On the imx8m nano we're currently exploring the possibility of communicating from an android app running in the non secure world to a trusted app running in trusty tee. We are aware of the existing implementation of TAs like Gatekeeper, Keymaster...etc which implementations are a bit too complex to start something on our own from scratch.
I was wondering if by any chance you had some samples of both trusted applications (an hello world app of some sort) and client applications that would communicate with each other.
Running/deploying a custom trusted app is actually pretty simple but it is unclear to me how an android app could communicate with it. Do you have any resources explaining this (apart from the trusty aosp page which is pretty short) ?
Thanks in advance !
First of all thank you for your answer.
I've actually already consulted all these guides, my board is up and running with Trusty (RPMB key programmed, AVB key generated...) and I have a Trusted Application of my own runnning in Trusty that is waiting on a custom port.
I'd like to communicate with it through an Android application (running in the rich os) but both the android guides and the trusty aosp homepage are pretty vague on how this could be achieved.
Regarding Gatekeeper/Keymaster, they're communicating by means of services/HALs and a kernel module interacting with the trusty driver.
What would be the best way to achieve this from scratch, having a shared library talking to the kernel and JNI wrappers in the app to talk to this particular library ?
I understand this question may be Android-related but I'm giving it a shot here.
Thanks again for your help in this Igor.
one can look at below android documentation, in particular sect.8.6 Trusty OS/security configuration