linux-drivers/
drivers/tee

Trusted Execution Environment (TEE) subsystem: OP-TEE, AMD-TEE, Qualcomm QTEE

A kernel framework that lets Linux talk to secure-world firmware running alongside the OS on modern CPUs, used for DRM key handling, secure boot attestation, biometrics, and confidential computing. Back-ends cover Arm TrustZone (OP-TEE), AMD SEV on EPYC servers, Qualcomm QTEE on Snapdragon, and Arm Trusted Services.

keep conf=0.92 deploy=high replacement=none subsystem=tee category=infrastructure
92%

recommendation

It should stay because the subsystem underpins security features on hardware actively shipping in 2025, including AMD EPYC 7000/8000/9000 confidential-computing servers, Qualcomm and other Arm SoCs in phones and embedded boards, and AMD/Xilinx Zynq MPSoCs. Upstream development is healthy, with new feature work landing on tee_core and the OP-TEE driver as recently as January 2026, so there is no obsolescence case to make.

repository signals

47 files
16,286 source lines
155 commits, 5y
+12,698 / −3,442 lines added / removed, 5y
60 authors, 5y
monthly commits · 2021-04-21 → 2026-04-21 · 155 total · active in 46/61 months
2021 2022 2023 2024 2025 2026 2021-04: 2 commits · +114 −20 2021-05: 0 commits · +0 −0 2021-06: 9 commits · +589 −141 2021-07: 2 commits · +2,649 −1,401 2021-08: 1 commit · +1 −1 2021-09: 0 commits · +0 −0 2021-10: 5 commits · +36 −4 2021-11: 4 commits · +124 −41 2021-12: 6 commits · +84 −120 2022-01: 4 commits · +408 −147 2022-02: 11 commits · +403 −482 2022-03: 2 commits · +11 −10 2022-04: 3 commits · +1 −53 2022-05: 1 commit · +1 −1 2022-06: 3 commits · +4 −4 2022-07: 0 commits · +0 −0 2022-08: 2 commits · +4 −0 2022-09: 6 commits · +43 −44 2022-10: 0 commits · +0 −0 2022-11: 1 commit · +1 −1 2022-12: 0 commits · +0 −0 2023-01: 1 commit · +1 −1 2023-02: 4 commits · +35 −53 2023-03: 5 commits · +336 −8 2023-04: 1 commit · +3 −1 2023-05: 1 commit · +23 −17 2023-06: 1 commit · +1 −2 2023-07: 0 commits · +0 −0 2023-08: 1 commit · +0 −4 2023-09: 3 commits · +161 −46 2023-10: 5 commits · +203 −37 2023-11: 5 commits · +64 −63 2023-12: 1 commit · +42 −36 2024-01: 0 commits · +0 −0 2024-02: 1 commit · +1 −1 2024-03: 5 commits · +679 −140 2024-04: 0 commits · +0 −0 2024-05: 1 commit · +20 −5 2024-06: 1 commit · +9 −3 2024-07: 1 commit · +1 −1 2024-08: 2 commits · +384 −8 2024-09: 2 commits · +2 −1 2024-10: 0 commits · +0 −0 2024-11: 1 commit · +3 −2 2024-12: 1 commit · +1 −1 2025-01: 0 commits · +0 −0 2025-02: 1 commit · +8 −27 2025-03: 0 commits · +0 −0 2025-04: 4 commits · +16 −14 2025-05: 0 commits · +0 −0 2025-06: 1 commit · +34 −9 2025-07: 3 commits · +12 −6 2025-08: 10 commits · +1,583 −122 2025-09: 11 commits · +4,015 −18 2025-10: 0 commits · +0 −0 2025-11: 2 commits · +2 −2 2025-12: 5 commits · +98 −15 2026-01: 5 commits · +151 −25 2026-02: 5 commits · +115 −149 2026-03: 0 commits · +0 −0 2026-04: 0 commits · +0 −0

sources

  1. lore.kernel.org

    `drivers/tee/tee_core.c` saw active upstream feature work in January 2026 (`tee: add revision sysfs attribute`) with review on LKML, indicating the subsystem is maintained rather than in retirement.

  2. lore.kernel.org

    `drivers/tee/optee/core.c` also saw active upstream feature work in January 2026 (`tee: optee: store OS revision for TEE core`), showing continued investment in a concrete in-tree TEE driver.

  3. optee.readthedocs.io

    Official OP-TEE documentation describes OP-TEE as the Linux-kernel TEE framework/driver companion for Arm TrustZone systems, showing this is a current upstream and ecosystem-relevant interface rather than legacy-only hardware.

  4. optee.readthedocs.io

    Official OP-TEE docs list supported AMD/Xilinx Zynq MPSoC boards, evidence that TEE-backed Arm SoCs using this stack remain in active embedded deployments.

  5. amd.com

    AMD states SEV creates a TEE and is built into current EPYC 7000/8000/9000 server CPUs, showing `drivers/tee/amdtee` maps to hardware still shipping in 2025-era products.

codex reasoning notes (technical)

Not an early-exit case: local shell inspection (`ls`, `rg`, `sed` on `drivers/tee/Kconfig` and `Makefile`) showed real in-tree driver code plus active subdrivers (`optee`, `amdtee`, `qcomtee`, `tstee`). Lore evidence came from `lore_activity` on `drivers/tee/tee_core.c` and `drivers/tee/optee/core.c`, which returned 2025-2026 patches with review, so this is actively maintained. `lore_file_timeline` on the directory path returned no matches, which looks like a path-granularity limitation rather than a removal signal; no concrete removal thread was found. Deployment evidence came from web `search/open/find` on official OP-TEE docs and AMD EPYC confidential-computing pages. Because TEE hardware/interfaces are still shipping across Arm embedded/mobile and AMD server confidential-computing platforms, there is no obsolescence case here; keep the directory.