TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / OP-TEE / optee_client / a7bf6ec062bab911014b54020b10ed7dfe95b739
commita7bf6ec062bab911014b54020b10ed7dfe95b739[log] [tgz]
authorJerome Forissier <jerome.forissier@linaro.org>Tue Dec 08 18:06:43 2015 +0100
committerJerome Forissier <jerome.forissier@linaro.org>Tue Jan 19 14:51:28 2016 +0100
tree685de95bccba8a0b787491e7e222bfa9ea8bdc31
parent0b0d237779de6982451f6f5971b7106e459a2958 [diff]
Replay Protected Memory Block (RPMB) support

This commit adds support for the TEE_RPC_RPMB command, used by OP-TEE
to access the RPMB partition of an eMMC device (/dev/mmcblkXrpmb).
This is independent from the regular filesystem access (TEE_RPC_FS),
so the TEE can use either RPMB or the regular FS (or both) to implement
persistent storage.

RPMB operations are:
 - Get device information (partition size, reliable write count)
 - Read write counter
 - Read and write data
 - Program authentication key

The code relies on the ioctl() interface to implement the required
functions. In addition, an emulation layer is provided so that the RPMB
feature may be tested even if an actual eMMC chip is not available, or
if the kernel does not support it. Emulated mode is currently the
default. It can be disabled in the tee-supplicant Makefile
(-DRPMB_EMU=1).

The eMMC emulation layer does not yet perform any authentication, i.e.,
it will not check the MAC contained in the requests, and it will not
sign the responses with a MAC either. This feature will be added later.

Tested on HiKey using the extended xtest suite (including tests 6001 to
6011) and eMMC emulation only.

Signed-off-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Pascal Brand <pascal.brand@linaro.org>
4 files changed
tree: 685de95bccba8a0b787491e7e222bfa9ea8bdc31
  1. libteec/
  2. public/
  3. tee-supplicant/
  4. .gitignore
  5. .travis.yml
  6. Android.mk
  7. config.mk
  8. flags.mk
  9. LICENSE
  10. Makefile
  11. Notice.md
  12. README.md
README.md

OP-TEE Client API

The optee-client git, containing the source code for the TEE client library in Linux. This component provides the TEE Client API as defined by the GlobalPlatform TEE standard. It is distributed under the BSD 2-clause open-source license. For a general overview of OP-TEE, please see the Notice.md file.

In this git there are two main target/binaries to build. There is libteec.so, which is the library that contains that API for communication with the Trusted OS. Then the other target is the binary tee-supplicant which is a daemon serving the Trusted OS in secure world with miscellaneous features, such as file system access.

License

The software is provided under the BSD 2-Clause license.

Platforms supported

This software in this git doesn't directly have any dependencies to any particular hardware, since it's pure software library directly communicating with the Linux kernel. Currently the software has been tested using:

  • STMicroelectronics b2020-h416 (orly-2) hardware (32-bits)
  • Some initial testing has been done using Foundation FVP, which can be downloaded free of charge.

Get and build the software

Get the compiler

We will strive to use the latest available compiler from Linaro. Start by downloading and unpacking the compiler. Then export the PATH to the bin folder.

$ cd $HOME
$ mkdir toolchains
$ cd toolchains
$ wget http://releases.linaro.org/14.05/components/toolchain/binaries/gcc-linaro-arm-linux-gnueabihf-4.9-2014.05_linux.tar.xz
$ tar xvf gcc-linaro-arm-linux-gnueabihf-4.9-2014.05_linux.tar.xz
$ export PATH=$HOME/toolchains/gcc-linaro-arm-linux-gnueabihf-4.9-2014.05_linux/bin:$PATH

Download the source code

$ cd $HOME
$ mkdir devel
$ cd devel
$ git clone https://github.com/OP-TEE/optee_client.git

Build

$ cd $HOME/devel/optee_client
$ make

Compiler flags

To be able to see the full command when building you could build using following flag:

$ make BUILD_VERBOSE=1

Coding standards

In this project we are trying to adhere to the same coding convention as used in the Linux kernel (see CodingStyle). We achieve this by running checkpatch from Linux kernel. However there are a few exceptions that we had to make since the code also follows GlobalPlatform standards. The exceptions are as follows:

  • CamelCase for GlobalPlatform types are allowed.
  • And we also exclude checking third party code that we might use in this project, such as LibTomCrypt, MPA, newlib (not in this particular git, but those are also part of the complete TEE solution). The reason for excluding and not fixing third party code is because we would probably deviate too much from upstream and therefore it would be hard to rebase against those projects later on (and we don't expect that it is easy to convince other software projects to change coding style).

checkpatch

Since checkpatch is licensed under the terms of GNU GPL License Version 2, we cannot include this script directly into this project. Therefore we have written the Makefile so you need to explicitly point to the script by exporting an environment variable, namely CHECKPATCH. So, suppose that the source code for the Linux kernel is at $HOME/devel/linux, then you have to export like follows:

$ export CHECKPATCH=$HOME/devel/linux/scripts/checkpatch.pl

thereafter it should be possible to use one of the different checkpatch targets in the Makefile. There are targets for checking all files, checking against latest commit, against a certain base-commit etc. For the details, read the Makefile.