-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for TrEE Services #37
Comments
Services based on
|
Regarding UEFI variables: The TZ-App responsible for handling this can be found at |
As far as I can tell: TZ-Apps can be loaded dynamically from the OS via a SMC call ( The ID has to be queried dynamically by providing the unique name ( In addition, it looks like some services can (request to) talk to other services via the TrEE driver as well. In particular, the UEFI and filesystem services (and others) seem to provide such an interface. |
The UEFI service interface is defined at https://github.com/tpn/winsdk-10/blob/master/Include/10.0.16299.0/km/treevariableservice.h#L35. |
In addition to the above, there seem to be two types: SecureServices and OsServices. The .inf file of the driver lists dependencies of SecureServices on OsServices. For example, the UEFI variable service has a dependency on the RpmbOsService (PRMB meaning replay-protected memory block). In particular, that means that the UEFI variable service depends on an OS provided mechanism for accessing the UEFI key store. On UFS based devices (e.g. Flex 5G), that seems to be provided via partitions on the UFS storage, whereas on the Pro X it looks like this is stored in a SPI NOR flash. So we would probably need support for that first. I briefly assumed that UEFI might provide stub UEFI Runtime Service functions calling into the UEFI variable service, but that seems unlikely: As far as I can tell, the secure environment cannot initiate communication itself. Instead, the OS initiates all communications. For example, to query a UEFI variable, the OS would (likely) initiate communication, which then leads to the secure service returning a "partial/incomplete" status from the SCM call and a request for some callback/os-service execution. The OS driver handles this and then continues the original command until "complete" is returned. |
Found in a partition dump from UEFI: SecParti.cfg.txt. Seems to list secure file system partitions. |
We now have a driver (more like an interface) for the basic communication with TrEE apps / TZ-OS and a driver for the UEFI Secure App / Support for the TPM handled via another secure application ( |
On the Pro X (and likely other Qualcomm devices), various services are provided via the Trusted Execution Environment (TrEE) and TrustZone (TZ) Apps. In particular, access to EFI variables is provided via such a service, as is the TPM, HDCP, and more. On Windows, this is managed by the
QcTrEE8180.sys
driver.The text was updated successfully, but these errors were encountered: