Which uart module did you order? Let’s make sure you have the right one.
Can I say mention what I want to do with OPTEE?
Sure. You don’t need permission for that. : )
I bought this module : https://www.amazon.com/gp/product/B01ANGB6EO/ref=od_aui_detailpages00?ie=UTF8&psc=1
Thanks. First of all, this is totally academic research for me. I want to develop a display driver for OP-TEE. I developed a digital signing application (https://github.com/tesmnorth/sign_message_rsa). If I achieve development of display driver, I want show message from TA on screen. It is like TUI but it is not totally TUI. I asked before to some guys from linaro. They didnt say something. Do you have any restriction about it?
Ok. The uart module looks fine. Make sure you plug it in the right way to avoid damaging the board.
Regarding your research, the thread that you’d posted your question in, https://github.com/jforissier/secvideo_demo/issues/2, already has the answer, but it might not be what you want.
You can refer to https://github.com/jforissier/optee_os/commit/a7dc69552486e6d90ba344ed021197482d2911cc (https://github.com/jforissier/optee_os/commits/b8bd4d6cec410ba20676bcbd612718d6beff6ea3) for pl111 lcd controller driver, but this is implemented for FVP only. The hikey960 might use another controller, in which case you’ll have to write/port the driver yourself. There’s no such driver or sample in optee_os.
Also, the demo secures the framebuffer with TZASC, but hikey960 I think doesn’t have TZASC-compatible hardware. On hikey960 this can maybe be accomplished by the memory controller, which is not compatible with ARM’s TZASC, but the functionality is similar. Unfortunately there is no public documentation for this, which means you can’t secure the framebuffer, so how can you protect normal world from overwriting what your TA shows on screen? See https://github.com/jforissier/secvideo_demo/issues/2#issuecomment-217397355 for details.
@vchong after your post, I researched arm’s tzac and others which are given as link. So, I have some questions. I totally want to improve myself about on tee.
Firstly, I have a LCD screen (7inch HDMI LCD (B) - Waveshare Wiki) and working on Android (with hikey960) Can I port hisilicon drm (https://github.com/LeMaker/linux-96boards/tree/lemaker-hikey-mainline/drivers/gpu/drm/hisilicon) to OP-TEE? If not, how can I start the development of display driver for OP-TEE? in here I just need an expert advice.
Secondly, for secure displaying, we need to ARM TZASC. But, Hikey960 doesn’t have it. If I use FVP, juno board, secure displaying is possible.
Thirdly, I dont understand this sentences. I need to develop a new memory controller or another ARM’s controller which has not TZAC?
According to previous question, I need to develop new things for protecting my TA screen and no public documentation? I think if I dont protect my TA screen, all graphics is mixing isn’t it?
I can work on this, but my level is not enough for this. if someone shows a way and rigth documents, I have a enough time and I can do it.
Thanks @vchong
I am still waiting UART Module. When it comes, we can continue where we left off
Can I port hisilicon drm (https://github.com/LeMaker/linux-96boards/tree/lemaker-hikey-mainline/drivers/gpu/drm/hisilicon) to OP-TEE?
Is that the driver that works with your LCD screen? You can port any drivers you need to use to OP-TEE, but anything from the linux kernel is not license compatible. For personal use or personal research maybe it’s ok but I’m not a lawyer so best if you double check and confirm. Also, don’t expect that you can bring the code over and it’ll just compile. The coding style is different, and sometimes a driver depends on other drivers or other parts of the linux kernel, so you’ll have to bring all the dependencies over as well, which can be a lot. As mentioned before, there isn’t really any other graphic interface or drm related in OP-TEE other than https://github.com/jforissier/secvideo_demo, and more common than not, security engineers are not graphics engineers, so the help you can get on this might be limited.
If I use FVP, juno board, secure displaying is possible.
I think so yes.
Thirdly, I dont understand this sentences. I need to develop a new memory controller or another ARM’s controller which has not TZAC?
On some boards like the hikey and hikey960, they have something similar to the TZASC or functions like a TZASC but not exactly a TZASC so generally we just call it a memory controller. It’s HW IP that’s already there so it’s not something you have to develop, but you do need the spec for it in order to write code for it, but the spec is usually not publicly available.
If you look at https://github.com/ARM-software/arm-trusted-firmware/blob/master/plat/hisilicon/hikey960/hikey960_bl1_setup.c#L599, you can see there’s some sort of TZASC or memory controller in the hikey960, but that’s all the info that’s available. You won’t be able to get anything more from the vendor due to security concerns.
I think if I dont protect my TA screen, all graphics is mixing isn’t it?
I think so yes. Mixed or (partially) overwritten.
@vchong thanks for your information. I can understand what I have to do much better. I always see IP in ARM. What is the meaning of IP?
yes
We can say that it is not possible to write a code for memory controller?
What is the meaning of IP?
Semiconductor intellectual property core - Wikipedia.
We can say that it is not possible to write a code for memory controller?
For hikey, we’ve something like https://github.com/jforissier/arm-trusted-firmware/commits/7523df97ba5c639df4c252a1cd3dbc87a2a36885/plat/hikey/plat_security.c, which can maybe be reversed engineered to mark other areas of memory as secure. For hikey960, I’m not aware of anything similar so yes, I don’t know of a way how you can do it.
@vchong please ignore my previous post. I used minicom and I can see logs from Hikey960
Error is :
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v1.4(release):v1.4-362-g203444c
NOTICE: BL1: Built : 13:22:52, Nov 22 2017
ERROR: Failed to load BL2 firmware.-
Please provide output of
./device/linaro/arm-trusted-firmware/tools/fiptool/fiptool info device/linaro/hikey/installer/hikey960/fip.bin. -
Can you make following changes in
device/linaro/uefi-tools/and rebuild? Hopefully this will give us more error logs/info.diff --git a/platforms.config b/platforms.config
index deb02f4…224cd7d 100644
— a/platforms.config
+++ b/platforms.config
@@ -224,6 +224,7 @@ UEFI_BIN=BL33_AP_UEFI.fd
UEFI_IMAGE_DIR=HiKey960
BUILD_ATF=yes
ATF_SPD=opteed
+ATF_BUILDFLAGS=LOG_LEVEL=50
TOS_BIN=tee-pager.bin
TOS_PLATFORM=hikey
TOS_PLATFORM_FLAVOR=hikey960
$ ./device/linaro/arm-trusted-firmware/tools/fiptool/fiptool info device/linaro/hikey/installer/hikey960/fip.bin
Trusted Boot Firmware BL2: offset=0x100, size=0x4470, cmdline="--tb-fw"
SCP Firmware SCP_BL2: offset=0x4570, size=0x35100, cmdline="--scp-fw"
EL3 Runtime Firmware BL31: offset=0x39670, size=0x7010, cmdline="--soc-fw"
Secure Payload BL32 (Trusted OS): offset=0x40680, size=0x40210, cmdline="--tos-fw"
Non-Trusted Firmware BL33: offset=0x80890, size=0xF0000, cmdline="--nt-fw
I dont understand what I have to do. Which file?
1.fip.bin file looks ok.
2.In device/linaro/uefi-tools/platforms.config file, look for the [hikey960] tag. Then add ATF_BUILDFLAGS=LOG_LEVEL=50 below the line that says ATF_SPD=opteed. Should be line 226 or vicinity. Then rebuild and reflash.
@vchong My PC is crashed and I re-install my computer. I have installed Ubuntu 16.04. I started all steps again. But, there is new error.
out/target/product/hikey960/optee/arm-plat-hikey/export-ta_arm64/host_include/compiler.h:37:9: error: '__packed' macro redefined [-Werror,-Wmacro-redefined]
#define __packed __attribute__((packed))
^
bionic/libc/include/sys/cdefs.h:117:9: note: previous definition is here
#define __packed __attribute__((__packed__))
^
In file included from external/optee_test/host/xtest/benchmark_1000.c:19:
In file included from external/optee_test/host/xtest/xtest_helpers.h:19:
In file included from out/target/product/hikey960/optee/arm-plat-hikey/export-ta_arm64/host_include/tee_api_types.h:32:
out/target/product/hikey960/optee/arm-plat-hikey/export-ta_arm64/host_include/compiler.h:39:9: error: '__noreturn' macro redefined [-Werror,-Wmacro-redefined]
#define __noreturn __attribute__((noreturn))
^
bionic/libc/include/sys/cdefs.h:115:9: note: previous definition is here
#define __noreturn __attribute__((__noreturn__))
^
In file included from external/optee_test/host/xtest/benchmark_1000.c:19:
In file included from external/optee_test/host/xtest/xtest_helpers.h:19:
In file included from out/target/product/hikey960/optee/arm-plat-hikey/export-ta_arm64/host_include/tee_api_types.h:32:
out/target/product/hikey960/optee/arm-plat-hikey/export-ta_arm64/host_include/compiler.h:45:9: error: '__unused' macro redefined [-Werror,-Wmacro-redefined]
#define __unused __attribute__((unused))
^
bionic/libc/include/sys/cdefs.h:118:9: note: previous definition is here
#define __unused __attribute__((__unused__))
^
external/optee_test/host/xtest/benchmark_1000.c:49:22: error: missing field 'paramTypes' initializer [-Werror,-Wmissing-field-initializers]
TEEC_Operation op = TEEC_OPERATION_INITIALIZER;
^
external/optee_test/host/xtest/xtest_helpers.h:43:40: note: expanded from macro 'TEEC_OPERATION_INITIALIZER'
#define TEEC_OPERATION_INITIALIZER { 0 }
^
4 errors generated.
[ 8% 5613/67078] target thumb C++: libv8src_32 <= external/v8/src/api.cc
ninja: build stopped: subcommand failed.
17:29:23 ninja failed with: exit status 1Sorry about that. But I have to do that. I research on these error. I tried something but, there is nothing.
I’ll try to reproduce.
For now, in external/optee_test/Android.mk, there’s a line that says LOCAL_CFLAGS += -g3. Change it to LOCAL_CFLAGS += -g3 -Wno-error and rebuild.
@vchong after adding ATF_BUILDFLAGS=LOG_LEVEL=50 below the line that says ATF_SPD=opteed
hikey960 boarid:5301 xloader use UART6
scsysstat_value[0].
clear reset source
last_keypoint0,reboot_type0
secdbg not DCU.
SecDbgVer exit
xloader chipid is: 0x36600110, start at 532ms.
Build Date: Sep 19 2017, 15:34:09
[clock_init] ++
hikey960 [hikey960_clk_init]
hi3660 [clk_setup]
[clock_init] --
storage type is UFS
ufs retry: 6 count v_tx:0 v_rx:0
ufs set v_tx:0 v_rx:0
Hikey960[5301] no need avs_init.
ddr ft:0xf20332a3,mode:1 target:4
UceLdOk
ch 0 gt_errfail, STATUS:0x00000060
ch 0 gdst_errfail, STATUS:0x00000040
ch 1 gt_errfail, STATUS:0x00000060
ch 1 gdst_errfail, STATUS:0x00000040
ch 2 gt_errfail, STATUS:0x00000060
ch 2 gdst_errfail, STATUS:0x00000040
ch 3 gt_errfail, STATUS:0x00000060
ch 3 gdst_errfail, STATUS:0x00000040
timeout
timeout
timeout
timeout
density: 0x0c0c0c0c,0x00000000,0x0c0c0c0c,0x00000000,0x0c0c0c0c,0x00000000,0x0c0c0c0c,0x00000000
ddr info 0x00000306
400M
685M
1067M
C0R,V0x0000002c e:193
C2R,V0x0000002c e:66
C3R,V0x0000002c e:66
C0R,V0x0000002d e:66
C1R,V0x0000002d e:66
C2R,V0x0000002d e:66
C3R,V0x0000002d e:66
C0R,V0x0000002e e:66
C1R,V0x0000002e e:66
C2R,V0x0000002e e:66
C3R,V0x0000002e e:66
C0R,V0x0000002f e:65
C1R,V0x0000002f e:66
C2R,V0x0000002f e:65
C3R,V0x0000002f e:66
1244M
1866M
C0R,V0x00000016 e:66
C2R,V0x00000016 e:66
C3R,V0x00000016 e:113
C0R,V0x00000017 e:66
C1R,V0x00000017 e:66
C2R,V0x00000017 e:66
C3R,V0x00000017 e:66
iomcu_subsys_init
boot_c0 PROFILE 4
NOTICE: Booting Trusted Firmware
NOTICE: BL1: v1.4(release):v1.4-446-g842c00e
NOTICE: BL1: Built : 19:25:17, Dec 21 2017
ERROR: Failed to load BL2 firmware.Can you repo sync device/linaro/hikey and rebuild? The build was using the wrong partition table, although I could still boot to prompt with the wrong partition table and you couldn’t. After flashing with images using the right partition table, I was even able to run xtest to completion with no errors, but fair warning: please note that the build is very unstable! I see lots of constant errors, sometimes even trace dumps and reboots, so it’s very hard to run commands from the prompt. Adb wasn’t working either. Don’t think any of these are op-tee related though so not sure how else to help you on this part. As mentioned before, this is still sort of an experimental build, so if it’s not stable enough for you, you might want to consider the hikey 620 board instead.
Thanks @vchong As you know I have Hikey620 after buying Hikey960. I am working on Hikey920. But, I am very happy to make an anything which I dont know. I am very happy to help open source project. In this working (Supporting optee on Hikey960), I learned a lot of things. And, I still want to learn much more thing. I am so interested with optee. So, I wish I can work on TUI and new driver of Optee. But as you mentioned me, there is no any documentation about memory controller on arm.
You are right. But before building, I didnt clean anything.
------------------------------------------------------------
Hikey960 RELEASE pass
------------------------------------------------------------
pass 1
fail 0
make: Leaving directory '/home/martin/optee_android_manifest/device/linaro/hikey/bootloader'
[ 19% 421/2146] Compiling SDK Stubs: out/target/c...S/android_stubs_current_intermediates/classes.jar
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
[ 19% 422/2146] Compiling SDK Stubs: out/target/c...id_system_stubs_current_intermediates/classes.jar
Note: Some input files use or override a deprecated API.
Note: Recompile with -Xlint:deprecation for details.
Note: Some input files use unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
ninja: build stopped: subcommand failed.
18:59:10 ninja failed with: exit status 1
#### failed to build some targets (05:55 (mm:ss)) ####