Optee Open Source Project Learning

Because the graduate stage chooses the Trustzone research direction, therefore recently has been looking at this aspect the thing. Not long ago in GitHub to find this optee open source project, so fork to learn.

Address: Https://github.com/OP-TEE

Found that Optee has 4 items:

Optee_os: Contains the source code of the tee operating system itself and provides the internal interface of tee.

Optee_client: Contains the source code for the Tee Client library and provides the client interface for tee.

Optee_linuxdriver: Includes the tee-driven source code, which provides a common driver for tee.

The relationship between the parts can be clearly seen in this picture.

In Optee_os, the author introduces the configuration method of this project in detail. Depending on your needs, choose a simple installation, use some hardware or FVP,QEMU platform to run this project. Because there is no money to buy the hardware, I used the fast model as a platform to use optee, so I will only introduce a FVP based installation method.

The first thing to determine is whether some dependencies are satisfied:

$ sudo apt-get install Uuid-dev

If you have a 64-bit Linux system you will need to install the following packages:

$ sudo apt-get install libc6:i386 libstdc++6:i386 libz1:i386

Then download an installation script and run:

$ wget https://raw.githubusercontent.com/OP-TEE/optee_os/master/scripts/setup_fvp_optee.sh
$ chmod 711 Setup_ Fvp_optee.sh
$./setup_fvp_optee.sh

The main function of this script is to clone some files, such as the Linux kernel, optee_os,optee_client,optee_driver, and some tool chains. Because several of these files are relatively large, it may take a long time.

In the middle, the setup script prompts you to download the FVP. Because of the copyright issue, you need to http://www.arm.com/products/tools/models/fast-models/yourself. foundation-model.php downloads the Foundation-model and places it in the specified directory, and the SRC_FVP in the setup_fvp_optee.sh script is set to 1. Then rerun the setup_fvp_optee.sh and wait about one hours to complete the installation. See Op-tee and FVP Setup completed. Indicates that the installation was successful.

After the installation is successful, you will generate a devel file in your home directory, and you will see some script files when you enter the directory, and the role in the GitHub is described in more detail, not in this repetition. Then run the following command:

$./build_secure.sh
$/build_normal.sh

You can compile this project.

Finally, through

$./run_foundation.sh

Start emulator, Load module and start tee-supplicant after successful boot

root@fvp:/modprobe optee_armtz
root@fvp:/tee-supplicant &

Now the optee can be used normally.

Tee-supplicant is a daemon on the host side that is used to load or unload a TA to Optee.

Tee-supplicant & is let Tee-supplicant program backstage execution.