Hi Sebastian!
I'll let Jens fill in the gaps. Some general comments below.
On Wed, 1 Jul 2026 at 12:12, Sebastian Andrzej Siewior bigeasy@linutronix.de wrote:
I have been reviewing how OP‑TEE is implemented and how secure‑world invocations behave. The goal was to determine whether an OP‑TEE call can delay the Linux side and introduce latency depending on the time spent in the secure world.
Similar latency effects are already known for EFI runtime services, but this was not documented. To mitigate the impact, EFI runtime invocations can be restricted to specific CPUs so that real‑time workloads on other CPUs remain unaffected. This mechanism, however, is only described in the commit that introduced it.
This change adds a firmware section that documents these behaviours explicitly. It highlights cases where firmware can delay the kernel, information that may be unfamiliar to some users and surprising-or concerning-to others.
Assisted-by: Microsoft-Copilot Signed-off-by: Sebastian Andrzej Siewior bigeasy@linutronix.de
I would appreciate an ACK from the OP-TEE camp that I got my little research right.
Documentation/core-api/real-time/hardware.rst | 92 +++++++++++++++++++ 1 file changed, 92 insertions(+)
diff --git a/Documentation/core-api/real-time/hardware.rst b/Documentation/core-api/real-time/hardware.rst index 19f9bb3786e03..fb113848c2f70 100644 --- a/Documentation/core-api/real-time/hardware.rst +++ b/Documentation/core-api/real-time/hardware.rst @@ -130,3 +130,95 @@ https://github.com/Linutronix/RTC-Testbench.
[...]
+OP-TEE (ARM) +~~~~~~~~~~~~
That's RISC-V as well nowadays
+OP‑TEE uses a global serialization mechanism (the "big lock"), ensuring that on +each core only one OP‑TEE thread executes secure‑world code at a time.
+Execution flows from the normal world (Linux) into the secure world (OP‑TEE) +through the secure monitor at EL3. Linux and OP‑TEE cannot disable or mask each +other’s interrupts because both run at EL1 in different security states.
That's not always true. It depends on a combination of OP-TEE and TF-A configs iirc. The most common though is that IRQs and FIQs are directly delivered to S-EL1, in which case OP-TEE can mask IRQs. There's also a difference between GICv2 and GICv3 in the way interrupts are delivered.
+Architecturally, the secure monitor can mask or reroute normal‑world interrupts +before entering the secure world. In a correct OP‑TEE/ TF‑A implementation, it +does not do this for the duration of secure calls. Normal‑world interrupts +remain deliverable, and a normal‑world IRQ will preempt OP‑TEE via EL3 and +return control to Linux.
The 'sane' case is indeed where IRQs are delivered to OP-TEE which exits back to Linux immediately.
+Secure‑world interrupts (FIQs) are possible if the SoC routes a device's +interrupt as secure. Such a secure FIQ will preempt Linux immediately, trap +into EL3, and transfer control to OP‑TEE's secure interrupt handler. Linux +cannot mask or preempt this. Secure FIQ handlers must therefore be extremely +short to avoid introducing noticeable latency.
There are also 'fast SMCs', which run with IRQs disabled for their entire duration.
+The transition from normal world -> secure monitor -> OP‑TEE and back introduces +additional latency due to world switching and context save/ restore. This +overhead is typically a few microseconds and usually remains in the noise +floor.
That's correct.
+If the secure monitor masks normal‑world interrupts during OP‑TEE invocations, +or if OP‑TEE uses long‑running secure FIQ handlers, then OP‑TEE can introduce
+measurable latency spikes.
2.53.0
Overall I think this is worth documenting, but infortunately there's a wider range of configs and corner cases we have to describe.
Cheers /Ilias
op-tee@lists.trustedfirmware.org