设为首页 加入收藏

TOP

TEE学习(一) OP-TEE(一)
2023-07-23 13:31:24 】 浏览:105
Tags:TEE 学习 OP-TEE

TEE学习(一) OP-TEE

OP-TEE

CONCEPT

  1. OP-TEE(open source project Trusted Execution Environment),REE中的系统和应用无法直接访问TEE中的资源,只能通过TEE提供的接口获取一个结果

  2. main design goals:

  • isolation: provide isolation between REE and TEE; protect TAs from each other,
  • small footprint: TEE should be small enough to reside in a reasonable memory,
  • portability: TEE aims to be loaded in different architecture and hardware,support various setups(multiple clients OSes,mutiple TEEs).

COMPONENT

components feature
A secure privileged layer Arm secure PL-1 (v7-A) or EL-1 (v8-A) level
A set of secure user space libraries for TAs needs
A Linux kernel TEE framework and driver
A Linux user space library upon the GP TEE Client API specifications
A Linux user space supplicant daemon for remote services expected by the TEE OS
A test suite for doing regression testing and testing the consistency of the API implementations.
An example git containing a couple of simple host- and TA-examples
some build scripts,debugging tools ease integration and the development of Trusted Applications and secure services

QEMU

一款仿真软件,可以仿真虚拟电脑/嵌入式开发板(支持ARM、MIPS、RISC-V等各种架构)。run OP-TEE using QEMU for Armv8-A.

在没有硬件虚拟化的支持下,QEMU本质上完成的工作是二进制的翻译,如在Ubuntu(x86)系统上使用Qemu模拟ARM64处理器时,Guest OS中的ARM64程序是无法在x86架构运行的,但使用Qemu进行翻译,可以将Guest代码指令翻译成TCG(Tiny Code Generator)中间代码,最终翻译成Host架构支持的代码指令

RUNNING OP-TEE on QEMU v8

ENVIRONMENT

software/OS version
VMware Workstation 16.2.1
Ubuntu 20.04

OPERATION

  1. download necessary tools and libraries:

    sudo apt-get install android-tools-fastboot autoconf bison cscope curl flex gdisk libc6:i386 libfdt-dev libglib2.0-dev libpixman-1-dev libstdc++6:i386 libz1:i386 netcat python-crypto uuid-dev xz-utils zlib1g-dev
    
  2. install repo:

    mkdir ~/.bin
    cd ~/.bin
    wget https://storage.googleapis.com/git-repo-downloads/repo -P ~/bin/ # 使用镜像
    chmod a+x ~/bin/repo
    export PATH=~/bin:$PATH
    
  3. download the sourcecode of OP-TEE:

    repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml # git需要设置代理 
    # With these you will get a setup containing the all necessary software components to run OP-TEE on the chosen device.
    repo sync
    cd build
    make toolchains # .mk文件里的交叉编译器下载地址已迁移,需要更换
    make run #编译的过程中缺少依赖需下载
    
  4. successfully run OP-TEE:

    image-20221107150510394

ANALYZE HELLO_WORLD

hello_world folder

image-20221107153813266

ta folder

image-20221107153755239

  • Makefile: a make file that should set some configuration variables and include the TA-devkit(TA 的开发工具包) make file.

    • TA_DEV_KIT_DIR: Base directory of the TA-devkit.
    • BINARY: BINARY shall provide the TA filename used to load the TA.The built and signed TA binary file will be named ${BINARY}.ta.In native OP-TEE, it is the TA UUID.
  • sub.mk: a make file that lists the sources to build (local source files, subdirectories to parse, source file specific build directives).

    • the entry point for listing the source files to build and other specific build directives.
  • user_ta_header_defines.h: a specific ANSI-C header file to define most of the TA properties.

  • Andriod.mk: Android’s build system will parse the Android.mk file for the TA which in turn will parse a TA-devkit Android make file to locate TA build resources.

  • hello_world_ta.c:

    TEE_Result TA_CreateEntryPoint(void); 
    //Allocate some resources, init something
    
    void TA_DestroyEntryPoint(void); 
    //Release resources if required before TA destruction
    
    TEE_Result TA_OpenSessionEntryPoint(uint32_t ptype,
                                        TEE_Param para
首页 上一页 1 2 下一页 尾页 1/2/2
】【打印繁体】【投稿】【收藏】 【推荐】【举报】【评论】 【关闭】 【返回顶部
上一篇ARM TrustZone白皮书部分阅读 下一篇STM32F7xx外设驱动1-led(寄存器)

最新文章

热门文章

Hot 文章

Python

C 语言

C++基础

大数据基础

linux编程基础

C/C++面试题目