Request Information for ARM Secure OP-TEE

Security and Trust

OP-TEE: Open Portable Trusted Execution Environment OP-TEE is a small secure operating system which, after authentication and decryption, gets loaded in an secured area in the memory. A Rich OS (e. g. Xilinx PetaLinunx) driver can request, via a Secure Monitor Call, the execution of a trusted application.

OP-TEE is an Open-Source initiative driven by a Linaro team who maintains the code and makes it available for download at GitHub.

MLE took the effort to port OP-TEE to Xilinx Zynq UltraScale+ MPSoC and RFSoC devices and included device specific optimizations. The outcome is two-fold: Tightly integrated Open-Source maintained by experts of Xilinx System-on-Chip and ACAP technology. And, additional professional services for customization and product life cycle support.

Key Features

  • Enables running secure & trusted applications from within a rich Linux operating system
  • Utilizes standard ARM Trusted Execution Environment (TEE)
  • Utilizes advanced security functions in Xilinx Zynq UltraScale+ MPSoC and RFSoC devices
  • Optional hardware acceleration for AES-CGM, RSA, SHA3, etc
  • Optional secure key handling with integrated PUF (Physically Unclonable Function) support
  • Optional handling for integrated eFUSE burning
  • Secure and non-secure bitstream loading
  • Support for custom secure functions in Programmable Logic

Applications

  • Secure data storage
  • Secure communication
  • Secure Over-the-Air (SOTA) updates
  • Key to meet compliance with standards such as IEC 62443, IEC 27001 etc
  • Protect Functional Safety (SIL, ASIL) related designs
  • Secure touch inputs
  • Secure key handling

Availability

MLE OP-TEE is available for Xilinx Zynq-7000, Zynq UltraScale+ MPSoC and RFSoC devices now. Our team is working with Xilinx to add support for the new Xilinx Versal Prima and Xilinx Versal AI Core devices.

Products Availability Matrix

Pricing

MLE OP-TEE is available as pure Open-Source or as a professionally maintained source code deliverable:

Product Name Deliverables Pricing

OP-TEE Open-Source Edition
(OP-TEE Free)

Licensed under BSD / Linaro terms and available for download from GitHub.

free of charge

OP-TEE Professional Edition
(OP-TEE PRO)

MLE Single-Site or Multi-Site Source Code License. Delivered by MLE in electronic form. annual subscription fees starting from
42,800.00 $

Application / Project specific Expert Design Services

System-level design, modeling, implementation and test for realizing Domain-Specific Secure appplications. 1.480.00 $ per engineering day

 

Below you find a comparison between OP-TEE Free and OP-TEE PRO:

Functionality
supported:
OP-TEE Free OP-TEE PRO
OP-TEE Basic functionality
Trusted Applications
with your own secure application
Secure Paging (Hashed DDR Memory) -
Testsuite (10k+ Test Cases for selftest)
(extended)
AES-GCM (Xilinx CSU hardware accelerated) -
RSA (Xilinx CSU hardware accelerated) -
SHA3 (Xilinx CSU hardware accelerated) -
Secure Key handling with Physical Unclonable
Function (PUF)
-
Support for eFuse burning -
Secure/Nonsecure Bitstream Loading -
Performance Measurement of context switch
or Trusted Application
-
Custom Secure PL Functions -

OP-TEE Free (Open Source Edition)

The OP-TEE Open Source Edition for Zynq UltraScale+ MPSoC and RFSoC is licensed under Linaro / BSD license as Open Source and comes with all source code and necessary packages. This version is ideal to explore the TEE world and develop your own trusted application. 

Key Features and Benefits:

  • Open Source and Free of Charge
  • Runs in external PS-attached DDR memory
  • No Hardware acceleration for AES, RSA, SHA3
  • No access to PUF

MLE has contacted the maintainers of Linaro OP-TEE on GitHub and is in the process of uploading the changes to support Xilinx Zynq UltraScale+ MPSoC and RFSoC.

OP-TEE PRO (Professional Edition)

MLE OP-TEE PRO can be licensed from MLE and will provide all source code and necessary packages to run OP-TEE on Zynq UltraScale+ MPSoC and RFSoC.

Key Features and Benefits:

  • Hardware acceleration for AES
  • Hardware acceleration for RSA
  • Hardware acceleration for SHA3
  • With secure boot: access to PUF (Physical Uncloneable Function) functionality
  • Can load OP-TEE into TCM

Datasheets and Documentation

Download the Brochure for MLE OP-TEE.

MLE presentation at the 3rd Workshop "Programmable Processing for the Autonmous / Connected Vehicle 2019" on Security / Trusted Execution Environment and Functional Safety with Zync Ultrascale+ MPSoC / RFSoC.

Official OP-TEE online documentation.

Related information at Xilinx Security Website including presentations by MLE (available under NDA only).

Whitepaper 513 from Xilinx on IEC 62443 Compliant Product Enablement.