linux-drivers/
drivers/tee/tstee

Arm Trusted Services TEE driver (TS-TEE over FF-A)

Linux-side bridge that lets userspace talk to Trusted Services Secure Partitions running in the secure world of modern Arm systems, using the Arm Firmware Framework (FF-A) as the transport. It exposes those secure-world services through the standard TEE interface, similar in spirit to OP-TEE but for the Arm Trusted Services project rather than a single TEE OS.

keep-annotate conf=0.80 deploy=low replacement=none subsystem=tee category=virtualization
80%

recommendation

Worth keeping but flagging as niche and new: it landed in Linux 6.10 in April 2024, targets a specific Arm secure-world protocol (Trusted Services over FF-A) that nothing else in the tree implements, and is aimed at modern Arm platforms still being designed and shipped today. Deployment is currently low simply because the ecosystem is young, and there is no removal discussion upstream — annotation as a recent, specialised Arm secure-firmware interface is more useful than deprecation.

repository signals

4 files
572 source lines
3 commits, 5y
+594 / −8 lines added / removed, 5y
3 authors, 5y
monthly commits · 2021-04-21 → 2026-04-21 · 3 total · active in 2/61 months
2021 2022 2023 2024 2025 2026 2021-04: 0 commits · +0 −0 2021-05: 0 commits · +0 −0 2021-06: 0 commits · +0 −0 2021-07: 0 commits · +0 −0 2021-08: 0 commits · +0 −0 2021-09: 0 commits · +0 −0 2021-10: 0 commits · +0 −0 2021-11: 0 commits · +0 −0 2021-12: 0 commits · +0 −0 2022-01: 0 commits · +0 −0 2022-02: 0 commits · +0 −0 2022-03: 0 commits · +0 −0 2022-04: 0 commits · +0 −0 2022-05: 0 commits · +0 −0 2022-06: 0 commits · +0 −0 2022-07: 0 commits · +0 −0 2022-08: 0 commits · +0 −0 2022-09: 0 commits · +0 −0 2022-10: 0 commits · +0 −0 2022-11: 0 commits · +0 −0 2022-12: 0 commits · +0 −0 2023-01: 0 commits · +0 −0 2023-02: 0 commits · +0 −0 2023-03: 0 commits · +0 −0 2023-04: 0 commits · +0 −0 2023-05: 0 commits · +0 −0 2023-06: 0 commits · +0 −0 2023-07: 0 commits · +0 −0 2023-08: 0 commits · +0 −0 2023-09: 0 commits · +0 −0 2023-10: 0 commits · +0 −0 2023-11: 0 commits · +0 −0 2023-12: 0 commits · +0 −0 2024-01: 0 commits · +0 −0 2024-02: 0 commits · +0 −0 2024-03: 1 commit · +586 −0 2024-04: 0 commits · +0 −0 2024-05: 0 commits · +0 −0 2024-06: 0 commits · +0 −0 2024-07: 0 commits · +0 −0 2024-08: 0 commits · +0 −0 2024-09: 0 commits · +0 −0 2024-10: 0 commits · +0 −0 2024-11: 0 commits · +0 −0 2024-12: 0 commits · +0 −0 2025-01: 0 commits · +0 −0 2025-02: 0 commits · +0 −0 2025-03: 0 commits · +0 −0 2025-04: 0 commits · +0 −0 2025-05: 0 commits · +0 −0 2025-06: 0 commits · +0 −0 2025-07: 0 commits · +0 −0 2025-08: 0 commits · +0 −0 2025-09: 0 commits · +0 −0 2025-10: 0 commits · +0 −0 2025-11: 0 commits · +0 −0 2025-12: 0 commits · +0 −0 2026-01: 0 commits · +0 −0 2026-02: 2 commits · +8 −8 2026-03: 0 commits · +0 −0 2026-04: 0 commits · +0 −0

sources

  1. docs.kernel.org

    Upstream kernel documentation describes TS-TEE as the Linux-side TEE driver for Trusted Services Secure Partitions over Arm FF-A.

  2. cateee.net

    LKDDb shows CONFIG_ARM_TSTEE as a current in-tree kernel option/module (`arm-tstee`) present from Linux 6.10 onward.

  3. trusted-services.readthedocs.io

    The driver targets the Trusted Services RPC ABI, indicating a protocol-specific interface rather than a generic legacy hardware block.

  4. lwn.net

    The public patch series in March 2024 introduced the driver; the lore-oriented search surfaced introduction coverage, not removal discussion.

codex reasoning notes (technical)

Real driver, not a helper library: local `rg` on drivers/tee/tstee shows `module_ffa_driver(tstee_driver)` and FF-A probe/remove hooks. Local `git log/show` shows one real functional commit adding the driver on 2024-04-03 and only later treewide mechanical churn. URLs were obtained via `web.search_query` (docs.kernel.org, LKDDb, LWN) and from a URL embedded in the local source via `rg` (trusted-services.readthedocs.io). Assessment: this is a very new, niche Arm FF-A/Trusted-Services driver with low but current deployment potential on modern Arm platforms, no natural replacement driver for the same protocol, and no surfaced removal activity; annotate as niche/new rather than deprecate.