1 # OP-TEE - version 2.4.0
3 [Link][github_commits_2_4_0] to a list of all commits between this release and
4 the previous one (2.3.0).
6 Please note: this release is API-compatible with the previous one, but the
7 Secure Storage internal format for the REE and SQL FS is not compatible due to
8 commits [a238b74][commit_a238b74] ("core: REE FS: use the new hash tree
9 interface") and [44e900e][commit_44e900e] ("core: SQL FS: use the new hash tree
14 * Add porting guidelines
16 * Add support for Secure Data Path which allows Client and Trusted Applications
17 to share references to secure memory
19 * New supported platform: Texas Instruments AM57xx (`PLATFORM=ti-am57xx`)
21 * ARMv7-A: add support for platform services in secure monitor and add these
22 services for the DRA7xx platform
24 * SPI framework and PL022 driver cleanup and improvements
26 * Use CNTPCT (when available) to add entropy to the software PRNG
28 * Add GlobalPlatform Socket API for UDP and TCP (IPv4 and IPv6)
30 * DRA7: add TRNG driver, enable GICv2 driver
32 * Support load address larger than 4G
34 * libutee: preserve error code when calling TEE_Panic() for easier
37 * Support TA profiling with gprof (-pg compiler switch)
39 * Optimize the ELF loader for TAs when pager is enabled
41 * Update documentation
43 * Add paged secure shared memory that can be transferred between TAs as
46 * Introduce MOBJ abstraction
48 * i.MX6: add PSCI "on" function
50 * arm32: introduce PSCI framework
54 * Secure storage: improve integrity checking of the REE and SQL filesystems by
55 adding a hash tree on the internal data structures. Any external modification
56 is detected, except full rollback. Fixes [#1188][issue1188].
58 * The linux driver will set the 'privileged' flag (TEE_GEN_CAP_PRIVILEGED) on
59 the device intended for use by tee-supplicant. Fixes [#1199][issue1199].
61 * RPMB: don't try to program the RPMB key by default
63 * Fix "make clean" error cases
65 * Fix issue when resetting persistent storage enumerator [#1332][issue1332]
67 * Fix TA panic when doing AES CTS with specific buffer sizes
72 * On RPi3 xtest sometimes stall (rcu_sched self-detected stall on CPU) [#1353][issue1353]
73 * For multi-core PSCI support is to be added for ls1021atwr in OP-TEE.
74 * USB keyboard cannot be used to stop the u-boot timeout ([build issue131]).
75 * Travis service (build.git) seems unstable from time to time.
79 In the list below, _standard_ means that the `xtest` program passed with
80 its default configuration, while _extended_ means it was run successfully
81 with the additional GlobalPlatform™ TEE Initial Configuration Test Suite
84 If a platform is not listed, it means the release was not tested on this
87 <!-- ${PLATFORM}-${PLATFORM_FLAVOR}, ordered alphabetically -->
90 * imx-mx6ulevk: standard
91 * ls-ls1021atwr: standard (single core)
92 * mediatek-mt8173: standard
97 * vexpress-fvp: standard
98 * vexpress-juno: standard
99 * vexpress-qemu_armv8a: standard
100 * vexpress-qemu_virt: standard
101 * zynqmp-zc1751_dc1: standard
102 * zynqmp-zc1751_dc2: standard
103 * zynqmp-zcu102: standard
105 [github_commits_2_4_0]: https://github.com/OP-TEE/optee_os/compare/2.3.0...2.4.0
106 [issue1332]: https://github.com/OP-TEE/optee_os/issues/1332
107 [issue1353]: https://github.com/OP-TEE/optee_os/issues/1353
108 [build issue131]: https://github.com/OP-TEE/build/issues/131
109 [commit_a238b74]: https://github.com/OP-TEE/optee_os/commit/a238b744b1b3
110 [commit_44e900e]: https://github.com/OP-TEE/optee_os/commit/44e900eabfc1
112 # OP-TEE - version 2.3.0
114 [Link][github_commits_2_3_0] to a list of all commits between this release and
115 the previous one (2.2.0).
117 Please note: this release is API-compatible with the previous one, but the
118 Secure Storage internal format for the REE FS is not compatible due to commit
119 [361fb3e][commit_361fb3e] ("core: REE FS: use a single file per object").
121 [commit_361fb3e]: https://github.com/OP-TEE/optee_os/commit/361fb3e
125 * New supported platform: Xilinx Zynq 7000 ZC702 (`PLATFORM=zynq7k-zc702`)
127 * Add debug assertions to spinlocks and mutexes
129 * Add more CP15 register access macros for Cortex-A9
131 * ARMv7-A: redesign secure monitor to make it easier to register services
133 * ARMv7-A: cleanup boot arguments
135 * libutee: extend `TEE_CheckMemoryAccessRights()` with
136 `TEE_MEMORY_ACCESS_SECURE` and `TEE_MEMORY_ACCESS_NONSECURE`
138 * plat-hikey: enable SPI by default and add sample test code
140 * Consider `CFLAGS_ta_arm64` and `CFLAGS_ta_arm32` when building TAs
142 * Secure storage refactoring
143 - Simplify interface with tee-supplicant. Minimize round trips with normal
144 world, especially by adding a cache for FS RPC payload data.
145 - REE FS: use a single file per object, remove block cache.
147 * Print call stack in panic()
151 * Fix UUID encoding when communicating with normal world (use big endian
152 mode instead of native endianness). Related to this, the string format
153 for UUIDs has changed in tee-supplicant, so that TA file names now follow
154 the format defined in RFC4122 (a missing hyphen was added). The old format
155 is still supported, but deprecated, and will likely be removed with the
158 * Drop write permission to non-writable ELF segments after TA loading is
161 * mm: fix confusing memory mapping debug traces
163 * plat-ti: fix issues with MMU mapping
165 * crypto: fix clearing of big numbers
167 * build: allow spaces and double quotes in CFG_ variables
169 * mm: use paddr_t to support both 32- and 64-bit architectures properly.
170 Resolves 32-bit truncation error when pool is at top of 32 bit address
171 space on 64-bit architecture.
173 * plat-stm: support pager. Fix pager on ARMv7-A SMP boards.
175 * Fix debug output of Trusted Applications (remove "ERROR: TEE-CORE:" prefix)
177 * Do not consider TA memref parameters as TA private memory
179 * crypto: fix `cipher_final()` which would not call `cbc_done()` for CBC_MAC
182 * fix for 16-way PL310
184 * arm32: fix call stack unwinding (`print_stack()`)
186 * arm32: fix spinlock assembly code
188 * plat-stm, plat-imx: fix SCR initalization
190 * Fix user L1 MMU entries calculation (non-LPAE), allowing TTBCR.N values
193 * mtk-mt8173: fix panic caused by incorrect size of SHMEM
195 * plat-stm: fix RNG driver (non-flat mapping)
199 * New issues open on GitHub
200 * [#1203][issue1203] AES-CTS mode will fail when inlen=0x100, in_incr=0x80
201 * [#1199][issue1199] Both tee and teepriv reported GlobalPlatform compliant
202 * [#1188][issue1188] Secure storage (SQL FS and REE FS): blocks not tied to
204 * [#1172][issue1172] paddr_t should be larger than 32 bits when
205 CFG_WITH_LPAE is enabled
209 In the list below, _standard_ means that the `xtest` program passed with
210 its default configuration, while _extended_ means it was run successfully
211 with the additional GlobalPlatform™ TEE Initial Configuration Test Suite
214 If a platform is not listed, it means the release was not tested on this
217 <!-- ${PLATFORM}-${PLATFORM_FLAVOR}, ordered alphabetically -->
220 * imx-mx6ulevk: standard
221 * ls-ls1021atwr: standard
222 * mediatek-mt8173: standard
225 * stm-b2260: extended
226 * stm-cannes: extended
227 * ti-dra7xx: standard
228 * vexpress-fvp: standard
229 * vexpress-juno: standard
230 * vexpress-qemu_armv8a: standard
231 * vexpress-qemu_virt: extended
232 * zynqmp-zcu102: standard
234 [github_commits_2_3_0]: https://github.com/OP-TEE/optee_os/compare/2.2.0...2.3.0
235 [issue1172]: https://github.com/OP-TEE/optee_os/issues/1172
236 [issue1188]: https://github.com/OP-TEE/optee_os/issues/1188
237 [issue1199]: https://github.com/OP-TEE/optee_os/issues/1199
238 [issue1203]: https://github.com/OP-TEE/optee_os/issues/1203
240 # OP-TEE - version 2.2.0
242 [Link][github_commits_2_2_0] to a list of all commits between this release and
243 the previous one (2.1.0).
245 Please note: this release is API-compatible with the previous one, but the
246 Secure Storage internal format is not compatible due to commit
247 [fde4a75][commit_fde4a75] ("storage: encrypt the FEK with a TA-specific key").
249 [commit_fde4a75]: https://github.com/OP-TEE/optee_os/commit/fde4a75
253 * New supported platforms:
254 * Freescale i.MX6 Quad SABRE Lite & SD
258 * STMicroelectronics b2260 - h410
260 * Pager: Support paging of read/write pages by encrypting them with AES-GCM.
261 Support paging of user TAs. Add global setting for TZSRAM size
262 (CFG_CORE_TZSRAM_EMUL_SIZE), defaults to 300K.
264 * Support for more than 8 CPU cores
266 * Added SPI framework and PL022 driver
268 * GPIO: framework supports multiple instances, PL061 driver now has get/set
269 interrupt and mode control functions
271 * Secure storage: Encrypt the File Encryption Key with a TA-specific key for
272 better TA isolation. Add build-time and run-time support for multiple storage
273 backends. Add SQLite backend.
275 * Trusted User Interface: some code is introduced to support the implementation
276 of TUI. This includes: a generic framebuffer driver, display and serial
277 abstractions, and drivers for PL111 (LCD) / PL050 (KMI) / TZC400 and PS2
280 * AES acceleration using ARMv8-A Cryptographic Extensions instructions is
281 now supported in AArch32 mode
283 * Add support for GCC flags: -fsanitize=undefined and -fsanitize=kernel-address
285 * Use a global setting for core heap size (CFG_CORE_HEAP_SIZE), 64K by default.
287 * Add macros to unwind and print the call stack of TEE core
289 * Libtomcrypt: sync with the latest `develop` branch.
291 * The Trusted Application SDK (ta_dev_kit.mk) can produce libraries (.a)
293 * Rework assertions and TEE core panics and properly honor NDEBUG
297 * Fix incorrect algorithm passed to cipher.final()
299 * scripts: support Python 2.x and 3.x
301 * Secure storage: Add proper locking to support concurrent access. Fix sign
302 extension bug with offset parameter of syscall storage_obj_seek which could
303 cause errors in Aarch32 mode. Fix reading beyond end of file.
305 * Aarch64: mask all maskable exceptions before doing a normal return from call.
307 * Device Tree: add no-map property to OP-TEE node in reserved-memory.
309 * LibTomcrypt: fix CVE-2016-6129
313 * New issues open on GitHub
314 * [#1093][issue1093] rcar-h3: xtest 6010 hangs
315 * [#1092][issue1092] rcar-h3: xtest 4010 fails
316 * [#1081][issue1081] Bad mapping of TA secure memref parameters
317 * [#1071][issue1071] __data_end may not correctly represent text start position when using CFG_WITH_PAGER
318 * [#1069][issue1069] armv7/Aarch32: crash in stack unwind (DPRINT_STACK())
322 In the list below, _standard_ means that the `xtest` program passed with
323 its default configuration, while _extended_ means it was run successfully
324 with the additional GlobalPlatform™ TEE Initial Configuration Test Suite
327 If a platform is not listed, it means the release was not tested on this
330 <!-- ${PLATFORM}-${PLATFORM_FLAVOR}, ordered alphabetically -->
333 * imx-mx6qsabrelite: standard
334 * imx-mx6qsabresd: standard
335 * rcar-h3: standard, pass except issues [#1092][issue1092] and [#1093][issue1093]
337 * stm-b2260: standard
338 * stm-cannes: standard
339 * ti-dra7xx: standard
340 * vexpress-fvp: standard
341 * vexpress-juno: standard
342 * vexpress-qemu_armv8a: standard
343 * vexpress-qemu_virt: extended
344 * zynqmp-zcu102: standard
346 [github_commits_2_2_0]: https://github.com/OP-TEE/optee_os/compare/2.1.0...2.2.0
347 [issue1081]: https://github.com/OP-TEE/optee_os/issues/1081
348 [issue1071]: https://github.com/OP-TEE/optee_os/issues/1071
349 [issue1069]: https://github.com/OP-TEE/optee_os/issues/1069
350 [issue1092]: https://github.com/OP-TEE/optee_os/issues/1092
351 [issue1093]: https://github.com/OP-TEE/optee_os/issues/1093
353 # OP-TEE - version 2.1.0
357 * New supported platforms:
358 * Xilinx Zynq UltraScale+ MPSOC
363 * Non Linear Mapping support: In OP-TEE kernel mode, the physical to virtual
364 addresses was linear until this release, meaning the virtual addresses
365 were equal to the physical addresses. This is no more the case in this
368 * Font rendering routines have been introduced in order to ease an
369 implementation of Trusted UI.
371 * File Storage: Possibility to use the normal world filesystem and the RPMB
372 implementations simultaneously.
374 * AOSP: There is a [local manifest][aosp_local_manifest] to build OP-TEE into an AOSP build, running on HiKey.
375 Please refer to the README in that repo for instructions.
377 * OpenEmbedded: In addition to the makefile-based build described in the optee_os README, there is an
378 [OpenEmbedded-based build][oe_build] that supports Qemu (32-bit), FVP (64-bit), and HiKey (64-bit).
379 Please refer to the README in that repo for instructions.
381 * [Link][github_commits_2_1_0] to a list of all commits between this and
390 | Standard tests | The [optee_test][optee_test] project. |
391 | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
393 * ARM Juno Board (vexpress-juno), standard.
394 * Foundation Models (vexpress-fvp), standard tests + extended tests,
395 using FVP ARM V8 Foundation Platformr0p0 (platform build 10.0.37)
396 * FSL i.MX6 UltraLite EVK (imx), standard.
397 * FSL ls1021a (ls-ls1021atwr), standard tests.
398 * HiKey (hikey), standard + extended tests.
399 * QEMU (vexpress-qemu), standard + extended tests.
400 * Xilinx Zynq UltraScale+ MPSOC, standard tests
402 Note that the following platform has not been tested:
403 * MTK8173-EVB (mediatek-mt8173)
407 * Issue(s) open on GitHub
408 * [#868][pr868]: python-wand font generation sometimes times out
409 * [#863][pr863]: "double free or corruption" error when building optee_os
410 * [#858][pr858]: UUIDs in binary format have wrong endinanness
411 * [#857][pr857]: Formatting of UUIDs is incorrect
412 * [#847][pr847]: optee_os panic(TEE-CORE: Assertion)
413 * [#838][pr838]: TUI font rendering is _very_ slow
414 * [#814][pr814]: Persistent objects : save informations after close
415 * [#665][pr665]: xtest 1013 stalled on HiKey when log levels are 4 and optee_os is on its own UART
416 * [#506][pr506]: tee-supplicant panic & ta panic
418 [github_commits_2_1_0]: https://github.com/OP-TEE/optee_os/compare/2.0.0...2.1.0
419 [pr868]: https://github.com/OP-TEE/optee_os/issues/868
420 [pr863]: https://github.com/OP-TEE/optee_os/issues/863
421 [pr858]: https://github.com/OP-TEE/optee_os/issues/858
422 [pr857]: https://github.com/OP-TEE/optee_os/issues/857
423 [pr847]: https://github.com/OP-TEE/optee_os/issues/847
424 [pr838]: https://github.com/OP-TEE/optee_os/issues/838
425 [pr814]: https://github.com/OP-TEE/optee_os/issues/814
426 [pr665]: https://github.com/OP-TEE/optee_os/issues/665
427 [aosp_local_manifest]: https://github.com/linaro-swg/optee_android_manifest
428 [oe_build]: https://github.com/linaro-swg/oe-optee
430 # OP-TEE - version 2.0.0
434 * Generic driver: A new generic TEE driver is in the process of being
435 [upstreamed][gendrv_v9].
436 In this release, [OP-TEE/optee_linuxdriver][optee_linuxdriver] is no more used.
437 Instead, linux v4.5 is being patched using the proposed Generic TEE Driver,
438 as it can be found in [https://github.com/linaro-swg/linux/tree/optee][linux_optee]
440 * RPMB support: Secure Storage can now use Replay Protected Memory Block (RPMB) partition
441 of an eMMC device. Check the [full documentation][rpmb_doc]
443 * Hard-float ABI is now available.
445 * [Link][github_commits_2_0_0] to a list of all commits between this and
454 | Standard tests | The [optee_test][optee_test] project. |
455 | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
457 * ARM Juno Board (vexpress-juno), standard.
458 * Foundation Models (vexpress-fvp), standard tests + extended tests,
459 using FVP ARM V8 Foundation Platformr0p0 (platform build 9.5.40)
460 * FSL ls1021a (ls-ls1021atwr), standard.
461 * HiKey (hikey), standard.
462 * MTK8173-EVB (mediatek-mt8173), standard.
463 * QEMU (vexpress-qemu), standard + extended tests.
464 * STM Cannes (stm-cannes), standard + extended tests.
467 * Issue(s) open on GitHub
468 * [#40][prld40] BUG_ON() when re-using RPC buffer to tee-supplicant
469 * [#506][pr506]: tee-supplicant panic & ta panic
471 [github_commits_2_0_0]: https://github.com/OP-TEE/optee_os/compare/1.1.0...2.0.0
472 [rpmb_doc]: https://github.com/OP-TEE/optee_os/blob/master/documentation/secure_storage_rpmb.md
473 [optee_linuxdriver]: https://github.com/OP-TEE/optee_linuxdriver
474 [gendrv_v9]: https://lkml.org/lkml/2016/4/1/205
475 [linux_optee]: https://github.com/linaro-swg/linux/tree/optee
478 # OP-TEE - version 1.1.0
483 * Softfloat library: floating point support is now available in 32bits TA.
485 * Support running 64-bits TA: on ARMv8-A platform, TA can be compiled in
486 AArch32 and/or in AArch64 in case the core is compiled in AArch64.
487 An example can be found in HiKey configuration file. Using the following
488 excerpt code, the user TA libraries are compiled in both AArch32 and
489 AArch64, and can be found in `out/arm-plat-hikey/export-ta_arm32` and
490 `out/arm-plat-hikey/export-ta_arm64`
493 ta-targets = ta_arm32
494 ta-targets += ta_arm64
497 * Concurrent TA support: multiple TA can run in parallel on
500 * New tests added in xtest test suite: concurrent TA (xtest 1013),
501 floating point tests (xtest 1006 and os_test TA) and corruption
502 file storage (xtest 20000)
504 * [Link][github_commits_1_1_0] to a list of all commits between this and
513 | Standard tests | The [optee_test][optee_test] project. |
514 | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
515 | Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
517 * Foundation Models (vexpress-fvp), standard tests + extended tests,
518 using FVP ARM V8 Foundation Platformr0p0 (platform build 9.5.40)
519 * HiKey (hikey), standard + extended tests.
520 * MT8173 (mediatek), standard tests.
521 * QEMU (vexpress-qemu), standard + extended tests.
522 * STM Cannes (stm-cannes), standard + extended tests.
525 * Secure Storage is implemented, but note that anti-rollback protection
526 is not implemented yet.
528 * Issue(s) open on GitHub
529 * [#40][prld40] BUG_ON() when re-using RPC buffer to tee-supplicant
530 * [#296][pr296]: Connecting RPMB to the storage APIs.
531 * [#493][pr493]: setup_juno_optee: unable to find pre-built binaries
532 * [#506][pr506]: tee-supplicant panic & ta panic
534 [prld40]: https://github.com/OP-TEE/optee_linuxdriver/issues/40
535 [pr506]: https://github.com/OP-TEE/optee_os/issues/506
536 [github_commits_1_1_0]: https://github.com/OP-TEE/optee_os/compare/1.0.1...1.1.0
540 # OP-TEE - version 1.0.0
542 OP-TEE is now maintained by Linaro. Contributors do not need to
543 sign a CLA anymore, but must follow the rules of the [DCO][DCO]
544 (Developer Certificate of Origin) instead.
549 * Add hardware support for Texas Instruments DRA7xx, ARMv7 (plat-ti)
551 * GlobalPlatform™ TEE Internal Core API Specification v1.1,
552 including ECC algorithms.
554 * Secure Storage: Files stored by the REE are now encrypted. Operations
555 are made atomic in order to prevent inconsistencies in case of errors
556 during the storage operations. [Slides][LCStorage] describing the
557 Secure Storage have been presented at the Linaro Connect SFO15.
559 * Change of format of the Trusted Applications: they follow a
560 [signed ELF format][elf]
562 * Rework thread [synchronization][synchro] in optee_os.
564 * Use of ARMv8 native cryptographic support.
566 * [OP-TEE/optee_test][optee_test] test suite is released.
568 * Introduce [OP-TEE/manifest][manifest] and [OP-TEE/build][build]
569 to setup and build QEMU, FVP, HiKey and Mediatek platforms. Setup scripts
570 that used to be in optee_os have been removed, except for Juno board.
572 * [Link][github_commits_1_0_0] to a list of all commits between this and
581 | Standard tests | The [optee_test][optee_test] project. |
582 | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
583 | Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
585 * ARM Juno Board (vexpress-juno), standard + extended tests.
586 * Foundation Models (vexpress-fvp), standard tests.
587 * HiKey (hikey), standard + extended tests.
588 * MT8173 (mediatek), standard tests.
589 * QEMU (vexpress-qemu), standard + extended tests.
590 * STM Cannes (stm-cannes), standard + extended tests.
593 * Secure Storage is implemented, but note that anti-rollback protection
594 is not implemented yet.
596 * Issue(s) open on GitHub
597 * [#210][pr210]: libteec.so 32-bit does not communicate well
598 with 64-bit kernel module
599 * [#296][pr296]: Connecting RPMB to the storage APIs.
600 * [#493][pr493]: setup_juno_optee: unable to find pre-built binaries
601 * [#494][pr494]: HiKey: xtest 7671 fails (1.0.0-rc2)
603 [pr210]: https://github.com/OP-TEE/optee_os/issues/210
604 [pr296]: https://github.com/OP-TEE/optee_os/issues/296
605 [pr493]: https://github.com/OP-TEE/optee_os/issues/493
606 [pr494]: https://github.com/OP-TEE/optee_os/issues/494
607 [github_commits_1_0_0]: https://github.com/OP-TEE/optee_os/compare/0.3.0...1.0.0
608 [DCO]: https://github.com/OP-TEE/optee_os/blob/master/Notice.md#contributions
609 [LCStorage]: http://www.slideshare.net/linaroorg/sfo15503-secure-storage-in-optee
610 [synchro]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#4-thread-handling
611 [elf]: https://github.com/OP-TEE/optee_os/blob/master/documentation/optee_design.md#format
612 [optee_test]: https://github.com/OP-TEE/optee_test
613 [manifest]: https://github.com/OP-TEE/manifest
614 [build]: https://github.com/OP-TEE/build
618 # OP-TEE - version 0.3.0
622 * Add hardware support for
623 * Mediatek MT8173 Board, ARMv8-A (plat-mediatek)
624 * Hisilicon HiKey Board, ARMv8-A (plat-hikey)
625 * AArch64 build of optee_os is now possible through the configuration `CFG_ARM64_core=y`
626 * Secure Storage: Data can be encrypted prior to their storage in the non-secure.
627 Build is configured using `CFG_ENC_FS=y`
628 * A generic boot scheme can be used. Boot configuration is commonalized. This helps
629 new board support. It is applied on plat-hikey, plat-vexpress, plat-mediatek, plat-stm
637 | Standard tests | The optee_test project. |
638 | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
639 | Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
641 * ARM Juno Board (vexpress-juno), standard tests.
642 * Foundation Models (vexpress-fvp), standard tests.
643 * HiKey (hikey), standard tests.
644 * MT8173 (mediatek), standard tests.
645 * QEMU (vexpress-qemu), standard + extended tests.
646 * STM Cannes (stm-cannes), standard + extended tests.
648 -------------------------------------------
650 # OP-TEE - version 0.2.0
654 ### Linux Driver Refactoring
656 Linux Driver has been refactored. It is now split in two parts:
657 * optee.ko, the generic Linux driver. It contains all functionality
658 common to all backends.
659 * optee_armtz.ko, a specific backend dedicated to the TrustZone optee.
660 It depends on optee.ko.
662 Loading the TrustZone optee linux driver module is now performed using
666 Thanks to the dependency between the generic and the backend modules, optee.ko is then automatically loaded.
668 ### Misc new features
669 * support PL310 lock down at TEE boot
670 * add 64bits support (division / print)
677 | Standard tests | The optee_test project. |
678 | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.1.0.4. |
679 | Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
681 * ARM Juno Board (vexpress-juno), standard tests + extended tests.
683 * Foundation Models (vexpress-fvp), standard + extended tests.
685 * QEMU (vexpress-qemu), standard + extended tests.
687 * STM Cannes (stm-cannes), standard + extended tests.
690 ## Issues resolved since last release
691 * Fix user TA trace issue, in order each TA is able to select its own trace level
694 -------------------------------------------
695 #OP-TEE - version 0.1.0
698 Below is a summary of the most important features added, but at the end you will
699 find a link that present you all commits between the current and previous
702 * GlobalPlatform Client API v1.0 support.
704 * GlobalPlatform Internal API v1.0 support.
706 * GlobalPlatform Secure Elements v1.0 support.
708 * Add hardware support for
710 * Allwinner A80, ARMv7-A.
712 * ARM Juno Board, ARMv8-A.
714 * Foundation Models, ARMv8-A.
716 * Fast Models, ARMv8-A.
720 * STM Cannes, ARMv7-A.
722 * STM Orly2, ARMv7-A.
724 * Add LibTomCrypt as the default software cryptographic library.
726 * Add cryptographic abstraction layer in on secure side to ease the use of
727 other cryptographic software libraries or adding support for hardware
730 * Extended cryptographic API with support for HKDF, Concat KDF and PBKDF2.
732 * SHA-1 and SHA-256 ARMv8-A crypto extension implementation.
734 * Enabled paging support in OP-TEE OS.
736 * Add support for xtest (both standard and extended) in QEMU and FVP setup
739 * Add documentation for the OS design, cryptographic abstraction layer, secure
740 elements design, the build system, GitHub usage, key derivation extensions,
741 ARM-Trusted Firmware usage within OP-TEE and GlobalPlatform usage within
744 * Integrate support for Travis CI.
746 * [Link][github_commits_0_1_0] to a list of all commits between this and
755 | Standard tests | The optee_test project. |
756 | Extended tests | optee_test with tests from the GlobalPlatform™ TEE Initial Configuration Test Suite v1.0.0. |
757 | Hello world test | Plain hello world Trusted Application such as [this][hello_world]. |
759 * Allwinner A80 (plat-sunxi), hello world test.
761 * ARM Juno Board (vexpress-juno), standard tests.
763 * Foundation Models (plat-vexpress-fvp), standard + extended tests
765 * QEMU (plat-vexpress-qemu), standard + extended tests (and Secure Elements
768 * STM Cannes (plat-stm-cannes), standard + extended tests.
771 ## Issues resolved since last release
772 N/A since this is the first release tag on OP-TEE.
776 * Storage is implemented, but not "Secure storage", meaning that a client
777 needs to do encrypt files on their own before storing the files.
779 * Issue(s) open on GitHub
780 * [#95][pr95]: An error about building the test code of libtomcrypt.
782 * [#149][pr149]: when testing optee os with arm trusted firmware (I
783 utilized optee os tee.bin as bl32 image) on juno platform, I got an
786 * [#161][pr161]: tee_svc_cryp.c lacks accessibility checks on
787 user-supplied TEE_Attributes.
789 [hello_world]: https://github.com/jenswi-linaro/lcu14_optee_hello_world
790 [github_commits_0_1_0]: https://github.com/OP-TEE/optee_os/compare/b01047730e77127c23a36591643eeb8bb0487d68...999e4a6c0f64d3177fd3d0db234107b6fb860884
791 [pr95]: https://github.com/OP-TEE/optee_os/issues/95
792 [pr149]: https://github.com/OP-TEE/optee_os/issues/149
793 [pr161]: https://github.com/OP-TEE/optee_os/issues/161
795 * Global Platform Device Internal Core API v1.1
796 * [#230][pr230]: Persistent object corruption support (TEE_ERROR_CORRUPT_OBJECT/_2)
797 * [#230][pr230]: Persistent object access support (TEE_ERROR_STORAGE_NOT_AVAILABLE/_2)