OP-TEE* for Intel® Architecture
Overview
This open source trusted execution environment implementation is originally based on Arm TrustZone* and maintained by Linaro*.
OP-TEE* for Intel® Architecture is the hardware virtualization-based OP-TEE solution for x86 systems from Intel. It has a fully compatible design and maximum reuse of OP-TEE. It's a full environment including an operating system, services, and APIs that consist of the following:
- Operating system and kernel that:
- Supports virtual address space isolation and privilege isolation
- Works in event-driven model by request from the Rich Execution Environment (REE)
- Drivers for a Linux* kernel
- Libraries for client and trusted applications
- Hypervisor that uses Intel® Kernel Guard Technology (Intel® KGT), which Intel open sourced in 2015.
Solution: Two-Virtual Machines (VM)
Original equipment manufacturers (OEM) can develop their own rich operating system client applications and corresponding OP-TEE for Intel Architecture applications and services with the following setup:
- One VM runs the OP-TEE operating system and trusted applications. The other VM runs a rich operating system.
- Trusted applications are isolated with Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® Architecture (Intel® VT-x).
- An x86 OP-TEE driver and virtual machine monitor (VMM) from Intel.
- A hypervisor (like Intel KGT) creates the two VMs for the rich and OP-TEE operating systems.
Figure 1. Stack of OP-TEE for Intel architecture
 |
Explore the world of Intel’s open platform projects, contributions, community initiatives, and more at open.intel.com. |