3 The communication API for connecting Client Applications running in a rich operating environment
4 with security related Trusted Applications running inside a Trusted Execution Environment (TEE).
10 A TEE provides an execution environment with security capabilities, which are either available to Trusted Applications
11 running inside the TEE or exposed externally to Client Applications.
12 The TEE Client API concentrates on the interface to enable efficient communications between
13 a Client Application and a Trusted Application running inside the TEE.
14 Higher level standards and protocol layers may be built on top of the foundation
15 provided by the TEE Client API – for example, to cover common tasks, such as secure storage,
16 cryptography, and run-time installation of new Trusted Applications.
17 The separation between the rich environment and the TEE is guaranted.
20 The key design principles of the TEE Client API are:
23 <term>Client-side memory allocations</term>
25 Where possible the design of the TEE Client API has placed the responsibility for memory
26 allocation on the calling Client Application code. This gives the Client developer choice of
27 memory allocation locations, enabling simple optimizations, such as stack-based allocation
28 or enhanced flexibility using placements in static global memory or thread-local storage.<br />
29 This design choice is evident in the API by the use of pointers to structures rather than
30 opaque handles to represent any manipulated objects.
34 <term>Aim for zero-copy data transfer</term>
36 The features of the TEE Client API are chosen to maximize the possibility of zero-copy
37 data transfer between the Client Application and the Trusted Application.<br />
38 However, short messages can also be passed by copy, which avoids the overhead of
43 <term>Support memory sharing by pointers</term>
45 The TEE Client API will be used to implement higher-level APIs, such as cryptography or
46 secure storage, where the caller will often provide memory buffers for input or output data
47 using simple C pointers. The TEE Client API must allow efficient sharing of this type of
48 memory, and as such does not rely on the Client Application being able to use bulk
49 memory buffers allocated by the TEE Client API.
53 <term>Specify only communication mechanisms</term>
55 This API focuses on defining the underlying communications channel. It does not define
56 the format of the messages which pass over the channel, or the protocols used by specific
66 The following example demonstrates how to invoke command on Trused Application.
68 Guid ta_uuid = new Guid("TA-guid-put-here");
69 Context ctx = new Context(null);
70 Session ses = ctx.OpenSession(ta_uuid);
71 Parameter[] p = { new Value(1,2,TEFValueType.In) };
72 ses.InvokeCommand(1, p);
78 namespace Tizen.Security.TEEC {}