raw secure storage accesses #5
Conversation
secure_storage/Android.mk
Outdated
| $(OPTEE_CLIENT_EXPORT)/include \ | ||
|
|
||
| LOCAL_SHARED_LIBRARIES := libteec | ||
| LOCAL_MODULE := tee_example_secure_storage |
There was a problem hiding this comment.
I think we should prefix all optee_example files with somethings like ote_<module> (OP-TEE Example).
secure_storage/Makefile
Outdated
| @@ -0,0 +1,15 @@ | |||
| export V?=0 | |||
There was a problem hiding this comment.
s/export V?=0/export V ?= 0/
secure_storage/host/Makefile
Outdated
| #Add/link other required libraries here | ||
| LDADD += -lteec -L$(TEEC_EXPORT)/lib | ||
|
|
||
| BINARY = optee_secure_storage |
There was a problem hiding this comment.
Same here as for the module in the Android make files, ... ote_<module>. At least we should have the same name in both Android and Linux.
secure_storage/host/main.c
Outdated
| if (res != TEEC_SUCCESS) | ||
| errx(1, "Failed to create an object in the secure storage"); | ||
|
|
||
| printf("- Read back the but in a too small buffer (should fail)\n"); |
There was a problem hiding this comment.
I don't think it is a good idea to show this in an example like this. This smells a bit more of a test case than just showing how to do things. I would just skip this and go directly with the well sized buffer.
There was a problem hiding this comment.
However, if you insist of keeping this part, then I think you should at least check/use the params[1].memref.size which contains the expected size when TEEC_ERROR_SHORT_BUFFER is returned (at least that is what you are doing in the TA).
There was a problem hiding this comment.
I will remove the test case.
secure_storage/host/main.c
Outdated
| if (res != TEEC_SUCCESS) | ||
| errx(1, "Failed to delete the object: 0x%x", res); | ||
|
|
||
| printf("- Try to access the object (should fail)\n"); |
There was a problem hiding this comment.
Same here, I would skip this "should fail" section.
|
|
||
| #define TA_CURRENT_TA_EXT_PROPERTIES \ | ||
| { "gp.ta.description", USER_TA_PROP_TYPE_STRING, \ | ||
| "Exmaple of TA writing/reading data from its secure storage" }, \ |
|
|
||
| #include <secure_storage_ta.h> | ||
|
|
||
| #define TA_UUID TA_SECURE_STORAGE_UUID |
There was a problem hiding this comment.
Should we use the same idea here? OTE_<module>_UUID?
|
comments addressed. |
secure_storage/host/main.c
Outdated
| res = read_secure_object(&ctx, obj1_id, | ||
| read_data, sizeof(read_data)); | ||
| if (res != TEEC_SUCCESS) | ||
| errx(1, "Failed to create an object in the secure storage"); |
There was a problem hiding this comment.
Here Error message should be "Failed to read an object".
etienne-lms
force-pushed
the
secure-storage-raw
branch
from
eb826f9
to
9a5c415
Compare
etienne-lms
force-pushed
the
secure-storage-raw
branch
from
9a5c415
to
ea22eff
Compare
etienne-lms
force-pushed
the
secure-storage-raw
branch
3 times, most recently
from
f9b948c
to
7a830ac
Compare
|
Rebased on master. |
| NM = $(CROSS_COMPILE)nm | ||
| OBJCOPY = $(CROSS_COMPILE)objcopy | ||
| OBJDUMP = $(CROSS_COMPILE)objdump | ||
| READELF = $(CROSS_COMPILE)readelf |
There was a problem hiding this comment.
Only CC is needed it seems
There was a problem hiding this comment.
Kept for consistency with other. Will clean all in a later change if better.
etienne-lms
force-pushed
the
secure-storage-raw
branch
2 times, most recently
from
46d63c8
to
3318005
Compare
|
Rebased, tag applied. |
.gitignore
Outdated
| @@ -17,3 +17,4 @@ hello_world/host/optee_example_hello_world | |||
| random/host/optee_example_random | |||
| aes/host/optee_example_aes | |||
| hotp/host/optee_example_hotp | |||
| secure_storage/host/optee_example_secure_storag | |||
There was a problem hiding this comment.
Is an e missing at the end?
There was a problem hiding this comment.
Good catch. i don't know how I corrupted that!
Thanks.
|
|
This change provides basics for creating, reading and deleting an object in a TA secure storage. The TA implementation shows how to use the GPD TEE Internal Core API for some basic data persistent object manipulations. A TA command allows to create an object in the TA secure storage. A TA command allows to read an object in the TA secure storage. A TA command allows to delete an object from the TA secure storage. This example does not cover all the possibilities of secure storage API provided to TAs: seeking into a object data stream, manipulating key material objects instead of raw data objects, etc. Signed-off-by: Etienne Carriere <etienne.carriere@linaro.org> Acked-by: Jerome Forissier <jerome.forissier@linaro.org> Acked-by: Jens Wiklander <jens.wiklander@linaro.org>
etienne-lms
force-pushed
the
secure-storage-raw
branch
from
7eab96e
to
8c75c23
Compare
|
Squashed, commit description fixed, tags applied. |
secure_storage example provides basics for creating, reading and deleting
a object in a TA secure storage.
A TA command allows to create an object in the TA secure storage.
A TA command allows to read an object in the TA secure storage.
A TA command allows to delete an object from the TA secur storage.
This example does not cover all the possibilities of secure storage API
provided to TAs: seeking into a object data stream, manipulating
key material objects instead of raw data objects, etc.