Introduction

Trusted Firmware OP TEE v3.15.0 was released on the 18th of October 2021. The release includes support for Rust, PKCS#11 (a Public-Key Cryptography Standard that defines a platform independent API for cryptographic tokens), an Mbed TLS library upgrade, and more.

Highlights

Here are some of the main additions in OP TEE 3.15.0:

• Integration of Teaclave TrustZone SDK with OP-TEE. With this integration, OP-TEE client and trusted applications written in Rust can now be built and run.

  • Trustzone SDK documentation is available here.

• PKCS#11 TA

  • Support for RSA Key pair generation, PKCS#1 v1.5 signing & verification support with several hash modes, PSS signing & verification support, OAEP encryption/decryption support
  • Support for Certificate objects and X.509 public key certificate objects
  • More AES and HMAC mechanisms
  • An overview of PKCS#11 in OP-TEE can be found in this presentation from Linaro Connect

• New Platform Support

  • Total compute platform for TC1

• Mbed TLS library in OP-TEE upgraded to 2.27.0

• Support for Arm MMU for address space >=40 bits.

More details regarding the updates in this release can be found here.

Additional information

The release included updates to the following repos:

• optee_os - 131 commits and 69 PR’s
• optee_client - 17 commits and 10 PR’s
• optee_test - 15 commits and 12 PR’s
• build - 15 commits and 13 PR’s

Testing of the release has been performed by the committers and can be found here Forty-four devices were tested for this release using the OP-TEE xtest test suite. Testing results can be found in the pull request itself

The release has been tagged at 3.15.0 using the OP TEE release procedure.

The OP TEE release roadmap can be found here.

Any security fixes prior to the next release will be made available on the Security Advisories page.