_internal_api/
  10. testing/
  11. tests/
  12. BUILD.gn
  13. METADATA.textproto
  14. OWNERS
  15. README.md
src/tee/README.md

TEE

This directory contains support for hosting a Trusted Execution Environment inside Fuchsia.

Structure

The manager directory contains the TEE manager component which is responsible for instantiating Trusted Applications and managing their lifetime.

The ta directory contains Trusted Application implementations for testing purposes.

The tee_internal_api directory contains the definition and implementation of the TEE Internal Core API.

The runtime directory contains the TA runtime binary connecting the TEE bindings with the fuchsia.tee.Application FIDL protocol.

The tests directory contains integration tests for the TA runtime.

Glossary

  • TEE - Trusted Execution Environment. This is an environment suitable for executing a TA that should be isolated from less trusted software.

  • TA - Trusted Application. Program which executes within a TEE and which may have access to sensitive resources such as cryptographic keys. A TA performs computations using these resources on behalf of its client.

  • REE - Rich Execution Environment. General purpose computing environment that may contain less trusted data and software.

  • TEE Client API - API used by programs running in the REE to communicate with TAs.

  • TEE Internal Core API - API exposed to TAs running in the TEE.

References

TEE Client API implementation OP-TEE documentation of the APIs and extensions supported by their implementation