This open source trusted execution environment implementation is originally based on Arm TrustZone* and maintained by Linaro*.
OP-TEE* for Intel® Architecture is the hardware virtualization-based OP-TEE solution for x86 systems from Intel. It has a fully compatible design and maximum reuse of OP-TEE. It's a full environment including an operating system, services, and APIs that consist of the following:
Operating system and kernel that:
Supports virtual address space isolation and privilege isolation
Works in event-driven model by request from the Rich Execution Environment (REE)
Drivers for a Linux* kernel
Libraries for client and trusted applications
Hypervisor that uses Intel® Kernel Guard Technology (Intel® KGT), which Intel open sourced in 2015.
Original equipment manufacturers (OEM) can develop their own rich operating system client applications and corresponding OP-TEE for Intel Architecture applications and services with the following setup:
One VM runs the OP-TEE operating system and trusted applications. The other VM runs a rich operating system.
Trusted applications are isolated with Intel® Virtualization Technology (Intel® VT) for IA-32, Intel® 64 and Intel® Architecture (Intel® VT-x).
An x86 OP-TEE driver and virtual machine monitor (VMM) from Intel.
A hypervisor (like Intel KGT) creates the two VMs for the rich and OP-TEE operating systems.