New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Can static TA Open/Invoke dynamic TA? #1132

Closed
Yanjiong opened this Issue Oct 24, 2016 · 16 comments

Comments

Projects
None yet
6 participants
@Yanjiong

Yanjiong commented Oct 24, 2016

Hi,

Can static TA Open/Invoke dynamic TA?

BR.
Wang Yanjiong

@jenswi-linaro

This comment has been minimized.

Show comment
Hide comment
@jenswi-linaro

jenswi-linaro Oct 24, 2016

Contributor

Yes, but it's more work than just calling a function.

Contributor

jenswi-linaro commented Oct 24, 2016

Yes, but it's more work than just calling a function.

@Yanjiong

This comment has been minimized.

Show comment
Hide comment
@Yanjiong

Yanjiong Oct 25, 2016

Like to do the things which did in syscall_open_ta_session/syscall_invoke_ta_command/syscall_close_ta_session?

Static TA should run in user space right? Could it be linked to libutee to call tee api?

Yanjiong commented Oct 25, 2016

Like to do the things which did in syscall_open_ta_session/syscall_invoke_ta_command/syscall_close_ta_session?

Static TA should run in user space right? Could it be linked to libutee to call tee api?

@vchong

This comment has been minimized.

Show comment
Hide comment
@vchong

vchong Oct 25, 2016

Contributor

Static TAs run in kernel space and are compiled as part of optee_os, so you should be able to call functions within the optee_os core.

Contributor

vchong commented Oct 25, 2016

Static TAs run in kernel space and are compiled as part of optee_os, so you should be able to call functions within the optee_os core.

@Yanjiong

This comment has been minimized.

Show comment
Hide comment
@Yanjiong

Yanjiong Oct 25, 2016

So I should implement some api funcs similar with syscall_open_ta_session/syscall_invoke_ta_command/syscall_close_ta_session to be used by static TAs.

Any works like this have been done and I can refer to? I think this should be a normal request.

Yanjiong commented Oct 25, 2016

So I should implement some api funcs similar with syscall_open_ta_session/syscall_invoke_ta_command/syscall_close_ta_session to be used by static TAs.

Any works like this have been done and I can refer to? I think this should be a normal request.

@jenswi-linaro

This comment has been minimized.

Show comment
Hide comment
@jenswi-linaro

jenswi-linaro Oct 25, 2016

Contributor

This is something new. What does the use case look like (apart from the fact that you want to call a dynamic TA from a static TA)?

Contributor

jenswi-linaro commented Oct 25, 2016

This is something new. What does the use case look like (apart from the fact that you want to call a dynamic TA from a static TA)?

@Yanjiong

This comment has been minimized.

Show comment
Hide comment
@Yanjiong

Yanjiong Oct 25, 2016

Like dynamic TA providing some service to other TAs (dynamic or static) and the static TAs act as the client of the service.

Yanjiong commented Oct 25, 2016

Like dynamic TA providing some service to other TAs (dynamic or static) and the static TAs act as the client of the service.

@jenswi-linaro

This comment has been minimized.

Show comment
Hide comment
@jenswi-linaro

jenswi-linaro Oct 25, 2016

Contributor

But why? A static TA is just an interface, it's not a TA per se.

Contributor

jenswi-linaro commented Oct 25, 2016

But why? A static TA is just an interface, it's not a TA per se.

@Yanjiong

This comment has been minimized.

Show comment
Hide comment
@Yanjiong

Yanjiong Oct 25, 2016

What does "static TA is just an interface but not a TA" mean? What kind of app suggested to be implemented as static TA?

Thanks.

Yanjiong commented Oct 25, 2016

What does "static TA is just an interface but not a TA" mean? What kind of app suggested to be implemented as static TA?

Thanks.

@jenswi-linaro

This comment has been minimized.

Show comment
Hide comment
@jenswi-linaro

jenswi-linaro Oct 25, 2016

Contributor

A static TA is a way of exposing special services to dynamic TAs and clients.

Contributor

jenswi-linaro commented Oct 25, 2016

A static TA is a way of exposing special services to dynamic TAs and clients.

@jforissier

This comment has been minimized.

Show comment
Hide comment
@jforissier

jforissier Oct 25, 2016

Contributor

@Yanjiong bear in mind that a static TA is code inside the TEE core. As such, it does not have its own address space and can corrupt the whole TEE if poorly written. Also it is usually more difficult to upgrade that a dynamic (user) TA which is a file in the normal world file system.
On the other hand, the static TA can access the hardware directly by calling any driver code inside the TEE core. This means you may use a static TA to extend the services offered by the Internal API, without adding any new system call.

Contributor

jforissier commented Oct 25, 2016

@Yanjiong bear in mind that a static TA is code inside the TEE core. As such, it does not have its own address space and can corrupt the whole TEE if poorly written. Also it is usually more difficult to upgrade that a dynamic (user) TA which is a file in the normal world file system.
On the other hand, the static TA can access the hardware directly by calling any driver code inside the TEE core. This means you may use a static TA to extend the services offered by the Internal API, without adding any new system call.

@Yanjiong

This comment has been minimized.

Show comment
Hide comment
@Yanjiong

Yanjiong Oct 25, 2016

Got it. Thanks.

One case must implement app as static TA is that when the TA should be launched before REE fs ready. After the REE fs ready and dynamic TAs launched and could providing service to that static TA, there is the need that the static TA want to Open/Invoke to the dynamic TA.

Yanjiong commented Oct 25, 2016

Got it. Thanks.

One case must implement app as static TA is that when the TA should be launched before REE fs ready. After the REE fs ready and dynamic TAs launched and could providing service to that static TA, there is the need that the static TA want to Open/Invoke to the dynamic TA.

@etienne-lms

This comment has been minimized.

Show comment
Hide comment
@etienne-lms

etienne-lms Nov 2, 2016

Contributor

@Yanjiong, you need is to be able to load some platform standard (user) TAs before REE is ready, maybe at boot. I think you need something that could be added to optee.

At build time, one could build some trusted applications (full featured user TAs) and load their images into some binary file. The early bootloader, together with optee image, would load these data in secure memory.

optee core could be booted with this extra image image (through device tree? boot arguments?) and could create execution contextes for the TAs from this extra image even before TEE/REE RPC is available.

This is not available, and not yet planned neither but i think i could be useful.

Contributor

etienne-lms commented Nov 2, 2016

@Yanjiong, you need is to be able to load some platform standard (user) TAs before REE is ready, maybe at boot. I think you need something that could be added to optee.

At build time, one could build some trusted applications (full featured user TAs) and load their images into some binary file. The early bootloader, together with optee image, would load these data in secure memory.

optee core could be booted with this extra image image (through device tree? boot arguments?) and could create execution contextes for the TAs from this extra image even before TEE/REE RPC is available.

This is not available, and not yet planned neither but i think i could be useful.

@vchong

This comment has been minimized.

Show comment
Hide comment
@vchong

vchong Nov 2, 2016

Contributor

@Yanjiong can you maybe use the tee-supplicant instead to provide the services?

Contributor

vchong commented Nov 2, 2016

@Yanjiong can you maybe use the tee-supplicant instead to provide the services?

@etienne-lms

This comment has been minimized.

Show comment
Hide comment
@etienne-lms

etienne-lms Nov 2, 2016

Contributor

@vchong. i think the problem is that tee-supplicant is not yet operational when the service is needed.

Contributor

etienne-lms commented Nov 2, 2016

@vchong. i think the problem is that tee-supplicant is not yet operational when the service is needed.

@vchong

This comment has been minimized.

Show comment
Hide comment
@vchong

vchong Nov 2, 2016

Contributor

@etienne-lms understand. Was just wondering if the supplicant can be an alternative for the dynamic TAs where @Yanjiong mentioned that: "After the REE fs ready and dynamic TAs launched and could providing service to that static TA, there is the need that the static TA want to Open/Invoke to the dynamic TA." If yes then static TA doesn't have to worry about opening or invoking the dynamic TA.

Contributor

vchong commented Nov 2, 2016

@etienne-lms understand. Was just wondering if the supplicant can be an alternative for the dynamic TAs where @Yanjiong mentioned that: "After the REE fs ready and dynamic TAs launched and could providing service to that static TA, there is the need that the static TA want to Open/Invoke to the dynamic TA." If yes then static TA doesn't have to worry about opening or invoking the dynamic TA.

@jbech-optee-adm

This comment has been minimized.

Show comment
Hide comment
@jbech-optee-adm

jbech-optee-adm Nov 3, 2016

We're closing this issue since the question has been answered. If you however feel that you have additional questions or still thinks this is an issue, please feel free to re-open the issue again.

jbech-optee-adm commented Nov 3, 2016

We're closing this issue since the question has been answered. If you however feel that you have additional questions or still thinks this is an issue, please feel free to re-open the issue again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment