Version 3 vs 4
Version 3 vs 4
Edits
Edits
- Edit by jellesels-arm, Version 4
- Feb 22 2022 3:18 PM
- Edit by jellesels-arm, Version 3
- Feb 22 2022 3:00 PM
| « Previous Change | Next Change » |
| Edit Older Version 3... | Edit Older Version 4... |
Content Changes
Content Changes
OP-TEE SPMC implementation
==========================
Introduction
------------
OP-TEE SPMC implementation
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
This document describes the OP-TEE SPMC implementation. This implementation is
used to support the Trusted Services PSA SPs. The PSA SPs are based on the Arm
FF-A specifications. The OP-TEE SPMC can be used as a reference S-EL1
implementation and the Trusted Service can be used a reference S-EL0 SP
implementations.
FF-A
''''
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed to
standardize the communication between the various software images. Including the
communication between the various software images in the Secure world and Normal
world. The current release of the OP-TEE SPMC is based around the
`FF-A v1.0 spec <https://developer.arm.com/documentation/den0077/latest.>`_
OP-TEE
''''''
OP-TEE is an open source Trusted Execution Environment (TEE) implementing the
Arm TrustZone technology. More information can be found at
`readthedocs <https://optee.readthedocs.io/en/latest/>`_
OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC. This document describes
OP-TEE as a S-El1 SPMC.
The current mainline OP-TEE version can be found
`here <https://github.com/OP-TEE/optee_os>`_
Trusted Services
''''''''''''''''
The Trusted Services project provides a framework for developing and
deploying device Root Of Trust (RoT) services across a range of secure
processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Service can be found at
`Trusted-Services <https://trusted-services.readthedocs.io/en/latest/>`_
Current Status
--------------
Currently the mainline OP-TEE SPMC is not yet fully compliant with the FF-A V1.0
spec. It also doesn't support all of the Trusted Services SPs.
SPMC status
'''''''''''
OP-TEE mainline SPMC FF-A status:
======================== ========================
SP loading Supported
SP messaging Supported
Manifest file Not Supported
Memory management Supported
Interrupts Not supported
======================== ========================
OP-TEE mainline SPMC FF-A messages status:
======================== ========================
FFA_ERROR Supported
FFA_SUCCESS Supported
FFA_INTERRUPT Not supported
FFA_VERSION Supported
FFA_FEATURES Supported
FFA_RX_RELEASE Supported
FFA_RXTX_MAP Supported
FFA_RXTX_UNMAP Supported
FFA_PARTITION_INFO_GET Supported
FFA_ID_GET Supported
FFA_MSG_WAIT Supported
FFA_YIELD Not supported
FFA_RUN Not supported
FFA_NORMAL_WORLD_RESUME Not supported
FFA_MSG_SEND Not supported
FFA_MSG_SEND_DIRECT_REQ Supported
FFA_MSG_SEND_DIRECT_RESP Supported
FFA_MSG_POLL Not supported
FFA_MEM_DONATE Not supported
FFA_MEM_LEND Not supported
FFA_MEM_SHARE Partially supported [1]_
FFA_MEM_RETRIEVE_REQ Supported
FFA_MEM_RETRIEVE_RESP Supported
FFA_MEM_RELINQUISH Supported
FFA_MEM_RECLAIM Supported
======================== ========================
.. [1] Device memory is not yet supported.
Trusted Service status
''''''''''''''''''''''
Currently not all Trusted Service functionality is supported when using the
OP-TEE SPMC. We are planning to support all functionality over time.
Currently the OP-TEE SPMC supports the following PSA Trusted Services SPs:
========================= =====================================
internal-trusted-storage: Supported
protected-storage: Supported
crypto: Supported with mock backend.
A hardware trngs is not yet supported
attestation: Not yet supported
smm-gateway: Not yet supported
========================= =====================================
Build
-----
The build process is based around the `OP-TEE build process
<https://optee.readthedocs.io/en/latest/building/gits/build.html>`_ with some
extra steps.
Requirements:
'''''''''''''
- The Trusted Services project has some extra
`requirements <https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html>`_
from OP-TEE. It mainly depends on cmake.
- The current system uses the Arm FVP to run the test environment.
The latest version can be found at `developer.arm.com
<https://developer.arm.com/-/media/Files/downloads/ecosystem-models/FVP_Base_RevC-2xAEMvA_11.16_16.tgz>`_
The default path for FVP in the build scripts is set to /opt/fvp/latest
Build steps
'''''''''''
Get the manifest file::
rm -rf optee_test
mkdir optee_test
cd optee_test
repo init -u https://review.trustedfirmware.org/OP-TEE/manifest -m psa-sp-fvp.xml -b refs/changes/91/10991/30
repo sync -j4 --no-clone-bundle
Build the OP-TEE image:
The OP-TEE build will default be configure to use mainline OP-TEE SPMC. To be
able to build OP-TEE mainline version, it might be needed to change the
SPMC_VERSION to SPMC_VERSION=github in build/fvp_ffa.mk.
Build OP-TEE::
cd build
make toolchains
make
cd ..
Build TS apps::
make -C trusted-services/tools/b-test r-ts-service-test-arm-linux
cp -r trusted-services/tools/b-test/install/arm-linux/bin/ts-service-test shared
make -C trusted-services/tools/b-test r-libts-arm-linux
cp -r trusted-services/tools/b-test/install/arm-linux/lib/libts.so.1.0.0 shared/libts.so.1
More info about building TS-apps can be found at the `Trusted Services build instructions <https://trusted-services.readthedocs.io/en/latest/developer/build-instructions.html>`_
Run fvp::
cd build
make run
Set up the `fvp environment <https://trusted-services.readthedocs.io/en/latest/environments/deployment-guides/fvp-deployment-guide.html?highlight=ts-service-test#deploying-service-level-tests>`_::
cd /mnt/
sh load_module.sh
cp libts.so.1 /usr/lib/.
Run the PSA ServiceTests::
./ts-service-test -v -sg ItsServiceTests
./ts-service-test -v -sg PsServiceTests
./ts-service-test -v -sg CryptoKeyDerivationServicePackedcTests
./ts-service-test -v -sg CryptoMacServicePackedcTests
./ts-service-test -v -sg CryptoCipherServicePackedcTests
./ts-service-test -v -sg CryptoHashServicePackedcTests
./ts-service-test -v -sg CryptoServiceProtobufTests
./ts-service-test -v -sg CryptoServiceLimitTests
./ts-service-test -v -sg DiscoveryServiceTests
./ts-service-test -v -sg CryptoServicePackedcTests
Currently the attestation and fail due the lack of the attestation SP support.
OP-TEE SPMC implementation
==========================
Introduction
------------
### OP-TEE SPMC implementation
This document describes the OP-TEE SPMC implementation. This
implementation is used to support the Trusted Services PSA SPs. The PSA
SPs are based on the Arm FF-A specifications. The OP-TEE SPMC can be
used as a reference S-EL1 implementation and the Trusted Service can be
used a reference S-EL0 SP implementations.
### FF-A
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed
to standardize the communication between the various software images.
Including the communication between the various software images in the
Secure world and Normal world. The current release of the OP-TEE SPMC is
based around the [FF-A v1.0
spec](https://developer.arm.com/documentation/den0077/latest.)
### OP-TEE
OP-TEE is an open source Trusted Execution Environment (TEE)
implementing the Arm TrustZone technology. More information can be found
at [readthedocs](https://optee.readthedocs.io/en/latest/) OP-TEE can run
both as a S-EL1 SP or as the S-EL1 SPMC. This document describes OP-TEE
as a S-El1 SPMC. The current mainline OP-TEE version can be found
[here](https://github.com/OP-TEE/optee_os)
### Trusted Services
The Trusted Services project provides a framework for developing and
deploying device Root Of Trust (RoT) services across a range of secure
processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Service can be found at
[Trusted-Services](https://trusted-services.readthedocs.io/en/latest/)
Current Status
--------------
Currently the mainline OP-TEE SPMC is not yet fully compliant with the
FF-A V1.0 spec. It also doesn\'t support all of the Trusted Services
SPs.
### SPMC status
OP-TEE mainline SPMC FF-A status:
------------------- ---------------
SP loading Supported
SP messaging Supported
Manifest file Not Supported
Memory management Supported
:
OP-TEE SPMC implementation
==========================
Introduction
------------
### OP-TEE SPMC implementation
This document describes the OP-TEE SPMC implementation. This
OP-TEE SPMC implementation
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
This document describes the OP-TEE SPMC implementation. This implementation is
implementation is used to support the Trusted Services PSA SPs. The PSA SPs are based on the Arm
SPs are based on the Arm FF-A specifications. The OP-TEE SPMC can be used as a reference S-EL1
used as a reference S-EL1 implementation and the Trusted Service can be used a reference S-EL0 SP
used a reference S-EL0 SP implementations.
### FF-A
''''
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed toto standardize the communication between the various software images.
standardizeIncluding the communication between the various software images. Including in the
communication between the various software images inSecure world and Normal world. The current release of the Secure world and NormalOP-TEE SPMC is
world. The current release ofbased around the OP-TEE SPMC is based around the[FF-A v1.0
`FF-A v1.0 spec <](https://developer.arm.com/documentation/den0077/latest.>`_)
### OP-TEE
''''''
OP-TEE is an open source Trusted Execution Environment (TEE) implementing the
Arm TrustZone technology. More information can be found at
`readthedocs <https://optee.readthedocs.io/en/latest/>`_implementing the Arm TrustZone technology. More information can be found
OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC. This document describesat [readthedocs](https://optee.readthedocs.io/en/latest/) OP-TEE can run
OP-TEEboth as a S-EL1 SP or as athe S-ElL1 SPMC. This document describes OP-TEE
as a S-El1 SPMC. The current mainline OP-TEE version can be found
`[here <](https://github.com/OP-TEE/optee_os>`_s)
### Trusted Services
Trusted Services
''''''''''''''''
The Trusted Services project provides a framework for developing and
deploying device Root Of Trust (RoT) services across a range of secure
processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Service can be found at
`[Trusted-Services <](https://trusted-services.readthedocs.io/en/latest/>`_)
Current Status
--------------
Currently the mainline OP-TEE SPMC is not yet fully compliant with the FF-A V1.0
spec. It also doesn't support all of the Trusted Services SPs.
SPMC status
'''''''''''
OP-TEE mainline SPMC FF-A status:
======================== ========================
SP loading Supported
SP messaging Supported
Manifest file Not Supported
Memory management Supported
Interrupts Not supported
======================== ========================
OP-TEE mainline SPMC FF-A messages status:
======================== ========================Currently the mainline OP-TEE SPMC is not yet fully compliant with the
FFA_ERROR Supported
FFA_SUCCESS Supported
FFA_INTERRUPT Not supported
FFA_VERSION Supported
FFA_FEATURES Supported
FFA_RX_RELEASE Supported
FFA_RXTX_MAP Supported
FFA_RXTX_UNMAP Supported
FFA_PARTITION_INFO_GET Supported
FFA_ID_GET Supported
FFA_MSG_WAIT Supported
FFA_YIELD Not supported
FFA_RUN Not supported
FFA_NORMAL_WORLD_RESUME Not supported
FFA_MSG_SEND Not supported
FFA_MSG_SEND_DIRECT_REQ Supported
FFA_MSG_SEND_DIRECT_RESP Supported
FFA_MSG_POLL Not supported
FFA_MEM_DONATE Not supported
FFA_MEM_LEND Not supported
FFA_MEM_SHARE Partially supported [1]_
FFA_MEM_RETRIEVE_REQ Supported
FFA_MEM_RETRIEVE_RESP Supported
FFA_MEM_RELINQUISH Supported
FFA_MEM_RECLAIM Supported
-A V1.0 spec. [1] Device memory is not yet supported.
Trusted Service status
''''''''''''''''''''''
Currently not all Trusted Service functionality is supported when using theIt also doesn\'t support all of the Trusted Services
OP-TEE SPMC. We are planning to support all functionality over timeSPs.
Currently the OP-TEE### SPMC supports the following PSA Trusted Services SPs:tatus
========================= =====================================
internal-trusted-storage: Supported
protected-storage: Supported
crypto: Supported with mock backend.
A hardware trngs is not yet supported
attestation: Not yet supported
smm-gateway: Not yet supported
========================= =====================================
Build
-----
The build process is based around the `OP-TEE build process
<https://optee.readthedocs.io/en/latest/building/gits/build.html>`_ with some
extra steps.OP-TEE mainline SPMC FF-A status:
Requirements:
'''''''''''''
- The Trusted Services project has some extra
`requirements <https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html>`_------------------- ---------------
from OP-TEE. It mainly depends on cmake.
- The current system uses the Arm FVP to run the test environment.SP loading Supported
The latest version can be found at `developer.arm.comSP messaging Supported
<https://developer.arm.com/-/media/Files/downloads/ecosystem-models/FVP_Base_RevC-2xAEMvA_11.16_16.tgz>`_Manifest file Not Supported
The default path for FVP in the build scripts is set to /opt/fvp/latest
Build steps
'''''''''''
Get the manifest file::
rm -rf optee_test
mkdir optee_test
cd optee_testMemory management Supported
repo init -u https://review.trustedfirmware.org/OP-TEE/manifest -m psa-sp-fvp.xml -b refs/changes/91/10991/30
repo sync -j4 --no-clone-bundle
Build the OP-TEE image:
The OP-TEE build will default be configure to use mainline OP-TEE SPMC. To be
able to build OP-TEE mainline version, it might be needed to change the
SPMC_VERSION to SPMC_VERSION=github in build/fvp_ffa.mk.
Build OP-TEE::
cd build
make toolchains
make
cd ..
Build TS apps::
make -C trusted-services/tools/b-test r-ts-service-test-arm-linux
cp -r trusted-services/tools/b-test/install/arm-linux/bin/ts-service-test shared
make -C trusted-services/tools/b-test r-libts-arm-linux
cp -r trusted-services/tools/b-test/install/arm-linux/lib/libts.so.1.0.0 shared/libts.so.1
More info about building TS-apps can be found at the `Trusted Services build instructions <https://trusted-services.readthedocs.io/en/latest/developer/build-instructions.html>`_
Run fvp::
cd build
make run
Set up the `fvp environment <https://trusted-services.readthedocs.io/en/latest/environments/deployment-guides/fvp-deployment-guide.html?highlight=ts-service-test#deploying-service-level-tests>`_::
cd /mnt/
sh load_module.sh
cp libts.so.1 /usr/lib/.
Run the PSA ServiceTests::
./ts-service-test -v -sg ItsServiceTests
./ts-service-test -v -sg PsServiceTests
./ts-service-test -v -sg CryptoKeyDerivationServicePackedcTests
./ts-service-test -v -sg CryptoMacServicePackedcTests
./ts-service-test -v -sg CryptoCipherServicePackedcTests
./ts-service-test -v -sg CryptoHashServicePackedcTests
./ts-service-test -v -sg CryptoServiceProtobufTests
./ts-service-test -v -sg CryptoServiceLimitTests
./ts-service-test -v -sg DiscoveryServiceTests
./ts-service-test -v -sg CryptoServicePackedcTests
Currently the attestation and fail due the lack of the attestation SP support.: