- Forums
- Product Forums
- General Purpose MicrocontrollersGeneral Purpose Microcontrollers
- i.MX Forumsi.MX Forums
- QorIQ Processing PlatformsQorIQ Processing Platforms
- Identification and SecurityIdentification and Security
- Power ManagementPower Management
- Wireless ConnectivityWireless Connectivity
- RFID / NFCRFID / NFC
- MCX Microcontrollers
- S32G
- S32K
- S32V
- MPC5xxx
- Other NXP Products
- S12 / MagniV Microcontrollers
- Powertrain and Electrification Analog Drivers
- Sensors
- Vybrid Processors
- Digital Signal Controllers
- 8-bit Microcontrollers
- ColdFire/68K Microcontrollers and Processors
- PowerQUICC Processors
- OSBDM and TBDML
- S32M
-
- Solution Forums
- Software Forums
- MCUXpresso Software and ToolsMCUXpresso Software and Tools
- CodeWarriorCodeWarrior
- MQX Software SolutionsMQX Software Solutions
- Model-Based Design Toolbox (MBDT)Model-Based Design Toolbox (MBDT)
- FreeMASTER
- eIQ Machine Learning Software
- Embedded Software and Tools Clinic
- S32 SDK
- S32 Design Studio
- GUI Guider
- Zephyr Project
- Voice Technology
- Application Software Packs
- Secure Provisioning SDK (SPSDK)
- Processor Expert Software
-
- Topics
- Mobile Robotics - Drones and RoversMobile Robotics - Drones and Rovers
- NXP Training ContentNXP Training Content
- University ProgramsUniversity Programs
- Rapid IoT
- NXP Designs
- SafeAssure-Community
- OSS Security & Maintenance
- Using Our Community
-
- Cloud Lab Forums
-
- Knowledge Bases
- ARM Microcontrollers
- i.MX Processors
- Identification and Security
- Model-Based Design Toolbox (MBDT)
- QorIQ Processing Platforms
- S32 Automotive Processing Platform
- Wireless Connectivity
- CodeWarrior
- MCUXpresso Suite of Software and Tools
- MQX Software Solutions
-
- Home
- :
- QorIQプロセッシングプラットフォーム
- :
- QorIQ
- :
- How to build Trusted Applications for the OP-TEE
How to build Trusted Applications for the OP-TEE
- RSS フィードを購読する
- トピックを新着としてマーク
- トピックを既読としてマーク
- このトピックを現在のユーザーにフロートします
- ブックマーク
- 購読
- ミュート
- 印刷用ページ
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hi,
I have build the PPA with OP-TEE with the flexbuilder for the LS1012. When the board is booted, running xtest (and before that starting tee-supplicant) results in 0 failed tests so this should work.
But with the TEE running, I would like to start building my own Trusted Applications, but there seems to be no guide on how to do that. I followed the OP-TEE Build Instructions which also results in some examples being build. Copying the generated TA to /lib/optee-armtz/ and running the ``hello_world'' application i get a TEEC_ERROR_SECURITY response.
After some research i think that either the TEE does not know about the default key (building the ppa-optee with the default key removed from the flex builder did not give errors) and/or another key is used by the TEE.
Also i would like to en-/decrypt BLOB's, I know that it is possible under U-Boot but i would like to do this under linux (via a TA?)
TL;DR: How do i build a TA for the TEE build by the flex-builder. And is it possible to generate blobs via a TA?
Thanks in advance!
解決済! 解決策の投稿を見る。
yipingwang
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello Jasper Gerth,
You could refer to source code of optee_test package in ~/flexbuild/packages/apps/optee_test.
Please build optee_os, optee_client first, then build optee_test with the following commands with flex-builder.
$ flex-builder -c optee_os -a arm64
$ flex-builder -c optee_client -a arm64
$ flex-builder -c optee_test -a arm64
Please refer to TA_DEV_KIT_DIR definition in packages/apps/Makefile, which should be specified as the PATH of optee_os(<optee_os path>/out/arm-plat-ls/export-ta_arm64).
TA_DEV_KIT_DIR=$(FBDIR)/packages/apps/optee_os/out/arm-plat-ls/export-ta_arm64/.
You could refer to ~/flexbuild/packages/apps/optee_test/Makefile for TA_DEV_KIT_DIR usage.
Final CA image and TA image,
CA: out/xtest/xtest
TA: out/ta/*/*.ta
Please refer to storage use case source code as an example, please refer to TA source code in optee_test/ta/storage, please refer to please to the following definition in ta/storage/include/ta_storage.h
#define TA_STORAGE_UUID { 0xb689f2a7, 0x8adf, 0x477a, \
{ 0x9f, 0x99, 0x32, 0xe9, 0x0c, 0x0a, 0xd0, 0xa2 } }
Please refer to CA source code host/xtest/regression_6000.c, the value TA_STORAGE_UUID is used to open the session.
* Run Trusted Application
Copy TA image to /lib/optee_armtz/ and CA to root file system.
$ tee-supplicant &
$ xtest -t regression 6000
For en-/decrypt BLOB via TA, please refer to the case optee_test/ta/crypt.
Have a great day,
TIC
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
yipingwang
- 新着としてマーク
- ブックマーク
- 購読
- ミュート
- RSS フィードを購読する
- ハイライト
- 印刷
- 不適切なコンテンツを報告
Hello Jasper Gerth,
You could refer to source code of optee_test package in ~/flexbuild/packages/apps/optee_test.
Please build optee_os, optee_client first, then build optee_test with the following commands with flex-builder.
$ flex-builder -c optee_os -a arm64
$ flex-builder -c optee_client -a arm64
$ flex-builder -c optee_test -a arm64
Please refer to TA_DEV_KIT_DIR definition in packages/apps/Makefile, which should be specified as the PATH of optee_os(<optee_os path>/out/arm-plat-ls/export-ta_arm64).
TA_DEV_KIT_DIR=$(FBDIR)/packages/apps/optee_os/out/arm-plat-ls/export-ta_arm64/.
You could refer to ~/flexbuild/packages/apps/optee_test/Makefile for TA_DEV_KIT_DIR usage.
Final CA image and TA image,
CA: out/xtest/xtest
TA: out/ta/*/*.ta
Please refer to storage use case source code as an example, please refer to TA source code in optee_test/ta/storage, please refer to please to the following definition in ta/storage/include/ta_storage.h
#define TA_STORAGE_UUID { 0xb689f2a7, 0x8adf, 0x477a, \
{ 0x9f, 0x99, 0x32, 0xe9, 0x0c, 0x0a, 0xd0, 0xa2 } }
Please refer to CA source code host/xtest/regression_6000.c, the value TA_STORAGE_UUID is used to open the session.
* Run Trusted Application
Copy TA image to /lib/optee_armtz/ and CA to root file system.
$ tee-supplicant &
$ xtest -t regression 6000
For en-/decrypt BLOB via TA, please refer to the case optee_test/ta/crypt.
Have a great day,
TIC
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------
