Trusted applications and services
Trusted applications run as isolated single-threaded processes under the Trusty OS kernel. Each process runs in its own virtual memory sandbox utilizing the MMU capabilities of the TEE processor. The kernel schedules these processes using a priority-based, round-robin scheduler driven by a secure timer tick. In the current version of Trusty, all Trusty applications share the same priority.
Trusted applications are written as event-driven servers waiting for commands from other applications or from applications running on the main processor. Trusted applications can also be clients of other trusted server applications.
Ports and channels
Ports are used by Trusty applications to expose service end-points in the form of a named path to which clients connect. e.g. “com.google.servicename”.
Channels: symmetric, bi-directional connection instances of a port