-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
raw secure storage accesses #5
raw secure storage accesses #5
Conversation
secure_storage/Android.mk
Outdated
$(OPTEE_CLIENT_EXPORT)/include \ | ||
|
||
LOCAL_SHARED_LIBRARIES := libteec | ||
LOCAL_MODULE := tee_example_secure_storage |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we should prefix all optee_example files with somethings like ote_<module>
(OP-TEE Example).
secure_storage/Makefile
Outdated
@@ -0,0 +1,15 @@ | |||
export V?=0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/export V?=0
/export V ?= 0
/
secure_storage/host/Makefile
Outdated
#Add/link other required libraries here | ||
LDADD += -lteec -L$(TEEC_EXPORT)/lib | ||
|
||
BINARY = optee_secure_storage |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here as for the module in the Android make files, ... ote_<module>
. At least we should have the same name in both Android and Linux.
secure_storage/host/main.c
Outdated
if (res != TEEC_SUCCESS) | ||
errx(1, "Failed to create an object in the secure storage"); | ||
|
||
printf("- Read back the but in a too small buffer (should fail)\n"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think it is a good idea to show this in an example like this. This smells a bit more of a test case than just showing how to do things. I would just skip this and go directly with the well sized buffer.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
However, if you insist of keeping this part, then I think you should at least check/use the params[1].memref.size
which contains the expected size when TEEC_ERROR_SHORT_BUFFER
is returned (at least that is what you are doing in the TA).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will remove the test case.
secure_storage/host/main.c
Outdated
if (res != TEEC_SUCCESS) | ||
errx(1, "Failed to delete the object: 0x%x", res); | ||
|
||
printf("- Try to access the object (should fail)\n"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here, I would skip this "should fail" section.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
|
||
#define TA_CURRENT_TA_EXT_PROPERTIES \ | ||
{ "gp.ta.description", USER_TA_PROP_TYPE_STRING, \ | ||
"Exmaple of TA writing/reading data from its secure storage" }, \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/Exmaple/Example/
|
||
#include <secure_storage_ta.h> | ||
|
||
#define TA_UUID TA_SECURE_STORAGE_UUID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we use the same idea here? OTE_<module>_UUID
?
comments addressed. |
secure_storage/host/main.c
Outdated
res = read_secure_object(&ctx, obj1_id, | ||
read_data, sizeof(read_data)); | ||
if (res != TEEC_SUCCESS) | ||
errx(1, "Failed to create an object in the secure storage"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here Error message should be "Failed to read an object".
eb826f9
to
9a5c415
Compare
9a5c415
to
ea22eff
Compare
f9b948c
to
7a830ac
Compare
Rebased on master. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
NM = $(CROSS_COMPILE)nm | ||
OBJCOPY = $(CROSS_COMPILE)objcopy | ||
OBJDUMP = $(CROSS_COMPILE)objdump | ||
READELF = $(CROSS_COMPILE)readelf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only CC
is needed it seems
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Kept for consistency with other. Will clean all in a later change if better.
46d63c8
to
3318005
Compare
Rebased, tag applied. |
.gitignore
Outdated
@@ -17,3 +17,4 @@ hello_world/host/optee_example_hello_world | |||
random/host/optee_example_random | |||
aes/host/optee_example_aes | |||
hotp/host/optee_example_hotp | |||
secure_storage/host/optee_example_secure_storag |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is an e
missing at the end?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. i don't know how I corrupted that!
Thanks.
|
This change provides basics for creating, reading and deleting an object in a TA secure storage. The TA implementation shows how to use the GPD TEE Internal Core API for some basic data persistent object manipulations. A TA command allows to create an object in the TA secure storage. A TA command allows to read an object in the TA secure storage. A TA command allows to delete an object from the TA secure storage. This example does not cover all the possibilities of secure storage API provided to TAs: seeking into a object data stream, manipulating key material objects instead of raw data objects, etc. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
7eab96e
to
8c75c23
Compare
Squashed, commit description fixed, tags applied. |
secure_storage example provides basics for creating, reading and deleting
a object in a TA secure storage.
A TA command allows to create an object in the TA secure storage.
A TA command allows to read an object in the TA secure storage.
A TA command allows to delete an object from the TA secur storage.
This example does not cover all the possibilities of secure storage API
provided to TAs: seeking into a object data stream, manipulating
key material objects instead of raw data objects, etc.