Trusted Services is integrated into the OP-TEE reference build system, so the OP-TEE testing environment can be reused for TS after a few minor modifications.
The base of the file below is the Ubuntu 22.04 Dockerfile copied from [[ https://optee.readthedocs.io/en/latest/building/prerequisites.html | OP-TEE prerequisites ]] (Revision eda1e0fd. Last updated on 2023-10-18 12:28). Differences compared to the original OP-TEE Dockerfile:
- Use the fvp-ts manifest file instead of qemu
- Install cmake and python2 packages
- Install Trusted Services Python prerequisites using pip
- Download and extract the FVP Base RevC 2xAEMvA model
```
FROM ubuntu:22.04
ARG DEBIAN_FRONTEND=noninteractive
RUN apt update && apt upgrade -y
RUN apt install -y \
adb \
acpica-tools \
autoconf \
automake \
bc \
bison \
build-essential \
ccache \
cmake \
cpio \
cscope \
curl \
device-tree-compiler \
e2tools \
expect \
fastboot \
flex \
ftp-upload \
gdisk \
git \
libattr1-dev \
libcap-ng-dev \
libfdt-dev \
libftdi-dev \
libglib2.0-dev \
libgmp3-dev \
libhidapi-dev \
libmpc-dev \
libncurses5-dev \
libpixman-1-dev \
libslirp-dev \
libssl-dev \
libtool \
libusb-1.0-0-dev \
make \
mtools \
netcat \
ninja-build \
python3-cryptography \
python3-pip \
python3-pyelftools \
python3-serial \
python-is-python3 \
python2 \
rsync \
swig \
unzip \
uuid-dev \
wget \
xdg-utils \
xterm \
xz-utils \
zlib1g-dev
RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /bin/repo && chmod a+x /bin/repo
RUN mkdir /optee
WORKDIR /optee
RUN repo init -u https://github.com/OP-TEE/manifest.git -m fvp-ts.xml && repo sync -j10
RUN curl -OL https://developer.arm.com/-/media/Files/downloads/ecosystem-models/FVP_Base_RevC-2xAEMvA_11.23_9_Linux64.tgz && tar xf FVP_Base_RevC-2xAEMvA_11.23_9_Linux64.tgz
WORKDIR /optee/trusted-services
RUN pip3 install -r requirements.txt
WORKDIR /optee/build
RUN make -j2 toolchains
```
Build a Docker image based on the file above, then create a container using this image. Don't forget to mount your `.gitconfig` to the container, or inside the container set at least the `user.name` and `user.email` in the git config, otherwise downloading and patching TS dependencies will fail.
Build and run the project inside the container (`make all`, `make run-only`). The FVP terminals can be reached through `telnet`, the default ports for the NWd and SWd console are `5000` and `5001`.
After the boot is done login to Linux and copy the TS test apps and libraries:
```
cp -a /mnt/host/out/ts-install/arm-linux/bin /usr/
cp -a /mnt/host/out/ts-install/arm-linux/lib /usr/
```
The following test apps are available currently: `ts-service-test`, `psa-its-api-test`, `psa-ps-api-test`, `psa-crypto-api-test`, `psa-iat-api-test`.