Loading...
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 | # OP-TEE - version 1.0.0 OP-TEE is now maintained by Linaro. Contributors do not need to sign a CLA anymore, but must follow the rules of the [DCO][DCO] (Developer Certificate of Origin) instead. ## New features * Add hardware support for Texas Instruments DRA7xx, ARMv7 (plat-ti) * GlobalPlatform™ TEE Internal Core API Specification v1.1, including ECC algorithms. * Secure Storage: Files stored by the REE are now encrypted. Operations are made atomic in order to prevent inconsistencies in case of errors during the storage operations. [Slides][LCStorage] describing the Secure Storage have been presented at the Linaro Connect SFO15. * Change of format of the Trusted Applications: they follow a [signed ELF format][elf] * Rework thread [synchronization][synchro] in optee_os. * Use of ARMv8 native cryptographic support. * [OP-TEE/optee_test][optee_test] test suite is released. * Introduce [OP-TEE/manifest][manifest] and [OP-TEE/build][build] to setup and build QEMU, FVP, HiKey and Mediatek platforms. Setup scripts that used to be in optee_os have been removed, except for Juno board. * [Link][github_commits_1_0_0] to a list of all commits between this and previous release. ## Tested on Definitions: | Type | Meaning | | ---- | ------- | | Standard tests | The [optee_test][optee_test] project. | | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. | | Hello world test | Plain hello world Trusted Application such as [this][hello_world]. | * ARM Juno Board (vexpress-juno), standard + extended tests. * Foundation Models (vexpress-fvp), standard tests. * HiKey (hikey), standard + extended tests. * MT8173 (mediatek), standard tests. * QEMU (vexpress-qemu), standard + extended tests. * STM Cannes (stm-cannes), standard + extended tests. ## Known issues * Secure Storage is implemented, but note that anti-rollback protection is not implemented yet. * Issue(s) open on GitHub * [#210][pr210]: libteec.so 32-bit does not communicate well with 64-bit kernel module * [#296][pr296]: Connecting RPMB to the storage APIs. * [#493][pr493]: setup_juno_optee: unable to find pre-built binaries * [#494][pr494]: HiKey: xtest 7671 fails (1.0.0-rc2) [pr210]: https://github.com/OP-TEE/optee_os/issues/210 [pr296]: https://github.com/OP-TEE/optee_os/issues/296 [pr493]: https://github.com/OP-TEE/optee_os/issues/493 [pr494]: https://github.com/OP-TEE/optee_os/issues/494 [github_commits_1_0_0]: https://github.com/OP-TEE/optee_os/compare/0.3.0...1.0.0 [DCO]: https://github.com/OP-TEE/optee_os/blob/master/Notice.md#contributions [LCStorage]: http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee [synchro]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#4-thread-handling [elf]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#format [optee_test]: https://github.com/OP-TEE/optee_test [manifest]: https://github.com/OP-TEE/manifest [build]: https://github.com/OP-TEE/build # OP-TEE - version 0.3.0 ## New features * Add hardware support for * Mediatek MT8173 Board, ARMv8-A (plat-mediatek) * Hisilicon HiKey Board, ARMv8-A (plat-hikey) * AArch64 build of optee_os is now possible through the configuration `CFG_ARM64_core=y` * Secure Storage: Data can be encrypted prior to their storage in the non-secure. Build is configured using `CFG_ENC_FS=y` * A generic boot scheme can be used. Boot configuration is commonalized. This helps new board support. It is applied on plat-hikey, plat-vexpress, plat-mediatek, plat-stm and plat-vexpress. ## Tested on Definitions: | Type | Meaning | | ---- | ------- | | Standard tests | The optee_test project. | | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. | | Hello world test | Plain hello world Trusted Application such as [this][hello_world]. | * ARM Juno Board (vexpress-juno), standard tests. * Foundation Models (vexpress-fvp), standard tests. * HiKey (hikey), standard tests. * MT8173 (mediatek), standard tests. * QEMU (vexpress-qemu), standard + extended tests. * STM Cannes (stm-cannes), standard + extended tests. ------------------------------------------- # OP-TEE - version 0.2.0 ## New features ### Linux Driver Refactoring Linux Driver has been refactored. It is now split in two parts: * optee.ko, the generic Linux driver. It contains all functionality common to all backends. * optee_armtz.ko, a specific backend dedicated to the TrustZone optee. It depends on optee.ko. Loading the TrustZone optee linux driver module is now performed using modprobe optee_armtz Thanks to the dependency between the generic and the backend modules, optee.ko is then automatically loaded. ### Misc new features * support PL310 lock down at TEE boot * add 64bits support (division / print) ## Tested on Definitions: | Type | Meaning | | ---- | ------- | | Standard tests | The optee_test project. | | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. | | Hello world test | Plain hello world Trusted Application such as [this][hello_world]. | * ARM Juno Board (vexpress-juno), standard tests + extended tests. * Foundation Models (vexpress-fvp), standard + extended tests. * QEMU (vexpress-qemu), standard + extended tests. * STM Cannes (stm-cannes), standard + extended tests. ## Issues resolved since last release * Fix user TA trace issue, in order each TA is able to select its own trace level ------------------------------------------- #OP-TEE - version 0.1.0 ## New features Below is a summary of the most important features added, but at the end you will find a link that present you all commits between the current and previous release tag. * GlobalPlatform Client API v1.0 support. * GlobalPlatform Internal API v1.0 support. * GlobalPlatform Secure Elements v1.0 support. * Add hardware support for * Allwinner A80, ARMv7-A. * ARM Juno Board, ARMv8-A. * Foundation Models, ARMv8-A. * Fast Models, ARMv8-A. * QEMU, ARMv7-A. * STM Cannes, ARMv7-A. * STM Orly2, ARMv7-A. * Add LibTomCrypt as the default software cryptographic library. * Add cryptographic abstraction layer in on secure side to ease the use of other cryptographic software libraries or adding support for hardware acceleration. * Extended cryptographic API with support for HKDF, Concat KDF and PBKDF2. * SHA-1 and SHA-256 ARMv8-A crypto extension implementation. * Enabled paging support in OP-TEE OS. * Add support for xtest (both standard and extended) in QEMU and FVP setup scripts. * Add documentation for the OS design, cryptographic abstraction layer, secure elements design, the build system, GitHub usage, key derivation extensions, ARM-Trusted Firmware usage within OP-TEE and GlobalPlatform usage within OP-TEE. * Integrate support for Travis CI. * [Link][github_commits_0_1_0] to a list of all commits between this and previous release. ## Tested on Definitions: | Type | Meaning | | ---- | ------- | | Standard tests | The optee_test project. | | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.0.0. | | Hello world test | Plain hello world Trusted Application such as [this][hello_world]. | * Allwinner A80 (plat-sunxi), hello world test. * ARM Juno Board (vexpress-juno), standard tests. * Foundation Models (plat-vexpress-fvp), standard + extended tests * QEMU (plat-vexpress-qemu), standard + extended tests (and Secure Elements tested separately). * STM Cannes (plat-stm-cannes), standard + extended tests. ## Issues resolved since last release N/A since this is the first release tag on OP-TEE. ## Known issues * Storage is implemented, but not "Secure storage", meaning that a client needs to do encrypt files on their own before storing the files. * Issue(s) open on GitHub * [#95][pr95]: An error about building the test code of libtomcrypt. * [#149][pr149]: when testing optee os with arm trusted firmware (I utilized optee os tee.bin as bl32 image) on juno platform, I got an error. * [#161][pr161]: tee_svc_cryp.c lacks accessibility checks on user-supplied TEE_Attributes. [hello_world]: https://github.com/jenswi-linaro/lcu14_optee_hello_world [github_commits_0_1_0]: https://github.com/OP-TEE/optee_os/compare/b01047730e77127c23a36591643eeb8bb0487d68...999e4a6c0f64d3177fd3d0db234107b6fb860884 [pr95]: https://github.com/OP-TEE/optee_os/issues/95 [pr149]: https://github.com/OP-TEE/optee_os/issues/149 [pr161]: https://github.com/OP-TEE/optee_os/issues/161 * Global Platform Device Internal Core API v1.1 * [#230][pr230]: Persistent object corruption support (TEE_ERROR_CORRUPT_OBJECT/_2) * [#230][pr230]: Persistent object access support (TEE_ERROR_STORAGE_NOT_AVAILABLE/_2) |