Teaclave TrustZone SDK (Rust OP-TEE TrustZone SDK) provides abilities to build safe TrustZone applications in Rust. The SDK is based on the OP-TEE project which follows GlobalPlatform TEE specifications and provides ergonomic APIs. In addition, it enables the capability to write TrustZone applications with Rust's standard library (std) and many third-party libraries (i.e., crates). Teaclave TrustZone SDK is a sub-project of Apache Teaclave (incubating).
Teaclave TrustZone SDK provides two development modes for Rust TAs: no-std and std. We recommend using no-std by default. For a detailed comparison, please refer to Comparison.
UPDATES: We have developed a new build environment on the main branch, which will now be the only branch for development and maintenance and includes breaking changes to the legacy master branch. If you're using the master branch and wish to migrate to the new development branch (main), please refer to the migration guide.
Developing Trusted Applications (TAs) often requires specific hardware, which can be a barrier for many developers. To address this, we provide a prebuilt Docker environment that allows you to experience TAs without the need for physical hardware.
The Docker image automates the entire setup process for TrustZone emulation in QEMU, enabling you to focus on writing and testing your applications efficiently, without the hassle of manual configuration.
Choose your development mode in Emulator:
In addition to developing and testing Trusted Applications (TAs) in the QEMU emulator, setting up build configurations for specific hardware targets are also necessary. For detailed instructions on customizing your build environment, please refer to the Advanced Setup Documentation.
For other tips regarding the support Rust Examples, TA debugging, expanding secure memory, please refer to the docs/ directory.
More details about the design and implementation can be found in our paper published in ACSAC 2020: RusTEE: Developing Memory-Safe ARM TrustZone Applications. Here is the BiBTeX record for your reference.
@inproceedings{wan20rustee, author = "Shengye Wan and Mingshen Sun and Kun Sun and Ning Zhang and Xu He", title = "{RusTEE: Developing Memory-Safe ARM TrustZone Applications}", booktitle = "Proceedings of the 36th Annual Computer Security Applications Conference", series = "ACSAC '20", year = "2020", month = "12", }
Teaclave is open source in The Apache Way, we aim to create a project that is maintained and owned by the community. All kinds of contributions are welcome. Thanks to our contributors.
Teaclave follows the Apache Software Foundation (ASF) model, which does not require Signed-off-by or other commit trailers. While such tags (e.g., DCO-style trailers like Signed-off-by, Reviewed-by) are welcome, they are optional and not enforced. Pull requests with or without them are equally welcome.
However, DCO-style tags cannot substitute for the Contributor License Agreement (CLA). Major contributions and all committers must have a signed CLA on file, as required by the ASF.
