Apache Teaclave™ TrustZone SDK v0.6.0

This release aligns with the OP-TEE quarterly release schedule and is compatible with OP-TEE 4.7.0.
It introduces major improvements across features, build workflows, and documentation. Highlights include new TLS client and server examples built on the latest Rustls, a significant refactoring of the Object component for better maintainability, and enhancements to the build system and CI pipeline with separated test workflows, new environment configurations for building standard TAs, and simplified Makefiles. Documentation has also been refreshed for consistency, clarity, and an improved developer experience.

What's Changed

🚀 Features

• lint: clippy enforcement and fix for all examples (#224) by @DemesneGH
• examples: tls client and server for new rustls (#221) by @DemesneGH
• Refactor Object (#209) by @ivila

📚 Examples

• examples: tls client and server for new rustls (#221) by @DemesneGH
• Simplified makefile (#217) by @m4sterchain

⚙️ Refactoring

• Refactor Object (#209) by @ivila

🔧 Build / CI

• ci: cleanup unused packages for OP-TEE workflows (#226) by @DemesneGH
• optee-*: bump version to 0.6.0 (#223) by @DemesneGH
• example: fix emulate target in std env (#220) by @m4sterchain
• Simplified makefile (#217) by @m4sterchain
• ci: separate tests (#212) by @ivila
• update optee-version (#211) by @ivila
• build-env: introduce env for building std ta. (#207) by @m4sterchain
• build-env: introduce build config with management (#206) by @m4sterchain
• fix doctest (#204) by @ivila

📝 Documentation

• repo: update description for graduation. (#227) by @m4sterchain
• docs: Add tips and scripts for release (#203) by @DemesneGH
• remove outdated KEYS file (#219) by @m4sterchain
• Simplified makefile (#217) by @m4sterchain
• readme: unify branding name (#216) by @m4sterchain
• docs: unify docs for website display. (#215) by @m4sterchain
• docs: simplify REAME.md (#213) by @m4sterchain
• Refactor Object (#209) by @ivila
• docs: clarify contribution policy for DCO tags and CLA requirements (#208) by @m4sterchain
• build-env: introduce env for building std ta. (#207) by @m4sterchain
• readme: fix broken docs link (#205) by @m4sterchain
• fix doctest (#204) by @ivila

Apache Teaclave TrustZone SDK (incubating) v0.5.0

This release introduces enhanced support for TA-to-TA invocation with a new design, exposes more low-level OP-TEE capabilities such as objectType and TEE_GetProperty, and adds a generic session pool abstraction to optee_teec. It also improves developer experience with a prebuilt Docker development image, expanded examples (including mnist-rs), and better CI infrastructure including arm64 builds. It includes key refactorings, bug fixes, and the ability to use optee-utee-sys as a standalone build dependency—paving the way for more flexible integration.

What's Changed

🚀 Features

• optee-utee: expose objectType from TEE_ObjectInfo (#201) by @x1a0b0
• Expose login field from raw::TEEC_OpenSession (#195) by @simonsso
• optee-utee: support TEE_GetProperty APIs (#190) by @DemesneGH
• Support adding optee-utee-sys as build dependency (#186) by @ivila
• New Design for TA-to-TA Invocation (#178) by @DemesneGH
• optee_teec: Refactor Context & Session to support Generic Session Pool (#175) by @ivila

📚 Examples

• Refine license of example mnist-rs (#197) by @ivila
• Support adding optee-utee-sys as build dependency (#186) by @ivila
• New Design for TA-to-TA Invocation (#178) by @DemesneGH
• optee_teec: Refactor Context & Session to support Generic Session Pool (#175) by @ivila
• Examples: Add mnist-rs (#173) by @ivila

⚙️ Refactoring

• crates: move secure_db to shared crates/ directory (#192) by @DemesneGH
• Remove unwrap in test case (#187) by @simonsso
• New Design for TA-to-TA Invocation (#178) by @DemesneGH
• optee_teec: Refactor Context & Session to support Generic Session Pool (#175) by @ivila
• optee_teec: extension: fix macro errors (#176) by @ivila

🔧 Build / CI

• ci: add workflow to draft release notes (#200) by @DemesneGH
• examples/std/ta: Add Cargo.lock to pin crate versions (#199) by @DemesneGH
• dev-env: prebuilt docker image for development and emulation (#193) by @DemesneGH
• ci: Add test qemu image builder (#183) by @ivila
• examples: downgrade url dependency of message_passing_interface-rs (#188) by @ivila
• Support adding optee-utee-sys as build dependency (#186) by @ivila
• ci: add arm64 platform (#184) by @ivila
• Fix ctest (#179) by @ivila
• ci: add build_runner_image.yml (#180) by @ivila

📦 Dependencies

• Version bump for release 0.5.0 (#198) by @DemesneGH

🐛 Bug Fixes

• Fix ctest (#179) by @ivila
• optee_teec: extension: fix macro errors (#176) by @ivila

📝 Documentation

• dev-env: prebuilt docker image for development and emulation (#193) by @DemesneGH

New Contributors

• @simonsso made their first contribution in #187

Full Changelog: v0.4.0...v0.5.0-rc.1

Apache Teaclave TrustZone SDK (incubating) v0.4.0

This release introduces a new unified build environment that supports both the original std and the newly added no-std, along with a new crate to simplify the process of building trusted applications. It also includes real-world examples and updates to support the latest OP-TEE release (4.5.0).

The following are the key updates:

Breaking Changes in the Build Environment

In this release candidate, we have reorganized the code structure and build environment to support both no-std and std build options, simplifying the overall build process.

Additionally, the TA build scripts have been streamlined by introducing the new optee-utee-build crate.

Since the process is quite complex, the following breakdown provides more details:

Starting with an intermediate branch no-std, which simplifies the build environment from scratch:

• On no-std branch: Cleaned up the build environment for no-std and simplified the build process. The works processed on PR114-PR122, e.g.: PR #115
• Based on no-std, added std support: PR #141
• Renamed no-std to main and set it as the default branch: Issue #143
• Further improvements on main after setting it as default:
  Introduced optee-utee-build crate for simplified TA builds. PR #156

Integration with OP-TEE

• Updated CI Docker image for the new OP-TEE build environment: PR #157
• Pinned the setup to OP-TEE 4.5.0: Commit 3aa0c94

New Features

• Made panic_handler optional in optee-utee: PR #147
• Added support for configuring the capacity of shared buffers in LoadablePlugin: PR #154
• Added no-std networking support in optee-utee: PR #164

New Examples

• Added error-handling example: PR #127
• Introduced project/ directory for real-world examples, including a Web3 ETH wallet example: PR #150
• Added no-std support for tcp_client-rs and udp_socket-rs. PR #164

Bug Fixes

• Fixed a double-free bug in optee-utee: PR #127
• Improved argument validation error messages: PR #134

Documentation Updates

• README updates:
  • no-std improvements: PR #128
  • Re-added std support in the new build environment: PR #144
• New migration guide:
  • Migrating to the new build environment (Post-Oct 2024)
• Guide for writing Rust TAs using optee-utee-build:
  • Writing Rust TAs

Apache Teaclave TrustZone SDK (incubating) v0.3.0

This is the third Apache Incubator release of Teaclave TrustZone SDK. Teaclave TrustZone SDK provides abilities to build safe TrustZone applications in Rust. The SDK is based on the OP-TEE project which follows GlobalPlatform TEE specifications and provides ergonomic APIs. In addition, it enables the capability to write TrustZone applications with Rust's standard library and many third-party libraries (i.e., crates). Teaclave TrustZone SDK is a sub-project of Apache Teaclave (incubating).

In this release we have the following fundamental updates:

Features

• Add tls_client and tls_server examples
• Add signature verification example

Enhancements

Integration into OP-TEE

• Update to OP-TEE 4.2.0 (#35)
• Update to GP 1.3.1 (#105)
• Update to OP-TEE 3.20.0 (#104)

Building

• Upgrade toolchain and std to May 2024 (#139)
• examples: ensure the proper build order (#124)

Bug fixes

• Fix double-free bug in optee-utee (#127)
• Fix cargo error (#102)

Documentation

• Add Documentation for no-std (#128)
• Building Rust CA as Android ELF (#95)

Apache Teaclave TrustZone SDK (incubating) v0.2.0

This is the second Apache Incubator release of Teaclave TrustZone SDK. Teaclave TrustZone SDK provides abilities to build safe TrustZone applications in Rust. The SDK is based on the OP-TEE project which follows GlobalPlatform TEE specifications and provides ergonomic APIs. In addition, it enables the capability to write TrustZone applications with Rust's standard library and many third-party libraries (i.e., crates). Teaclave TrustZone SDK is a sub-project of Apache Teaclave (incubating).

During this period, we are working closely with the OP-TEE community to integrate TA examples written in Rust into the upstream repository. You can try and play with the examples written in Rust with Teaclave TrustZone SDK since the OP-TEE 3.15.0 release.

More specifically, in this release we have the following updates:

Features

• Add support for tee-supplicant loadable plugins and examples
• Add TEE Socket APIs and examples

Enhancements

Integration into OP-TEE

• Add the -rs suffix to examples and update test scripts (#34)
• Update to OP-TEE 3.14.0 (#35)
• Update to OP-TEE 3.16.0 (#59)

Building

• Upgrade building docker to Ubuntu 20.04 (#33)
• Update Rust toolchain to nightly-2021-09-20 and std to 1.56.1 (#53)
• Add setup.sh to setup rust environment and initialize submodules (#40, #63)

CI

• Switch to GitHub Actions (#33)
• Add expect script for OP-TEE CI and fix CI errors (#45, #50)

Bug fixes

• Fix ldelf error of arm32 ta (#38)
• fix error when making the plugin example second time (#42)
• Correct toolchain PATH env (#44)

Docs

• Add debugging OP-TEE TA doc: Debugging OP-TEE TA
• Add documentation of Rust examples: Overview of OP-TEE Rust Examples
• Polish the getting started documentation

Apache Teaclave TrustZone SDK (incubating) v0.1.0

This is the first Apache Incubator release of Teaclave TrustZone SDK. Teaclave TrustZone SDK provides abilities to build safe TrustZone applications in Rust. The SDK is based on the OP-TEE project which follows GlobalPlatform TEE specifications and provides ergonomic APIs. In addition, it enables capability to write TrustZone applications with Rust's standard library and many third-party libraries (i.e., crates). Teaclave TrustZone SDK is a sub-project of Apache Teaclave (incubating).

This version implements the following Rust APIs in GlobalPlatform TEE specifications:

TEE Client API (optee-teec)

• Context
• Error
• Operation
• Parameter
• Session
• UUID

TEE Internal Core API (optee-utee)

• Arithmetical
• Crypto Operation
• Error
• Object
• Parameter
• Time
• Trace

We also provides procedure macros to automatically generate bindings interfaces of TA:

• #[ta_create], #[ta_destroy], #[ta_open_session], #[ta_close_session], #[ta_invoke_command]

This version includes rewrites of all examples from OP-TEE repository. In addition, we include more examples using serde for serialization and deserialization.

This version is compatible with OP-TEE 3.13.0.