m[4],
void **session_id_ptr);
//Check client identity, and alloc/init some session resources if any
void TA_CloseSessionEntryPoint(void *sess_ptr);
//check client and handle session resource release, if any
TEE_Result TA_InvokeCommandEntryPoint(void *session_id,
uint32_t command_id,
uint32_t parameters_type,
TEE_Param parameters[4]);
//Decode the command and process execution of the target service
Checking TA Parameters
TEE_PARAM_TYPE_GET(param_type, param_index) to get the type of a parameter and check its value according to the expected parameter.
Signing of TAs
对于脱机签名,需要三步过程:在第一步中,必须生成已编译二进制文件的摘要,在第二步中,使用私钥对该摘要进行脱机签名,最后在第三步中,对二进制文件及其摘要进行签名。 签名被缝合到完整的TA中。
host folder
workflow
-
initialize context(host),open op-tee driver,获取到操作句柄并存放到TEE_Context类型的变量中 TEEC_InitializeContext(NULL, &ctx);
-
open session(CA),创建一个特定CA与特定TA之间进行通信的通道 TEEC_OpenSession(&ctx, &sess, &uuid,TEEC_LOGIN_PUBLIC, NULL, NULL,&err_origin);
Then TA's TA_OpenSessionEntryPoint() will print "Hello World!". (in TEE core)
-
initialize paramTypes op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_NONE, TEEC_NONE, TEEC_NONE);
-
invoke command, use command ID and op TEEC_InvokeCommand(&sess, TA_HELLO_WORLD_CMD_INC_VALUE, &op, &err_origin);
Then OP-TEE and TA deal with the request and return the result to CA (TA_InvokeCommandEntryPoint ).
|