Trusted Applications on OP-TEE


#1

Hello, I just recently installed regular OP-TEE on the HiKey Board and I built the hello_world example which gives me a .ta file and a hello_world binary file. Where do I actually put these files so that I can run them on OP-TEE?


#2

Hi Jon,

Assuming you’re still on Android, hello_world goes to /system/bin/ and the .ta file goes to /system/lib/optee_armtz/. After that, just run hello_world from the console.

HTH


#3

Hey Victor,

I actually haven’t figured out the Android part yet. I just put regular OP-TEE on the HiKey board just to mess around with it until I figure out the Android issue.


#4

What directories do they go in on the regular OP-TEE?


#5

In that case, hello_world goes to /bin/ and .ta file go to /lib/optee_armtz/. You should also see xtest in /bin/ and the other *.ta files in /lib/optee_armtz/, indicating that you’re putting yours in the right place. If ever in doubt, use find to search for the location of xtest and the *.ta files, and put yours in the same corresponding path.


#6

For some reason I cant seem to find /lib/optee_armtz/

When I do locate *.ta I get:

locate *.ta
/home/jsherman/devel/optee/aes-perf/out/ta/e626662e-c0e2-485c-b8c809fbce6edf3d.ta
/home/jsherman/devel/optee/optee_hello_world/ta/8aaaf200-2450-11e4-abe20002a5d5c51b.ta
/home/jsherman/devel/optee/optee_test/out/ta/concurrent/e13010e0-2ae1-11e5-896a0002a5d5c51b.ta
/home/jsherman/devel/optee/optee_test/out/ta/concurrent_large/5ce0c432-0ab0-40e5-a056782ca0e6aba2.ta
/home/jsherman/devel/optee/optee_test/out/ta/create_fail_test/c3f6e2c0-3548-11e1-b86c0800200c9a66.ta
/home/jsherman/devel/optee/optee_test/out/ta/crypt/cb3e5ba0-adf1-11e0-998b0002a5d5c51b.ta
/home/jsherman/devel/optee/optee_test/out/ta/os_test/5b9e0e40-2636-11e1-ad9e0002a5d5c51b.ta
/home/jsherman/devel/optee/optee_test/out/ta/rpc_test/d17f73a0-36ef-11e1-984a0002a5d5c51b.ta
/home/jsherman/devel/optee/optee_test/out/ta/sims/e6a33ed4-562b-463a-bb7eff5e15a493c8.ta
/home/jsherman/devel/optee/optee_test/out/ta/storage/b689f2a7-8adf-477a-9f9932e90c0ad0a2.ta
/home/jsherman/devel/optee/optee_test/out/ta/storage_benchmark/f157cda0-550c-11e5-a6fa0002a5d5c51b.ta
/home/jsherman/devel/optee/sha-perf/out/ta/614789f2-39c0-4ebf-b23592b32ac107ed.ta

Should I just make these directories? And are these directories relative to the OP-TEE workspace or did you mean /bin and / being the root directory


#7

The paths given are for your target HiKey board, not your development PC.
I was thinking you have Android and can just adb push the files to the target from your PC.
For the regular linux build, you can still scp/ftp the files to those paths, but this requires a usb lan adapter connected to the hikey and you setting up the appropriate ssh/ftp services.
If not, then you’ll have to rebuild the image to include your hello_world and *.ta.

  1. Build the regular op-tee project.
  2. Build hello_world and its .ta file.
  3. Add the following 2 lines to the bottom of /home/jsherman/devel/optee/patches_hikey/rootfs/initramfs-add-files.txt.

file /bin/hello_world ${TOP}/optee_hello_world/host/hello_world 755 0 0
file /lib/optee_armtz/8aaaf200-2450-11e4-abe20002a5d5c51b.ta ${TOP}/optee_hello_world/ta/8aaaf200-2450-11e4-abe20002a5d5c51b.ta 444 0 0

  1. Run make boot-img.
  2. Flash the resulting boot image (boot-fat.uefi.img) to HiKey again using the fastboot flash boot boot-fat.uefi.img command.

Optee android manifest on hikey
#8

Note: Sorry. Some corrections have been made to the post above.


#9

VChong,

Thanks so much this helps a lot. I was wondering if you had any more suggestions for my Android build. I downloaded it from source code and compiled it twice and I’m still getting the same error.


#10

What error? You’d mentioned previously that you’re already running xtest on Android.


#11

Oh I apologize, I haven’t got xtest to work yet with AOSP + OPTEE I’m still facing problems involving TEE-Supplicant loading. I posted an issue in github recently.

I have built it from source twice and have been getting the same problem


#12

Oh, you mean runtime error. I thought you meant compile error. Ok, but not really sure what else to say for it since others were able to run xtest ok. From your updated notes, seems like the driver is ok. Maybe try sudo tee-supplicant& just to see if it makes a difference? There should also be a hello_world (the file name might be a bit different, but look for it in /system/bin/) in that build that you can try running instead of of the more complicated xtest, to see if it also fails or passes. Please post your results and additional comments over there though so that we may try to keep all related discussions in one place.


#13

offtopic: but which hello world did you use? The only one I find is the comcast_cryptoapi_ta_example


#14