Change Description

TrustZone can be enabled in Linux kernel 5.10.

1. The REE patch can be compiled and loaded based on Linux kernel 5.10.
2. The OS compatibility list is verified for openEuler 22.03 LTS.

A TA certificate revocation list (CRL) can be imported.

1. Since TEE OS 1.2.0, ISVs and customers can import their own root or level-2 TA developer certificates to deploy their own PKI systems on the cloud.
2. Since TEE OS 1.3.0, a TA CRL can be imported using the certificate import tool.

Key data is encrypted in the memory.

The SRAM-based Memory Encryption Engine (SMEE) feature is used to store sensitive data of the TA process in the SRAM to defend against physical attacks on the DRAM, such as cold start and side channel attacks.

The attestation server scenario is added for TA remote attestation.

The TA remote attestation feature is enhanced with support for the attestation server scenario.

The SEC driver can be released and loaded independently.

The SEC driver can run independently in the TEE OS.

The TEE OS allows SmartKit to directly connect to the HOUP platform for firmware upgrade.

1. The TEE OS firmware can be released to the Huawei HOUP platform.
2. You can use SmartKit to directly connect to the HOUP platform to obtain the latest TEE OS firmware.