Change Description

Enabling TrustZone in Linux kernel 5.10

1. The REE patch can be compiled and loaded based on Linux kernel 5.10.
2. The OS compatibility list is verified for openEuler 22.03 LTS.

Importing a TA certificate revocation list (CRL)

1. Since TEE OS 1.2.0, ISVs and customers can import their own root or level-2 TA developer certificates to deploy their own PKI systems on the cloud.
2. Since TEE OS 1.3.0, a TA CRL can be imported using the certificate import tool.

Encrypting key data in the memory

The SRAM-based Memory Encryption Engine (SMEE) feature is used to store sensitive data of the TA process in the SRAM to defend against physical attacks on the DRAM, such as cold start and side channel attacks.

Using TA remote attestation in the attestation server scenario

The TA remote attestation feature is enhanced with support for the attestation server scenario.

Releasing and loading the SEC driver independently

The SEC driver can run independently in the TEE OS.

Connecting SmartKit directly to the HOUP platform for firmware upgrade in the TEE OS

1. The TEE OS firmware can be released to the Huawei HOUP platform.
2. You can use SmartKit to directly connect to the HOUP platform to obtain the latest TEE OS firmware.