Building and deploying custom TAs for OP-TEE into LS1012A FRWY

gabriele_coppol · ‎06-04-2019

Hi all,

I'm having some issues into building and deploying Trusted Applications (TAs) with flex-builder for my LS1012AFRWY. I'm trying to deploy the hello-world example download from the reference examples.

Could you please detail all the steps required?

I tried to include them into packages/apps/optee_os , packages/apps/optee_client and packages/apps/optee_test , including them into Makefiles, but I'm not able to see the UUID into the deployed rootfs under /lib/optee_armtz.

I already built everything with CONFIG_BUILD_OPTEE=y.

In addition, is there a way to have a console in the Secure (non-rich) OS ?

Thanks in advance.

yipingwang · ‎06-10-2019

Hello Gabriele Coppolino,

Please refer to the section "4. Develop OP-TEE Trusted Application" and optee_storage sample code in OP-TEE Trusted Application on QorIQ ARM Based Processors .

Please refer to the following section about how to build OP-TEE trusted application into LSDK rootfs filesystem.
Please build optee_os and optee_client with flex-builder in LSDK.
$ flex-builder -c optee_os -a arm64
$ flex-builder -c optee_client -a arm64

After set up Toolchain environment for ARM64.
$ make TA_DEV_KIT_DIR=~/flexbuild_lsdk1903/packages/apps/optee_os/out/arm-plat-ls/export-ta_arm64 TEEC_EXPORT=~/flexbuild_lsdk1903/build/apps/components_LS_arm64

Final CA image and TA image,
CA: host/storage-test
TA: ta/59e4d3d3-0199-4f74-b94d-53d3daa57d73.ta
Copy TA image to build/apps/components_LS_arm64/lib/optee_armtz/ and CA to root file system.
$ tee-supplicant /dev/teepriv0 &
$ ./storage-test > log

Thanks,

Yiping

gabriele_coppol · ‎07-08-2019

Hello Yiping Wang,

I'm now able to create both host and ta outputs, then I upload the two files into my board (with already tee on-board) but executing the storage test app, I get the TEEC_ERROR_ACCESS_DENIED error, then a dump of the memory is shown. How can I fix this?

Thank you in advance,

Gabriele Coppolino

yipingwang · ‎07-14-2019

Please Copy TA image to build/apps/components_LS_arm64/lib/optee_armtz/ and CA to root file system.

gabriele_coppol · ‎07-15-2019

Hello Yiping Wang,

I did it. I also tried to add my code into xtest source files (both host and ta) and the result is always the same.

Please see the attached log. There are some extra prints and rights tests at the beginning.

In packages/apps/optee_os/core/arch/arm/plat-ls/conf.mk I also added the following lines:

$(call force,CFG_CACHE_API,n)
$(call force,CFG_CORE_RESERVED_SHM,y)

I'm using LS1012AFRWY-RevB (512MB DDR) and the error is present in different boards.

yipingwang · ‎07-20-2019

CA source code is in optee_storage/host folder, teec_uuid is defined as the following in
storage_helpers.c, this value is used to open the specific TEEC session.
TEEC_UUID teec_uuid = {
0x59e4d3d3, 0x0199, 0x4f74,
{ 0xb9, 0x4d, 0x53, 0xd3, 0xda, 0xa5, 0x7d, 0x73 }
};
TA source code is located in optee_storage/ta, please refer to the following TEE_UUID definition
in storage_ta_helper.h.
#define TEE_UUID { 0x59e4d3d3, 0x0199, 0x4f74, \
{ 0xb9, 0x4d, 0x53, 0xd3, 0xda, 0xa5, 0x7d, 0x73 } }

Please refer to the following definition in TA Makefile.
BINARY = 59e4d3d3-0199-4f74-b94d-53d3daa57d73

gabriele_coppol · ‎07-22-2019

I've already have these informations from https://community.nxp.com/docs/DOC-340919 but this is not helping me for solving this issue