| Joakim Bech | 8e5c5b3 | 2018-10-25 08:18:32 +0200 | [diff] [blame] | 1 | .. _libraries: |
| 2 | |
| 3 | ######### |
| 4 | Libraries |
| 5 | ######### |
| 6 | |
| Etienne Carriere | 7b78018 | 2023-11-10 10:25:02 +0100 | [diff] [blame] | 7 | .. _libutils: |
| 8 | |
| 9 | libutils |
| 10 | ******** |
| 11 | |
| 12 | OP-TEE core and OP-TEE development kit for Trusted Application provide a |
| 13 | standard C library that is named **libutils**. It implements many |
| 14 | standard functions like ``snprintf()``, ``strncmp()``, ``memcpy()``, |
| 15 | ``malloc()``. ``qsort()``, and many more but not all standard C library |
| 16 | functions. |
| 17 | |
| 18 | Note however that Trusted Applications implemented in C should use GP TEE |
| 19 | Internal Core API functions rather than their standard C library function |
| 20 | equivalent (e.g. ``TEE_MemMove()`` instead of ``memcpy()`` and |
| 21 | ``memmove()``, or ``TEE_Malloc()`` instead of ``malloc()`` and friends). |
| 22 | This makes those TAs implementation more portable to other GP |
| 23 | TEE compliant environments. |
| 24 | |
| Etienne Carriere | c75d19d | 2023-11-10 14:29:28 +0100 | [diff] [blame] | 25 | When ``CFG_ULIBS_SHARED`` is enabled, **libutils** is assigned UUID |
| 26 | **71855bba-6055-4293-a63f-b0963a737360**. |
| 27 | |
| Joakim Bech | 8e5c5b3 | 2018-10-25 08:18:32 +0200 | [diff] [blame] | 28 | .. _libutee: |
| 29 | |
| 30 | libutee |
| 31 | ******* |
| 32 | The :ref:`tee_internal_core_api` describes services that are provided to Trusted |
| 33 | Applications. **libutee** is a library that implements this API. |
| 34 | |
| Etienne Carriere | c75d19d | 2023-11-10 14:29:28 +0100 | [diff] [blame] | 35 | libutee is designed as a userland library specifically dedicated to OP-TEE |
| 36 | Trusted Applications and aims at being executed in the non-privileged secure |
| 37 | userspace. |
| Joakim Bech | 8e5c5b3 | 2018-10-25 08:18:32 +0200 | [diff] [blame] | 38 | |
| 39 | Some services for this API are fully statically implemented inside the libutee |
| 40 | library while some services for the API are implemented inside the OP-TEE core |
| 41 | (privileged level) and libutee calls such services through system calls. |
| 42 | |
| Etienne Carriere | c75d19d | 2023-11-10 14:29:28 +0100 | [diff] [blame] | 43 | When ``CFG_ULIBS_SHARED`` is enabled, **libutee** is assigned UUID |
| 44 | **4b3d937e-d57e-418b-8673-1c04f2420226**. |
| 45 | |
| Etienne Carriere | c86a726 | 2025-03-27 18:40:33 +0100 | [diff] [blame^] | 46 | .. _libmbedtls: |
| 47 | |
| Etienne Carriere | 20e12e6 | 2023-11-10 15:04:51 +0100 | [diff] [blame] | 48 | libmbedtls |
| 49 | ********** |
| 50 | |
| Etienne Carriere | c86a726 | 2025-03-27 18:40:33 +0100 | [diff] [blame^] | 51 | OP-TEE OS source tree provides support of the `Mbed TLS`_ library, named |
| 52 | **libmbedtls**. Its source directory is located at `lib/libmbedtls/`. |
| Etienne Carriere | 20e12e6 | 2023-11-10 15:04:51 +0100 | [diff] [blame] | 53 | |
| 54 | A specific build sequence can compile an instance of **libmbedtls** and link |
| 55 | it to OP-TEE core. Another build sequence compiles an instance of |
| 56 | **libmbedtls** that can be linked with Trusted Applications. |
| 57 | |
| 58 | When Mbed TLS is embedded in OP-TEE core, it is used as the default software |
| 59 | implementation for most cryptography operations. When so, **libtomcrypt** is |
| 60 | still used as default software implementation for few crypto operations. |
| 61 | Embedding Mbed TLS in OP-TEE core requires ``CFG_CRYPTOLIB_NAME=mbedtls`` |
| Etienne Carriere | c86a726 | 2025-03-27 18:40:33 +0100 | [diff] [blame^] | 62 | and ``CFG_CRYPTOLIB_DIR=lib/libmbedtls``. |
| Etienne Carriere | 20e12e6 | 2023-11-10 15:04:51 +0100 | [diff] [blame] | 63 | |
| 64 | When ``CFG_ULIBS_SHARED`` is enabled, **libmbedtls** userland library is |
| 65 | assigned UUID **87bb6ae8-4b1d-49fe-9986-2b966132c309**. |
| 66 | |
| 67 | libunw |
| 68 | ****** |
| 69 | |
| 70 | OP-TEE OS source tree implements execution stack back trace debug facilities |
| 71 | available to both OP-TEE core and Trusted Applications. The feature relies |
| 72 | on a library named **libunw**. |
| 73 | |
| 74 | **libunw**, when linked to a Trusted Application, is always linked as a static |
| 75 | library. |
| 76 | |
| 77 | libdl |
| 78 | ***** |
| 79 | |
| 80 | **libdl** library implement API function ``dlopen()``, ``dlsym()`` and |
| 81 | ``dlclose()`` used by Trusted Applications to support dynamic shared libraries. |
| 82 | |
| 83 | When ``CFG_ULIBS_SHARED`` is enabled, **libdl** is assigned UUID |
| 84 | **be807bbd-81e1-4dc4-bd99-3d363f240ece**. |
| 85 | |
| Etienne Carriere | c75d19d | 2023-11-10 14:29:28 +0100 | [diff] [blame] | 86 | .. _statci_or_shared_lib: |
| 87 | |
| 88 | Static vs Shared libraries |
| 89 | ************************** |
| 90 | |
| 91 | OP-TEE core supports only static libraries that are linked at build time to |
| 92 | produce the monolithic OP-TEE core image. |
| 93 | |
| 94 | OP-TEE Trusted Applications can support both static and shared libraries. In |
| 95 | the latter case, each shared library is identified by a UUID and OP-TEE OS |
| 96 | is in charge of dynamically loading the required shared libraries in the |
| 97 | address space of the Trusted Application when this one uses a resource of |
| 98 | the related library. |
| 99 | |
| 100 | In order to support shared library, OP-TEE OS shall be built with |
| 101 | ``CFG_ULIBS_SHARED=y``. Shared library binary images are generated as |
| 102 | **.elf** and **.ta** files, like Trusted Applications are, and shall be |
| 103 | installed the same way as Trusted Applications are, see ref:`ta_locations`. |
| 104 | |
| Etienne Carriere | c86a726 | 2025-03-27 18:40:33 +0100 | [diff] [blame^] | 105 | .. _Mbed TLS: https://www.trustedfirmware.org/projects/mbed-tls/ |