OP-TEE Start

由於網絡原因, 你可能遇到庫無法下載的情況, 特別準備了一個完整的包, 大約12GB:

鏈接：https://pan.baidu.com/s/1AAMwNn2sl20EtTEqwzyIHg 
提取碼：skq8

說明: 使用上面這個包的話, 則不需要make -f toolchain.mk toolschains這個步驟啦~ 否則會等很久很久很久...

 

我使用的是Ubuntu 18.04.3的系統, 系統信息:

cat /proc/version
Linux version 5.0.0-37-generic (buildd@lcy01-amd64-023) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #40~18.04.1-Ubuntu SMP Thu Nov 14 12:06:39 UTC 2019

主要參考資料: https://optee.readthedocs.io/en/latest/

[有可能]需要對libuuid1進行降級:

sudo apt install libuuid1=2.31.1-0.4ubuntu3

安裝可能需要的工具:

sudo apt install android-tools-adb android-tools-fastboot autoconf automake bc bison build-essential cscope curl device-tree-compiler expect flex ftp-upload gdisk libattr1-dev libcap-dev libfdt-dev libftdi-dev libglib2.0-dev libhidapi-dev libncurses5-dev libpixman-1-dev libssl-dev libtool make mtools netcat python-crypto python-serial python-wand unzip uuid-dev xdg-utils xterm xz-utils zlib1g-dev iasl python3-pycryptodome python3-pyelftools libstdc++6:i386 libc6:i386 libz1:i386

初始化庫:

mkdir open-tee
cd open-tee/
repo init -u https://github.com/OP-TEE/manifest.git -m default.xml -b 3.8.0

強烈建議使用3.8.0的分支, 有些資料(比如圖書會建議使用2.6.0, 但: OP-TEE的build/目錄沒有與2.6.0的代碼同步, 所以會無法處理2.6.0的repo對應的目錄結構.

如果使用最新的版本, 也會遇到很多的編譯問題, 例如在編譯buildroot時ld無法正常處理-loptee_test參數, 不清楚具體的原因.

 

[必要時]爲了防止報錯:

sed -i "s/\.git//g" .repo/manifests/default.xml
cd .repo/manifests/
git add .
git commit -sm "delete .git for repo sync."

repo同步:

repo sync

Tips: 對於sync, 如果想使用代理, 可以嘗試:

export HTTP_PROXY="http://<IP>:<Port>"

編譯工具鏈:

make -f toolchain.mk toolchains

編譯qemu.mk

make -f qemu.mk all

Tips: 對於buildroot的下載緩慢的問題, 如果想使用代理, 可以嘗試:

export http_proxy="http://<IP>:<Port>"

執行如下命令啓動qemu:

make -f qemu.mk run-only

pushd /opt/work/open-tee/build/../out/bin
/opt/work/open-tee/build/../qemu/arm-softmmu/qemu-system-arm \
    -nographic \
    -serial tcp:localhost:54320 -serial tcp:localhost:54321 \
    -smp 2 \
    -s -S -machine virt,secure=on -cpu cortex-a15 \
    -d unimp -semihosting-config enable,target=native \
    -m 1057 \
    -bios bl1.bin \
    -object rng-random,filename=/dev/urandom,id=rng0 \
    -device virtio-rng-pci,rng=rng0,max-bytes=1024,period=1000 \
    -netdev user,id=vmnic \
    -device virtio-net-device,netdev=vmnic

QEMU 3.0.93 monitor - type 'help' for more information
(qemu) c <- 輸入'c'以繼續

此時在新終端(兩個, 一個是Linux輸出CA的log, 一個是OP-TEE輸出TA的log)下可以看到系統成功啓動, 啓動後, 使用root登錄到buildroot, 密碼: root

然後執行xtest命令進行測試:

# xtest
... ...
+-----------------------------------------------------
24537 subtests of which 0 failed
96 test cases of which 0 failed
0 test cases were skipped
TEE test application done!

按後也可以CA的demo:

# optee_example_hello_world
Invoking TA to increment 42
TA incremented value to 43

此時TA的輸出:

D/TC:? 0 tee_ta_init_pseudo_ta_session:280 Lookup pseudo TA 8aaaf200-2450-11e4-abe2-0002a5d5c51b
D/TC:? 0 load_ldelf:704 ldelf load address 0x104000
D/LD: ldelf:134 Loading TA 8aaaf200-2450-11e4-abe2-0002a5d5c51b
D/TC:? 0 tee_ta_init_session_with_context:573 Re-open TA 3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc
D/TC:? 0 system_open_ta_binary:250 Lookup user TA ELF 8aaaf200-2450-11e4-abe2-0002a5d5c51b (Secure Storage TA)
D/TC:? 0 system_open_ta_binary:253 res=0xffff0008
D/TC:? 0 system_open_ta_binary:250 Lookup user TA ELF 8aaaf200-2450-11e4-abe2-0002a5d5c51b (REE)
D/TC:? 0 system_open_ta_binary:253 res=0x0
D/LD: ldelf:169 ELF (8aaaf200-2450-11e4-abe2-0002a5d5c51b) at 0x16f000
D/TC:? 0 tee_ta_close_session:499 csess 0xe185e08 id 1
D/TC:? 0 tee_ta_close_session:518 Destroy session
D/TC:? 0 tee_ta_close_session:499 csess 0xe186210 id 11
D/TC:? 0 tee_ta_close_session:518 Destroy session
D/TC:? 0 destroy_context:298 Destroy TA ctx (0xe1861d0)

如果遇到錯誤, 請參考下文的解決辦法:

[可能]遇到錯誤:

make[1]: Leaving directory '/opt/work/open-tee/linux'
mkdir -p /opt/work/open-tee/build/../out/bin
ln -sf /opt/work/open-tee/build/../linux/arch/arm/boot/zImage /opt/work/open-tee/build/../out/bin
cd /opt/work/open-tee/build/../qemu; ./configure --target-list=arm-softmmu\
--cc=" gcc" --extra-cflags="-Wno-error"

ERROR: glib-2.40 gthread-2.0 is required to compile QEMU

Makefile:81: recipe for target 'qemu' failed
make: *** [qemu] Error 1

這是由於pkg-config的--atleast-version無法正確處理glib-2.0.pc中的Version, 解決:

diff --git a/configure b/configure
index 0a3c6a7..daf3497 100755
--- a/configure
+++ b/configure
@@ -3471,7 +3471,8 @@ if test "$static" = yes -a "$mingw32" = yes; then
fi
for i in $glib_modules; do
- if $pkg_config --atleast-version=$glib_req_ver $i; then
+ # if $pkg_config --atleast-version=$glib_req_ver $i; then
+ if $pkg_config --cflags $i; then
glib_cflags=$($pkg_config --cflags $i)
glib_libs=$($pkg_config --libs $i)
QEMU_CFLAGS="$glib_cflags $QEMU_CFLAGS"

 

---

以下確實庫導致的編譯錯誤已經附在上問的安裝參考.

[可能]遇到報錯:

***
Can't find elftools module. Probably it is not installed on your system.
You can install this module with

$ apt install python3-pyelftools

if you are using Ubuntu. Or try to search for "pyelftools" or "elftools" in
your package manager if you are using some other distribution.
***

這是因爲系統缺失pyelftools庫, 解決:

sudo apt install python3-pyelftools

[可能]遇到報錯:

Traceback (most recent call last):
File "out/arm/export-ta_arm32/scripts/sign_encrypt.py", line 258, in <module>
main()
File "out/arm/export-ta_arm32/scripts/sign_encrypt.py", line 131, in main
from Cryptodome.Signature import pss
ModuleNotFoundError: No module named 'Cryptodome'

缺失pycryptodome庫, 解決:

sudo apt install python3-pycryptodome