i.MX8M OPTEE TA Build

取消
显示结果 
显示  仅  | 搜索替代 
您的意思是: 

i.MX8M OPTEE TA Build

13,489 次查看
simonwan
Contributor I

Hi experts,

 

I just got my i.MX 8M Evaluation Kit and I want to enable the OPTEE OS on the board.

I found one tutorial about Yocto Project to enable optee on i.MX8. So far,  I already boot the device up and I can run the xtest of OPTEE correctly.

However, I do not find any instruction about how should I build a TA for the OPTEE-OS on imx8, and it looks like imx8 is not listed as a support platform on OP-TEE website

Any suggestion for building TA for imx8 is welcomed!

Thank you in advance.

Simon

0 项奖励
回复
16 回复数

7,569 次查看
008kai
Contributor II

Hi, I am also using imx8mp to build optee, but I have some problems during the build process, the link you gave is invalid, can you repost it? Or can share your build steps? Many thanks

0 项奖励
回复

10,604 次查看
sun_zhi
Contributor I

Hi, Simon

I'm also playing with i.MX8M device, and want to enable op-tee on it. The tutorial link  one tutorial about Yocto Projectis not effective any more.

Can you share with me the tutorial? 

Thank you!

Ethan

0 项奖励
回复

10,604 次查看
gonewithwind-peter
Senior Contributor I

if you optee does not work,

please see my post for help.

I played two board pico-pi-imx7 and maaxboard  , the both worked well.

0 项奖励
回复

10,604 次查看
igorpadykov
NXP Employee
NXP Employee

Hi Simon

next steps can be copy OP-TEE client and test to rootfs on SD card.

OP-TEE client

$ sudo cp out/export/bin/tee-supplicant <ext4 partition>/usr/bin
$ sudo cp out/export/lib/libteec.so.1.0 <ext4 partition>/usr/lib

OP-TEE test

$ sudo cp out/xtest/xtest <ext4 partition>/usr/bin
$ find out/ta/ -name \*.ta | sudo xargs cp -t <ext4 partition>/lib/optee_armtz

Documentation - OP-TEE 

imx-optee-os - i.MX optee os 

Best regards
igor
-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 项奖励
回复

10,604 次查看
gonewithwind-peter
Senior Contributor I

NO /dev/tee* device in technexion pico-pi-imx7 board in yocto project

I have opened an issue here: https://github.com/TechNexion/edm-yocto-bsp/issues/22
but nobody to answer me, so I open here again:
In yocto local.conf I added: DISTRO_FEATURES_append=" optee"
IMAGE_INSTALL_append = " optee-client-imx optee-os-imx-tn optee-test-imx"
and
config CONFIG_OPTEE in kernel config,but I still can not find the device /dev/tee ?

any suggestion? how can I do? individually to build kernel,boot and rootfs? 
Thanks


error:

ls /dev/tee*
ls: cannot access '/dev/tee*': No such file or directory
fortress:/usr/include# xtest
Run test suite with level=0

TEE test application started with device [(null)]
Failed to open TEE context: 0xffff0008
fortress:/usr/include# tee-supplicant
ERR [576] TEES:main:663: failed to find an OP-TEE supplicant device
fortress:/usr/include#

0 项奖励
回复

10,604 次查看
matthias_staube
Contributor II

Hi, I suggest you make sure MACHINE_FEATURES includes "optee" as well, so that it appears inside COMBINED_FEATURES:

"bitbake -e <YOUR_IMAGE> | grep COMBINED_FEATURES=.*optee"

When this is set up properly, you should not have to include optee-xxx manually inside local.conf, but packagegroup-fsl-optee should be added to your image.

This helped me when I had a similar issue.

0 项奖励
回复

10,605 次查看
simonwan
Contributor I

Hi Igor,

Thank you for the reply. I will try the OP-TEE CA and TA as you indicated. Meanwhile, I'm still wondering if the OP-TEE TA(*.ta) outputs some information from the secure world, is there any method for me to read that output (such as serial port)?

Thank you and wish you have a great holiday ahead!

Simon

0 项奖励
回复

10,605 次查看
inigovicentewal
Contributor III

Hi simonwanigorpadykov

I have followed all the steps and now I have this error when running an application:

optee_example_hello_world: TEEC_Opensession failed with code 0xffff000f origin 0x3

It seems that this error comes from a security error. Do you know how it can be solved?

simonwan Do you know how you can see information from the secure world?

Best regards

Iñigo

0 项奖励
回复

7,987 次查看
008kai
Contributor II

Hello, I also encountered a similar problem. When I was running xtest, I was prompted that opening TEE context failed. Did you solve it later? Can you share the solution with me?

root@verdin-imx8mp-06965616:~# xtest
Run test suite with level=0

TEE test application started with device [(null)]
Failed to open TEE context: 0xffff0008
root@verdin-imx8mp-06965616:~# TEE test application started with device [(null)]
-sh: syntax error near unexpected token `('
root@verdin-imx8mp-06965616:~# Failed to open TEE context: 0xffff0008
-sh: Failed: command not found

0 项奖励
回复

10,604 次查看
gonewithwind-peter
Senior Contributor I

I am playing maaxboard which is porting from imx8mqevk

I use the below yocto version. works well. you can try.

$ mkdir imx-yocto-bsp

$ cd imx-yocto-bsp

$ repo init -u https://source.codeaurora.org/external/imx/imx-manifest -b imx-linux-sumo -m

imx-4.14.98-2.0.0_ga.xml

$ repo sync

..

2.the board is imx8mqevk

0 项奖励
回复

10,604 次查看
gonewithwind-peter
Senior Contributor I

1.make sure to run xtest to test the optee works well

ls /dev/tee*      find device node

-sh-4.4# ls /dev/tee*
/dev/tee0 /dev/teepriv0

xtest

...

16081 subtests of which 0 failed
74 test cases of which 0 failed
0 test case was skipped
TEE test application done!

...

2. bitbake fsl-image-validation-imx -c populate_sdk.   ; generate toolchains and install 

3. in optee_examples code to generate host code and tar code, my toolchain installed in /usr/local/optee/

.  /usr/local/optee/environment-setup-aarch64-poky-linux

export TEEC_EXPORT=/usr/local/optee/sysroots/aarch64-poky-linux/usr/

export TA_DEV_KIT_DIR=/usr/local/optee/sysroots/aarch64-poky-linux/usr/include/optee/export-user_ta_arm64/

make 

 

3. scp 1234-3456.7890-11111.ta file to  board.  /lib/optee_armtz/.    (UUID is example)

4. now you can run host code use make by  step 3

done

5 after that you can install ta in secure store 

xtest --install-ta /lib/optee_armtz/1234-3456.7890-11111.ta , you should rm /lib/ptee_armtz/1234-3456.7890-11111.ta

so hide the ta at 
/data/tee  

6.so the host code only can run in this board, can not use  the data at /data/tee   in another board if no same ta installed

10,604 次查看
matthias_staube
Contributor II

Hi!

Do you know how you can see information from the secure world?

For OP-TEE OS: Make sure you have a sufficiently high log-Level enabled, e.g., compile optee-os-imx with

`CFG_TEE_CORE_LOG_LEVEL=3 CFG_TEE_TA_LOG_LEVEL=3`

To see output from optee-os during boot initialization.

For Trusted Firmware: I did the following: Edit `imx-atf/plat/imx/imx8mq/include/platform_def.h` and set `#define DEBUG_CONSOLE   1`. This Shows Output from 'NOTICE' in my configuration.

This assumes you connect to the configured UART port via a Serial Connection.

optee_example_hello_world: TEEC_Opensession failed with code 0xffff000f origin 0x3

Not sure what this is, have you tried running xtest?

0 项奖励
回复

57 次查看
matthewmckay-da
Contributor II

Just to add some information regarding setting the op-tee log levels.

If you're building optee-os via Yocto, the optee-os_x.y.z.imx.bb recipe disables the LOG using:

EXTRA_OEMAKE:append = " \
    CFG_TEE_TA_LOG_LEVEL=0 \
    CFG_TEE_CORE_LOG_LEVEL=0 \
"

This means that if you've created a patch and bbappend to update mk/config.mk the log levels you've set get overwritten by the recipe.

To fix this, In the bbappend add something like this:

EXTRA_OEMAKE:remove = " \
    CFG_TEE_TA_LOG_LEVEL=0 \
    CFG_TEE_CORE_LOG_LEVEL=0 \
"

EXTRA_OEMAKE:append = " \
    CFG_TEE_TA_LOG_LEVEL=3 \
    CFG_TEE_CORE_LOG_LEVEL=3 \
"

 

0 项奖励
回复

10,604 次查看
inigovicentewal
Contributor III

Hi @Matthias Stauber and peterzhang

Can the TA application be debugged on the imx8m board? with gdbserver?

How can I do it?

Thank you very much for the help.

Iñigo.

0 项奖励
回复

10,604 次查看
gonewithwind-peter
Senior Contributor I

I am not sure how to debug TA app with gdbserver. I only use printf or MSG (?) to print out the debug info. I guess  it can not.

 of course , for host apps we can use gdbserver.

you can ask at there for more about optee:  GitHub - OP-TEE/optee_os: Trusted side of the TEE    the technical supporters are very nice. I asked my questions at there.

10,604 次查看
matthias_staube
Contributor II

Hi Iñigo,

I haven't tried this myself, but try searching for "BKK19-419: Debugging with OP-TEE". This presentation may help you.

Kind regards,

Matthias

P.S.: Make sure to try running xtest to validate your OP-TEE Installation. It is possible something is going wrong when compiling OP-TEE examples, but the environment itself is actually o.k.