Trusted Thread Scheduling in OP-TEE

Trusted thread for standard services (standard SMC)

  • Terminates when optee_os returns to the normal world with a service completion status.
  • Can be interrupted by
    • Foreign interrupt (non-secure): optee_os suspends the trusted thread and invokes the normal world through the Monitor (RPC services). The trusted threads will resume only once normal world invokes the optee_os with the RPC service status.
    • Native interrupt (secure): Native interrupt is handled by the interrupt exception handler. Once served, optee_os then returns to the execution of trusted thread.
  • Can lead optee_os to invoke a service in normal world (e.g., access a file, get the REE current time, etc.).
    • Trusted thread is suspended/resumed for the remote service execution.

 

Scheduling consideration

  • When interrupted by foreign interrupt or optee_os invokes a normal world service, the normal world gets the opportunity to reschedule the running application. The trusted thread can resume only once the client application is scheduled back. That means a trusted thread execution follows the scheduling of the normal world.
  • optee_os does not implement any thread scheduling. Each trusted thread is expected to track a service that is invoked from the normal world and should return to it with an execution status.
  • Linux thread invoking OP-TEE gets assigned a trusted thread on TEE. So trusted threads are scheduled by the linux kernel.

 

Trusted thread constraints

  • TEE handles a static number of trusted thread (CFG_NUM_THREADS).
  • Trusted threads are only expensive on memory constrained system, mainly regarding the execution stack size.
  • On SMP (Systematic Multi-Processing) system, optee_os can execute several trusted threads in parallel if the normal world supports scheduling of processes. UP system, supporting several trusted threads in optee_os, also helps normal world scheduler to be efficient.

 

 

Source:

Leave A Comment

Your email address will not be published. Required fields are marked *