Differences
This shows you the differences between two versions of the page.
|
ass:laboratoare:03:tasks:02 [2023/07/20 16:10] florin.stancu |
ass:laboratoare:03:tasks:02 [2023/07/20 23:28] (current) florin.stancu |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| Two questions arise: how can one compile a TA? + how to test it on our board? | Two questions arise: how can one compile a TA? + how to test it on our board? | ||
| - | == Step 1. Building a TA == | + | == Step 5. Not so fast... we forgot about the kernel? == |
| + | |||
| + | If we wish to communicate with OP-TEE from Linux, we need to configure its driver (don't worry, we don't need to recompile the kernel, it's included in ''defconfig'''). | ||
| + | |||
| + | Of course, the intended way to do that is by modifying the Linux Device Tree. | ||
| + | Do it as [[https://elixir.bootlin.com/u-boot/v2023.04/source/doc/device-tree-bindings/firmware/linaro,optee-tz.txt|documented here]] ;) | ||
| + | |||
| + | <note> | ||
| + | In case you need a little reminder, the device tree source code is inside linux's ''arch/arm64/''. | ||
| + | |||
| + | We promised that you won't need to recompile the kernel, you just need to recompile its DTB ;) use: | ||
| + | <code> | ||
| + | make ARCH=... dtbs | ||
| + | </code> | ||
| + | |||
| + | Afterwards, you need to copy the new ''.dtb'' into your ''staging/'' directory and [[:ass:laboratoare:02:tasks:01#task_d_-_fit_image|re-build the Linux FIT]] (e.g., ''linux.itb''). And upload it to your emmc (check out the ''ums'' trick described below!). | ||
| + | </note> | ||
| + | |||
| + | == Step 6. Building a TA == | ||
| We can use our workstation / laptop to cross-compile a trusted application! | We can use our workstation / laptop to cross-compile a trusted application! | ||
| Line 25: | Line 43: | ||
| </note> | </note> | ||
| - | == Step 2. Signing the TA == | + | == Step 7. Signing the TA == |
| Remember the secure boot process? | Remember the secure boot process? | ||
| Line 37: | Line 55: | ||
| So we won't need to do anything more! Yay... | So we won't need to do anything more! Yay... | ||
| - | == Step 3. Testing the TA == | + | == Step 8. Testing the TA == |
| Our rootfs image already contains the OP-TEE client library. | Our rootfs image already contains the OP-TEE client library. | ||
| Line 50: | Line 68: | ||
| Do not Ctrl+C yet, leave it running and mount the newly appeared USB device in your PC/VM! | Do not Ctrl+C yet, leave it running and mount the newly appeared USB device in your PC/VM! | ||
| - | After copyint the files, boot the Linux (you can use the Lab02 boot commands, see Readme.md). | + | After copying the files, boot the Linux package (you can use the Lab02 boot commands, see Readme.md). |
| Mount the boot partition and run the TA (you might need to copy it somewhere else and ''chmod +x'')! | Mount the boot partition and run the TA (you might need to copy it somewhere else and ''chmod +x'')! | ||
