TEE系列之ARM Trustzone 技術(shù)淺析(四)
1��、GlobalPlatform
GlobalPlatform是一個(gè)由100多家成員公司推動(dòng)的非營利性行業(yè)協(xié)會(huì)���。成員們共同的目標(biāo)是開發(fā)GlobalPlatform的規(guī)范�����。這些規(guī)范現(xiàn)已被廣泛認(rèn)定為推動(dòng)數(shù)字服務(wù)和設(shè)備在整個(gè)生命周期內(nèi)受到信任并安全管理的國際標(biāo)準(zhǔn)。
GlobalPlatform通過制定標(biāo)準(zhǔn)和認(rèn)證安全硬件/硬件組合(合稱安全組件�����,可充當(dāng)設(shè)備上的信任錨)來保護(hù)數(shù)字服務(wù)。這有助于服務(wù)提供商和設(shè)備制造商之間的協(xié)作�,使他們能夠確保所有設(shè)備足夠安全,能夠防范威脅����。
GlobalPlatform規(guī)范還制定了實(shí)地應(yīng)用數(shù)字服務(wù)和設(shè)備的安全管理標(biāo)準(zhǔn)?�?偠灾?�,GlobalPlatform可為終端用戶提供方便�、安全的數(shù)字服務(wù),同時(shí)無論市場部門或設(shè)備類型如何�����,GlobalPlatform都提供隱私保護(hù)支持����。GlobalPlatform保護(hù)的設(shè)備包括智能手機(jī)、平板電腦����、機(jī)頂盒、可穿戴設(shè)備、聯(lián)網(wǎng)汽車�����、其他物聯(lián)網(wǎng)(IoT)設(shè)備和智能卡片����。
該技術(shù)廣泛應(yīng)用于全球,提高了所有用戶的成本和上市時(shí)間的效率�����。采用GlobalPlatform技術(shù)的市場領(lǐng)域包括支付�、電信、交通�、汽車、智能城市�、智能家居、公用事業(yè)��、醫(yī)療保健�����、優(yōu)質(zhì)內(nèi)容���、政府和企業(yè)ID�����。
GlobalPlatform成功技術(shù)規(guī)范開發(fā)的成就歸功于近二十年來各相關(guān)行業(yè)充滿活力與卓有成效的合作�����。成員通過參與技術(shù)委員會(huì)����、工作組和戰(zhàn)略工作組來影響組織的成果�。GlobalPlatform技術(shù)是與世界各地的眾多標(biāo)準(zhǔn)機(jī)構(gòu)和區(qū)域組織合作開發(fā)的,確保了持續(xù)的相關(guān)性和及時(shí)性�。
下面分別進(jìn)行一句話概況:
1,SE管理作為GP標(biāo)準(zhǔn)重要一項(xiàng)�,有完善的API、測試套件��。2��,TEE API規(guī)范主要是TEE方案商和TA開發(fā)者必備的案頭參考手冊��。3�����,TEE 一致性規(guī)范,主要還包含測試相關(guān)啦���!4��,TEE管理框架����,就是應(yīng)用管理相關(guān)����,也是需要各大TEE廠商所重視的。5��,TEE PP也就是TEE的安全輪廓���,是TEE安全認(rèn)證的最重要的文檔��。備注:把SE也放在一起���,因?yàn)閷?shí)際應(yīng)用中TEE和SE也是一對(duì)不可分離的兄弟!
�����、
2、TEE GP API介紹
TEE API分兩種:
一類是CA與TA通信的API���,實(shí)現(xiàn)方式就是應(yīng)用程序調(diào)用libteec.so庫,libteec.so庫是由optee_client編譯出的���,libteec.so中調(diào)用了dev/tee_priv節(jié)點(diǎn)陷入kernel mode�,在kernel mode中調(diào)用smc同步異常指令陷入到ATF�����,ATF再跳出到TEE OS, TEE OS再將消息發(fā)送給相應(yīng)的TA����。該API在globalplatform中的TEE_Client_API_Specification-V1.0_c.pdf文檔中有所規(guī)定,api的具體實(shí)現(xiàn)是在optee_client/libteec
一類是TA系統(tǒng)調(diào)用TEE OS的API�,這是的實(shí)現(xiàn)方式其實(shí)就是系統(tǒng)調(diào)用,調(diào)用SVC同步異常指令���,進(jìn)入kernel mode�����。該API在globalplatform中的GPD_TEE_Internal_Core_API_Specification_v1.1.pdf文檔中有所規(guī)定��,api的具體實(shí)現(xiàn)是在optee_os/lib/libutee
2.1 TEE Client API介紹
這類api不到10個(gè)(一共9個(gè))
TEEC_InitializeContextTEEC_FinalizeContextTEEC_RegisterSharedMemoryTEEC_AllocateSharedMemoryTEEC_ReleaseSharedMemoryTEEC_OpenSession TEEC_CloseSessionTEEC_InvokeCommandTEEC_RequestCancellation
2.2 TEE OS API
這類api就有很多了�,也分好幾類:
(1)、Asymmetric
TEE_AsymmetricDecryptTEE_AsymmetricEncryptTEE_AsymmetricSignDigestTEE_AsymmetricVerifyDigest
(2)����、Authenticated Encryption
TEE_AEDecryptFinalTEE_AEEncryptFinalTEE_AEInitTEE_AEUpdateTEE_AEUpdateAAD
(3)、Basic Arithmetic
TEE_BigIntAddTEE_BigIntDivTEE_BigIntMulTEE_BigIntNegTEE_BigIntSquareTEE_BigIntSub
(4)��、Cancellation
TEE_GetCancellationFlagTEE_MaskCancellationTEE_UnmaskCancellation
(5)��、Converter
TEE_BigIntConvertFromOctetStringTEE_BigIntConvertFromS32TEE_BigIntConvertToOctetStringTEE_BigIntConvertToS32
(6)���、Data Stream Access
TEE_ReadObjectDataTEE_SeekObjectDataTEE_TruncateObjectDataTEE_WriteObjectData
(7)�����、Deprecated
TEE_BigIntInitFMMContextTEE_CloseAndDeletePersistentObjectTEE_CopyObjectAttributesTEE_GetObjectInfoTEE_RestrictObjectUsage
(8)����、Events
TEE_Event_AddSourcesTEE_Event_CancelSourcesTEE_Event_CloseQueueTEE_Event_DropSourcesTEE_Event_ListSourcesTEE_Event_OpenQueueTEE_Event_TimerCreateTEE_Event_Wait
(9)����、Fast Modular Multiplication
TEE_BigIntComputeFMMTEE_BigIntConvertFromFMMTEE_BigIntConvertToFMM
(10)����、Generic Object
TEE_CloseObjectTEE_GetObjectBufferAttributeTEE_GetObjectInfo (deprecated)TEE_GetObjectInfo1TEE_GetObjectValueAttributeTEE_RestrictObjectUsage (deprecated)TEE_RestrictObjectUsage1
(11)�、Generic Operation
TEE_AllocateOperationTEE_CopyOperationTEE_FreeOperationTEE_GetOperationInfoTEE_GetOperationInfoMultipleTEE_IsAlgorithmSupportedTEE_ResetOperationTEE_SetOperationKeyTEE_SetOperationKey2
(12)、Initialization
TEE_BigIntInitTEE_BigIntInitFMMTEE_BigIntInitFMMContext (deprecated)TEE_BigIntInitFMMContext1
(13)�����、Internal Client API
TEE_CloseTASessionTEE_InvokeTACommandTEE_OpenTASession
(14)�����、Key Derivation
TEE_DeriveKey
(15)�、Logical Operation
TEE_BigIntAbsTEE_BigIntAssignTEE_BigIntCmpTEE_BigIntCmpS32TEE_BigIntGetBitTEE_BigIntGetBitCountTEE_BigIntSetBitTEE_BigIntShiftRight
(16)�����、MAC
TEE_MACCompareFinalTEE_MACComputeFinalTEE_MACInitTEE_MACUpdate
(17)�、Memory Allocation and Size of Objects
TEE_BigIntFMMContextSizeInU32TEE_BigIntFMMSizeInU32TEE_BigIntSizeInU32 (macro)
(18)、Memory Management
TEE_CheckMemoryAccessRightsTEE_FreeTEE_GetInstanceDataTEE_MallocTEE_MemCompareTEE_MemFillTEE_MemMoveTEE_ReallocTEE_SetInstanceData
(19)�����、Message Digest
TEE_DigestDoFinalTEE_DigestExtractTEE_DigestUpdate
(20)��、Modular Arithmetic
TEE_BigIntAddModTEE_BigIntExpModTEE_BigIntInvModTEE_BigIntModTEE_BigIntMulModTEE_BigIntSquareModTEE_BigIntSubMod
(21)、Other Arithmetic
TEE_BigIntComputeExtendedGcdTEE_BigIntIsProbablePrimeTEE_BigIntRelativePrime
(22)���、Panic Function
TEE_Panic
(23)����、Peripherals
TEE_Peripheral_CloseTEE_Peripheral_CloseMultipleTEE_Peripheral_GetPeripheralsTEE_Peripheral_GetStateTEE_Peripheral_GetStateTableTEE_Peripheral_OpenTEE_Peripheral_OpenMultipleTEE_Peripheral_ReadTEE_Peripheral_SetStateTEE_Peripheral_Write
(24)�、Persistent Object
TEE_CloseAndDeletePersistentObject (deprecated)TEE_CloseAndDeletePersistentObject1TEE_CreatePersistentObjectTEE_OpenPersistentObjectTEE_RenamePersistentObject
(25)、Persistent Object Enumeration
TEE_AllocatePersistentObjectEnumeratorTEE_FreePersistentObjectEnumeratorTEE_GetNextPersistentObjectTEE_ResetPersistentObjectEnumeratorTEE_StartPersistentObjectEnumerator
(26)����、Property Access
TEE_AllocatePropertyEnumeratorTEE_FreePropertyEnumeratorTEE_GetNextPropertyTEE_GetPropertyAsBinaryBlockTEE_GetPropertyAsBoolTEE_GetPropertyAsIdentityTEE_GetPropertyAsStringTEE_GetPropertyAsU32TEE_GetPropertyAsU64TEE_GetPropertyAsUUIDTEE_GetPropertyNameTEE_ResetPropertyEnumeratorTEE_StartPropertyEnumerator
(27)、Random Data Generation
TEE_GenerateRandom
(28)��、Symmetric Cipher
TEE_CipherDoFinalTEE_CipherInitTEE_CipherUpdate
(29)��、TA Interface
TA_CloseSessionEntryPointTA_CreateEntryPointTA_DestroyEntryPointTA_InvokeCommandEntryPointTA_OpenSessionEntryPoint
(30)���、Time
TEE_GetREETimeTEE_GetSystemTimeTEE_GetTAPersistentTimeTEE_SetTAPersistentTimeTEE_Wait
(31)�、Transient Object
TEE_AllocateTransientObjectTEE_CopyObjectAttributes (deprecated)TEE_CopyObjectAttributes1TEE_FreeTransientObjectTEE_GenerateKeyTEE_InitRefAttributeTEE_InitValueAttributeTEE_PopulateTransientObjectTEE_ResetTransientObject
在這里插入圖片描述
