TrustZone -- runtime environment-QEMU-OP-TEE, trustzoneqemu

TrustZone -- runtime environment-QEMU-OP-TEE, trustzoneqemu

Finally, we can see a well-developed security OS. Looking at the platforms it supports, we can see that the development investment is heavy.

Supports two virtual simulators, FastModels and QEMU, and five other development boards. Let's see how QEMU works today.

 

 

The following is the compilation description. Let me talk about the key points. The following content is in README. MD under the root directory of the git server optee-OS.

Linux is 3.18. If it is not easy to download, download 3.18 or 3.18rc1 and decompress it to qemu_optee and change the directory name to linux.

Step 1:

Install the required package with apt-get. No difficulty. If a conflicting package exists, remove it and install it again.

Step 2:

Run the script setup_qemu_optee.sh to download and compile the environment.

After the execution is complete, if the directory remains unchanged ~ A series of scripts such as build. sh appear in the/devel/qemu_optee directory.

If you need to adjust it, you only need to compile the corresponding file. If you change the linux kernel or file system. Remember to re-compile bios. bin, that is, run buid_bios.sh. The link is in bios. bin.

Step 3:

Run build. sh. It mainly involves several tasks. Bios. bin (qemu boot file), nsec_blob.bin (unsecure system bin, adjusted zImage), nsec_rootfs.bin (linux File System, including optee_client, TEE_Client driver, and xtest Test Program ), secure_blob.bin (security system includes security ta ).

The specific relationship between several files is bios. bin, which contains the addresses of the following three files. Switch to the corresponding address to run the call.

Step 4:

Run two terminals and a qemu simulator. You can see the effect of running linux and the security system. For example, a non-secure side XTEST is successfully called, and a secure side TEE-CORE is printed. The qemu running interface is also provided.

The linux operating system is like this.

The following figure shows the effect after running xtest.

 

 

Summary:

The overall compilation is still smooth. The problem is as follows:

1. The network speed is not fast enough. Download the Linux kernel independently.

2. If there is a problem with the tbconv. c code, use strong conversion correction for const. The problem may have been fixed during compilation.

3. busybox cannot be compiled. This is mainly about tool chain compilation. Download gcc-linaro-arm-linux-gnueabihf-4.9-2014.05_linux.tar. xz. Install it. Previously, the arm compiler tried to remove the association as much as possible to avoid impact. In the setup_qemu_optee.sh file, compile gen_rootfs and specify cross_compiler to the compiler provided by the script.

4. If a part fails, delete the entire directory and run setup_qemu_optee.sh again.

 

I wish you a smooth compilation !!!

 

Next time, let's take a look at the effect of fastmodels.

 

It is intercepted from the following address.

Https://github.com/OP-TEE/optee_ OS #44-qemu

4.4 QEMU

You can run OP-TEE using QEMU since October 2014.

4.4.1 Prerequisites

To be able run this script you will need to install a couple of dependencies. On a Debian based system (Ubuntu, Mint etc.), you will at least need to install the following packages:

$ sudo apt-get install zlib1g-dev libglib2.0-dev libpixman-1-dev libfdt-dev \               libc6:i386 libstdc++6:i386 libz1:i386 cscope

4.4.2 Download and setup QEMU $ wget https://raw.githubusercontent.com/OP-TEE/optee_os/master/scripts/setup_qemu_optee.sh
$ chmod 711 setup_qemu_optee.sh
$ ./setup_qemu_optee.sh
4.4.3 Compile for QEMU

During installation a couple of helper scripts were generated, the main reason for this is that there is a lot of interdependencies between the different software components and it's a bit tricky to point to the correct toolchains and to know in which order to build things.

• build_bios.sh: This build the BIOS needed in QEMU

• build_linux.sh: This is used to build the Linux Kernel.

• build_optee_client.sh: This will build OP-TEEs client library.

• build_optee_linuxkernel.sh: This will build OP-TEEs Linux Kernel driver (as a module ).

• build_optee_os.sh: Builds the Trusted OS itself.

• build.sh: Builds all software components in the correct order.

• run_qemu.sh: This script starts QEMU.

• serial_0.sh: Starts listening to QEMUs normal world UART console.

• serial_1.sh: Starts listening to QEMUs secure world UART console.

• update_rootfs.sh: This script will update rootfs. for example when you have updated normal world component, you will need to put them into rootfs. calling this script will do so. in case you are creating a new Trusted Application, you must also edit filelist-tee.text in the gen_rootfs folder accordingly.

To build everything you will need to run the scriptbuild.sh, Which will build all gits and in the correct order.

4.4.4 Boot and run QEMU and OP-TEE

To run this you need to lunch two records les for the UARTs and one console for QEMU itself, so in separate shell windows run:

  $ ./serial_0.sh

$ ./serial_1.sh

And finally

$ ./run_qemu.sh...QEMU 2.1.50 monitor - type 'help' for more information(qemu) c

In the window for serial_0 you will now get the normal world console and here you need to load and OP-TEEs Linux Kernel driver and also load tee-supplicant. this is done by the following lines:

$ root@Vexpress:/ modprobe optee_armtz$ root@Vexpress:/ tee-supplicant &

Copyright Disclaimer: This article is an original article by the blogger and cannot be reproduced without the permission of the blogger.