You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
jianglk.darker 7ee447c011
v811_spc009_project
4 months ago
..
optee_ta v811_spc009_project 4 months ago
ta_prod_signing_scripts v811_spc009_project 4 months ago
README.md v811_spc009_project 4 months ago

README.md

MS-IoT fTPM

Trusted firmware for Windows based AArch32 (32-bit) ARM SoC's

Please see the build-firmware document in the iMX IoT Core repo for additional information on including this TA in an IoT Core image for iMX boards.

Included TAs

fTPM TA

The fTPM Trusted Application (TA) provides a secure firmware implementation of a TPM using the MS reference implementation. Platform specific code is copied and modified locally in optee_ta/fTPM/platform, while /fTPM/reference contains files to support WolfSSL, control the fTPM's functionality, and define basic types, which may not be found in OpTEE.

See the reference implementation for more details.


Extra Installation Steps

The secure firmware utilizes the OP-TEE implementation of the Global Platform specifications. The OP-TEE project is not duplicated in this repository but is obtained directly from the public release. The build of OP-TEE is based on a native Linux build, however the following installation steps allow OP-TEE to be built under Windows using WSL. Only the optee_os repository is relevant for trusted firmware use - the optee_client & optee_linuxdriver repositories are integration components for Linux and can serve as a reference for the Windows equivalent components. Note that optee_linuxdriver is GPL.

OpTEE generates a build environment for trusted applications which is based on Make (See TA_DEV_KIT_DIR in the build directions). This build environment places several constraints on how the code is organized, which are explained in the relevant makefiles. See the optee_os documentation for details about how OpTEE build works.

1. Enable Windows Subsystem for Linux

See instructions here:

2. Launch Bash

Search for "bash" in the start menu, OR press Windows key + 'R', then type bash.
Update if needed.

In WSL:

sudo apt-get update

3. Install the ARM tool chain

Install the ARM toolchain to a directory of your choice.

cd ~
wget https://releases.linaro.org/components/toolchain/binaries/6.4-2017.11/arm-linux-gnueabihf/gcc-linaro-6.4.1-2017.11-x86_64_arm-linux-gnueabihf.tar.xz
tar xf gcc-linaro-6.4.1-2017.11-x86_64_arm-linux-gnueabihf.tar.xz
rm gcc-linaro-6.4.1-2017.11-x86_64_arm-linux-gnueabihf.tar.xz

4. Clone the OpTEE OS source code

If you do not already have a version of the OP-TEE OS repo cloned on your machine you may run:

cd ~
git clone https://github.com/ms-iot/ms-iot-optee_os.git

5. Build OP-TEE OS for the target platform

TA_CROSS_COMPILE should point to the ARM toolchain installed in step 3.

cd ~/optee_os
CROSS_COMPILE=~/gcc-linaro-6.4.1-2017.11-x86_64_arm-linux-gnueabihf/bin/arm-linux-gnueabihf- make PLATFORM=imx-mx6qhmbedge CFG_TEE_CORE_LOG_LEVEL=4 CFG_REE_FS=n CFG_RPMB_FS=y CFG_RPMB_TESTKEY=y CFG_RPMB_WRITE_KEY=y -j20

Additional information on Microsoft IoT fork of OP-TEE OS can be found here.

6. Clone the ms-tpm-20-ref source code

cd ~
git clone https://github.com/Microsoft/ms-tpm-20-ref.git

7. Initialize the git submodules

cd ~/ms-tpm-20-ref
git submodule init
git submodule update

Building the TPM

1. Build the Firmware TPM Trusted Application

TA_CROSS_COMPILE should point to the ARM toolchain installed in step 3.

TA_DEV_KIT_DIR should point to the directory the optee_os TA devkit was compiled to in step 5.

-j increases the parallelism of the build process.

cd ~/ms-tpm-20-ref/Samples/ARM32-FirmwareTPM/optee_ta
TA_CPU=cortex-a9 TA_CROSS_COMPILE=~/gcc-linaro-6.4.1-2017.11-x86_64_arm-linux-gnueabihf/bin/arm-linux-gnueabihf- TA_DEV_KIT_DIR=~/optee_os/out/arm-plat-imx/export-ta_arm32 CFG_TEE_TA_LOG_LEVEL=2 make -j20

Debugging options you may want to add:

CFG_TEE_TA_LOG_LEVEL=3 1 is fatal errors only, other values increase debug tracing output.

CFG_TA_DEBUG=y Turns on debug output from the TAs, and enables extra correctness checks in the fTPM TA.