2026-05-28 –, Auditorium
What is OP-TEE? How does it work? And why are so many features for OP-TEE disabled by default?
This talk will give an introduction to OP-TEE and than highlight the lesser known features such as asynchronous notifications, Secure Data Path or Function Tracing. It will also take a look into future, where industrial arm64 SoC are no longer limited to ARMv8.2 and with ARMv8.4 can provide virtualization of the secure world to implement the Firmware Framework for A-Profile (FFA) specification.
The talk aims to provide an introduction to OP-TEE, describe how different boot up flows work and will describe how an execution environment differs from a full operating system implementation.
With this foundation we will start to look at interesting features implemented into OP-TEE, many of which are disabled by default either because most platforms don't require them or they are primarily aimed for debugging and have a performance impact. Among those features, at least the following will be covered:
- OP-TEE & Linux kernel support for synchronous and asynchronous notifications
- Secure Data Path and the OP-TEE Heap implementation for protected buffer sharing
- Function Tracing for Applications running within OP-TEE
- OP-TEE support to communicate with external secure elements via the Linux kernel
We will than take a look into the Firmware Framework for A-Profile (FFA) specification which becomes relevant with ARMv8.4 implementations and explain how OP-TEE fits into it. This will also cover other components which are affected by FFA i.e. TF-A & hafnium.
At first building the labgrid hardware access layer, Rouven nowadays works on security solutions for embedded devices.