openharmony_ci
815d743e53
add support for rk3588 Created-by: xclimatexx Commit-by: lixuan Merged-by: openharmony_ci Description: ### 一、内容说明(相关的Issue) [#5](https://gitcode.com/openharmony/tee_tee_os_framework/issues/5) ### 二、建议测试周期和提测地址 建议测试完成时间:xxxx.xx.xx 投产上线时间:xxxx.xx.xx 提测地址:CI环境/压测环境 测试账号: ### 三、变更内容 * 3.1 关联PR列表 * 3.2 数据库和部署说明 1. 常规更新 2. 重启unicorn 3. 重启sidekiq 4. 迁移任务:是否有迁移任务,没有写 "无" 5. rake脚本:`bundle exec xxx RAILS_ENV = production`;没有写 "无" * 3.4 其他技术优化内容(做了什么,变更了什么) - 重构了 xxxx 代码 - xxxx 算法优化 * 3.5 废弃通知(什么字段、方法弃用?) * 3.6 后向不兼容变更(是否有无法向后兼容的变更?) ### 四、研发自测点(自测哪些?冒烟用例全部自测?) 自测测试结论: ### 五、测试关注点(需要提醒QA重点关注的、可能会忽略的地方) 检查点: | 需求名称 | 是否影响xx公共模块 | 是否需要xx功能 | 需求升级是否依赖其他子产品 | |------|------------|----------|---------------| | xxx | 否 | 需要 | 不需要 | | | | | | 接口测试: 性能测试: 并发测试: 其他: See merge request: openharmony/tee_tee_os_framework!8
Introduction to tee_tee_os_framework repository
Introduction
OpenTrustee provides a Trusted Execution Environment (TEE) that runs in a hardware isolated secure area, running simultaneously with regular operating systems such as OpenHarmony but isolated from each other. OpenTrustee has higher security than conventional operating systems and can provide protection for confidential data on devices.
OpenTrustee is a complete TEE solution that includes multiple components. The system architecture is shown in the figure below:
The tee_tee_os_framework component mainly includes the operating system framework of OpenTrustee, responsible for managing the entire lifecycle of TA (Trusted Application), processing interaction information between CA (Client Application) and TA, and managing drivers. In addition, it also provides core services such as encryption and decryption, secure storage, etc. Below are specific module introductions.
1. The specific module introduction of tee_os_framework
| Name of module | Functions |
|---|---|
| gtask | TA lifetime control, create and destroy TA process, commication manager, session manager and agent manager of CA2TA, process error information for TA |
| teesmcmgr | dispatch smc command, including CA commands, system suspend and resume command, idle state management |
| tarunner | load,analysis and relocate the elf file of TA/drivers/services |
| drvmgr | management lifetime of drivers, including the create and destroy of drivers, interface permission control, driver process rights management, drivers access control, process incorrect state of drivers |
| permission service | permission management of SEC file |
| ssa | secure storage functions |
| huk service | hardware root key access control |
| teemiscdrv | base driver, get shared information from bootloader |
| cryptomgr | the framework code of encrypt/decrypt drivers |
| TEE base API | base interfaces of TA development, including encrypt/decrypt, secure storage, secure timer and GP interface of TA2TA |
| TEE driver API | interfaces for driver develepment, including interrupt, IO and DMA |
| sample | sample code for TEE load(teeloader) and sample code for ATF-TEE adapt code(tee_atf) |
| test | tee test suit |
tee_os_framework code directories
base/tee/tee_os_framework
├── framework
│ ├── gtask
│ ├── teesmcmgr
│ ├── drvmgr
│ └── tarunner
├── lib
│ ├── drvlib # libs for drvmgr and drivers
│ ├── syslib # libs for TEE internal services
│ └── teelib # libs for TA and services
├── drivers
│ ├── tee_misc_drv
│ ├── include
│ └── crypto_mgr
├── service
│ ├── permission_service
│ ├── huk_service
│ └── ssa
├── config
│ ├── release_config # release config macros
│ └── debug_config # debug config macros
├── build
├── test
└── sample
Tee_os_framework Construction Guide
The tee_tee_os_framework and tee_tee_os_kernel work together to build TEEOS, and the commands for building them separately are as follows:
./build.sh --product-name rk3568 --build-target tee --ccache
Build the product as a TEEOS image: base/tee/tee_os_kernel/kernel/bl32.bin