Is there any plan to release OP-TEE with AOSP 8.X for HiKey 960 boards?
That would be very helpful for those who are trying to work on HiKey960 board with OP-TEE + AOSP.
Thanks,
Rabi
Hi @vchong,
This hack does not work for me. Getting boot time issues, board is not booting up.
Planning to integrate SDP related patches on HiKey 960 AOSP build (Using Reference Boards | Android Open Source Project).
Could you please suggest what are the patches need to be applied and where. That would be very helpful for me.
Thanks,
Rabi
Hi @vchong,
From where I can download
libstagefrighthw.so
libOMX_Core.so
for HiKey960 board.
Thanks,
Rabi
Hi Rabindranath,
Thank you for sharing your solution. I am also very interested to have op-tee with aosp running on hikey 960.
What does it mean in practice, TAs won’t work at all or only some features?
I was able to run test cases except the SDP related 3 test cases. SDP is not properly integrated with this customized build. In order to run SDP related test cases, need to integrate SDP patches properly which I am not aware of.
Hi @vchong
I am trying to integrate the SDP patches for Hikey960 by manually applying all the patches mentioned in https://android-review.linaro.org/#/c/17907/1/hikey-optee-4.9.
The build that I am using is Kernel build from Android source.
But the main issue that I am facing is after reverting commit 5634cf8762d848b673a0de5259264fb5681d5d00 (https://android-review.linaro.org/#/c/18281/).
I am getting a build error.
drivers/gpu/drm/hisilicon/kirin960/kirin_fbdev.c: In function ‘kirin_alloc_fb_buffer’:
drivers/gpu/drm/hisilicon/kirin960/kirin_fbdev.c:97:2: error: implicit declaration of function ‘ion_map_iommu’ [-Werror=implicit-function-declaration]
_ if (ion_map_iommu(client, handle, &(fbdev->iommu_format))) {_
_ ^_
drivers/gpu/drm/hisilicon/kirin960/kirin_fbdev.c: In function ‘kirin_fbdev_mmap’:
drivers/gpu/drm/hisilicon/kirin960/kirin_fbdev.c:149:2: error: implicit declaration of function ‘ion_sg_table’ [-Werror=implicit-function-declaration]
_ table = ion_sg_table(fbdev->ion_client, fbdev->ion_handle);_
_ ^_
drivers/gpu/drm/hisilicon/kirin960/kirin_fbdev.c:149:8: warning: assignment makes pointer from integer without a cast
_ table = ion_sg_table(fbdev->ion_client, fbdev->ion_handle);_
This is quite obvious as the revert mentioned compromised the functions from ion.c and ion.h.
Do you have any idea how to proceed with the SDP feature?
Hello Rabindranath,
What did you do to achieve this? Did you add the selinux policies as suggested by vchong?
Should I also flash the vendor.img and userdata.img images?
Thanks
Yes need to modify selinux policies.
Yes
Hi,
I want to build Android with OpTEE but I have some issues when I run xtest.
Environment configuration
For UEFI I use UEFI Hikey960 Debug #76 binairies.
For Android environment I use this (Update 08/19) known good manifest.
For hikey-kernel → 02ba176613f0fca9599f0c481b65edf23138d2bf
optee_os → e07aecdb99a2f7b57ded29373c3ed23e7af5dc4b
optee_test → 14f4887f0d8ff6a205aff61979a9d2083262a11e
optee_example → 80344571a86de1ecb76abc32a032ce9374d35f3d
optee_client → b6bfce9f4ee5447e5aaf952dd50ccc8bbb6d5523
To integrate optee in apply this patch : https://android-review.linaro.org/#/c/17833/
Target : hikey960-userdebug
Build command : make CFG_SECSTOR_TA_MGMT_PTA=y CFG_SECURE_DATA_PATH=y -j32
SEPolicy error
I didn’t applied this two patches (first|second) because when I build android I had the followings errors :
treble_sepolicy_test error
[ 6% 1742/28043] build out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0
FAILED: out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0
/bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/hikey960/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/hikey960/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/hikey960/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_26.0_intermediates/26.0_mapping.combined.cil -o out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_26.0_intermediates/built_26.0_plat_sepolicy -p out/target/product/hikey960/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_26.0_intermediates/treble_sepolicy_tests_26.0 )"
The following domain(s) must be associated with the "coredomain" attribute because they are executed off of /system:
tee
[ 6% 1743/28043] build out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0
FAILED: out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0
/bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/hikey960/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/hikey960/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/hikey960/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_27.0_intermediates/27.0_mapping.combined.cil -o out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_27.0_intermediates/built_27.0_plat_sepolicy -p out/target/product/hikey960/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_27.0_intermediates/treble_sepolicy_tests_27.0 )"
The following domain(s) must be associated with the "coredomain" attribute because they are executed off of /system:
tee
[ 6% 1746/28043] build out/target/product/hikey960/obj/ETC/sepolicy_tests_intermediates/sepolicy_tests
FAILED: out/target/product/hikey960/obj/ETC/sepolicy_tests_intermediates/sepolicy_tests
/bin/bash -c "(out/host/linux-x86/bin/sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/hikey960/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/hikey960/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -p out/target/product/hikey960/obj/ETC/sepolicy_intermediates/sepolicy ) && (touch out/target/product/hikey960/obj/ETC/sepolicy_tests_intermediates/sepolicy_tests )"
The following types on /data/ must be associated with the "core_data_file_type" attribute: tee_data_file
[ 6% 1757/28043] build out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_28.0_intermediates/treble_sepolicy_tests_28.0
FAILED: out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_28.0_intermediates/treble_sepolicy_tests_28.0
/bin/bash -c "(out/host/linux-x86/bin/treble_sepolicy_tests -l out/host/linux-x86/lib64/libsepolwrap.so -f out/target/product/hikey960/obj/ETC/plat_file_contexts_intermediates/plat_file_contexts -f out/target/product/hikey960/obj/ETC/vendor_file_contexts_intermediates/vendor_file_contexts -b out/target/product/hikey960/obj/ETC/built_plat_sepolicy_intermediates/built_plat_sepolicy -m out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_28.0_intermediates/28.0_mapping.combined.cil -o out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_28.0_intermediates/built_28.0_plat_sepolicy -p out/target/product/hikey960/obj/ETC/sepolicy_intermediates/sepolicy --fake-treble ) && (touch out/target/product/hikey960/obj/ETC/treble_sepolicy_tests_28.0_intermediates/treble_sepolicy_tests_28.0 )"
The following domain(s) must be associated with the "coredomain" attribute because they are executed off of /system:
tee
xtest issues
With this configuration I’m able to boot with android + optee (even if I can use mouse or keyboard for an unknown reason).
By default tee-supplicant wasn’t started, I don’t know if it’s a normal behaviour. So I started it. To counterbalance sepolicy patches which I didn’t applied I run the following command : setenforce 0.
Command: xtest
Result
hikey960:/vendor/bin # ./xtest
Run test suite with level=0
TEE test application started with device [(null)]
######################################################
#
# regression
#
######################################################
* regression_1001 Core self tests
external/optee_test/host/xtest/regression_1000.c:246: res has an unexpected value: 0xffff000e = TEEC_ERROR_COMMUNICATION, expected 0x0 = TEEC_SUCCESS
Segmentation fault
Command: xtest --install-ta …/lib/optee_armtz/
Result
hikey960:/vendor/bin # ./xtest --install-ta ../lib/optee_armtz/
xtest: TEEC_OpenSession: res 0xffff000e err_orig 0x2
Command: xtest 200
Result
hikey960:/vendor/bin # xtest 200
Test ID: 200
Run test suite with level=0
TEE test application started with device [(null)]
######################################################
#
# regression
#
######################################################
* regression_2001 Trivial TCP iSocket API tests
o regression_2001.1 Start server
regression_2001.1 OK
o regression_2001.2 TCP Socket open
external/optee_test/host/xtest/regression_2000.c:298: xtest_teec_open_session( &session, &socket_ta_uuid, ((void*)0), &ret_orig) has an unexpected value: 0xffff000e = TEEC_ERROR_COMMUNICATION, expected 0x0 = TEEC_SUCCESS
regression_2001.2 FAILED
regression_2001 FAILED
* regression_2002 Concurrent stressing TCP iSocket API tests
o regression_2002.1 Stressing with 3 threads
external/optee_test/host/xtest/regression_2000.c:540: arg[n].success has an unexpected value: 0x0 = false, expected 0x1 = true
external/optee_test/host/xtest/regression_2000.c:540: arg[n].success has an unexpected value: 0x0 = false, expected 0x1 = true
external/optee_test/host/xtest/regression_2000.c:540: arg[n].success has an unexpected value: 0x0 = false, expected 0x1 = true
regression_2002.1 FAILED
regression_2002 FAILED
* regression_2003 Timeout TCP iSocket API tests
o regression_2003.1 Start server
regression_2003.1 OK
o regression_2003.2 TCP Socket open
external/optee_test/host/xtest/regression_2000.c:587: xtest_teec_open_session( &session, &socket_ta_uuid, ((void*)0), &ret_orig) has an unexpected value: 0xffff000e = TEEC_ERROR_COMMUNICATION, expected 0x0 = TEEC_SUCCESS
regression_2003.2 FAILED
regression_2003 FAILED
* regression_2004 UDP iSocket API tests
o regression_2004.1 Start server
regression_2004.1 OK
o regression_2004.2 UDP Socket open
external/optee_test/host/xtest/regression_2000.c:714: xtest_teec_open_session( &session, &socket_ta_uuid, ((void*)0), &ret_orig) has an unexpected value: 0xffff000e = TEEC_ERROR_COMMUNICATION, expected 0x0 = TEEC_SUCCESS
regression_2004.2 FAILED
regression_2004 FAILED
+-----------------------------------------------------
Result of testsuite regression filtered by "200":
regression_2001.2 FAILED first error at external/optee_test/host/xtest/regression_2000.c:298
regression_2001 FAILED
regression_2002.1 FAILED first error at external/optee_test/host/xtest/regression_2000.c:540
regression_2002 FAILED
regression_2003.2 FAILED first error at external/optee_test/host/xtest/regression_2000.c:587
regression_2003 FAILED
regression_2004.2 FAILED first error at external/optee_test/host/xtest/regression_2000.c:714
regression_2004 FAILED
+-----------------------------------------------------
18 subtests of which 6 failed
4 test cases of which 4 failed
71 test cases was skipped
TEE test application done!
I don’t know why I have this issues maybe one of my components (UEFI, Kernel, AOSP + OPTEE) is wrong. Someone can say if I missed something to do ?
Thanks in advance
Could you please elaborate on Step 6 ? Which files did you take from the build for Hikey and how did you add them to the build for Hikey 960 ?
One of our community users, @bensup, has kindly shared his implementations here: https://github.com/bsupiot/hikey960-aosp-optee/wiki. For those who are interested, please give it a try. There are some known issues so please contribute back patches if possible. A big thank you to @bensup! Thanks!
1 Like
Great Woks,guys.I will have a try.
I follow the instructions of wiki, and I got the following error:
error: Exited sync due to fetch errors
xxx
* [new tag] android-8.0.0_r11 -> android-8.0.0_r11
* [new tag] android-8.0.0_r10 -> android-8.0.0_r10
* [new tag] android-8.0.0_r1 -> android-8.0.0_r1
remote: Finding sources: 100% (21250/21250)
remote: Total 21250 (delta 18496), reused 21250 (delta 18496)
Receiving objects: 100% (21250/21250), 3.54 MiB | 2.09 MiB/s, done.
Resolving deltas: 100% (18496/18496), completed with 1801 local objects.
From https://android.googlesource.com/platform/external/linux-kselftest
4478688..a978a5b upstream-master -> aosp/upstream-master
error: Exited sync due to fetch errors
root@hikey960:~/hikey960-aosp-optee#
xxx * [new tag] android-8.0.0_r11 -> android-8.0.0_r11 * [new tag] android-8.0.0_r10 -> android-8.0.0_r10 * [new tag] android-8.0.0_r1 -> android-8.0.0_r1 remote: Finding sources: 100% (21250/21250) remote: Total 21250 (delta 18496), reused 21250 (delta 18496) Receiving objects: 100% (21250/21250), 3.54 MiB | 2.09 MiB/s, done. Resolving deltas: 100% (18496/18496), completed with 1801 local objects. From https://android.googlesource.com/platform/external/linux-kselftest 4478688..a978a5b upstream-master -> aosp/upstream-master error: Exited sync due to fetch errors root@hikey960:~/hikey960-aosp-optee#
repo sync is heavily parallelized, a small excerpt from the logs don’t
usually show the actuall problem. Better to share the whole of the logs
(use a pastebin or github gist to share long log files).
OK, thank you very much.
