Hi all,
We are pleased to announce that the Trusted Services project has made the first tagged public release, v1.0.0-beta.
The release includes Trusted Services which can be deployed on Cortex-A devices to meet PSA Certified requirements. The release also includes necessary build and test infrastructure and documentation.
The release includes:
* PSA Crypto, Storage and Attestation Secure Partitions exposing the PSA Certified Functional APIs, the same APIs available today on Arm v8-M Cortex-M platforms via Trusted Firmware-M.
* Additionally, UEFI SMM services are available through the SMM Gateway Secure Partition.
* The services within the Secure Partitions can be invoked by applications for secure operations.
* OP-TEE in 3.17 and later releases support Secure Partition Manager Core (SPMC). Details can be found here<https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/>. This release was validated with OP-TEE v3.19
For more information, please refer to the following resources:
* Change log and release notes: https://trusted-services.readthedocs.io/en/v1.0.0-beta/project/change-log.h…
* Documentation: https://trusted-services.readthedocs.io/en/v1.0.0-beta/
* Source code: https://git.trustedfirmware.org/TS/trusted-services.git/tag/?h=v1.0.0-beta
* Test results including information on the set-up tests were executed with: https://developer.trustedfirmware.org/w/trusted-services/test-reports/v1.0.…
* Roadmap for future development: https://developer.trustedfirmware.org/w/trusted-services/roadmap
If you have any questions or comments do not hesitate to contact us via the mailing list, or by dropping an email to Shebu.VargheseKuriakose(a)arm.com<mailto:Shebu.VargheseKuriakose@arm.com> or gyorgy.szing(a)arm.com<mailto:gyorgy.szing@arm.com>.
Kind Regards
György Szing
Hi All,
This is a follow-up email to the OP-TEE 3.18 release, highlighting the
updates to the SPMC and related components.
Short summary of introduced changes:
- optee_os: Added support to the SPMC to process memory regions
described in the SP manifest. This enables running the
Trusted Services smm-gateway SP.
- manifest: Added new manifest (derived from the fvp manifest) which
includes Trusted Services and related kernel modules [1].
- build: Added new top level Makefile to configure optee_os as
S-EL1 SPMC, build Trusted Services SPs and test apps [2].
For more details on how to get, build and test the SPMC, please see [3].
Regards,
Balint
[1]: https://github.com/OP-TEE/manifest/blob/3.18.0/fvp-ts.xml
[2]: https://github.com/OP-TEE/build/blob/3.18.0/fvp-psa-sp.mk
[3]: https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc
Hi Manorit,
You may be interested in the Trusted Services project and its relation to OP-TEE.
This recent announcement on the op-tee mailing list describes an extension of OP-TEE with an additional feature:
https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmwar…
The key message in the linked wiki entry https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/ from your perspective might be that OP-TEE now has a capability to run so called Trusted Services, which implement PSA Functional API, including, but not limited to, its Secure Storage API:
https://www.psacertified.org/development-resources/building-in-security/spe…
This provides a client application with a generic interface for using secure storage functionality.
Please be mindful of the limitations mentioned on the linked page as this is project is still work in progress, but we would be more than happy to get feedback on what we have done, and whether it can meet your expectations.
Regards,
Miklos
-----Original Message-----
From: Manorit Chawdhry <m-chawdhry(a)ti.com>
Sent: 23 February 2022 13:10
To: Joakim Bech <joakim.bech(a)linaro.org>
Cc: op-tee(a)lists.trustedfirmware.org; p.yadav(a)ti.com
Subject: Re: Secure Storage Applications
On 09:56-20220223, Joakim Bech wrote:
> Hi,
>
Hi,
Thank you all for your replies. Those have been really helpful!
Though from all the links you have shared, I am still wondering if there is any core part in OP-TEE which could allow to provide a generic interface for using the secure storage functionality instead of we needing to setup our own TA ( along with some binary on the host with the simple purpose of putting files from Linux in secure storage. )
As this seemed somewhat intuitive to me from a perspective of user wanting to try out secure_storage and would be interested to know if something like this is available in it.
Thanks and regards,
Manorit
> On Wed, Feb 23, 2022 at 11:37:33AM +0530, Sumit Garg wrote:
> > Hi Manorit,
> >
> > On Tue, 22 Feb 2022 at 18:59, Manorit Chawdhry <m-chawdhry(a)ti.com> wrote:
> > >
> > > Hi,
> > >
> > > I have been exploring secure storage in OP-TEE for a few days and
> > > I need some help in putting some files into it.
> > >
> > > I have been trying to find some tool which could help me put any
> > > files from Linux into secure storage and retrieve them back later
> > > so that I could see secure storage in action but haven't been able to find any yet.
> > >
> > > Is there any tool which you guys might know of which helps put
> > > files in secure storage and retrieve them back later?
> > >
> >
> > I would suggest you have a look at storage tests from OP-TEE test
> > suite here: client [1] and TA [2].
> >
> > [1]
> > https://github.com/OP-TEE/optee_test/blob/master/host/xtest/regressi
> > on_6000.c [2]
> > https://github.com/OP-TEE/optee_test/tree/master/ta/storage
> >
> In addition to that we also have the secure storage example TA [3],
> that comes deployed with our developer environments (QEMU [4] is an
> example of such an environment).
>
> [3]
> https://github.com/linaro-swg/optee_examples/tree/master/secure_storag
> e [4]
> https://optee.readthedocs.io/en/latest/building/devices/qemu.html
>
> > -Sumit
> >
> > > Best Regards,
> > > Manorit
>
> // Regards,
> Joakim
Hi all,
As part of Trusted Services project we are extending OP-TEE to be a full complaint FF-A S-EL1 SPMC.
This work is still on going but some of the Trusted Services applications are already compatible.
We created https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/
which gives the current status of the SPMC work and can be a starting point for everyone who wants to get started with the Trusted Services or OP-TEE as a S-EL1 SPMC.
Please feel free to ask any questions on the Trusted Service and the OP-TEE mailing list.
https://lists.trustedfirmware.org/mailman3/lists/trusted-services.lists.tru…https://lists.trustedfirmware.org/mailman3/lists/op-tee.lists.trustedfirmwa…
Regards,
Jelle
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
