Software Architecture

Figure 1 shows the software architecture of the TEE Kit.

The software architecture includes the TMM (S-EL2), TMMD (EL3), and also the Kernel-based Virtual Machine (KVM) running in the normal world.

• Trusted Management Monitor (TMM): It runs at the Secure Execution Level 2 (S-EL2) layer of the TEE, performing functions such as cVM lifecycle management, memory page table mapping, and context switch.
• Trusted Management Monitor Dispatcher (TMMD): It runs in the Arm trusted firmware (ATF) of the EL3 layer. It forwards rich execution environment (REE) and TEE messages and switches contexts between the two worlds.
• KVM: After a patch is installed in the KVM, the KVM can send TrustZone Management Interface (TMI) messages to the TEE so that the KVM manages the lifecycle of cVMs.