Last month I wrote about AMD working on TEE driver support to load "trusted applications" onto the AMD Secure Processor under Linux. That work is now queued for introduction with Linux 5.6 and wired through for Raven Ridge APUs.

The AMD TEE (Trusted Execution Environment) support is for loading sensitive data and secure/trusted applications for running on the Arm-based AMD Secure Processor / PSP that's found embedded into modern AMD CPUs. While found on embedded through server AMD CPUs, with the Linux 5.6 support it appears all focused on Raven Ridge APUs - possibly due to Google Chromebook requirements, just as we've seen HDCP content protection support for Linux with Raven Ridge in recent kernels. The Chromebook angle would also explain why it's taken years for AMD to enable their Secure Processor usage with TEE under Linux until recently, just like their belated HDCP support and other work that has appeared to be pushed along by Google's interests.

The TEE support for Raven APUs with Linux 5.6 provides a "secure environment" for running Trusted Applications (TAs) and requires using their specific TEE interface for loading the binaries into the trusted environment, mapping shared memory, and related functionality.

Until the Linux 5.6 kernel cycle kicks off in about one month, the AMD TEE / Secure Processor patches are currently queued as part of the cryptodev code.