自己动手构建系统软件-OP-TEE手动编译

本章节我们开始手动编译OP-TEE，并尝试使用不同的方式引导不同的镜像。

编译EDK2

# 参考文档# https://github.com/tianocore/edk2# https://edk2-docs.gitbook.io/# https://edk2-docs.gitbook.io/edk-ii-minimum-platform-specification/# Using UEFI in QEMU/KVM (AArch64 + AArch32)# https://blog.csdn.net/lif1234567890/article/details/80872791# https://github.com/tianocore/tianocore.github.io/wiki/EDK-II-Platforms$ cd${SYSDEV_ROOT}/tee$ git clone https://github.com/tianocore/edk2.git$ cd edk2$ git checkout -b stable202102 edk2-stable202102$ git submodule update --init$ export WORKSPACE=${SYSDEV_ROOT}/tee/edk2 PYTHON3_ENABLE=TRUE PACKAGES_PATH=${SYSDEV_ROOT}/tee/edk2:$ . ./edksetup.sh$ make -C BaseTools$ GCC5_AARCH64_PREFIX=aarch64-none-elf- \ build -n1 -a AARCH64 -t GCC5 -p ArmVirtPkg/ArmVirtQemuKernel.dsc -b RELEASE all$ GCC5_AARCH64_PREFIX=aarch64-none-elf- \ build -n1 -a AARCH64 -t GCC5 -p MdeModulePkg/MdeModulePkg.dsc -b RELEASE all$ GCC5_AARCH64_PREFIX=aarch64-none-elf- \ build -n1 -a AARCH64 -t GCC5 -p ShellPkg/ShellPkg.dsc -b RELEASE all$ cp -v Build/ArmVirtQemuKernel-AARCH64/RELEASE_GCC5/FV/QEMU_{EFI,VARS}.fd ${SYSDEV_OUT}/aarch64/images/$ cp -v Build/MdeModule/RELEASE_GCC5/AARCH64/HelloWorld.efi ${SYSDEV_OUT}/aarch64/images/$ cp -v Build/Shell/RELEASE_GCC5/AARCH64/*.efi ${SYSDEV_OUT}/aarch64/tee/

编译OP-TEE OS

# https://optee.readthedocs.io/en/latest/building/gits/optee_os.html$ export OPTEE_VERSION=3.9.0$ cd${SYSDEV_ROOT}/tee$ git clone https://github.com/OP-TEE/optee_os.git$ cd optee_os$ git checkout -b ${OPTEE_VERSION}_origin ${OPTEE_VERSION}$ make DEBUG=1 O=${SYSDEV_BUILD}/aarch64/optee_os-${OPTEE_VERSION} \    CFG_ARM64_core=y \    CFG_TEE_BENCHMARK=n \    CFG_TEE_CORE_LOG_LEVEL=3 \    CROSS_COMPILE=aarch64-none-elf- \    CROSS_COMPILE_core=aarch64-none-elf- \    CROSS_COMPILE_ta_arm32=arm-none-eabi- \    CROSS_COMPILE_ta_arm64=aarch64-none-elf- \    PLATFORM=vexpress-qemu_armv8a$ mkdir -pv ${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}$ cp -rfv ${SYSDEV_BUILD}/aarch64/optee_os-${OPTEE_VERSION}/{core/tee-{header,pager,pageable}_v2.bin,export-ta_arm{32,64}} ${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}$ cp -v ${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}/*.bin ${SYSDEV_OUT}/aarch64/images/$ cd${SYSDEV_OUT}/aarch64/images/ && mv -v tee-header_v2.bin bl32.bin && mv -v tee-pager_v2.bin bl32_extra1.bin && mv -v tee-pageable_v2.bin bl32_extra2.bin && cd - -> /opt/sysdev/tee/optee/optee_os/out/arm/core/tee-header_v2.bin -> /opt/sysdev/tee/optee/optee_os/out/arm/core/-> /opt/sysdev/tee/optee/optee_os/out/arm/core/

编译OP-TEE Client

# https://optee.readthedocs.io/en/latest/building/gits/optee_client.html$ cd${SYSDEV_ROOT}/tee$ git clone https://github.com/OP-TEE/optee_client.git$ cd optee_client$ git checkout -b ${OPTEE_VERSION}_origin ${OPTEE_VERSION}$ mkdir -pv ${SYSDEV_BUILD}/aarch64/optee_client-${OPTEE_VERSION} && cd${SYSDEV_BUILD}/aarch64/optee_client-${OPTEE_VERSION}$ unset LD_LIBRARY_PATH$ . ${SYSDEV_TOOLS}/sato-aarch64/environment-setup-aarch64-poky-linux$ cmake -DCMAKE_C_COMPILER=aarch64-poky-linux-gcc -DCMAKE_INSTALL_PREFIX=${SYSDEV_OUT}/aarch64/optee_client-${OPTEE_VERSION}${SYSDEV_ROOT}/tee/optee_client$ make$ make install$ tree ${SYSDEV_OUT}/aarch64/optee_client-${OPTEE_VERSION}/opt/sysdev/out/aarch64/optee_client-3.9.0├── include│   ├── ck_debug.h│   ├── pkcs11.h│   ├── pkcs11_ta.h│   ├── tee_bench.h│   ├── tee_client_api_extensions.h│   ├── tee_client_api.h│   └── teec_trace.h├── lib│   ├── libckteec.so -> libckteec.so.ckteec│   ├── libckteec.so.0.1.0│   ├── libckteec.so.ckteec -> libckteec.so.0.1.0│   └── libteec.a└── sbin    └── tee-supplicant3 directories, 12 files# cp -rfv ${SYSDEV_OUT}/aarch64/optee_client-${OPTEE_VERSION}/* ${SYSDEV_TOOLS}/sato-aarch64/sysroots/aarch64-poky-linux/usr

编译OP-TEE Test

# https://optee.readthedocs.io/en/latest/building/gits/optee_test.html$ cd${SYSDEV_ROOT}/tee$ git clone https://github.com/OP-TEE/optee_test.git$ cd optee_test$ git checkout -b ${OPTEE_VERSION}_origin ${OPTEE_VERSION}$ unset LD_LIBRARY_PATH$ . ${SYSDEV_TOOLS}/sato-aarch64/environment-setup-aarch64-poky-linux$ pip3 install pycryptodomex pycryptodome# yum install -y python3-pycryptodomex# alias python=’/usr/local/bin/python3.6’$ vi /opt/sysdev/out/aarch64/optee_os-3.9.0/export-ta_arm64/scripts/sign_encrypt.py#!/usr/bin/env python3.6$ make DEBUG=1 \ CROSS_COMPILE=aarch64-poky-linux- \ TA_DEV_KIT_DIR=${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}/export-ta_arm64 \ OPTEE_CLIENT_EXPORT=${SYSDEV_OUT}/aarch64/optee_client-${OPTEE_VERSION} \ O=${SYSDEV_BUILD}/aarch64/optee_test-${OPTEE_VERSION}$ make install DEBUG=1 \ CROSS_COMPILE=aarch64-poky-linux- \ TA_DEV_KIT_DIR=${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}/export-ta_arm64 \ OPTEE_CLIENT_EXPORT=${SYSDEV_OUT}/aarch64/optee_client-${OPTEE_VERSION} \ O=${SYSDEV_BUILD}/aarch64/optee_test-${OPTEE_VERSION} \ DESTDIR=${SYSDEV_OUT}/aarch64/optee_test-${OPTEE_VERSION}$ tree ${SYSDEV_OUT}/aarch64/optee_test-${OPTEE_VERSION}/opt/sysdev/out/aarch64/optee_test-3.9.0├── bin│   └── xtest└── lib    └── optee_armtz        ├── 528938ce-fc59-11e8-8eb2-f2801f1b9fd1.ta        ├── 5b9e0e40-2636-11e1-ad9e-0002a5d5c51b.ta        ├── 5ce0c432-0ab0-40e5-a056-782ca0e6aba2.ta        ├── 614789f2-39c0-4ebf-b235-92b32ac107ed.ta        ├── 731e279e-aafb-4575-a771-38caa6f0cca6.ta        ├── 873bcd08-c2c3-11e6-a937-d0bf9c45c61c.ta        ├── a4c04d50-f180-11e8-8eb2-f2801f1b9fd1.ta        ├── b3091a65-9751-4784-abf7-0298a7cc35ba.ta        ├── b689f2a7-8adf-477a-9f99-32e90c0ad0a2.ta        ├── c3f6e2c0-3548-11e1-b86c-0800200c9a66.ta        ├── cb3e5ba0-adf1-11e0-998b-0002a5d5c51b.ta        ├── d17f73a0-36ef-11e1-984a-0002a5d5c51b.ta        ├── e13010e0-2ae1-11e5-896a-0002a5d5c51b.ta        ├── e626662e-c0e2-485c-b8c8-09fbce6edf3d.ta        ├── e6a33ed4-562b-463a-bb7e-ff5e15a493c8.ta        ├── f157cda0-550c-11e5-a6fa-0002a5d5c51b.ta        └── ffd2bded-ab7d-4988-95ee-e4962fff7154.ta3 directories, 18 files

编译OP-TEE Examples

# https://optee.readthedocs.io/en/latest/building/gits/optee_examples/optee_examples.html$ cd${SYSDEV_ROOT}/tee$ git clone https://github.com/linaro-swg/optee_examples.git$ cd optee_examples$ git checkout -b ${OPTEE_VERSION}_origin ${OPTEE_VERSION}$ optee_examples/hello_world$ make DEBUG=1 \ CROSS_COMPILE=aarch64-poky-linux- \ TA_DEV_KIT_DIR=${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}/export-ta_arm64 \ O=${SYSDEV_BUILD}/aarch64/optee_examples-${OPTEE_VERSION} \ --no-builtin-variables$ make -C host \    CROSS_COMPILE=aarch64-poky-linux- \    TEEC_EXPORT=${SYSDEV_OUT}/aarch64/optee_client-${OPTEE_VERSION} \    --no-builtin-variables$ make -C ta \    CROSS_COMPILE=aarch64-none-elf- \    PLATFORM=vexpress-qemu_armv8a \    TA_DEV_KIT_DIR=${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}/export-ta_arm64

编译Trusted-Firmware-A

# https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/initial-build.html$ cd${SYSDEV_ROOT}/tee$ git clone https://review.trustedfirmware.org/TF-A/trusted-firmware-a.git# https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git$ cd trusted-firmware-a$ git checkout -b v2.4_origin v2.4$ make CROSS_COMPILE=aarch64-none-elf- DEBUG=0 LOG_LEVEL=30 \ BL32=${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}/tee-header_v2.bin \ BL32_EXTRA1=${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}/tee-pager_v2.bin \ BL32_EXTRA2=${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}/tee-pageable_v2.bin \ BL33=${SYSDEV_OUT}/aarch64/images/QEMU_EFI.fd \ BUILD_BASE=${SYSDEV_BUILD}/aarch64/trusted-firmware-a-v2.4 \ PLAT=qemu \ ARM_TSP_RAM_LOCATION=tdram \ BL32_RAM_LOCATION=tdram \ SPD=opteed \ all fip...Built /opt/sysdev/build/aarch64/trusted-firmware-a-v2.4/qemu/release/bl31.bin successfully  OD      /opt/sysdev/build/aarch64/trusted-firmware-a-v2.4/qemu/release/bl31/bl31.dumpBuilding tools/fiptool/fiptool  HOSTCC  fiptool.c  HOSTCC  tbbr_config.c  HOSTLD  fiptoolBuilt fiptool successfullyTrusted Boot Firmware BL2: offset=0x128, size=0x6429, cmdline="--tb-fw"EL3 Runtime Firmware BL31: offset=0x6551, size=0x806C, cmdline="--soc-fw"Secure Payload BL32 (Trusted OS): offset=0xE5BD, size=0x1C, cmdline="--tos-fw"Secure Payload BL32 Extra1 (Trusted OS Extra1): offset=0xE5D9, size=0x94860, cmdline="--tos-fw-extra1"Secure Payload BL32 Extra2 (Trusted OS Extra2): offset=0xA2E39, size=0x0, cmdline="--tos-fw-extra2"Non-Trusted Firmware BL33: offset=0xA2E39, size=0x200000, cmdline="--nt-fw"Built /opt/sysdev/build/aarch64/trusted-firmware-a-v2.4/qemu/release/fip.bin successfully$ cp -v ${SYSDEV_BUILD}/aarch64/trusted-firmware-a-v2.4/qemu/release/*.bin ${SYSDEV_OUT}/aarch64/images/

准备目标文件

$ mkdir -v ${SYSDEV_OUT}/aarch64/tee && cd${SYSDEV_OUT}/aarch64/tee$ cp -v ${SYSDEV_BUILD}/aarch64/trusted-firmware-a-v2.4/qemu/release/*.bin .$ cp -v ${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}/*.bin .$ cp -v tee-header_v2.bin bl32.bin && cp -v tee-pager_v2.bin bl32_extra1.bin && cp -v tee-pageable_v2.bin bl32_extra2.bin# cp -v ${SYSDEV_OUT}/aarch64/images/QEMU_EFI.fd bl33.bin$ cp -v ${SYSDEV_OUT}/aarch64/images/piccolo.bin .$ cp -v ${SYSDEV_OUT}/aarch64/images/u-boot.bin .$ cp -v ${SYSDEV_OUT}/aarch64/images/poky/Image .$ cp -v ${SYSDEV_OUT}/aarch64/images/Image.gz .$ cp -v ${SYSDEV_OUT}/aarch64/images/initrd.cpio.gz .$ /opt/sysdev/tee/trusted-firmware-a/tools/fiptool/fiptool create \ --tb-fw bl2.bin \ --soc-fw bl31.bin \ --tos-fw tee-header_v2.bin \ --tos-fw-extra1 tee-pager_v2.bin \ --tos-fw-extra2 tee-pageable_v2.bin \ --nt-fw bl33.bin \ fip.bin$ dd if=bl1.bin of=flash.bin bs=4096 conv=notrunc$ dd if=fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc

运行Piccolo

$ /opt/sysdev/tee/trusted-firmware-a/tools/fiptool/fiptool create \ --tb-fw bl2.bin \ --soc-fw bl31.bin \ --tos-fw tee-header_v2.bin \ --tos-fw-extra1 tee-pager_v2.bin \ --tos-fw-extra2 tee-pageable_v2.bin \ --nt-fw piccolo.bin \ fip_piccolo.bin$ dd if=bl1.bin of=flash_piccolo.bin bs=4096 conv=notrunc$ dd if=fip_piccolo.bin of=flash_piccolo.bin seek=64 bs=4096 conv=notrunc$ qemu-system-aarch64 \ -serial mon:stdio -nographic \ -machine virt,virtualization=true,secure=on \ -cpu cortex-a57 -smp 2 -m 1057 -no-acpi -d guest_errors -d unimp \ -bios flash_piccolo.bin

运行U-Boot

# enable CONFIG_POSITION_INDEPENDENT in u-boot build.$ /opt/sysdev/tee/trusted-firmware-a/tools/fiptool/fiptool create \ --tb-fw bl2.bin \ --soc-fw bl31.bin \ --tos-fw tee-header_v2.bin \ --tos-fw-extra1 tee-pager_v2.bin \ --tos-fw-extra2 tee-pageable_v2.bin \ --nt-fw u-boot.bin \ fip_u-boot.bin$ dd if=bl1.bin of=flash_u-boot.bin bs=4096 conv=notrunc$ dd if=fip_u-boot.bin of=flash_u-boot.bin seek=64 bs=4096 conv=notrunc$ qemu-system-aarch64 \ -serial mon:stdio -nographic \ -machine virt,virtualization=true,secure=on \ -cpu cortex-a57 -smp 2 -m 1057 -no-acpi -d guest_errors -d unimp \ -bios flash_u-boot.bin

运行Piccolo

• U-Boot加载：

$ qemu-system-aarch64 \ -serial mon:stdio -nographic \ -machine virt,virtualization=true,secure=on \ -cpu cortex-a57 -smp 2 -m 1057 -no-acpi -d guest_errors -d unimp \ -bios flash_u-boot.bin \ -device loader,file=Image,addr=0x47000000uboot $ booti 0x47000000 - 0x40000000$ mkimage -A arm -C none -O linux -T kernel -d piccolo.bin -a 0x04000000 -e 0x07000000 piccolo.ubin$ cat u-boot.bin piccolo.ubin > u-boot_piccolo.bin$ printf"0x%X" $(expr $(stat -c%s u-boot.bin) + 65536)0xAE1B0$ qemu-system-aarch64 \ -serial mon:stdio -nographic \ -machine virt,virtualization=true,secure=on \ -cpu cortex-a57 -smp 2 -m 1057 -no-acpi -d guest_errors -d unimp \ -bios flash_u-boot.bin \ -device loader,file=piccolo.bin,addr=0x41000000=> go 0x41000000

• 获取dtb：

$ qemu-system-aarch64 \ -machine virt,virtualization=true,gic-version=3 -cpu cortex-a57 -smp 2 -m 256M \ -d guest_errors -nodefaults -no-reboot -serial mon:stdio --nographic \ -kernel Image -machine dumpdtb=virt-tee.dtb

• 通过U-Boot，使用DTB，加载Piccolo：

$ qemu-system-aarch64 \ -serial mon:stdio -nographic \ -machine virt,virtualization=true,secure=on \ -cpu cortex-a57 -smp 2 -m 1057 -no-acpi -d guest_errors -d unimp \ -bios flash_u-boot.bin \ -device loader,file=piccolo.bin,addr=0x47000000 \ -device loader,file=virt-tee.dtb,addr=0x44000000uboot $ booti 0x47000000 - 0x44000000

• 通过U-Boot加载Piccolo（使用内置DTB）：

$ qemu-system-aarch64 \ -serial mon:stdio -nographic \ -machine virt,virtualization=true,secure=on \ -cpu cortex-a57 -smp 2 -m 1057 -no-acpi -d guest_errors -d unimp \ -bios flash_u-boot.bin \ -device loader,file=piccolo.bin,addr=0x47000000=> booti 0x47000000 - 0x40000000# or=> go 0x47000000## Starting application at 0x47000000 ...boot from el2boot from el1Hello World !Current Exception Level : 1

运行Kernel

• 直接加载Kernel：

$ qemu-system-aarch64 \ -machine virt,virtualization=true,gic-version=3 -cpu cortex-a57 -smp 2 -m 256M \ -d guest_errors -nodefaults -no-reboot -serial mon:stdio --nographic \ -kernel Image

• 通过U-Boot加载：

$ qemu-system-aarch64 \ -serial mon:stdio -nographic \ -machine virt,virtualization=true,secure=on \ -cpu cortex-a57 -smp 2 -m 1057 -no-acpi -d guest_errors -d unimp \ -bios flash_u-boot.bin \ -device loader,file=Image,addr=0x47000000 \ -device loader,file=virt-tee.dtb,addr=0x44000000uboot $ booti 0x47000000 - 0x44000000

• 通过semihosting加载：

$ qemu-system-aarch64 -serial mon:stdio -nographic \ -machine virt,virtualization=true,secure=on \ -cpu cortex-a57 -smp 2 -m 1057 -no-acpi -d unimp \ -bios bl1.bin \ -kernel Image \ -semihosting-config enable,target=native

• 通过BIOS加载：

$ qemu-system-aarch64 -serial mon:stdio -nographic \ -machine virt,virtualization=true,secure=on -d unimp \ -cpu cortex-a57 -smp 2 -m 1057 -no-acpi \ -bios flash.bin \ -kernel Image

运行Yocto

Docker $ cd${SYSDEV_OUT}/aarch64/tee/# ${SYSDEV_TOOLS}/start-yocto.sh sato -nat

• Sato, remove gic-version=3, use Image.gz：

Docker $ qemu-system-aarch64 -serial mon:stdio -serial tcp::45457,server,nowait \ -machine virt,virtualization=true,secure=on,usb=on -no-acpi \ -cpu cortex-a57 -smp 4 -m 2048 \ -bios /opt/sysdev/out/aarch64/tee/flash.bin \ -kernel /opt/sysdev/out/aarch64/tee/Image.gz \ -append "console=ttyAMA0 root=/dev/vda3" \ -object rng-random,filename=/dev/urandom,id=rng0 \ -device virtio-rng-pci,rng=rng0,max-bytes=1024,period=1000 \ -net nic,model=virtio,macaddr=00:12:35:56:88:48 \ -net tap,ifname=tap-sato-aarch64-042101,script=/opt/sysdev/tools/vm-ifup.sh,downscript=/opt/sysdev/tools/vm-ifdown.sh \ -drive format=qcow2,if=none,file=/opt/sysdev/out/aarch64/images/storage-aarch64.qcow2,id=hd2 \ -device virtio-blk-device,drive=hd2 \ -drive format=qcow2,if=none,file=/opt/sysdev/out/aarch64/images/data-aarch64.qcow2,id=hd1 \ -device virtio-blk-device,drive=hd1 \ -drive format=qcow2,if=none,file=/opt/sysdev/out/aarch64/images/system-aarch64.qcow2,id=hd0 \ -device virtio-blk-device,drive=hd0 \ -fsdev local,id=fsdev0,path=/opt,security_model=none,multidevs=remap \ -device virtio-9p-device,fsdev=fsdev0,mount_tag=host \ -device virtio-gpu-pci \ -display gtk,gl=off \ -device nec-usb-xhci,id=xhci \ -device usb-mouse \ -device usb-kbd \ -device sdhci-pci \ -d guest_errors \ -nodefaults

• Mini, remove gic-version=3, usb, display, use Image.gz：

Docker $ qemu-system-aarch64 -serial mon:stdio -serial tcp::45457,server,nowait -nographic \ -machine virt,virtualization=true,secure=on -no-acpi -d guest_errors -d unimp \ -cpu cortex-a57 -smp 2 -m 1024 \ -bios /opt/sysdev/out/aarch64/tee/flash.bin \ -kernel /opt/sysdev/out/aarch64/tee/Image.gz \ -append "console=ttyAMA0 root=/dev/vda2" \ -object rng-random,filename=/dev/urandom,id=rng0 \ -device virtio-rng-pci,rng=rng0,max-bytes=1024,period=1000 \ -net nic,model=virtio,macaddr=00:12:35:56:88:48 \ -net tap,ifname=tap-sato-aarch64-042101,script=/opt/sysdev/tools/vm-ifup.sh,downscript=/opt/sysdev/tools/vm-ifdown.sh \ -drive format=qcow2,if=none,file=/opt/sysdev/out/aarch64/images/storage-aarch64.qcow2,id=hd2 \ -device virtio-blk-device,drive=hd2 \ -drive format=qcow2,if=none,file=/opt/sysdev/out/aarch64/images/data-aarch64.qcow2,id=hd1 \ -device virtio-blk-device,drive=hd1 \ -drive format=qcow2,if=none,file=/opt/sysdev/out/aarch64/images/system-aarch64.qcow2,id=hd0 \ -device virtio-blk-device,drive=hd0 \ -fsdev local,id=fsdev0,path=/opt,security_model=none,multidevs=remap \ -device virtio-9p-device,fsdev=fsdev0,mount_tag=hostDocker $ telnet localhost 45457Guest $ mount -t 9p -o trans=virtio,version=9p2000.L,posixacl,cache=loose host /optGuest $ ifconfig eth0 192.168.2.50 netmask 255.255.255.0Guest $ route add default gw 192.168.2.99Guest $ echo"nameserver 114.114.114.114" > /etc/resolv.conf

运行Examples

# https://github.com/OP-TEE/build.gitDocker $ cp -v ${SYSDEV_ROOT}/tee/optee/build/br-ext/package/optee_client_ext/S30optee \${SYSDEV_OUT}/aarch64/tee/opteeDocker $ vi ${SYSDEV_OUT}/aarch64/tee/opteeDAEMON_PATH="/sbin"Docker $ scp ${SYSDEV_OUT}/aarch64/tee/optee root@192.168.2.139:/etc/init.d/Guest $ update-rc.d optee defaultsGuest $ useradd teeclntGuest $ useradd tee# OrGuest $ adduser teeclntGuest $ adduser tee# OrGuest # echo 'teeclnt::0:10000::/home/teeclnt:/etc/bash' >>/etc/passwdGuest # echo 'tee::0:20000::/home/tee:/etc/bash' >>/etc/passwdGuest $ chmod a+x /etc/init.d/opteeGuest $ /etc/init.d/optee startGuest $ ps -a | grep tee | head -n1  699 tee       0:00 /sbin/tee-supplicant -d /dev/teepriv0Guest $ cp 8aaaf200-2450-11e4-abe2-0002a5d5c51b.ta /lib/optee_armtz/Guest $ ./optee_example_hello_world Invoking TA to increment 42TA incremented value to 43# OP-TEE ShellD/TC:? 0 tee_ta_init_pseudo_ta_session:284 Lookup pseudo TA 8aaaf200-2450-11e4-abe2-0002a5d5c51bD/TC:? 0 load_ldelf:703 ldelf load address 0x40006000D/LD:  ldelf:134 Loading TA 8aaaf200-2450-11e4-abe2-0002a5d5c51bD/TC:? 0 tee_ta_init_pseudo_ta_session:284 Lookup pseudo TA 3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebcD/TC:? 0 tee_ta_init_pseudo_ta_session:297 Open system.ptaD/TC:? 0 tee_ta_init_pseudo_ta_session:311 system.pta : 3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebcD/TC:? 0 system_open_ta_binary:256 Lookup user TA ELF 8aaaf200-2450-11e4-abe2-0002a5d5c51b (Secure Storage TA)D/TC:? 0 system_open_ta_binary:260 res=0xffff0008D/TC:? 0 system_open_ta_binary:256 Lookup user TA ELF 8aaaf200-2450-11e4-abe2-0002a5d5c51b (REE)D/TC:? 0 system_open_ta_binary:260 res=0x0D/LD:  ldelf:168 ELF (8aaaf200-2450-11e4-abe2-0002a5d5c51b) at 0x40027000D/TC:? 0 tee_ta_close_session:498 csess 0xe1ad050 id 1D/TC:? 0 tee_ta_close_session:518 Destroy sessionD/TA:  TA_CreateEntryPoint:39 has been calledD/TA:  TA_OpenSessionEntryPoint:68 has been calledI/TA: Hello World!D/TA:  inc_value:105 has been calledI/TA: Got value: 42 from NWI/TA: Increase value to: 43D/TC:? 0 tee_ta_close_session:498 csess 0xe1ad850 id 1D/TC:? 0 tee_ta_close_session:518 Destroy sessionI/TA: Goodbye!D/TA:  TA_DestroyEntryPoint:50 has been calledD/TC:? 0 destroy_context:298 Destroy TA ctx (0xe1ad7f0)

编写TEE应用

• 参考文档：

# OP-TEE系列之(一)Ubuntu-14搭建QEMU中OP-TEE可信执行环境https://www.jianshu.com/p/c81ea76aeee2# OP-TEE系列之(二)Hello-world示例程序讲解https://www.jianshu.com/p/634cae126142# OP-TEE系列之(三)如何新建一个TA程序https://www.jianshu.com/p/ab6626eff115# OP-TEE系列之(四)实现CA_TA调用与加密算法实现https://www.jianshu.com/p/c238bfea3e46# OP-TEE中添加自己的TA和CAhttps://blog.csdn.net/shuaifengyun/article/details/71517567

• 生成UUID：

# Online UUID Generatorhttps://www.uuidgenerator.net/b1965bcb-4f63-4623-b08b-ce7eed37cc75

• 编译运行：

Guest $ unset LD_LIBRARY_PATHGuest $ . ${SYSDEV_TOOLS}/sato-aarch64/environment-setup-aarch64-poky-linuxGuest $ export OPTEE_VERSION=3.9.0; \export TEEC_EXPORT=${SYSDEV_OUT}/aarch64/optee_client-${OPTEE_VERSION}; \export TA_DEV_KIT_DIR=${SYSDEV_OUT}/aarch64/optee_os-${OPTEE_VERSION}/export-ta_arm64; \export PLATFORM=vexpress-qemu_armv8aGuest $ make -C host CROSS_COMPILE=aarch64-poky-linux- --no-builtin-variablesGuest $ make -C ta CROSS_COMPILE=aarch64-none-elf-Guest $ cp ta/b1965bcb-4f63-4623-b08b-ce7eed37cc75.ta /lib/optee_armtz/Guest $ chmod a+x host/hello_teeGuest $ ./host/hello_tee 78Invoking TA to increment 78TA incremented value to 156

如果喜欢，请麻烦点个关注，会更快的更新！