# trust-app **Repository Path**: hanhai-modules/trust-app ## Basic Information - **Project Name**: trust-app - **Description**: 来自黑芝麻智能科技(bstai)瀚海(hanhai)的OPTEE Trust Application. 可运行在Hanhai OPTEE OS上 - **Primary Language**: Unknown - **License**: BSD-2-Clause - **Default Branch**: release-open-source - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 0 - **Forks**: 0 - **Created**: 2024-06-26 - **Last Updated**: 2025-12-29 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # Black Sesame Technologies' OP-TEE Project. This git contains the source code for the security implementation of the OP-TEE project of Black Sesame Technologies. 运行build_all.sh即可编译Black Sesame Technologies的Optee工程,需满足以下条件: 1. 搭建编译环境,可参考本文Build dependencies章节 2. 拷贝Black Sesame Technologies的optee-os源代码到根目录下,代码获取路径:git@gitee.com:bstai-cd/hanhai-modules/optee-os.git(外部),git@bstcd.stuffs.biz:middleware/optee-os.git(内部) The optee_os directory contains the Trusted Operation System source code of the project. This secure_ta directory contains the Trusted Application source code for the project. ## License This program is released under the BSD 2-Clause License. ## Usage 可信操作系统optee-os编译完成后,可被ATF拉起运行,作为独立的可信执行操作系统运行。 可信应用程序secure_ta目录包含安全存储(secure_storage)、通用操作(general_operation)、对称加密(symmetry)、非对称加密(asymmetry)几个子目录,依赖可信操作系统编译环境,生成物运行在对应可信执行环境并提供相应功能。 ## Build dependencies ### 下载与安装 编译环境配置参见optee官网配置步骤,工具链下载网址:https://developer.arm.com/downloads/-/gnu-a 示例: ```shell $ mkdir -p $HOME/toolchains $ cd $HOME/toolchains # Download 64bit toolchain $ wget https://developer.arm.com/-/media/Files/downloads/gnu-a/8.2-2019.01/\ gcc-arm-8.2-2019.01-x86_64-aarch64-linux-gnu.tar.xz $ mkdir aarch64 $ tar xf gcc-arm-8.2-2019.01-x86_64-aarch64-linux-gnu.tar.xz -C aarch64 \ --strip-components=1 ``` ### 配置环境变量 解压完成后根据解压路径,配置环境变量。 ```shell $ export PATH=$PATH:$HOME/toolchains/aarch64/bin ``` 如果编译环境比较简单,还可能缺失以下编辑工具组件:arm-linux-gnueabihf-gcc、elftools、dtc。 可使用apt install进行安装。 ```shell $ sudo apt update $ sudo apt install gcc-arm-linux-gnueabihf python-pyelftools device-tree-compiler ``` 注:若无python-pyelftools,python3-pyelftools也可 注:编译OPTEE-OS所需编译器与BST-SDK中的编译器存在冲突,请不要在BST-SDK中编译OPTEE-OS及TA。 ## Build from source code optee编译工程目录结构如下图所示: ``` . ├── build_all.sh ├── optee_os/ └── secure_ta/ ``` 其中: - build_all.sh:源码构建脚本 - optee_os/:OPTEE-OS源码目录 - secure_ta/:TA源码目录 源码获取后(需根据前文完成编译工具链配置)可用于修改并编译OPTEE-OS,如下: ```shell $ ./build_all.sh CLEAN out/arm-plat-vexpress CLEAN out GEN out/arm-plat-bst/core/include/generated/arm32_sysreg.h GEN out/arm-plat-bst/core/include/generated/arm32_sysreg.S CHK out/arm-plat-bst/conf.mk UPD out/arm-plat-bst/conf.mk GEN out/arm-plat-bst/core/ta_pub_key.c GEN out/arm-plat-bst/include/generated/arm32_user_sysreg.h ... OBJCOPY out/658d6b9a-7328-c86f-a54c-7d6f5e8c2bea.stripped.elf SIGN out/658d6b9a-7328-c86f-a54c-7d6f5e8c2bea.ta $ ``` 编译后的产物有: - optee_os/out:OPTEE-OS编译产物 - secure_ta/*/out/:TA编译中间产物 - secure_ta/ta_image:TA文件汇总 OPTEE-OS与TA加载: - optee_os/out/arm-plat-bst/core/bl32.bin:bl32.bin是封装了BST信息的tee.bin,BST将bl32.bin编译完成后,放入ATF编译工程,生成ATF二进制包并进行烧录 - secure_ta/ta_image/*.ta:BST将生成的TA文件放入/usr/bin/optee_armtz/目录(若为容器版本,则在host端),CA调用相应功能时,将在该目录搜索并加载TA