Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can a .SO file be called by TA? #1909

Closed
YumingMa opened this issue Nov 1, 2017 · 10 comments
Closed

Can a .SO file be called by TA? #1909

YumingMa opened this issue Nov 1, 2017 · 10 comments

Comments

@YumingMa
Copy link

YumingMa commented Nov 1, 2017
edited
Loading

I have a .so file. I want to use it in TA. the so file will read the files in the non-world side. I can do it?
@jenswi-linaro
Copy link
Contributor

No, that doesn't work.

  1. we don't have dynamic linking of TAs
  2. TAs run in secure world so syscalls and other facilities in normal world are not available.

@YumingMa
Copy link
Author

YumingMa commented Nov 1, 2017
edited
Loading

If I want to implement this feature, what can I need to do?
I have another questions to ask you,
1.I can open and read/write the files in a TA?
2.Do we support multi-threading or processes?

@lorc
Copy link
Contributor

lorc commented Nov 1, 2017

One TA can call another TA. In this way you can share some code between TAs.

According to GP spec, all calls to one TA are sequential. so there are no multithreading. But you can make parallel calls to different TAs.

TA can access to own secure storage, but AFAIK, it can't read/write regular files from normal world. Probably, you can extend supplicant to do this. But this will not conform standards.

@YumingMa
Copy link
Author

YumingMa commented Nov 2, 2017
edited
Loading

I don't use the share some code between TAs and not access to secure storage or RPMB.
I want to porting OPTEE in a robot device. the robot takes lots of pictures saved in the Normal world. but I want to protect our algorithms with TA. Our algorithms implement only is .so file, so we want to implement a TA called our .so. The .so read the pictures to get result and transfer the result to CA.
I want to know more about OPTEE, please direct me, thanks a lot.

  1. the OPTEE support OPENCV feature? if not, how to support it?
  2. Could the OPTEE work on SMP device?
  3. Can I save the pictures to the secure storage? I don't think so.
  4. Could you have idea to protect our algorithms?
    Thanks again.

@vchong
Copy link
Contributor

vchong commented Nov 2, 2017

Since it's your algorithm that means you have the source code? Can you compile it as a static library (.a) instead? See #901 and linked issues for how to add static lib to TA.

@YumingMa
Copy link
Author

YumingMa commented Nov 2, 2017

The BOSS don't hope the devlopers study the algorithm, so you can think I can't get the source code. the BOSS want to encryto it and only the TA can decrypto and access it. the input of the algorithm is lots of pictures saved in normal world, the output of the algorithm is the result that will send to the normal world.
so I have the before questions. Thanks for your help.

@vchong
Copy link
Contributor

vchong commented Nov 2, 2017

Can the BOSS give you a .a instead of a .so?

  1. OPENCV is not supported. I'm not sure but maybe you can do whatever you need to do with OPENCV in normal world, pass the data/results/etc to your algorithm in secure world and do whatever post processing/analysis you need to do there. It still doesn't resolve the issue though of not being able to link with a .so file.
  2. Yes, as @lorc explained above.
  3. You can save any data you want to secure storage. You can pass the pictures to secure world for storage, but since they originated from normal world, is that ok for your use case? Or if you can find a way to pass the raw image data from the robot/camera directly to secure world without first saving a copy to normal world, that might be more beneficial?
  4. 1-3 above.

HTH

@YumingMa
Copy link
Author

YumingMa commented Nov 2, 2017

Got it.Thanks for your help.
Yes, I can request to get .a file.
1.the algorithm relies on OPENCV. I think the OPENCV should be ported to OPTEE, rigit?
2.I could think the OPTEE only run on one cpu?
3. the pictures can be saved in the normal world. I don't know how to copy to secure storage or the TA can directly read the pictures saved in the normal world?
Thanks again.

@vchong
Copy link
Contributor

vchong commented Nov 2, 2017

You're welcome.

  1. This is more opinion than fact, but it's not that simple to just port everything every users need to secure world. The more things there are in secure world, the larger the surface attack, so it's good to keep things down as small as possible to only what is absolutely required. The purpose of the TEE in a general sense is to provide secure services. OPENCV is a computer vision library. Besides, C++ is not supported atm anyway.
  2. See https://wiki.linaro.org/WorkingGroups/Security/OP-TEE#Is_multi-core_TA_supported.3F.
  3. As mentioned earlier, TA can't read files directly. You have to read from normal world and pass it to the TA, and then the TA can store whatever data it needs to secure storage. You can get details for secure storage here:
    https://github.com/OP-TEE/optee_os/blob/master/documentation/secure_storage.md
    docs: basics for TA development linaro-swg/optee_examples#4
    raw secure storage accesses linaro-swg/optee_examples#5

@YumingMa
Copy link
Author

YumingMa commented Nov 2, 2017

Thank you.
I try to talk with my BOSS. I will close it.

@YumingMa YumingMa closed this as completed Nov 2, 2017
@suntong30 suntong30 mentioned this issue Jan 20, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@lorc @jenswi-linaro @vchong @YumingMa