Security & Trust
OP-TEE: Open-Source Secure Operating System
OP-TEE: Open Portable Trusted Execution Environment OP-TEE is a small secure operating system which, after authentication and decryption, gets loaded in an secured area in the memory. A Rich OS (e. g. Xilinx PetaLinunx) driver can request, via a Secure Monitor Call, the execution of a trusted application.
OP-TEE is an Open-Source initiative driven by a Linaro team who maintains the code and makes it available for download at GitHub.
MLE took the effort to port OP-TEE to Xilinx Zynq UltraScale+ MPSoC and RFSoC devices and included device specific optimizations. The outcome is two-fold: Tightly integrated Open-Source maintained by experts of Xilinx System-on-Chip and ACAP technology. And, additional professional services for customization and product life cycle support.
Key Features of OP-TEE in FPGAs
- Enables running secure & trusted applications from within a rich Linux operating system
- Utilizes standard ARM Trusted Execution Environment (TEE)
- Utilizes advanced security functions in Xilinx Zynq UltraScale+ MPSoC and RFSoC devices
- Optional hardware acceleration for AES-CGM, RSA, SHA3, etc
- Optional secure key handling with integrated PUF (Physically Unclonable Function) support
- Optional handling for integrated eFUSE burning
- Secure and non-secure bitstream loading
- Support for custom secure functions in Programmable Logic
- Secure data storage
- Secure communication
- Secure Over-the-Air (SOTA) updates
- Key to meet compliance with standards such as IEC 62443, IEC 27001 etc
- Protect Functional Safety (SIL, ASIL) related designs
- Secure touch inputs
- Secure key handling
MLE OP-TEE is available as pure Open-Source or as a professionally maintained source code deliverable:
OP-TEE Open-Source Edition
|Licensed under BSD / Linaro terms and available for download from GitHub.||
Free of charge
OP-TEE Professional Edition
|MLE Single-Site or Multi-Site Source Code License. Delivered by MLE in electronic form.||Annual subscription fees starting at $42,800.-|
Application / Project specific Expert Design Services
|System-level design, modeling, implementation and test for realizing Domain-Specific Secure appplications.||$1,480.- per
(Open Source Edition)
The OP-TEE Open Source Edition for Zynq UltraScale+ MPSoC and RFSoC is licensed under Linaro / BSD license as Open Source and comes with all source code and necessary packages. This version is ideal to explore the TEE world and develop your own trusted application.
Key Features and Benefits:
- Open Source and Free of Charge
- Runs in external PS-attached DDR memory
- No Hardware acceleration for AES, RSA, SHA3
- No access to PUF
MLE OP-TEE PRO can be licensed from MLE and will provide all source code and necessary packages to run OP-TEE on Zynq UltraScale+ MPSoC and RFSoC.
Key Features and Benefits:
- Hardware acceleration for AES
- Hardware acceleration for RSA
- Hardware acceleration for SHA3
- With secure boot: access to PUF (Physical Uncloneable Function) functionality
- Can load OP-TEE into TCM
Comparison Between OP-TEE Free And OP-TEE PRO
Frequently Asked Questions
Most of the Zynq UltraScale+ MPSoC / RFSoC (ZynqMP) specific code for OP-TEE is currently going upstream to become part of the free open-source edition.
However, there are functions of ZynqMP which require special handling, like the one-time-programmable eFuses, or support for custom secure PL functions, for example. Such device and/or application specific security functions of ZynqMP will be covered only by the PRO edition. Please refer to the comparison table above.
Yes, MLE ships source code for OP-TEE PRO. Those ZynqMP platform specific code portions are available today and have passed review by the Xilinx Security Center of Excellence (COE). The most recent review was November 2019.
OP-TEE Free is free-of-charge open-source software (FOSS) and can be downloaded from here: https://github.com/OP-TEE/ under a BSD 2-Clause License.