This document describes how to port the open source Trusted Execution Environment (OP-TEE) to a new platform. It involves cloning the existing platform code, modifying compiler and linker options, configuring platform-specific settings, updating memory mappings, and initializing platform-specific components. The document provides details on each of these porting steps and recommends OP-TEE documentation resources.
4. Getting started with OP-TEE
● Get OP-TEE source code
http://github.com/OP-TEE
● Get the toolchain
http://releases.linaro.org/14.05/components/toolchain/binaries/gcc-linaro-arm-linux-gnueabihf-4.9-2014.05_linux.tar.xz
5. How to build OP-TEE
● Add toolchain path
export PATH=path-to-toolchain-bin:$PATH
● Define CROSS_PREFIX macro
export CROSS_PREFIX=arm-linux-gnueabihf
● Choose target platform
export PLATFORM=sunxi #default is orly2
● Build OP-TEE
make
7. OP-TEE Trusted OS
OP-TEE Main Blocks
Linux
Android
TEE Client API
TEE Client
TEE Driver
Client
Application
Client
Application
TEE Internal API
TEE Core TEE functions
(crypto/mm)
Trusted
Application
Trusted
Application
HAL
SMC
TrustZone based chipset crypto timer efuse
porting
8. OP-TEE Porting - Affected Gits
● OP-TEE Trusted OS (optee_os)
Add new platform support (plat-sunxi)
● OP-TEE Linux kernel driver (optee_linuxdriver)
No changes needed for the ARMv7-A platform
● OP-TEE Normal World user space (optee_client)
No changes needed for the ARMv7-A platform
12. OP-TEE Porting - Platform Configuration
● platform_config.h
● PLATFORM_FLAVOR - Similar SoC but different versions?
● GIC base
● UART
● Stack sizes (tmp, abt, thread etc)
● Will replace “system_config.in” in the near future
15. OP-TEE Porting - Platform Initialization
1. tz_sinit (tz_sinit.S )
a. CPU basic initialization
b. Cache/MMU Initialization
c. init BSS
d. Jump to main_init
2. main_init (main.c)
a. Initialization thread stacks
b. Register handlers
(stdcall/fiq/svc/abort)
c. Return to non-secure entry
16. OP-TEE Running and debug
4. sm_smc_entry (sm_asm.S)
a. Save caller world context
b. Restore world context
c. Update SCR bits(NS/FIQ)
5. Thread handle (thread_asm.S,
thread.c)
a. Check if fiq handle request
b. Thread allocate
c. Thread context restore
6. main_tee_entry (main.c)
7. tee_entry (entry.c)
17. OP-TEE documentation
● OP-TEE Introduction
LCA14-502: The Way To a Generic TrustZone Solution
http://www.slideshare.net/linaroorg/lca14-502-thewaytoagenerictrustzonesolution
● OP-TEE OS Documents
https://github.com/OP-TEE/optee_os/tree/master/documentation
https://github.com/jbech-linaro/optee_os/tree/trusted_os_docs/documentation (*)
● Linaro Blog - “OP-TEE, open-source security for the mass-market”
https://www.linaro.org/blog/core-dump/op-tee-open-source-security-mass-market
(*) Not completed and should be put in the official OP-TEE Git.
18. More about Linaro Connect: connect.linaro.org
Linaro members: www.linaro.org/members
More about Linaro: www.linaro.org/about/