[dm][tee] support Trusted Execution Environment (TEE)#11480
Open
GuEe-GUI wants to merge 1 commit into
Open
Conversation
|
👋 感谢您对 RT-Thread 的贡献!Thank you for your contribution to RT-Thread! 为确保代码符合 RT-Thread 的编码规范,请在你的仓库中执行以下步骤运行代码格式化工作流(如果格式化CI运行失败)。 🛠 操作步骤 | Steps
完成后,提交将自动更新至 如有问题欢迎联系我们,再次感谢您的贡献!💐 |
github-actions
Bot
added
Doc
📌 Code Review Assignment🏷️ Tag: componentsReviewers: Maihuanyi Changed Files (Click to expand)
🏷️ Tag: documentationReviewers: CXSforHPU GorrayLi lianux-mm Changed Files (Click to expand)
📊 Current Review Status (Last Updated: 2026-06-14 11:49 CST)
📝 Review Instructions
|
Signed-off-by: GuEe-GUI <2991707448@qq.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR introduces a new TEE (Trusted Execution Environment) subsystem under the RT-Thread DM driver framework, with an OP-TEE backend implementation and accompanying documentation.
本 PR 在 RT-Thread 的 DM 驱动框架下新增 TEE 子系统,并提供 OP-TEE 后端实现与配套文档。
Changes:
- Add a TEE core layer (
rt_tee_device, session/invoke APIs, SHM register/unregister helpers).
新增 TEE 核心层(设备对象、会话/调用 API、共享内存注册/注销辅助函数)。 - Add an OP-TEE backend driver (SMC/HVC, RPC handling, dynamic SHM register/unregister, optional FinSH example).
新增 OP-TEE 后端驱动(SMC/HVC 调用、RPC 处理、动态 SHM 注册/注销、可选 FinSH 示例)。 - Integrate into build/config/docs (Kconfig, SConscript, rtdevice include, component docs index + TEE doc page).
集成到构建/配置/文档(Kconfig、SConscript、rtdevice 头文件包含、文档索引与 TEE 文档页面)。
PR checklist notes (metadata):
- The PR description template sections for Why / Solution / Verified BSP & .config / CI action link are currently empty.
PR 描述中的 Why / Solution / 已验证 BSP 与 .config / CI action 链接 目前为空,建议补齐以便复现与验收。
Reviewed changes
Copilot reviewed 14 out of 14 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| documentation/6.components/device-driver/tee/tee.md | Adds user-facing TEE subsystem API documentation and usage notes |
| documentation/6.components/device-driver/INDEX.md | Adds TEE doc page link into device-driver index |
| components/drivers/tee/tee.c | Implements TEE core device registration, session APIs, and SHM helpers |
| components/drivers/tee/SConscript | Builds TEE core when RT_USING_TEE is enabled |
| components/drivers/tee/optee/SConscript | Builds OP-TEE backend and optional examples |
| components/drivers/tee/optee/optee.c | Implements OP-TEE backend driver, RPC handling, session/invoke, SHM ops |
| components/drivers/tee/optee/optee_smc.h | Adds OP-TEE SMC interface definitions |
| components/drivers/tee/optee/optee_msg.h | Adds OP-TEE message protocol structures/constants |
| components/drivers/tee/optee/optee_examples.c | Adds FinSH example command using the TEE client API |
| components/drivers/tee/optee/Kconfig | Adds OP-TEE backend and example Kconfig options |
| components/drivers/tee/Kconfig | Adds top-level TEE Kconfig entry and hooks for SoC backends |
| components/drivers/Kconfig | Includes TEE into the drivers Kconfig tree |
| components/drivers/include/rtdevice.h | Includes drivers/tee.h when RT_USING_TEE is enabled |
| components/drivers/include/drivers/tee.h | Adds public TEE API types/macros (device, params, SHM, ops) |
Comment on lines
+62
to
+66
| #define OPTEE_SMC_CALLS_COUNT \ | ||
| ARM_SMCCC_CALL_VAL(OPTEE_SMC_FAST_CALL, \ | ||
| SMCCC_SMC_32, \ | ||
| SMCCC_OWNER_TRUSTED_OS_END, \ | ||
| OPTEE_SMC_FUNCID_CALLS_COUNT) |
| #define DBG_LVL DBG_INFO | ||
| #include <rtdbg.h> | ||
|
|
||
| #include <mm_page.h> |
Comment on lines
+279
to
+284
| else if ((shm->flags & TEE_SHM_SYS) && (shm->flags & ~TEE_SHM_DRV)) | ||
| { | ||
| if ((err = rt_tee_shm_alloc_helper(shm))) | ||
| { | ||
| return err; | ||
| } |
Comment on lines
+93
to
+101
| if (!rt_list_isempty(&tdev->shm_nodes)) | ||
| { | ||
| LOG_W("%s: shm not unregister", rt_dm_dev_get_name(&tdev->parent)); | ||
|
|
||
| rt_list_for_each_entry_safe(shm, shm_next, &tdev->shm_nodes, list) | ||
| { | ||
| tdev->ops->shm_unregister(tdev, shm); | ||
| } | ||
| } |
Comment on lines
+554
to
+556
| rt_memcpy(&msg_arg->params[0].value, arg->uuid, sizeof(arg->uuid)); | ||
| rt_memcpy(&msg_arg->params[1].value, arg->uuid, sizeof(arg->clnt_uuid)); | ||
| msg_arg->params[1].value.c = arg->clnt_login; |
Comment on lines
+107
to
+110
| if ((err = rt_tee_open_session(tdev, open))) | ||
| { | ||
| goto _free_args; | ||
| } |
| #define DBG_LVL DBG_INFO | ||
| #include <rtdbg.h> | ||
|
|
||
| #include <smccc.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
拉取/合并请求描述:(PR description)
[
为什么提交这份PR (why to submit this PR)
你的解决方案是什么 (what is your solution)
请提供验证的bsp和config (provide the config and bsp)
]
当前拉取/合并请求的状态 Intent for your PR
必须选择一项 Choose one (Mandatory):
代码质量 Code Quality:
我在这个拉取/合并请求中已经考虑了 As part of this pull request, I've considered the following:
#if 0代码,不包含已经被注释了的代码 All redundant code is removed and cleaned up