Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

TA Mandatory APIs

Each TA must implement the five API functions described in Table 1 to implement communication and data transmission between a TA and a CA.

Table 1 Mandatory APIs for TAs

Function Name

Description

TA_CreateEntryPoint

It is the constructor function of the secure service. It is called by a CA to open a session at the first time and create a TA instance. If this function fails to be executed, the TA instance fails to be created.

TA_DestroyEntryPoint

It is the destructor function of the secure service. It is called by a CA to close a session and delete the TA instance.

TA_OpenSessionEntryPoint

When a CA opens a session, the secure OS calls the API of the corresponding TA to create a session in the secure world.

TA_CloseSessionEntryPoint

When a CA closes a session, the secure OS calls the API of the corresponding TA to close the session in the secure world.

TA_InvokeCommandEntryPoint

When a CA sends a command (TEEC_InvokeCommand) to the secure OS, the secure OS calls the API of the corresponding TA to perform specified operations in the secure world, for example, encryption, decryption, or trusted storage.

In addition to the connection and communication between a CA and a TA, the connection and communication can also be established between TAs.

  • The calling TA uses TEE_OpenTASession to open a session, TEE_InvokeTACommand to send commands, and TEE_CloseTASession to close a session. The called TA calls AddCaller_TA_all when executing the TA_CreateEntryPoint function to allow other TAs to call itself. It can obtain the caller and authentication information through TEE_EXT_GetCallerInfo when executing TA_OpenSessionEntryPoint function.
  • For TEE OS earlier than 1.4.0, ensure that the called TA has been loaded before initiating an inter-TA call. Since TEE OS 1.4.0, the called TA can be loaded when needed. If it has not been loaded, the system tries to call it from the default load path, that is, /var/itrustee/ta.
  • If TAs use the shared memory to transmit sensitive data between them, TA developers must protect the data confidentiality and integrity.