Overview

This is the Trusted-Execution-Environment Software-Development-Kit (tee-sdk). It comprises tools and documentation for developing services that run in a trusted environments, and clients that communicate with those services, in Linux system. Initially, this means writing PALs that run under TrustVisor, and applications that use PALs. However, the APIs provided here are intended to provide sufficient abstraction such that additional back-ends can be implemented, allowing services and applications to be ported to use alternative trusted environments with little or no modification.

Terminology

Service

A piece of code running in a trusted execution environment provided by a device. (e.g., a PAL)

Client

An application that communicates with one or more services.

Device

A module providing a trusted execution environment (e.g., TrustVisor)

Files

• tz/: TrustZone API. This library is to be used by clients to communicate with services. This library supports multiple device back-ends, abstracting them in such a way that most client code can be oblivious to which back-end is in use.
• toolchain/: A cross-compiling toolchain for compiling and linking PALs. Implemented as wrappers around gcc.
• ports/: Support libraries for services. These have been ported to run in a trusted environment provided by some device. i.e., they do not make system calls, and all dependencies should be satisfied by other ports, svcapi, or other libraries provided as part of this package.
• examples/: Examples and tests.
• doc/: Documentation.

Documentation

• Installing SDK
• Using SDK