Feature Description

The TrustZone TEE runs on a physical server. In most scenarios, the physical server is on the device side. ISVs deploy TAs in the TEE on the device side and remotely process their confidential data. To ensure that the service TA works as expected, the remote or local attestation solution is generally adopted. The TA runtime environment verifies the TA integrity.

• iTrustee SDK: It is a developer tool for the secure OS iTrustee and is used to generate TA binary baseline measurement values for CA and TA compilation.
• RA Client: initiates a remote attestation request to the target TA and invokes the Kunpeng security library (RA lib) to verify the returned attestation report.
• RA Service: receives attestation requests, registers attestation keys, obtains attestation reports, and returns attestation reports to the RA Client.
• Quoting CA (QCA) lib: It is located in the REE and is provided as a library to respond to remote attestation requests initiated by the verifier.
• Quoting TA (QTA): A privileged TA in remote attestation. It receives and processes attestation requests from the QCA or TA, attestation service certificate import requests, and attestation key generation requests.
• tcmgr: microkernel service, which functions as a trusted base to provide interfaces for upper-layer systems to generate attestation keys, calculate and store measurement values, and generate and sign attestation reports.
• Attestation Service: functions as the server to provide the attestation key service and provides the digital signature service for the attestation key in different scenarios.