Trusted thread for standard services (standard SMC)
- Terminates when optee_os returns to the normal world with a service completion status.
- Can be interrupted by
- Foreign interrupt (non-secure): optee_os suspends the trusted thread and invokes the normal world through the Monitor (RPC services). The trusted threads will resume only once normal world invokes the optee_os with the RPC service status.
- Native interrupt (secure): Native interrupt is handled by the interrupt exception handler. Once served, optee_os then returns to the execution of trusted thread.
- Can lead optee_os to invoke a service in normal world (e.g., access a file, get the REE current time, etc.).
- Trusted thread is suspended/resumed for the remote service execution.
- When interrupted by foreign interrupt or optee_os invokes a normal world service, the normal world gets the opportunity to reschedule the running application. The trusted thread can resume only once the client application is scheduled back. That means a trusted thread execution follows the scheduling of the normal world.
- optee_os does not implement any thread scheduling. Each trusted thread is expected to track a service that is invoked from the normal world and should return to it with an execution status.
- Linux thread invoking OP-TEE gets assigned a trusted thread on TEE. So trusted threads are scheduled by the linux kernel.
Trusted thread constraints
- TEE handles a static number of trusted thread (CFG_NUM_THREADS).
- Trusted threads are only expensive on memory constrained system, mainly regarding the execution stack size.
- On SMP (Systematic Multi-Processing) system, optee_os can execute several trusted threads in parallel if the normal world supports scheduling of processes. UP system, supporting several trusted threads in optee_os, also helps normal world scheduler to be efficient.