精华内容
下载资源
问答
  • optee

    2020-12-05 21:35:22
    <div><p>get pull </p><p>该提问来源于开源项目:ARM-software/arm-trusted-firmware</p></div>
  • OPTEE notes

    2020-07-10 22:25:05
    1. optee_smccc_hvc() and optee_smccc_smc() During optee_probe(), get_invoke_func() will return one of these two functions based on device tree configure. And this returned invoke_fn will ...

    1. optee_smccc_hvc() and optee_smccc_smc()

    During optee_probe(), get_invoke_func() will return one of these two functions based on device tree configure.

    And this returned invoke_fn will register to optee->invoke_fn for other functions to use.

    And from the name, we can know optee_smccc_hvc() will trap to hypervisor(EL2), and optee_smccc_smc() will trap to monitor(EL3).

    So when other functions,such as optee_do_call_with_arg(), call this optee->invoke_fn(), it could enter hypervisor(EL2) or monitor(EL3). It depends on device tree configuration?

    2. Build and Run OP-TEE on QEMU

    1. refer to https://blog.csdn.net/shuaifengyun/article/details/99855105

    2. refer to OP-TEE project(https://optee.readthedocs.io/en/latest/building/gits/build.html) to install all the packages in "Step 1 - Prerequisites"

    3. Repo is slow for some GIT. try more times.

    4. In OP-TEE, build toolchain step will download toolchain from ARM website. If it's too slow, you can open OP-TEE/build/toolchain.mak to find the ARM toolchain name and path and download them manually from ARM website.

    5. When build OP-TEE, make sure no other toolchians on the environment PATH.

    6. If Linux kernel ask for manually configure during the build, you can stop it and rm .config and rebuild Linux kernel. 

     

    展开全文
  • Optee 140814

    2020-11-26 03:32:49
    <div><p>Build instructions available at https://github.com/jenswi-linaro/optee_os/blob/atf_140814/documentation/arm_trusted_firmware.md</p> <p>The OP-TEE Dispatcher is much like the TSPD, perhaps we ...
  • Error with AOSP +OPTEE

    2020-11-23 01:07:34
    In file included from /media/feilei/Data/work/optee_android/optee_android_manifest/kernel/linaro/hisilicon-4.14/drivers/usb/pd/richtek/pd_dpm_core.c:19: In file included from /media/feilei/Data/work/...
  • 反对者 这是一个专为optee设计的库,可简化开发受信任的应用程序。 抬起头 该库当前仅适用于目标aarch64-unknown-linux-gnu 。
  • optee test 1013

    2020-11-22 12:48:23
    <div><p>Hi ,optee community, I have some trouble while using optee test (v3.9.0) + optee_os(v3.9.0) case 1013.1 Using small concurrency TA pass. case 1013.2 Using large concurrency TA failed ...
  • Clearkey in OPTEE

    2020-12-05 03:54:19
    <div><p>Can anyone tell me how can I implement clearkey in optee ?</p><p>该提问来源于开源项目:OP-TEE/optee_os</p></div>
  • OPTEE thread scheduling

    2020-11-22 12:51:42
    <div><p>Hi, <p>Can we assign CFG_NUM_THREADS > NUM_OF_AVAILABLE_COREs, If yes, <p>Consider a uniprocessor system, If CFG_NUM_THREADS>1, opened multiple TA sessions, Each...OP-TEE/optee_os</p></div>
  • OPtee privilege switching

    2020-11-22 12:52:33
    s ok for optee os to use caam, but after system running, after CA switch to PTA, PTA can not use caam anymore? What's wrong? <p>My caam control code as follow: const struct csu_setting csu_setting...
  • OPTEE dev issue

    2020-11-22 13:15:26
    <div> Issues tab -> Filters 5. Check the FAQ before posting a question: ... NOTE: This comment will not be shown in the issue, so no harm keeping it, but feel free to ...OP-TEE/optee_os</p></div>
  • optee fvp

    千次阅读 2016-07-18 14:23:36
    前不久在github上找到这个optee的开源项目,于是fork来学习一下。 地址:https://github.com/OP-TEE 发现optee有4个项目: optee_os:包含了TEE操作系统本身的源代码,提供了TEE的内部接口。 optee_client:包含...

    因为研究生阶段选的是trustzone的研究方向,所以最近在一直看这方面的东西。前不久在github上找到这个optee的开源项目,于是fork来学习一下。

    地址:https://github.com/OP-TEE

    发现optee有4个项目:

    optee_os:包含了TEE操作系统本身的源代码,提供了TEE的内部接口。

    optee_client:包含了TEE客户端库的源代码,提供了TEE的客户端接口。

    optee_linuxdriver:包含了TEE驱动的源代码,提供了TEE的通用驱动程序。


    在这张图上可以清楚地看出各部分的关系。

    在optee_os中,作者很详细的介绍了这个项目的配置方法。你可以根据自己的需要,选择简易安装,使用某些硬件或者FVP,QEMU等平台来运行这个项目。因为没钱买硬件,我用了fast model作为平台来使用optee,所以我只介绍一下基于FVP的安装方式。

    首先要确定一些依赖关系是否满足:

    1. $ sudo apt-get install uuid-dev  

    如果你的是64位的linux系统还需要安装下面几个包:
    1. $ sudo apt-get install libc6:i386 libstdc++6:i386 libz1:i386  

    之后要下载一个安装脚本,并运行:
    1. $ wget https://raw.githubusercontent.com/OP-TEE/optee_os/master/scripts/setup_fvp_optee.sh  
    2. $ chmod 711 setup_fvp_optee.sh  
    3. $ ./setup_fvp_optee.sh  

    这个脚本的功能主要是克隆一些文件,比如linux内核,optee_os,optee_client,optee_driver以及一些工具链。因为其中几个文件比较大,所以可能需要比较长的时间。

    中间,安装脚本会提示你去下载FVP。因为版权问题,你需要自己去http://www.arm.com/products/tools/models/fast-models/foundation-model.php下载foundation-model并放到指定的目录,并且把setup_fvp_optee.sh脚本中的SRC_FVP置为1。之后重新运行setup_fvp_optee.sh,等待大概一个小时就可以完成安装。看到 OP-TEE and FVP setup completed. 说明安装成功。

    安装成功之后,会在你的home目录下生成一个devel文件,进入目录之后会看到一些脚本文件,其作用在github里有比较详细的描述,就不在这个重复了。之后运行如下命令:

    1. $ ./build_secure.sh  
    2. $ ./build_normal.sh  

    就可以编译这个项目了。

    最后,通过

    1. $ ./run_foundation.sh  
    启动模拟器,成功启动后,加载模块并启动tee-supplicant
    1. root@FVP:/ modprobe optee_armtz  
    2. root@FVP:/ tee-supplicant &  

    现在optee就可以正常使用了。

    tee-supplicant 是host端的一个守护程序,用于向optee加载或卸载ta。

    tee-supplicant & 是让tee-supplicant程序后台执行。
    展开全文
  • Optee docs refactoring

    2020-11-23 01:08:54
    <p>Even though I cleaned up optee_design.md I still think it would be good to revise the information in more detail as soon as possible. I also think that -lms changes related to shared memory for SDP...
  • 5 in setup_fvp_optee.sh seems to be causing an error while building optee_os? <p>Should be 1-4? <p>optee_os/lib/libutils/ext/trace.c <h1>if (CFG_TRACE_LEVEL < TRACE_MIN) || (CFG_TRACE_LEVEL > ...
  • <p>I am building optee os image for imx6ull board with the following details. <p>Kernel version: v4.19.x U-boot version: v2016.11.x <p>OPTEE OS revision number: <p>R1: 1a4fa97dca1dd980b615f7e8355a3...
  • <p>However, I find that there is no <code>optee.ko</code> generated in <code>linux/drivers/tee/optee, but <code>optee.o</code> is generated. The <code>make all</code> process succeed without any ...
  • OPTEE initcall Question

    2020-11-22 12:50:09
    <div><p>In OPTEE OS use initcall mechanisms to init some function in the system up. And divided initcall to two level "service_init" and "driver_init", "service_init" will ...
  • GICv3 for optee

    2020-11-23 01:08:59
    <p>My initial plan is to commit the code changes for gicv3 support in optee for aarch64. I am not sure if we need gicv3 support for ARMv7. Please suggest if that makes sense. All the below questions ...
  • Recently, I want to init the optee os driver and avb ta in uboot, so I add tee dir(tee/) and optee subdir in tee/ and other nessasery files. Also I have defined the relative MARCO:CONFIG_OPTEE、...
  • [optee]-optee中的异常向量表的实现

    千次阅读 2020-08-12 11:54:32
    Optee异常向量表ARMV8-aarch641、optee中定义的异常向量表2、optee中设置向量表基地址VBAR_EL1ARMV8-aarch32、ARMV7-aarch32 分析optee中的向量表,我们注意看两件事: 软件中定义的向量表,是否和ARM文档中的向量...


    ★★★ 友情链接 : 个人博客导读首页—点击此处 ★★★

    分析optee中的向量表,我们主要看两件事:

    • 软件中定义的向量表,是否和ARM文档中的向量offset一致
    • 向量表的基地址是否写入到了VBAR寄存器

    ARMV8-aarch64

    1、optee中定义的异常向量表
    (core/arch/arm/kernel/thread_a64.S)
    	.section .text.thread_excp_vect
    	.align	11, INV_INSN
    FUNC thread_excp_vect , :
    	/* -----------------------------------------------------
    	 * EL1 with SP0 : 0x0 - 0x180
    	 * -----------------------------------------------------
    	 */
    	.align	7, INV_INSN
    el1_sync_sp0:
    	store_xregs sp, THREAD_CORE_LOCAL_X0, 0, 3
    	b	el1_sync_abort
    	check_vector_size el1_sync_sp0
    
    	.align	7, INV_INSN
    el1_irq_sp0:
    	store_xregs sp, THREAD_CORE_LOCAL_X0, 0, 3
    	b	elx_irq
    	check_vector_size el1_irq_sp0
    
    	.align	7, INV_INSN
    el1_fiq_sp0:
    	store_xregs sp, THREAD_CORE_LOCAL_X0, 0, 3
    	b	elx_fiq
    	check_vector_size el1_fiq_sp0
    
    	.align	7, INV_INSN
    el1_serror_sp0:
    	b	el1_serror_sp0
    	check_vector_size el1_serror_sp0
    
    	/* -----------------------------------------------------
    	 * Current EL with SP1: 0x200 - 0x380
    	 * -----------------------------------------------------
    	 */
    	.align	7, INV_INSN
    el1_sync_sp1:
    	b	el1_sync_sp1
    	check_vector_size el1_sync_sp1
    
    	.align	7, INV_INSN
    el1_irq_sp1:
    	b	el1_irq_sp1
    	check_vector_size el1_irq_sp1
    
    	.align	7, INV_INSN
    el1_fiq_sp1:
    	b	el1_fiq_sp1
    	check_vector_size el1_fiq_sp1
    
    	.align	7, INV_INSN
    el1_serror_sp1:
    	b	el1_serror_sp1
    	check_vector_size el1_serror_sp1
    
    	/* -----------------------------------------------------
    	 * Lower EL using AArch64 : 0x400 - 0x580
    	 * -----------------------------------------------------
    	 */
    	.align	7, INV_INSN
    el0_sync_a64:
    	restore_mapping
    
    	mrs	x2, esr_el1
    	mrs	x3, sp_el0
    	lsr	x2, x2, #ESR_EC_SHIFT
    	cmp	x2, #ESR_EC_AARCH64_SVC
    	b.eq	el0_svc
    	b	el0_sync_abort
    	check_vector_size el0_sync_a64
    
    	.align	7, INV_INSN
    el0_irq_a64:
    	restore_mapping
    
    	b	elx_irq
    	check_vector_size el0_irq_a64
    
    	.align	7, INV_INSN
    el0_fiq_a64:
    	restore_mapping
    
    	b	elx_fiq
    	check_vector_size el0_fiq_a64
    
    	.align	7, INV_INSN
    el0_serror_a64:
    	b   	el0_serror_a64
    	check_vector_size el0_serror_a64
    
    	/* -----------------------------------------------------
    	 * Lower EL using AArch32 : 0x0 - 0x180
    	 * -----------------------------------------------------
    	 */
    	.align	7, INV_INSN
    el0_sync_a32:
    	restore_mapping
    
    	mrs	x2, esr_el1
    	mrs	x3, sp_el0
    	lsr	x2, x2, #ESR_EC_SHIFT
    	cmp	x2, #ESR_EC_AARCH32_SVC
    	b.eq	el0_svc
    	b	el0_sync_abort
    	check_vector_size el0_sync_a32
    
    	.align	7, INV_INSN
    el0_irq_a32:
    	restore_mapping
    
    	b	elx_irq
    	check_vector_size el0_irq_a32
    
    	.align	7, INV_INSN
    el0_fiq_a32:
    	restore_mapping
    
    	b	elx_fiq
    	check_vector_size el0_fiq_a32
    
    	.align	7, INV_INSN
    el0_serror_a32:
    	b	el0_serror_a32
    	check_vector_size el0_serror_a32
    

    align 7,对齐方式为7,也就是0x80对齐,恰好符合armv7-aarch64中文档中的向量表的offset偏移
    在这里插入图片描述

    2、optee中设置向量表基地址VBAR_EL1

    get_excp_vect()函数获取到thread_a64.S中定义的向量表thread_excp_vect地址

    (core/arch/arm/kernel/thread.c)
    static vaddr_t get_excp_vect(void)
    {
    #ifdef CFG_CORE_WORKAROUND_SPECTRE_BP_SEC
    	uint32_t midr = read_midr();
    
    	if (get_midr_implementer(midr) != MIDR_IMPLEMENTER_ARM)
    		return (vaddr_t)thread_excp_vect;
    
    	switch (get_midr_primary_part(midr)) {
    #ifdef ARM32
    	case CORTEX_A8_PART_NUM:
    	case CORTEX_A9_PART_NUM:
    	case CORTEX_A17_PART_NUM:
    #endif
    	case CORTEX_A57_PART_NUM:
    	case CORTEX_A72_PART_NUM:
    	case CORTEX_A73_PART_NUM:
    	case CORTEX_A75_PART_NUM:
    		return select_vector((vaddr_t)thread_excp_vect_workaround);
    #ifdef ARM32
    	case CORTEX_A15_PART_NUM:
    		return select_vector((vaddr_t)thread_excp_vect_workaround_a15);
    #endif
    	default:
    		return (vaddr_t)thread_excp_vect;
    	}
    #endif /*CFG_CORE_WORKAROUND_SPECTRE_BP_SEC*/
    
    	return (vaddr_t)thread_excp_vect;
    }
    

    在thread_init_per_cpu()时,将向量表基地址写入到VBAR_EL1

    void thread_init_per_cpu(void)
    {
    	size_t pos = get_core_pos();
    	struct thread_core_local *l = thread_get_core_local();
    
    	init_sec_mon(pos);
    
    	set_tmp_stack(l, GET_STACK(stack_tmp[pos]) - STACK_TMP_OFFS);
    	set_abt_stack(l, GET_STACK(stack_abt[pos]));
    
    	thread_init_vbar(get_excp_vect());
    }
    

    thread_init_vbar函数完成将基地址写入VBAR_EL1(将参数1写入到VBAR_EL1)

    (core/arch/arm/kernel/thread_a64.S)
    FUNC thread_init_vbar , :
    	msr	vbar_el1, x0   
    	ret
    END_FUNC thread_init_vbar
    

    ARMV8-aarch32、ARMV7-aarch32

    1、optee中定义的异常向量表
    (core/arch/arm/kernel/thread_a32.S)
    	.section .text.thread_excp_vect
            .align	5
    FUNC thread_excp_vect , :
    UNWIND(	.fnstart)
    UNWIND(	.cantunwind)
    	b	.			/* Reset			*/
    	b	thread_und_handler	/* Undefined instruction	*/
    	b	thread_svc_handler	/* System call			*/
    	b	thread_pabort_handler	/* Prefetch abort		*/
    	b	thread_dabort_handler	/* Data abort			*/
    	b	.			/* Reserved			*/
    	b	thread_irq_handler	/* IRQ				*/
    	b	thread_fiq_handler	/* FIQ				*/
    

    一条指令占4个字节,所以这里也是和aarch32的异常向量表的offset一一对应的
    在这里插入图片描述

    2、optee中设置向量表基地址VBAR_EL1

    其流程同aarch64的流程相同,都是thread_init_per_cpu()---->thread_init_vbar ()

    (core/arch/arm/kernel/thread_a32.S)
    FUNC thread_init_vbar , :
    UNWIND(	.fnstart)
    	/* Set vector (VBAR) */
    	write_vbar r0
    	bx	lr
    UNWIND(	.fnend)
    END_FUNC thread_init_vbar
    
    展开全文
  • <div><p>Buffers allocated with OPTEE_MSG_RPC_CMD_SHM_ALLOC must be freed with OPTEE_MSG_RPC_CMD_SHM_FREE to help normal world driver to route the message correctly. <p>Signed-off-by: Jens Wiklander ...
  • Interrupt handling of OPTEE

    2020-11-23 01:09:36
    m a little confused about the interrupt handling in the OPTEE framework. In the doc, you mentioned terms like secure interrupt and non-secure interrupt. Intuitively, I can understand that secure ...
  • OPTEE移植过程

    2018-06-28 11:09:51
    OPTEE移植过程基于2.6版本,其他版本等同1、在optee_os/core/arch/arm目录下增加plat-xx 在optee_os/core/arch/arm/kernel/kern.ld.S中定义了optee_os启动的入口是_start, 具体实现是在optee_os/core/arch/arm/...

    OPTEE移植过程基于2.6版本,其他版本等同

    1、在optee_os/core/arch/arm目录下增加plat-xx

      在optee_os/core/arch/arm/kernel/kern.ld.S中定义了optee_os启动的入口是_start,

         具体实现是在optee_os/core/arch/arm/kernel/generic_entry_a64.S。

    2、在plat-xx目录下,增加与处理器相关的代码,可以copy一个相近的平台进行修改

         platform_config.h里面包含处理器的地址设置,此处一定要对应具体芯片设置,否则芯片启动不了

         此处涉及具体芯片,不能列出代码,多多包含

    3、修改编译选项build下的common.mk

    4、正常编译即可

         移植过程相当复杂,本处只是记录移植的文件目录,具体芯片具体对待,有不懂的欢迎咨询

         愿意相互交流,体验移植过程

    展开全文
  • optee examples
  • <div><p>Hi Optee community, When i use repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml -b 3.9.0, linux: 9823b2 (which develope upon v5.7-rc6.) optee_os: 3.9.0 optee_client: ...
  • OPTEE OS on one core

    2020-11-22 13:23:41
    <p>I have a requirement for OPTEE OS to run on Core0 only. All other cores shouldn't be able to make SMC calls to OPTEE (but should be able to make PSCI calls). So what all changes do this require...
  • Booting OPTEE on iMX7

    2020-11-23 01:55:10
    <div> Issues tab -> Filters 5. Check the FAQ before posting a question: ... NOTE: This comment will not ...I am trying to boot OPTEE and U-Boot on the Warp7 with iMX7 following the descriptions here: ...
  • optee 提供的hwrng

    2021-02-05 10:57:36
    如果没有专门的硬件来hwrng,则客户用trustos的optee来产生hwrng,这个是的实现在driver/char/hwrng/optee-rng.c中,前面已经看过hwrng代码的架构,我们重点看看核心函数read的实现 static struct optee_rng_private...
  • Using optee with Raspbian

    2020-11-22 12:52:53
    <div><p>I want using Optee with Raspbian. <p>There are two prerequisite: 1. Raspbian is 32 bit (and I don't want to build another 64bit one when considering big workload). 2. ATF now only ...
  • Master+optee overlay

    2020-11-22 12:51:56
    <div><p>This pull request adds the ability for OPTEE to provide a DTB overlay to a subsequent boot stage. We can either <ol><li>Append to an existing DTB overlay located at CFG_DT_ADDR or passed in ...
  • broken.</li><li>Update optee_test commit to fix a build error.</li></ul> <p>Fixes https://github.com/OP-TEE/optee_os/issues/438.</p> <p>Signed-off-by: Jerome Forissier jerome.forissier.org</p><p>该...

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 2,742
精华内容 1,096
关键字:

optee