Green TEE is a Trusted OS designed to run in Secure-EL1 (S-EL1) mode on processors supporting ARM Trustzone. This project has 8 components which put together gives a working Linux Kernel in NS-EL1 and Green TEE running in S-EL1.

• Arm Trusted Firmware: arm-trusted-firmware/
• Green TEE Secure Payload Dispatcher (inside TF-A as EL3 runtime service): arm-trusted-firmware/services/spd/green_teed/
• Buildroot: buildroot/
• U-Boot: u-boot/
• Linux Kernel: linux/
• Linux Kernel TEE Driver: linux/drivers/green_tee
• Green TEE Core: /tee
• Linux Userspace Client: /client

The build system is designed to highly simplify the compilation process as these components have various build-time configurations.

The userspace client can use ioctl() to issue requests to the Linux Kernel which passes relevant information to TF-A through an SMC call. TF-A then switches context to Green TEE where the request is processed.

• GREEN_TEE_PRINT: Print a string in the Secure World terminal sent by NS-EL0 application.
• GREEN_TEE_ENCRYPT: Encrypt a buffer passed from NS-EL0 using the One Time Pad cryptographic algorithm.
• GREEN_TEE_DECRYPT: Decrypt a buffer passed from NS-EL0 using the One Time Pad cryptographic algorithm.

chmod +x ./install.sh

./install.sh

make

QEMU forwards S-EL1's serial device data to localhost:12345. A netcat connection has to be established on another terminal.

make nc (another terminal)

make run

Upper Terminal: Linux Kernel

Lower Terminal: Green TEE