We have a compatibility problem when accessing objects in ARM TZ Secure Storage created with the 4.14.98_2.3.1-based BSP, after updating to 5.4.47_2.2.0-based BSP.
Our board is a custom design based on i.MX 8M Nano SOC. Initially, we ported NXP 4.14.98_2.3.1 to the board, including the use of the optee ARM TZ Secure Storage.
Now, we updated our BSP to NXP 5.4.47_2.2.0. When we are booting the board with the new images, we cannot access the objects in the TrustedZone Secure Storage anymore:
E/LD: init_elf:438 sys_open_ta_bin(f4e750bb-1437-4fbf-8785-8d3580c34995)
E/TC:? 0 init_with_ldelf:232 ldelf failed with res: 0xf0100001
E/TC:? 0 tee_ta_open_session:728 Failed. Return error 0xf0100001
Definitely, optee-os and optee-client versions changed between the releases, however are the errors above expected? How could we access the objects created with 4.14.98 BSP after the update?
Any thoughts will be appreciated.
Thanks Igor. All the above (and other) components used by our BSPs matches the respective versions of the NXP BSPs 4.14.98 and 5.4.47.
To remind, the problem is that the object in the Secure Storage (/data/tee) created by the 4.14.98 BSP are no longer accessible after updating to 5.4.47 BSP.
In 4.14.98, optee-os version is 37f4865cd3a4d22c of the imx_4.14.98_2.1.0 branch, by the recipe name optee-os-imx_git.bb it's some work-in-progress version.
I 5.4.47, optee-os version is b3914e547eaf906 of the imx_5.4.47_2.2.0 branch, by the recipe name optee-os_3.10.0.imx.bb I could tell it's of the 3.1.0 version.
Do you have any insight on the future updates of the optee-os package, will they be compatible with 3.10.0 regarding the objects in /data/tee?
one can look in Release Notes document (included in each BSP version) on below link,
if proper versions all software components are used:
For example for L5.4.47_2.2.0 :