Differences
This shows you the differences between two versions of the page.
|
ass:labs-2025:05:tasks:02 [2025/08/07 22:18] florin.stancu created |
ass:labs-2025:05:tasks:02 [2025/08/08 14:28] (current) florin.stancu |
||
|---|---|---|---|
| Line 21: | Line 21: | ||
| make ARCH=... dtbs | make ARCH=... dtbs | ||
| </code> | </code> | ||
| - | |||
| - | Afterwards, you need to copy the new ''.dtb'' into your ''staging/'' directory and [[:ass:labs-2025:02:tasks:01#task_d_-_fit_image|re-build the Linux FIT]] (e.g., ''linux.itb''). And upload it to your emmc (check out the ''ums'' trick described below!). | ||
| </note> | </note> | ||
| + | |||
| + | Oh, and re-enable **Buildroot** if disabled for the previous lab (you backed up your ITS file, hopefully). | ||
| + | Then enter its ''menuconfig'' and search for ''PACKAGE_OPTEE_CLIENT''. Enable it and rebuild your rootfs! | ||
| + | |||
| + | Afterwards, you need to copy the new ''.dtb'' into your ''staging/'' directory and [[:ass:labs-2025:02:tasks:01#task_d_-_fit_image|re-build the Linux FIT]] (e.g., ''linux.itb''). And upload it to your emmc (use u-boot's ''ums'' and simply copy the file on the FAT32 boot partition). | ||
| == Step 6. Building a TA == | == Step 6. Building a TA == | ||
| Line 30: | Line 33: | ||
| Read the [[https://optee.readthedocs.io/en/latest/building/gits/optee_examples/optee_examples.html|official instructions here]]. | Read the [[https://optee.readthedocs.io/en/latest/building/gits/optee_examples/optee_examples.html|official instructions here]]. | ||
| + | |||
| + | Build both the host app and the Trusted Application need to be compiled TOGETHER with the TEE Client Library, and the OPTEE OS exported SDK, respectively. | ||
| + | |||
| + | Make sure to read the examples documentation to see the make variables to set! | ||
| <note> | <note> | ||
| - | Note that you must build [[https://optee.readthedocs.io/en/latest/building/gits/optee_client.html#build-instructions|the optee_client first]]. Note that CMake needs to receive the path to CROSS_COMPILEr's gcc via specific define (argument). | + | Note that, usually, you must build optee-client from source on the host machine [[https://optee.readthedocs.io/en/latest/building/gits/optee_client.html#build-instructions|the optee_client first]]. . |
| - | Also set the ''-DCMAKE_INSTALL_PREFIX=...'' cmake flag to some dir in your project's working root directory and run ''make install'' at the end to copy the final product there. It will be required to specify its path (see below). | + | But, since we're using Buildroot and have enabled it, you can find it already compiled for the target system at ''<buildroot-dir>/output/build/optee-client-<version>''. |
| + | |||
| + | Touugh we need to give a ''TEEC_EXPORT'' install path when invoking the TA makefile... Use find for ''tee_client_api.h'' and see where it's found (hint: ''sysroot'')! | ||
| </note> | </note> | ||
| <note> | <note> | ||
| - | Build both the host app and the TA need to be compiled TOGETHER with the TEE Client Library, and the OPTEE OS exported SDK, respectively. | + | As for ''TA_DEV_KIT_DIR'' of a Trusted Application, it must point to an SDK generated inside BL32 (optee_os) source directory (something like ''export-ta...'''. |
| - | + | ||
| - | Make sure to read the examples documentation to see the make variables to set! | + | |
| </note> | </note> | ||
| + | |||
| + | Also note that for building Buildroot-targeted applications, your classic ''aarch64-none-gnu-'' toolchain **won't work** since Buildroot uses custom [[https://www.uclibc.org/|ucLibC]] by default. But, fortunately, you may find the cross compilation prefix at ''<buildroot-dir>/output/host/bin/aarch64-buildroot-linux-gnu-'' (see the difference?)! | ||
| == Step 7. Signing the TA == | == Step 7. Signing the TA == | ||
| Line 68: | Line 77: | ||
| Do not Ctrl+C yet, leave it running and mount the newly appeared USB device in your PC/VM! | Do not Ctrl+C yet, leave it running and mount the newly appeared USB device in your PC/VM! | ||
| - | After copying the files, boot the Linux package (you can use the Lab02 boot commands, see Readme.md). | + | After copying the files, boot Linux. |
| + | |||
| + | Now check if ''tee-supplicant'' is running... let's mount devtmpfs then start it: | ||
| + | <code bash> | ||
| + | mount -t devtmpfs devtmpfs /dev | ||
| + | tee-supplicant -d | ||
| + | </code> | ||
| Mount the boot partition and run the TA (you might need to copy it somewhere else and ''chmod +x'')! | Mount the boot partition and run the TA (you might need to copy it somewhere else and ''chmod +x'')! | ||
| Line 76: | Line 91: | ||
| Observe the error: OP-TEE cannot find the ''.ta'' file inside a trusted memory or REE. | Observe the error: OP-TEE cannot find the ''.ta'' file inside a trusted memory or REE. | ||
| - | For this, you will need to copy the signed ''<UUID>.ta'' file to ''/lib/optee_armtz/'', as (very badly) documented. | + | For this, you will need to copy the signed ''<UUID>.ta'' file to ''/lib/optee_armtz/'' (create it if it doesn't exist), as (very badly) documented. |
| </note> | </note> | ||
