| Joakim Bech | 8e5c5b3 | 2018-10-25 08:18:32 +0200 | [diff] [blame^] | 1 | .. _optee_examples: |
| 2 | |
| 3 | ############## |
| 4 | optee_examples |
| 5 | ############## |
| 6 | This document describes the sample applications that are included in the OP-TEE, |
| 7 | that aim to showcase specific functionality and use cases. |
| 8 | |
| 9 | For sake of simplicity, all OP-TEE example test application are prefixed with |
| 10 | ``optee_example_``. All of them works as standalone host and Trusted Application |
| 11 | and can be found in separate directories. |
| 12 | |
| 13 | git location |
| 14 | ************ |
| 15 | https://github.com/linaro-swg/optee_examples |
| 16 | |
| 17 | License |
| 18 | ******* |
| 19 | .. todo:: |
| 20 | |
| 21 | Joakim: Necessary to state that here? Changing the "License headers" page to |
| 22 | instead become a "License" page and add addtional sections. |
| 23 | |
| 24 | The software is provided under the `BSD 2-Clause`_ license. |
| 25 | |
| 26 | Build instructions |
| 27 | ****************** |
| 28 | You can build the code in this git only or build it as part of the entire |
| 29 | system, i.e. as a part of a full OP-TEE developer setup. For the latter, please |
| 30 | refer to instructions at the :ref:`build` page. For standalone builds we |
| 31 | currently support building with both CMake as well as with regular GNU |
| 32 | Makefiles. However, since the both the host and the Trusted Applications have |
| 33 | dependencies to files in :ref:`optee_client` (libteec.so and headers) as well as |
| 34 | :ref:`optee_os` (TA-devkit), one **must first** build those and then refer to |
| 35 | various files. Below we will show to to build the **hello_world** example for |
| 36 | Armv7-A using regular GNU Make. |
| 37 | |
| 38 | Configure the toolchain |
| 39 | ======================= |
| 40 | First step is to download and configure a toolchain, see the :ref:`toolchains` |
| 41 | page for instructions. |
| 42 | |
| 43 | Build the dependencies |
| 44 | ====================== |
| 45 | Then you must build :ref:`optee_os` as well as :ref:`optee_client` first. Build |
| 46 | instructions for them can be found on their respective pages. |
| 47 | |
| 48 | Clone optee_examples |
| 49 | ==================== |
| 50 | .. code-block:: bash |
| 51 | |
| 52 | $ git clone https://github.com/linaro-swg/optee_examples.git |
| 53 | |
| 54 | .. todo:: |
| 55 | |
| 56 | Joakim: We should add ... |
| 57 | Build using CMake |
| 58 | ================= |
| 59 | |
| 60 | But that is not really straight forward to do. |
| 61 | |
| 62 | Build using GNU Make |
| 63 | ==================== |
| 64 | |
| 65 | Host application |
| 66 | ---------------- |
| 67 | .. code-block:: bash |
| 68 | |
| 69 | $ cd optee_examples/hello_world/host |
| 70 | $ make \ |
| 71 | CROSS_COMPILE=arm-linux-gnueabihf- \ |
| 72 | TEEC_EXPORT=<optee_client>/out/export \ |
| 73 | --no-builtin-variables |
| 74 | |
| 75 | With this you end up with a binary ``optee_example_hello_world`` in the host |
| 76 | folder where you did the build. |
| 77 | |
| 78 | Trusted Application |
| 79 | ------------------- |
| 80 | |
| 81 | .. code-block:: bash |
| 82 | |
| 83 | $ cd optee_examples/hello_world/ta |
| 84 | $ make \ |
| 85 | CROSS_COMPILE=arm-linux-gnueabihf- \ |
| 86 | PLATFORM=vexpress-qemu_virt \ |
| 87 | TA_DEV_KIT_DIR=<optee_os>/out/arm/export-ta_arm32 |
| 88 | |
| 89 | With this you end up with a files named ``uuid.{ta,elf,dmp,map}`` etc in the ta |
| 90 | folder where you did the build. |
| 91 | |
| 92 | .. note:: |
| 93 | |
| 94 | For a 64-bit builds (or any other toolchain) you will need to change |
| 95 | ``CROSS_COMPILE`` (and also use a ``PLATFORM`` corresponding to an Armv8-A |
| 96 | configuration). |
| 97 | |
| 98 | |
| 99 | Coding standards |
| 100 | **************** |
| 101 | See :ref:`coding_standards`. |
| 102 | |
| 103 | |
| 104 | Example applications |
| 105 | ******************** |
| 106 | |
| 107 | acipher |
| 108 | ======= |
| 109 | |
| 110 | ================================ ======================================== |
| 111 | Application name UUID |
| 112 | ================================ ======================================== |
| 113 | ``optee_example_acipher`` ``a734eed9-d6a1-4244-aa50-7c99719e7b7b`` |
| 114 | ================================ ======================================== |
| 115 | |
| 116 | Generates an RSA key pair of specified size and encrypts a supplied string with |
| 117 | it using the GlobalPlatform TEE Internal Core API. |
| 118 | |
| 119 | aes |
| 120 | === |
| 121 | |
| 122 | ================================ ======================================== |
| 123 | Application name UUID |
| 124 | ================================ ======================================== |
| 125 | ``optee_example_aes`` ``5dbac793-f574-4871-8ad3-04331ec17f24`` |
| 126 | ================================ ======================================== |
| 127 | |
| 128 | Runs an AES encryption and decryption from a TA using the GlobalPlatform TEE |
| 129 | Internal Core API. Non secure test application provides the key, initial vector |
| 130 | and ciphered data. |
| 131 | |
| 132 | .. _hello_world: |
| 133 | |
| 134 | hello_world |
| 135 | =========== |
| 136 | |
| 137 | ================================ ======================================== |
| 138 | Application name UUID |
| 139 | ================================ ======================================== |
| 140 | ``optee_example_hello_world`` ``8aaaf200-2450-11e4-abe2-0002a5d5c51b`` |
| 141 | ================================ ======================================== |
| 142 | |
| 143 | This is a very simple Trusted Application to answer a hello command and |
| 144 | incrementing an integer value. |
| 145 | |
| 146 | hotp |
| 147 | ==== |
| 148 | |
| 149 | ================================ ======================================== |
| 150 | Application name UUID |
| 151 | ================================ ======================================== |
| 152 | ``optee_example_hotp`` ``484d4143-2d53-4841-3120-4a6f636b6542`` |
| 153 | ================================ ======================================== |
| 154 | |
| 155 | .. include:: hotp.rst |
| 156 | |
| 157 | random |
| 158 | ====== |
| 159 | |
| 160 | ================================ ======================================== |
| 161 | Application name UUID |
| 162 | ================================ ======================================== |
| 163 | ``optee_example_random`` ``b6c53aba-9669-4668-a7f2-205629d00f86`` |
| 164 | ================================ ======================================== |
| 165 | |
| 166 | Generates a random UUID using capabilities of TEE API |
| 167 | (``TEE_GenerateRandom()``). |
| 168 | |
| 169 | secure_storage |
| 170 | ============== |
| 171 | |
| 172 | ================================ ======================================== |
| 173 | Application name UUID |
| 174 | ================================ ======================================== |
| 175 | ``optee_example_secure_storage`` ``f4e750bb-1437-4fbf-8785-8d3580c34994`` |
| 176 | ================================ ======================================== |
| 177 | |
| 178 | A Trusted Application to read/write raw data into the OP-TEE secure storage |
| 179 | using the GlobalPlatform TEE Internal Core API. |
| 180 | |
| 181 | Further reading |
| 182 | *************** |
| 183 | Some additional information about how to write and compile Trusted Applications |
| 184 | can be found at the :ref:`build_trusted_applications` page. |
| 185 | |
| 186 | .. _BSD 2-Clause: http://opensource.org/licenses/BSD-2-Clause |