Trusted side of the TEE

@Jerome Forissier Jerome Forissier authored on 31 Oct 2014
core Implement OpenSSL crypto provider (WITH_CRYPTO=openssl) 9 years ago
documentation Update references to ARM Trusted Firmware 10 years ago
lib libutils, kernel: add standard functions needed by OpenSSL 9 years ago
mk Add support for $(cflags-lib-y) 9 years ago
scripts Add script for setting up QEMU and OP-TEE 9 years ago
ta TA-dev-kit: build TA with -mfloat-abi=soft 9 years ago
.gitignore Open-source the TEE Core 10 years ago
.travis.yml Travis: add build command with OpenSSL crypto enabled 9 years ago
LICENSE Open-source the TEE Core 10 years ago
Makefile Support PLATFORM=<platform>-<flavor> 9 years ago
Notice.md Update Notice.md 10 years ago
README.md Make license terms more explicit 10 years ago
README.md

OP-TEE Trusted OS

The optee_os git, containing the source code for the TEE in Linux using the ARM(R) Trustzone(R) technology. This component meets the Global Platform TEE System Architecture specification. It also provides the TEE Internal API v1.0 as defined by the Global Platform TEE Standard for the development of trusted apllications. It is distributed mostly under the BSD 2-clause open-source license. It includes few external files under BSD 3-clause license or other free software licenses. For a general overview of OP-TEE, please see the Notice.md file.

In this git, the binary to build is tee.elf. The Trusted OS is accessible from the Rich OS (Linux) through the Global Platform TEE Client API and performs secure execution of applications inside the TEE.

License

The software is provided under the BSD 2-Clause license, apart from some files in the optee_os/lib/libutils directory which are distributed under the BSD 3-Clause or public domain licenses

Platforms supported

This software has hardware dependencies. The software has been tested using:

  • STMicroelectronics b2020-h416 (orly-2) hardware (32-bits)
  • STMicroelectronics cannes family hardware (32-bits), on b2120. This includes both h310 and h410 chip.
  • Some initial testing has been done using Foundation FVP, which can be downloaded free of charge.

Get and build the software

Get the compiler

We will strive to use the latest available compiler from Linaro. Start by downloading and unpacking the compiler. Then export the PATH to the bin folder.

$ cd $HOME
$ mkdir toolchains
$ cd toolchains
$ wget http://releases.linaro.org/14.05/components/toolchain/binaries/gcc-linaro-arm-linux-gnueabihf-4.9-2014.05_linux.tar.xz
$ tar xvf gcc-linaro-arm-linux-gnueabihf-4.9-2014.05_linux.tar.xz
$ export PATH=$HOME/toolchains/gcc-linaro-arm-linux-gnueabihf-4.9-2014.05_linux/bin:$PATH

Download the source code

$ cd $HOME
$ mkdir devel
$ cd devel
$ git clone https://github.com/OP-TEE/optee_os.git

Build

$ cd $HOME/devel/optee_os
$ CROSS_COMPILE=arm-linux-gnueabihf- make

Default build targets stm platform orly2. Compilation of cannes is performed using cannes flavor:

$ PLATFORM_FLAVOR=cannes CROSS_COMPILE=arm-linux-gnueabihf- make

To build vexpress, one have to change the default platform using command:

$ PLATFORM=vexpress CROSS_COMPILE=arm-linux-gnueabihf- make

Compiler flags

To be able to see the full command when building you could build using following flag:

$ make V=1

Coding standards

In this project we are trying to adhere to the same coding convention as used in the Linux kernel (see CodingStyle). We achieve this by running checkpatch from Linux kernel. However there are a few exceptions that we had to make since the code also follows GlobalPlatform standards. The exceptions are as follows:

  • CamelCase for GlobalPlatform types are allowed.
  • And we also exclude checking third party code that we might use in this project, such as LibTomCrypt, MPA, newlib (not in this particular git, but those are also part of the complete TEE solution). The reason for excluding and not fixing third party code is because we would probably deviate too much from upstream and therefore it would be hard to rebase against those projects later on (and we don't expect that it is easy to convince other software projects to change coding style).

checkpatch

Since checkpatch is licensed under the terms of GNU GPL License Version 2, we cannot include this script directly into this project. Therefore we have written the Makefile so you need to explicitly point to the script by exporting an environment variable, namely CHECKPATCH. So, suppose that the source code for the Linux kernel is at $HOME/devel/linux, then you have to export like follows:

$ export CHECKPATCH=$HOME/devel/linux/scripts/checkpatch.pl

thereafter it should be possible to use one of the different checkpatch targets in the Makefile. There are targets for checking all files, checking against latest commit, against a certain base-commit etc. For the details, read the Makefile.