linux-drivers/
drivers/tee/optee

OP-TEE Trusted Execution Environment driver for Arm TrustZone

Kernel-side interface to OP-TEE, an open-source secure operating system that runs alongside Linux inside Arm TrustZone and newer FF-A secure firmware. It lets user space and other kernel subsystems invoke trusted applications for secure key storage, DRM, secure boot, and protected memory on Arm SoCs from NXP, ST, TI, Rockchip, AMD/Xilinx and others.

keep conf=0.92 deploy=high replacement=none subsystem=tee category=firmware
92%

recommendation

It should stay because OP-TEE is the standard Arm secure-world interface and the driver is under active development, with substantial feature work landing as recently as late 2025 and early 2026, including new FF-A protected-memory support from Linaro. It also underpins shipping silicon that vendors are actively launching, such as ST's STM32MP25 family documented in November 2025, so there is no realistic in-tree replacement.

repository signals

17 files
7,525 source lines
87 commits, 5y
+6,283 / −2,481 lines added / removed, 5y
39 authors, 5y
monthly commits · 2021-04-21 → 2026-04-21 · 87 total · active in 37/61 months
2021 2022 2023 2024 2025 2026 2021-04: 1 commit · +8 −4 2021-05: 0 commits · +0 −0 2021-06: 7 commits · +566 −138 2021-07: 2 commits · +2,649 −1,401 2021-08: 1 commit · +1 −1 2021-09: 0 commits · +0 −0 2021-10: 3 commits · +29 −2 2021-11: 3 commits · +122 −38 2021-12: 4 commits · +17 −8 2022-01: 4 commits · +408 −147 2022-02: 6 commits · +86 −155 2022-03: 2 commits · +11 −10 2022-04: 1 commit · +1 −1 2022-05: 1 commit · +1 −1 2022-06: 2 commits · +3 −3 2022-07: 0 commits · +0 −0 2022-08: 0 commits · +0 −0 2022-09: 6 commits · +43 −44 2022-10: 0 commits · +0 −0 2022-11: 1 commit · +1 −1 2022-12: 0 commits · +0 −0 2023-01: 0 commits · +0 −0 2023-02: 1 commit · +1 −1 2023-03: 2 commits · +332 −4 2023-04: 1 commit · +3 −1 2023-05: 0 commits · +0 −0 2023-06: 1 commit · +1 −2 2023-07: 0 commits · +0 −0 2023-08: 1 commit · +0 −2 2023-09: 2 commits · +155 −42 2023-10: 3 commits · +184 −27 2023-11: 5 commits · +64 −63 2023-12: 0 commits · +0 −0 2024-01: 0 commits · +0 −0 2024-02: 0 commits · +0 −0 2024-03: 4 commits · +19 −97 2024-04: 0 commits · +0 −0 2024-05: 1 commit · +20 −5 2024-06: 1 commit · +9 −3 2024-07: 0 commits · +0 −0 2024-08: 1 commit · +371 −2 2024-09: 2 commits · +2 −1 2024-10: 0 commits · +0 −0 2024-11: 1 commit · +3 −2 2024-12: 1 commit · +1 −1 2025-01: 0 commits · +0 −0 2025-02: 1 commit · +8 −27 2025-03: 0 commits · +0 −0 2025-04: 1 commit · +1 −2 2025-05: 0 commits · +0 −0 2025-06: 1 commit · +34 −9 2025-07: 1 commit · +1 −1 2025-08: 5 commits · +780 −28 2025-09: 0 commits · +0 −0 2025-10: 0 commits · +0 −0 2025-11: 0 commits · +0 −0 2025-12: 0 commits · +0 −0 2026-01: 3 commits · +97 −20 2026-02: 2 commits · +30 −32 2026-03: 0 commits · +0 −0 2026-04: 0 commits · +0 −0

sources

  1. lore.kernel.org

    Recent upstream feature work touched OP-TEE core in January 2026 ('store OS revision for TEE core'), indicating active maintenance rather than retirement.

  2. lore.kernel.org

    Large reviewed FF-A protected-memory support work landed on the OP-TEE path in September 2025, showing ongoing development for current Arm secure-world integrations.

  3. optee.readthedocs.io

    Official OP-TEE documentation lists many publicly available and maintained platforms, including current NXP, ST, TI, Rockchip, AMD/Xilinx and QEMU targets.

  4. wiki.st.com

    ST's November 25, 2025 STM32MP25 documentation describes OP-TEE as the platform TEE for STM32MP2-series devices, evidence of new-product deployment in current embedded SoCs.

codex reasoning notes (technical)

Real driver directory: kernel TEE bus driver code with module entry points. lore_file_timeline on the directory path returned no indexed hits, so I used lore_activity on representative files (`core.c`, `ffa_abi.c`) and cited the returned lore URLs; both show substantial 2025-2026 feature work, not end-of-life cleanup. Web evidence came from opening official OP-TEE docs via web search and ST's vendor wiki page for STM32MP25. Conclusion: OP-TEE remains in active upstream development and in current embedded Arm deployments, with no natural in-tree replacement for the same secure-OS interface.