OP-TEE OTP overview

Revision as of 09:40, 27 October 2022 by Registered User (→‎Framework purpose)
Applicable for STM32MP13x lines, STM32MP15x lines

This article gives information about the OTP framework in OP-TEE and the associated interfaces.

1. Framework purpose[edit source]

The two OP-TEE OTP PTA, BSEC and NVMEM, provides a generic interface for the device non-volatile OTP (one-time programmable) fuses.

It offers interfaces to read and/or write OTP data and status at Trusted Applications (TA) in secure world and at non-secure applications.

2. System overview[edit source]

Under construction.png Coming soon

2.1. Component description[edit source]

  • Non secure world (Linux):
    • NVMEM framework (kernel space) : The NVMEM framework in Linux® kernel provides sysfs interface and NVMEM API.
    • NVMEM drivers (kernel space): Provider drivers such as BSEC Linux® driver that exposes OTP data to the core.
    • TEE Core API Lib (User Space): Library called by the client application to access to the kernel space.
    • TEE framework (kernel space): The TEE framework provides TEE client API to communicate with secure services, as the services provided by the OP-TEE Linux® driver.
    • OP-TEE driver (Kernel Space): Generic driver that send the message to the OP-TEE OS.
  • Secure world: the OP-TEE secure OS is running on the Cortex-A in secure mode and exposes secure service with Trusted Applications (TA)
    • NVMEM TA (OP-TEE core): Interface that exposes the NVMEM specific services for provisioning by non-secure world.
    • BSEC PTA (OP-TEE core): Interface that exposes the BSEC specific services for OTP acccess by non-secure world or to other TAs.
    • BSEC driver (OP-TEE core):

2.2. API description[edit source]

The OTP interface is provided by two trusted applications (TA) in OP-TEE, accessible from the normal world with the GlobalPlatform API:

3. Configuration[edit source]

3.1. OP-TEE_OS configuration[edit source]

Activate BSEC PTA in OP-TEE configuration core/arch/arm/plat-stm32mp1/conf.mk : 

CFG_BSEC_PTA ?= y

Activate STM32MP NVMEM TA in OP-TEE configuration core/arch/arm/plat-stm32mp1/conf.mk : 

CFG_TA_STM32MP_NVMEM  ?=y

3.2. Device tree configuration[edit source]

Detailed DT configuration for STM32 internal peripherals:

4. References[edit source]

Please refer to the following links for additional information:



One time programmed

Open portable trusted execution environment

Pseudo Trusted Application

Boot and Security and OTP control

Trusted application

Linux® is a registered trademark of Linus Torvalds.

System file system (see https://en.wikipedia.org/wiki/Sysfs for more details)

Application programming interface

Trusted execution environment

Operating system

Cortex®

Device tree

Retrieved from "https://wiki.stmicroelectronics.cn/stm32mpu/index.php?title=OP-TEE_OTP_overview&oldid=88886"