Last edited 5 days ago

How to build TEE for Android

Applicable for STM32MP25x lines
Important
OpenSTDroid is validated against the ecosystem release v5.1.0 . It has not been ported yet on STM32 MPU ecosystem release v6. Visit the ecosystem release v5.1.0 wiki to access to user guide explaining how to port Android on top of STM32 MPU ecosystem release v5.

This article explains how to build the Trusty OS, the secure operating system.

The Trusty TEE consist of:

  • the Trusty drivers: included in the Linux Kernel.
  • the Trusty Secure Payload Dispatcher (SPD) service of TF-A (BL31): located inside the fip image.
  • the Trusty secure operating system and built-in Trusted Application: located inside the fip image.

The Trusty drivers are part of the Linux build process and are compiled as loadable modules. Refer to How to build kernel for Android.

The SDP is part of the TF-A build process. Refer to How to build bootloaders for Android.

For details refer to Trusty secure operating system for Android

1. Prerequisites[edit | edit source]

The environment must be installed using the Distribution Package adapted to the selected microprocessor unit.

The environment setup must be carried out in accordance with the instructions provided here.

2. Partition layout[edit | edit source]

The Trusty secure operating system is integrated in the fip partition.

Information
For information on the complete partition layout for the corresponding development platform, refer to the STM32 MPU Flash mapping for Android article.

The generated Trusty binaries are stored in device/stm/<STM32Series>-tee/prebuilt.

3. Trusty sources[edit | edit source]

By default, the Trusty sources are part of the OpenSTDroid distribution. available in trusty/ directory.

4. Build the Trusty secure operating system[edit | edit source]

build_tee

This instruction generates a Trusty secure operating system for every available board.

Warning
The build script is only compatible with x86_64 host machine. The arm64 host machine compatible version will arrive soon.

To get back more details on available options, run: 

build_tee -h

Here after, see the result for the version 1.7: 

Usage: build_tee [Options] [Command]

  This script allows building TRUSTY sources

Options:
  -h / --help: print this message
  -i / --install: update prebuilt images
  -v / --version: get script version
  --verbose: enable build verbosity
  -d / --debug : script debug verbosity

5. Integrate the TEE[edit | edit source]

To integrate the new Trusty solution within your distribution, first, the prebuilt images must be updated: 

build_tee -i

Then, build the full distribution. 

make -j

Finally, update the associated partitions for the device. Refer to Flashing the built image.



Microprocessor unit

Operating system

Trusted execution environment

Linux® is a registered trademark of Linus Torvalds.

Trusted firmware for Arm® Cortex®-A (see TF-A)

stm32mp1,stm32mp2

Microprocessor unit

Operating system

Trusted execution environment

Linux® is a registered trademark of Linus Torvalds.

Trusted firmware for Arm® Cortex®-A (see TF-A)

stm32mp1,stm32mp2

Arm® is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

Cortex®

Retrieved from "https://wiki.stmicroelectronics.cn/stm32mpu/index.php?title=How_to_build_TEE_for_Android&oldid=126251"