由於網絡原因, 你可能遇到庫無法下載的情況, 特別準備了一個完整的包, 大約12GB:
鏈接:https://pan.baidu.com/s/1AAMwNn2sl20EtTEqwzyIHg
提取碼:skq8
說明: 使用上面這個包的話, 則不需要make -f toolchain.mk toolschains這個步驟啦~ 否則會等很久很久很久...
我使用的是Ubuntu 18.04.3的系統, 系統信息:
cat /proc/version
Linux version 5.0.0-37-generic (buildd@lcy01-amd64-023) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04.1)) #40~18.04.1-Ubuntu SMP Thu Nov 14 12:06:39 UTC 2019
主要參考資料: https://optee.readthedocs.io/en/latest/
[有可能]需要對libuuid1進行降級:
sudo apt install libuuid1=2.31.1-0.4ubuntu3
安裝可能需要的工具:
sudo apt install android-tools-adb android-tools-fastboot autoconf automake bc bison build-essential cscope curl device-tree-compiler expect flex ftp-upload gdisk libattr1-dev libcap-dev libfdt-dev libftdi-dev libglib2.0-dev libhidapi-dev libncurses5-dev libpixman-1-dev libssl-dev libtool make mtools netcat python-crypto python-serial python-wand unzip uuid-dev xdg-utils xterm xz-utils zlib1g-dev iasl python3-pycryptodome python3-pyelftools libstdc++6:i386 libc6:i386 libz1:i386
初始化庫:
mkdir open-tee
cd open-tee/
repo init -u https://github.com/OP-TEE/manifest.git -m default.xml -b 3.8.0
強烈建議使用3.8.0的分支, 有些資料(比如圖書會建議使用2.6.0, 但: OP-TEE的build/目錄沒有與2.6.0的代碼同步, 所以會無法處理2.6.0的repo對應的目錄結構.
如果使用最新的版本, 也會遇到很多的編譯問題, 例如在編譯buildroot時ld無法正常處理-loptee_test參數, 不清楚具體的原因.
[必要時]爲了防止報錯:
sed -i "s/\.git//g" .repo/manifests/default.xml
cd .repo/manifests/
git add .
git commit -sm "delete .git for repo sync."
repo同步:
repo sync
Tips: 對於sync, 如果想使用代理, 可以嘗試:
export HTTP_PROXY="http://<IP>:<Port>"
編譯工具鏈:
make -f toolchain.mk toolchains
編譯qemu.mk
make -f qemu.mk all
Tips: 對於buildroot的下載緩慢的問題, 如果想使用代理, 可以嘗試:
export http_proxy="http://<IP>:<Port>"
執行如下命令啓動qemu:
make -f qemu.mk run-only
pushd /opt/work/open-tee/build/../out/bin
/opt/work/open-tee/build/../qemu/arm-softmmu/qemu-system-arm \
-nographic \
-serial tcp:localhost:54320 -serial tcp:localhost:54321 \
-smp 2 \
-s -S -machine virt,secure=on -cpu cortex-a15 \
-d unimp -semihosting-config enable,target=native \
-m 1057 \
-bios bl1.bin \
-object rng-random,filename=/dev/urandom,id=rng0 \
-device virtio-rng-pci,rng=rng0,max-bytes=1024,period=1000 \
-netdev user,id=vmnic \
-device virtio-net-device,netdev=vmnic
QEMU 3.0.93 monitor - type 'help' for more information
(qemu) c <- 輸入'c'以繼續
此時在新終端(兩個, 一個是Linux輸出CA的log, 一個是OP-TEE輸出TA的log)下可以看到系統成功啓動, 啓動後, 使用root登錄到buildroot, 密碼: root
然後執行xtest命令進行測試:
# xtest
... ...
+-----------------------------------------------------
24537 subtests of which 0 failed
96 test cases of which 0 failed
0 test cases were skipped
TEE test application done!
按後也可以CA的demo:
# optee_example_hello_world
Invoking TA to increment 42
TA incremented value to 43
此時TA的輸出:
D/TC:? 0 tee_ta_init_pseudo_ta_session:280 Lookup pseudo TA 8aaaf200-2450-11e4-abe2-0002a5d5c51b
D/TC:? 0 load_ldelf:704 ldelf load address 0x104000
D/LD: ldelf:134 Loading TA 8aaaf200-2450-11e4-abe2-0002a5d5c51b
D/TC:? 0 tee_ta_init_session_with_context:573 Re-open TA 3a2f8978-5dc0-11e8-9c2d-fa7ae01bbebc
D/TC:? 0 system_open_ta_binary:250 Lookup user TA ELF 8aaaf200-2450-11e4-abe2-0002a5d5c51b (Secure Storage TA)
D/TC:? 0 system_open_ta_binary:253 res=0xffff0008
D/TC:? 0 system_open_ta_binary:250 Lookup user TA ELF 8aaaf200-2450-11e4-abe2-0002a5d5c51b (REE)
D/TC:? 0 system_open_ta_binary:253 res=0x0
D/LD: ldelf:169 ELF (8aaaf200-2450-11e4-abe2-0002a5d5c51b) at 0x16f000
D/TC:? 0 tee_ta_close_session:499 csess 0xe185e08 id 1
D/TC:? 0 tee_ta_close_session:518 Destroy session
D/TC:? 0 tee_ta_close_session:499 csess 0xe186210 id 11
D/TC:? 0 tee_ta_close_session:518 Destroy session
D/TC:? 0 destroy_context:298 Destroy TA ctx (0xe1861d0)
如果遇到錯誤, 請參考下文的解決辦法:
[可能]遇到錯誤:
make[1]: Leaving directory '/opt/work/open-tee/linux'
mkdir -p /opt/work/open-tee/build/../out/bin
ln -sf /opt/work/open-tee/build/../linux/arch/arm/boot/zImage /opt/work/open-tee/build/../out/bin
cd /opt/work/open-tee/build/../qemu; ./configure --target-list=arm-softmmu\
--cc=" gcc" --extra-cflags="-Wno-error"
ERROR: glib-2.40 gthread-2.0 is required to compile QEMU
Makefile:81: recipe for target 'qemu' failed
make: *** [qemu] Error 1
這是由於pkg-config的--atleast-version無法正確處理glib-2.0.pc中的Version, 解決:
diff --git a/configure b/configure
index 0a3c6a7..daf3497 100755
--- a/configure
+++ b/configure
@@ -3471,7 +3471,8 @@ if test "$static" = yes -a "$mingw32" = yes; then
fi
for i in $glib_modules; do
- if $pkg_config --atleast-version=$glib_req_ver $i; then
+ # if $pkg_config --atleast-version=$glib_req_ver $i; then
+ if $pkg_config --cflags $i; then
glib_cflags=$($pkg_config --cflags $i)
glib_libs=$($pkg_config --libs $i)
QEMU_CFLAGS="$glib_cflags $QEMU_CFLAGS"
以下確實庫導致的編譯錯誤已經附在上問的安裝參考.
[可能]遇到報錯:
***
Can't find elftools module. Probably it is not installed on your system.
You can install this module with
$ apt install python3-pyelftools
if you are using Ubuntu. Or try to search for "pyelftools" or "elftools" in
your package manager if you are using some other distribution.
***
這是因爲系統缺失pyelftools庫, 解決:
sudo apt install python3-pyelftools
[可能]遇到報錯:
Traceback (most recent call last):
File "out/arm/export-ta_arm32/scripts/sign_encrypt.py", line 258, in <module>
main()
File "out/arm/export-ta_arm32/scripts/sign_encrypt.py", line 131, in main
from Cryptodome.Signature import pss
ModuleNotFoundError: No module named 'Cryptodome'
缺失pycryptodome庫, 解決:
sudo apt install python3-pycryptodome