How to develop an OP-TEE Trusted Application

Revision as of 08:27, 13 September 2022 by Registered User

Applicable for STM32MP13x lines, STM32MP15x lines

This article describes how to develop a Trusted Application for OP-TEE using an OpenSTLinux environment.

1 Starting from an example[edit]

The simplest way to begin the development of a new OP-TEE Trusted Application is to start from a minimal example. Let's take the hello_world example from the official optee_examples.git repository:

 PC $> git clone https://github.com/linaro-swg/optee_examples

2 Build[edit]

At this point it is assumed OpenSTLinux SDK is installed and set up correctly.

The Trusted Application can be built by running make. For instance with the "hello_world" example:

 PC $> make -C optee_examples/hello_world
 make[1]: Entering directory '…/optee_examples/hello_world/host'
 [...]
 make[1]: Leaving directory '…/optee_examples/hello_world/host'
 make[1]: Entering directory '…/optee_examples/hello_world/ta'
 [...]
 make[1]: Leaving directory '…/optee_examples/hello_world/ta'

3 Run[edit]

Once built, the Trusted Application and its client must be copied onto the running system at the expected location. For instance with the "hello_world" example, using scp:

 PC $> scp optee_examples/hello_world/host/optee_example_hello_world root@<board ip address>:/usr/bin
 PC $> scp optee_examples/hello_world/ta/8aaaf200-2450-11e4-abe2-0002a5d5c51b.ta root@<board ip address>::/lib/optee_armtz/

Now it can be executed easily from the running system:

 root@stm32mp1:~# optee_example_hello_world
 D/TA:  TA_CreateEntryPoint:39 has been called
 D/TA:  TA_OpenSessionEntryPoint:68 has been called
 I/TA: Hello World!
 Invoking TA to increment 42
 D/TA:  inc_value:105 has been called
 I/TA: Got value: 42 from NW
 I/TA: Increase value to: 43
 TA incremented value to 43
 I/TA: Goodbye!
 D/TA:  TA_DestroyEntryPoint:50 has been called

4 Going further[edit]

To get more information on how to develop on OP-TEE Trusted Application, please refer to https://optee.readthedocs.io/en/latest/building/trusted_applications.html