Home
To simplify the life of developers interacting with Trusted Applications in a Trusted Execution Environment (TEE), an interoperable protocol for managing TAs running in different TEEs of various devices is needed - the TEEP protocol.
TEEP is the first protocol draft to adopt Concise Binary Object Representation (CBOR). Suitable for constrained devices and IoT while keeping similarity of JSON.
Link to the slide: Introduction, objective and use cases of TEEP
The charter page of the TEEP working group can be found at: https://datatracker.ietf.org/wg/teep/about/
These are the main working group documents:
- TEEP Architecture RFC9397: https://www.rfc-editor.org/info/rfc9397
- TEEP over HTTP I.D.: https://datatracker.ietf.org/doc/draft-ietf-teep-otrp-over-http/
- TEEP Protocol I.D.: https://datatracker.ietf.org/doc/draft-ietf-teep-protocol/
This section describes one of the TEEP protocol implementations.
This implementation is based on three drafts:
- The TEEP architecture draft serves as the design foundation.
- TEEP messages are transmitted over HTTP, as described in the TEEP over HTTP draft.
- The TEEP protocol draft defines the format of the TEEP messages.
The implementation consists of two components: the TA-Ref and the TEEP-Device
- Providing Docker images for setting up development environments.
- All sources have copyright notices, license statements, and SPDX identifiers, which are becoming increasingly important for the software supply chain purposes.
- Providing Makefiles and build instructions.
- Providing CI scripts (GitLab) that were used during development.
- Providing all Git logs.
The objective of the TA-Ref component is to provide an SDK that offers a portable programming environment for Intel SGX, ARM OP-TEE, and RISC-V Keystone.
It provides a subset of the Global Platform API along with tutorials and header files for programming.
The intention behind creating TA-Ref was to avoid the need for implementing initial assets from scratch on other CPUs. Instead, an abstraction layer for SGX and RISC-V was developed. These initial assets were originally developed on top of OP-TEE.
The objective of the TEEP-Device component was to validate the protocol specification and to identify any issues. This helped to improve the quality of the IETF specification.
Initially, the implementation was intended to be used in the IETF hackathon events for interoperability testing against other implementations.
The TEEP-Device confirms the TEEP Protocol specification by running the same code base on top of TA-Ref which enables it to run on Intel SGX, ARM OP-TEE, and RISC-V Keystone.