Building an Android App using OP-TEE

Hello, I recently was able to successfully install Android + OP-TEE on the HiKey Board. I’m kind of new to all of this and was wondering how do I actually get an Android app running on the board using Android Studio? Is there some sort of tutorial or instructions. Second, I was planning on using the JNI interface to use the OP-TEE API to talk to the TA. Will Android Studio recognize these APIs?

Hi again Jon,

Official Android development training is here:
A good beginner’s guide to NDK/JNI can be found here:
Once you develop some familiarity with both tutorials above, you’ll figure out how to do the interfacing.


Dear VChong,

Thanks for your reply. From my understanding after following all of the instructions from, the TAs are already compiled and loaded into the OP-TEE? So I would just have to open a session up with the TA from the Android app?

Hi Jon,

Yes, the TAs are compiled, copied to the file system and loaded on run time, but please go through the tutorials first. Things will be clearer after that. It also depends a bit on how you want to set it up.

Basically, /system/bin/xtest (the client app) on the normal world side triggers the TAs (/system/lib/optee_armtz/*.ta) via a complex chain and layers of software components which you don’t have to worry about for what you’re trying to achieve right now, but the point is that you cannot interface to the TAs directly from an Android app since they’re running in secure world. You can only interface to them via xtest, or another client app you write if you don’t want to use xtest.

xtest is currently a C program. To interface to it, you will have to convert it to a shared library using the instructions on as a reference. Your Android app (java program) can then call any native method that you expose via your xtest shared library.

If you don’t want to mess with NDK/JNI, an alternative I can think of is that you can maybe write a regular Android app that uses sockets (Socket  |  Android Developers) to communicate with xtest (as a C program), but this will also require you adding the proper C sockets interface (ref: to xtest to ‘talk’ back to the Android app.

You can use another type of IPC instead of sockets (Inter-process communication - Wikipedia), if there’s one you prefer or are more comfortable with.

What tutorials are you talking about regarding OP-TEE? I saw the Android ones you mentioned

By tutorial, I mean the links mentioned previously in, posted again below.

There are no tutorial or step-by-step instructions for OP-TEE as far as Android app is concerned since it doesn’t really run in the Android user/app space. The 2 tutorials above provide the basic knowledge and understanding for one to be able to link Android apps written in Java with native code written in C/C++. You’ve to view OP-TEE (more specifically xtest) as the equivalent of HelloJNI.c in above.

Dear Vchong,

Are the files that are included with the example apps supposed to be included in Android studio when using JNI? is that the purpose of them?

Hi Jon,

There’s no JNI support whatsoever in OP-TEE atm. Those makefiles are there so that the apps can now be built as part of an Android build (the rootfs), as opposed to having to build them separately, which was what you had to do iirc. You can probably use them as a reference, and/or modify them as necessary, for your JNI implementation. The makefiles currently tell Android (the build system) to build xtest as an executable. You have to modify them to build xtest as a shared library if you want to do JNI.


From my understanding, I can build a regular OP-TEE app, and still have it run on the OP-TEE + AOSP platform, it just wont be an Android app?

Yes, i.e. you can run it from the command line but not the Android GUI.

If I build an app like that, do I need to use the file still, or can I just build it like a regular OP-TEE app and put it on the Android file system using adb?

It’s your choice. If you don’t mind building your app separately (e.g. per the instructions (3-5) in and having to manually adb push it to the Android file system, then you don’t have to use the file. The file is a convenience in that it integrates the building and insertion-into-the-file-system as part of whole/total Android build process.

Dear VChong,

When you manually push the file using adb into the Android file system and you run the binary file, is Android actually running it? at least in the non secure world section

Dear VChong,

So I compiled the hello_world file, and placed it in the /system/bin folder using adb push, however, when I try to run the hello_world command, it says no such file or directory. It’s weird because when I list the files in /system/bin, it shows hello_world there.

Hi Jon,

> When you manually push the file using adb into the Android file system and you run the binary file, is Android actually running it?
Yes. If you can push the file using adb, then Android is running, and running it.

> when I try to run the hello_world command, it says no such file or directory.
Is xtest also in /system/bin/ and running without problems? If so, which commands did you use to build hello_world? Did you perhaps build it as a 32-bit binary instead of 64?

Dear Vchong,

I’m pretty sure Android is running i, but I can’t even seem to run the file because it says:

/system/bin/sh: hello_world: not found