lcu14 302- how to port op-tee to another platform
DESCRIPTION
LCU14 302- How to port OP-TEE to another platform --------------------------------------------------- Speaker: Joakim Bech, Jens Wiklander and Pascal Brand Date: September 17, 2014 --------------------------------------------------- ★ Session Summary ★ OP-TEE (Open Portable Trusted Execution Environment) is the source code for the TEE in Linux using the ARM Trustzone technology. This component meets the Global Platform TEE System Architecture specification. Most of the code is generic. However, a number of platform specific characteristics are addressed, such as memory layout or board specific hardware IP. In this session, you can learn the steps to follow to port OP-TEE for your armv7 platform, as the ones that have been defined when porting OP-TEE to A80 (SWG-77). OP-TEE to the Allwinner A80 platform --------------------------------------------------- ★ Resources ★ Zerista: http://lcu14.zerista.com/event/member/137748 Google Event: https://plus.google.com/u/0/events/cnd044lmnid6jcoj1a9svlhmkj0 Video: https://www.youtube.com/watch?v=QgaGJow7hws&list=UUIVqQKxCyQLJS6xvSmfndLA Etherpad: http://pad.linaro.org/p/lcu14-302 --------------------------------------------------- ★ Event Details ★ Linaro Connect USA - #LCU14 September 15-19th, 2014 Hyatt Regency San Francisco Airport --------------------------------------------------- http://www.linaro.org http://connect.linaro.orgTRANSCRIPT
LCU14 BURLINGAME
Sun Yan bang and Joakim Bech, LCU14
LCU14-302: How to port OP-TEE to another platform
A80 Overview
Optimus board Overview
Getting started with OP-TEE● Get OP-TEE source code
http://github.com/OP-TEE
● Get the toolchain http://releases.linaro.org/14.05/components/toolchain/binaries/gcc-linaro-arm-linux-gnueabihf-4.9-2014.05_linux.tar.xz
How to build OP-TEE
● Add toolchain path export PATH=path-to-toolchain-bin:$PATH
● Define CROSS_PREFIX macro export CROSS_PREFIX=arm-linux-gnueabihf
● Choose target platform export PLATFORM=sunxi #default is orly2
● Build OP-TEE make
A80 eMMC Partition Map
OP-TEE Trusted OS
Linux
Android
OP-TEE Main Blocks
TEE Driver
TEE Client
Client Application
Client Application
TEE Core TEE functions(crypto/mm)
TEE Internal API
Trusted Application
Trusted Application
TrustZone based chipset crypto timer efuse
HAL
TEE Client API
SMC
porting
OP-TEE Porting - Affected Gits
● OP-TEE Trusted OS (optee_os) Add new platform support (plat-sunxi)
● OP-TEE Linux kernel driver (optee_linuxdriver) No changes needed for the ARMv7-A platform
● OP-TEE Normal World user space (optee_client) No changes needed for the ARMv7-A platform
OP-TEE Porting - Cloning a New Platform
● Cloned plat-sunxi from plat-orly2plat-sunxi/
├── conf.mk├── core_bootcfg.c├── core_chip.c├── link.mk├── main.c├── sub.mk├── system_config.in├── tz_sinit.S└── tz-template.lds
OP-TEE Porting - Compiler & Linker options
● Compiler options: conf.mk
● Linker options: link.mk
● Linker script file: tz-template.lds
CROSS_PREFIX ?= armv7-linuxCROSS_COMPILE ?= $(CROSS_PREFIX)-platform-cpuarch = cortex-a7 #orly2 is cortex-a9
link-out-dir = $(out-dir)/core/link-script = $(platform-dir)/tz-template.ldslink-ldflags = $(LDFLAGS)
MEMORY{
/* 1 MByte is allocated for teecore execution */EXEC_MEM (rw) : ORIGIN = (%in_TEE_SCATTER_START% + 0x00000000), LENGTH = 0x000D0000STACKS_MEM (rw) : ORIGIN = (%in_TEE_SCATTER_START% + 0x000D0000), LENGTH = 0x00010000CTX_MEM (rw) : ORIGIN = (%in_TEE_SCATTER_START% + 0x000E0000), LENGTH = 0x00010000MMU_MEM (rw) : ORIGIN = (%in_TEE_SCATTER_START% + 0x000F0000), LENGTH = 0x00010000
}
OP-TEE Porting - Platform Configuration
● Platform specific configuration: system_config.in
# DDR addressDDR_PHYS_START := 0x20000000DDR_SIZE := 0x20000000
# Static configuration of DDR reserved to TEE/TZCFG_DDR_TEETZ_RESERVED_START ?= 0x9e000000CFG_DDR_TEETZ_RESERVED_SIZE ?= 0x02000000TEE_SCATTER_START := $(CFG_DDR_TEETZ_RESERVED_START)
# Hard coded NB coresCFG_TEE_CORE_NB_CORE := 4
# Stack size configurationSTACK_TMP_SIZE := 1024STACK_ABT_SIZE := 1024STACK_THREAD_SIZE := 8192
OP-TEE Porting - Platform Configuration
● platform_config.h● PLATFORM_FLAVOR - Similar SoC but different versions?
● GIC base
● UART
● Stack sizes (tmp, abt, thread etc)
● Will replace “system_config.in” in the near future
OP-TEE Porting - Memory Map
PUB_RAMNon-Secure
OP-TEE Porting - Memory Configuration● plat-sunxi/\
core_bootconfig.c
OP-TEE Porting - Platform Initialization
1. tz_sinit (tz_sinit.S )a. CPU basic initializationb. Cache/MMU Initializationc. init BSSd. Jump to main_init
2. main_init (main.c)a. Initialization thread stacksb. Register handlers
(stdcall/fiq/svc/abort)c. Return to non-secure entry
OP-TEE Running and debug
4. sm_smc_entry (sm_asm.S)a. Save caller world contextb. Restore world contextc. Update SCR bits(NS/FIQ)
5. Thread handle (thread_asm.S,thread.c)a. Check if fiq handle requestb. Thread allocatec. Thread context restore
6. main_tee_entry (main.c)
7. tee_entry (entry.c)
OP-TEE documentation● OP-TEE Introduction
LCA14-502: The Way To a Generic TrustZone Solution http://www.slideshare.net/linaroorg/lca14-502-thewaytoagenerictrustzonesolution
● OP-TEE OS Documents https://github.com/OP-TEE/optee_os/tree/master/documentation https://github.com/jbech-linaro/optee_os/tree/trusted_os_docs/documentation (*)
● Linaro Blog - “OP-TEE, open-source security for the mass-market” https://www.linaro.org/blog/core-dump/op-tee-open-source-security-mass-market
(*) Not completed and should be put in the official OP-TEE Git.
More about Linaro Connect: connect.linaro.org Linaro members: www.linaro.org/membersMore about Linaro: www.linaro.org/about/