OP-TEE SPMC implementation
==========================
Introduction
------------
### OP-TEE SPMC implementation
This document describes the OP-TEE SPMC implementation. This
implementation is used to support the Trusted Services PSA SPs. The PSA
SPs are based on the Arm FF-A specifications. The OP-TEE SPMC can be
used as a reference S-EL1 implementation and the Trusted Service can be
used a reference S-EL0 SP implementations.
### FF-A
Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed
to standardize the communication between the various software images.
Including the communication between the various software images in the
Secure world and Normal world. The current release of the OP-TEE SPMC is
based around the [FF-A v1.0
spec](https://developer.arm.com/documentation/den0077/latest.)
### OP-TEE
OP-TEE is an open source Trusted Execution Environment (TEE)
implementing the Arm TrustZone technology. More information can be found
at [readthedocs](https://optee.readthedocs.io/en/latest/) OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC.
This document describes OP-TEE as a S-El1 SPMC. The current mainline
OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os)
### Trusted Services
The Trusted Services project provides a framework for developing and
deploying device Root Of Trust (RoT) services across a range of secure
processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Service can be found at
[Trusted-Services](https://trusted-services.readthedocs.io/en/latest/)
Current Status
--------------
Currently the mainline OP-TEE SPMC is not yet fully compliant with the
FF-A V1.0 spec. It also doesn't support all of the Trusted Services
SPs.
### SPMC status
OP-TEE mainline SPMC FF-A status:
| Description | Status|
| --- | ----------- |
|SP loading | Supported |
|SP messaging | Supported |
|Manifest file | Not Supported |
|Memory management | Supported |
|Interrupts | Not supported |
OP-TEE mainline SPMC FF-A messages status:
------------------------------ -------------------------
|------------------------------|-----------|
| FFA_ERROR | Supported|
| FFA_SUCCESS | Supported|
| FFA_INTERRUPT | Not supported|
| FFA_VERSION | Supported|
| FFA_FEATURES | Supported|
| FFA_RX_RELEASE | Supported|
| FFA_RXTX_MAP | Supported|
| FFA_RXTX_UNMAP | Supported|
| FFA_PARTITION_INFO_GET | Supported|
| FFA_ID_GET | Supported|
| FFA_MSG_WAIT | Supported|
| FFA_YIELD | Not supported|
| FFA_RUN | Not supported|
| FFA_NORMAL_WORLD_RESUME | Not supported|
| FFA_MSG_SEND | Not supported|
| FFA_MSG_SEND_DIRECT_REQ | Supported|
| FFA_MSG_SEND_DIRECT_RESP | Supported|
| FFA_MSG_POLL | Not supported|
| FFA_MEM_DONATE | Not supported|
| FFA_MEM_LEND | Not supported|
| FFA_MEM_SHARE | Partially supported[^1]|
| FFA_MEM_RETRIEVE_REQ | Supported|
| FFA_MEM_RETRIEVE_RESP | Supported|
| FFA_MEM_RELINQUISH | Supported|
| FFA_MEM_RECLAIM | Supported|
[^1]: Device memory is not yet supported.
### Trusted Service status
Currently not all Trusted Service functionality is supported when using
the OP-TEE SPMC. We are planning to support all functionality over time.
Currently the OP-TEE SPMC supports the following PSA Trusted Services
SPs:
--------------------------- --------------------------------------------------------------------
|----------------------------|--------|
|internal-trusted-storage: |Supported|
|protected-storage: |Supported|
|crypto: |Supported with mock backend. A hardware trngs is not yet supported|
|attestation: |Not yet supported|
|smm-gateway: |Not yet supported|
Build
-----
The build process is based around the [OP-TEE build
process](https://optee.readthedocs.io/en/latest/building/gits/build.html)
with some extra steps.
### Requirements:
- The Trusted Services project has some extra
[requirements](https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html)
from OP-TEE. It mainly depends on cmake.
- The current system uses the Arm FVP to run the test environment. The
latest version can be found at
[developer.arm.com](https://developer.arm.com/-/media/Files/downloads/ecosystem-models/FVP_Base_RevC-2xAEMvA_11.16_16.tgz)
The default path for FVP in the build scripts is set to
/opt/fvp/latest
### Build steps
Get the manifest file:
rm -rf optee
mkdir optee
cd optee
repo init -u https://review.trustedfirmware.org/OP-TEE/manifest -m psa-sp-fvp.xml -b topics/spmc_mainline
repo sync -j4 --no-clone-bundle
Build the OP-TEE image:
The OP-TEE build will default be configure to use mainline OP-TEE SPMC.
To be able to build OP-TEE mainline version, it might be needed to
change the SPMC_VERSION to SPMC_VERSION=github in build/fvp_ffa.mk.
Build OP-TEE:
cd build
make toolchains
make
cd ..
Build TS apps:
make -C trusted-services/tools/b-test r-component-test-arm-linux \
r-psa-api-test-crypto-arm-linux \
r-psa-api-test-internal_trusted_storage-arm-linux \
r-psa-api-test-protected_storage-arm-linux \
r-ts-demo-arm-linux \
r-ts-service-test-arm-linux
Copy the TS apps to the shared directory:
cp -r trusted-services/tools/b-test/install/arm-linux shared
More info about building TS-apps can be found at the [Trusted Services
build
instructions](https://trusted-services.readthedocs.io/en/latest/developer/build-instructions.html)
Run fvp:
make -C build run-only
2 console windows should appear, 1 for the Secure World and 1 for the Normal World.
Login as root.
Set up the [fvp
environment](https://trusted-services.readthedocs.io/en/latest/environments/deployment-guides/fvp-deployment-guide.html?highlight=ts-service-test#deploying-service-level-tests):
cd /mnt/
sh load_module.sh
cp arm-linux/lib/libts.so.1 /usr/lib/
Run the PSA ServiceTests:
cd /mnt/arm-linux/bin
# Prepare tests
cd /mnt
./load_module.sh
cp arm-linux/lib/libts.so* /lib
# Run the TS demo
./arm-linux/bin/ts-demo
lang=shell, name="test output", lines=8
```
Demonstrates use of trusted services from an application
---------------------------------------------------------
A client requests a set of crypto operations performed by
the Crypto service. Key storage for persistent keys is
provided by the Secure Storage service via the ITS client.
Generating random bytes length: 1
Operation successful
Random bytes:
2B
Generating random bytes length: 7
Operation successful
Random bytes:
68 CF 0C 5D 87 C7 11
Generating random bytes length: 128
Operation successful
Random bytes:
BF C6 85 27 81 02 5F 83
60 97 E9 2C A6 30 8E F7
C6 81 44 CB 26 32 8D F5
62 BA 0F DE B8 2C 69 E2
DD C0 FF A0 04 E2 D0 C0
DC EA 11 CE DD 7E 33 87
62 07 89 02 00 68 FC 24
AD D2 E4 86 40 3F 6E 65
83 46 33 9A F8 84 14 3B
72 11 8D 63 59 6F 69 96
70 D2 83 8D 60 6D 9F A2
B3 54 F6 3E 5E B3 FE 07
C9 51 F1 6A F5 B0 0E AA
08 B3 AE F5 06 73 6C 8B
95 73 B2 FF 72 C6 CF 84
12 7A 7A 1F 07 F2 58 71
Generating ECC signing key
Operation successful
Signing message: "The quick brown fox" using key: 256
Operation successful
Signature bytes:
F9 F7 0E D0 4A B2 77 DF
67 40 F5 36 4D 92 38 A3
13 5B 04 A0 6C BD 84 40
03 E2 43 EE BF 6F C6 C4
5B 5D A4 21 D9 EB 17 86
B9 71 0D C9 84 0C FE 55
71 8E 5C F7 D4 7D EB 04
9B 5A 11 D7 46 96 BD A6
Verify signature using original message: "The quick brown fox"
Operation successful
Verify signature using modified message: "!he quick brown fox"
Successfully detected modified message
Signing message: "jumps over the lazy dog" using key: 256
Operation successful
Signature bytes:
45 40 14 E3 39 0C 3B 8A
5F 05 C8 0C E0 B6 A6 D2
8B 5E E3 76 49 DD F1 9E
50 A0 77 6F 1B FA FF C8
38 66 6A 2D 40 B1 79 9C
43 BE 59 F4 48 45 A2 0E
D0 17 3F 1F D3 D7 C0 84
65 AC 9B 8A FB 6E B6 B6
Verify signature using original message: "jumps over the lazy dog"
Operation successful
Verify signature using modified message: "!umps over the lazy dog"
Successfully detected modified message
Generating RSA encryption key
Operation successful
Encrypting message: "Top secret" using RSA key: 257
Operation successful
Encrypted message:
42 B6 53 D8 A3 03 BB 64
66 C0 31 A5 42 2C F8 F3
B8 E3 9C 58 42 7C 2C E0
19 43 F6 02 EB 60 6A DC
Decrypting message using RSA key: 257
Operation successful
Decrypted message: "Top secret"
Exporting public key: 256
Operation successful
Public key bytes:
04 D0 9A AF 76 18 9B 3B
08 38 65 BA 5F 81 B0 85
6A 39 42 19 5F 0D 17 86
CD 7E 2A E6 A4 CC A2 E4
B3 78 89 76 F6 CA 02 12
CB 07 2B AB CF 03 59 B3
34 8D 5D 0F 31 53 E0 68
9D 25 E2 AF 2E 0C 2C BE
51
Destroying signing key: 256
Operation successful
Destroying encryption key: 257
Operation successful
```
# Run the tests
./arm-linux/bin/component-test -v
./arm-linux/bin/psa-its-api-test
./arm-linux/bin/psa-ps-api-test
./arm-linux/bin/psa-crypto-api-test
./arm-linux/bin/ts-service-test -v -xg Attestation
```
./ts-service-test -v -sg ItsServiceTests
./ts-service-test -v -sg PsServiceTests
./ts-service-test -v -sg CryptoKeyDerivationServicePackedcTests
./ts-service-test -v -sg CryptoMacServicePackedcTests
./ts-service-test -v -sg CryptoCipherServicePackedcTests
./ts-service-test -v -sg CryptoHashServicePackedcTests
./ts-service-test -v -sg CryptoServiceProtobufTests
./ts-service-test -v -sg CryptoServiceLimitTests
./ts-service-test -v -sg DiscoveryServiceTests
./ts-service-test -v -sg CryptoServicePackedcTests
```
lines=8
TEST(PsServiceTests, createAndSetExtended) - 18029 ms
TEST(PsServiceTests, createAndSet) - 20259 ms
TEST(PsServiceTests, storeNewItem) - 18276 ms
TEST(ItsServiceTests, storeNewItem) - 11099 ms
TEST(CryptoKeyDerivationServicePackedcTests, deriveAbort) - 21819 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveBytes) - 23492 ms
TEST(CryptoKeyDerivationServicePackedcTests, hkdfDeriveKey) - 25032 ms
TEST(CryptoMacServicePackedcTests, macAbort) - 19256 ms
TEST(CryptoMacServicePackedcTests, signAndVerify) - 101831 ms
TEST(CryptoCipherServicePackedcTests, cipherAbort) - 19739 ms
TEST(CryptoCipherServicePackedcTests, encryptDecryptRoundtrip) - 66694 ms
TEST(CryptoHashServicePackedcTests, hashAbort) - 23204 ms
TEST(CryptoHashServicePackedcTests, hashAndVerify) - 34243 ms
TEST(CryptoHashServicePackedcTests, calculateHash) - 17353 ms
TEST(CryptoServicePackedcTests, generateRandomNumbers) - 29636 ms
TEST(CryptoServicePackedcTests, asymEncryptDecryptWithSalt) - 2859988 ms
TEST(CryptoServicePackedcTests, asymEncryptDecrypt) - 234077 ms
TEST(CryptoServicePackedcTests, signAndVerifyEat) - 1060967 ms
TEST(CryptoServicePackedcTests, signAndVerifyHash) - 1072643 ms
TEST(CryptoServicePackedcTests, exportAndImportKeyPair) - 127551 ms
TEST(CryptoServicePackedcTests, exportPublicKey) - 199842 ms
TEST(CryptoServicePackedcTests, purgeKey) - 118558 ms
TEST(CryptoServicePackedcTests, copyKey) - 199131 ms
TEST(CryptoServicePackedcTests, generatePersistentKeys) - 213434 ms
TEST(CryptoServicePackedcTests, generateVolatileKeys) - 188038 ms
TEST(CryptoServiceProtobufTests, generateRandomNumbers) - 31397 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecryptWithSalt) - 4241805 ms
TEST(CryptoServiceProtobufTests, asymEncryptDecrypt) - 267644 ms
TEST(CryptoServiceProtobufTests, signAndVerifyHash) - 1073035 ms
TEST(CryptoServiceProtobufTests, exportAndImportKeyPair) - 127099 ms
TEST(CryptoServiceProtobufTests, exportPublicKey) - 200390 ms
TEST(CryptoServiceProtobufTests, generatePersistentKeys) - 213373 ms
TEST(CryptoServiceProtobufTests, generateVolatileKeys) - 189439 ms
TEST(CryptoServiceLimitTests, volatileRsaKeyPairLimit) - 19765597 ms
TEST(CryptoServiceLimitTests, volatileEccKeyPairLimit) - 5244688 ms
TEST(DiscoveryServiceTests, checkServiceInfo) - 12706 ms
OK (41 tests, 36 ran, 318 checks, 0 ignored, 5 filtered out, 38104375 ms)
Currently the attestation test fails due the lack of the attestation SP
support.