Hi OP-TEE experts,

 

I’m looking at OP-TEE Secure OS and came across number of questions that I need to clarify:

 

-          It seems OP-TEE is using only L1 page tables

·         It has one large L1 page table for kernel which maps flat 4 GB space (referenced by TTBR1); every thread has another L1 translation table(s) referenced by TTBR0 which map 32 MB of virtual addresses

·         Does this mean that the smallest unit of memory that it can map is 1 MB?

·         If Trusted Application code/data/stack is 16 KB total, does it still consume 1 MB of DRAM?

 

-          TA Memory usage

·         Browsing through OP-TEE source (tee_ta_load_user_ta() function) we noticed that heap/stack for all TAs seems to be allocated from the same pool, is this correct?

·         If yes, then can different TAs see heap/stack of each other? If this is possible, then what is security model of OP-TEE? Does it assume that all TAs are trusted and don’t need isolation from each other? Any high level design description would be very helpful

 

-          Access to HW resources

·         If TA needs to access some HW resources, how can this be done? Does OP-TEE has concept of loadable secure Drivers?

 

-          Suspend/Resume

·         Does OP-TEE support saving/restoring its state for CPU suspend/resume cycle?

 

-          Scheduling of TA threads

·         Does OP-TEE Swd kernel have periodic timer interrupt handler that causes the task switch or does it rely on Nwd making some sort of SMC call for that?

 

If someone can help clarify this it would be very much appreciated.

 

Thanks,

Sergey Blotsky