To get started with Teaclave TrustZone SDK, you could choose either QEMU for Armv8-A (QEMUv8) or other platforms (platforms OP-TEE supported) as your development environment.
The OP-TEE libraries are needed when building Rust applications, so you should finish the Quick start with the OP-TEE Repo for QEMUv8 part first. Then initialize the building environment in Teaclave TrustZone SDK, build Rust applications and copy them into the target's filesystem.
Teaclave TrustZone SDK is located in [YOUR_OPTEE_DIR]/optee_rust/. Teaclave TrustZone SDK in OP-TEE repo is pinned to the release version. Alternatively, you can try the develop version using git pull:
cd [YOUR_OPTEE_DIR]/optee_rust/ git pull github master
If you are building trusted applications for other platforms (platforms OP-TEE supported). QEMU and the filesystem in the OP-TEE repo are not needed. You can follow these steps to clone the project and build applications independently from the complete OP-TEE repo. In this case, the necessary OP-TEE libraries are initialized in the setup process.
The complete list of prerequisites can be found here: OP-TEE Prerequisites.
# install dependencies sudo apt-get install android-tools-adb android-tools-fastboot autoconf \ automake bc bison build-essential ccache cscope curl device-tree-compiler \ expect flex ftp-upload gdisk iasl libattr1-dev libc6:i386 libcap-dev \ libfdt-dev libftdi-dev libglib2.0-dev libhidapi-dev libncurses5-dev \ libpixman-1-dev libssl-dev libstdc++6:i386 libtool libz1:i386 make \ mtools netcat python-crypto python3-crypto python-pyelftools \ python3-pycryptodome python3-pyelftools python-serial python3-serial \ rsync unzip uuid-dev xdg-utils xterm xz-utils zlib1g-dev
Alternatively, you can use a docker container built with our Dockerfile.
After installing dependencies or building the Docker image, fetch the source code from the official GitHub repository:
git clone https://github.com/apache/teaclave-trustzone-sdk.git cd teaclave-trustzone-sdk
Currently, we support building on both aarch64 and x86_64 host machines, and they share the same steps.
Install the Rust environment and toolchains:
./setup.sh
Build OP-TEE libraries
By default, the OPTEE_DIR is teaclave-trustzone-sdk/optee/. OP-TEE submodules (optee_os and optee_client for QEMUv8) will be initialized automatically by executing:
./build_optee_libraries.sh optee/
Before building applications, set up the configuration:
a. By default, the target platform is aarch64 for both CA and TA. If you want to build for the arm target, you can set up ARCH:
export ARCH_HOST=arm export ARCH_TA=arm
b. By default, the build is for no-std TA. If you want to enable std TA, set the STD variable:
export STD=y
Run this script to set up all toolchain and library paths:
source environment
Run this command to build all Rust examples:
make examples
Or build your own CA and TA:
make -C examples/[YOUR_APPLICATION]
Besides, you can collect all example CAs and TAs to /teaclave-trustzone-sdk/out:
make examples-install
Considering the platform has been chosen (QEMUv8 or other), the ways to run the Rust applications are different.
(cd $OPTEE_DIR/build && make QEMU_VIRTFS_ENABLE=y qemu)
mkdir shared_folder cd [YOUR_OPTEE_DIR]/optee_rust/ && make examples-install) cp -r [YOUR_OPTEE_DIR]/optee_rust/out/* shared_folder/
(cd $OPTEE_DIR/build && make run-only QEMU_VIRTFS_ENABLE=y QEMU_VIRTFS_HOST_DIR=$(pwd)/shared_folder)
mkdir shared && mount -t 9p -o trans=virtio host shared
Copy the applications to your platform and run.