From fbedc3f63d7b8f764087ac88ee3557e2b50fbea5 Mon Sep 17 00:00:00 2001 From: Igor Kotrasinski Date: Tue, 6 Nov 2018 11:00:57 +0100 Subject: [PATCH] Add example CA / TA subdirectory These TA/CA pairs are mainly intended to be used for the Raspberry Pi 3 image with OpTEE. Change-Id: I09713991dafaa1aac8342926ec9c28d40c0b957e Signed-off-by: Igor Kotrasinski --- examples/CMakeLists.txt | 30 ++ examples/LICENSE | 203 +++++++++++ examples/ca1/CMakeLists.txt | 49 +++ examples/ca1/src/main.c | 62 ++++ examples/ca2/CMakeLists.txt | 49 +++ examples/ca2/src/main.c | 85 +++++ examples/ca3/CMakeLists.txt | 49 +++ examples/ca3/src/main.c | 124 +++++++ examples/packaging/example-ta.manifest | 10 + examples/packaging/example-ta.spec | 65 ++++ examples/resources/gbs.conf | 12 + examples/resources/sd_fusing_rpi.sh | 328 ++++++++++++++++++ examples/ta/CMakeLists.txt | 33 ++ examples/ta/ta1/CMakeLists.txt | 44 +++ .../optee/include/user_ta_header_defines.h | 40 +++ .../ta/ta1/backends/simulator/manifest.xml | 42 +++ examples/ta/ta1/src/ta.c | 58 ++++ examples/ta/ta2/CMakeLists.txt | 42 +++ .../optee/include/user_ta_header_defines.h | 40 +++ .../ta/ta2/backends/simulator/manifest.xml | 42 +++ examples/ta/ta2/src/ta.c | 112 ++++++ examples/ta/ta3/CMakeLists.txt | 42 +++ .../optee/include/user_ta_header_defines.h | 40 +++ .../ta/ta3/backends/simulator/manifest.xml | 42 +++ examples/ta/ta3/src/ta.c | 102 ++++++ 25 files changed, 1745 insertions(+) create mode 100644 examples/CMakeLists.txt create mode 100644 examples/LICENSE create mode 100644 examples/ca1/CMakeLists.txt create mode 100644 examples/ca1/src/main.c create mode 100644 examples/ca2/CMakeLists.txt create mode 100644 examples/ca2/src/main.c create mode 100644 examples/ca3/CMakeLists.txt create mode 100644 examples/ca3/src/main.c create mode 100644 examples/packaging/example-ta.manifest create mode 100644 examples/packaging/example-ta.spec create mode 100644 examples/resources/gbs.conf create mode 100755 examples/resources/sd_fusing_rpi.sh create mode 100644 examples/ta/CMakeLists.txt create mode 100644 examples/ta/ta1/CMakeLists.txt create mode 100644 examples/ta/ta1/backends/optee/include/user_ta_header_defines.h create mode 100644 examples/ta/ta1/backends/simulator/manifest.xml create mode 100644 examples/ta/ta1/src/ta.c create mode 100644 examples/ta/ta2/CMakeLists.txt create mode 100644 examples/ta/ta2/backends/optee/include/user_ta_header_defines.h create mode 100644 examples/ta/ta2/backends/simulator/manifest.xml create mode 100644 examples/ta/ta2/src/ta.c create mode 100644 examples/ta/ta3/CMakeLists.txt create mode 100644 examples/ta/ta3/backends/optee/include/user_ta_header_defines.h create mode 100644 examples/ta/ta3/backends/simulator/manifest.xml create mode 100644 examples/ta/ta3/src/ta.c diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt new file mode 100644 index 0000000..74d3486 --- /dev/null +++ b/examples/CMakeLists.txt @@ -0,0 +1,30 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file +# @author Igor Kotrasinski (i.kotrasinsk@partner.samsung.com) +# @brief CMakeLists for example CA and TA +# + +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT("tee-usage-example") + +SET(CA1_PATH ${PROJECT_SOURCE_DIR}/ca1) +SET(CA2_PATH ${PROJECT_SOURCE_DIR}/ca2) +SET(CA3_PATH ${PROJECT_SOURCE_DIR}/ca3) + +ADD_SUBDIRECTORY(ca1) +ADD_SUBDIRECTORY(ca2) +ADD_SUBDIRECTORY(ca3) +ADD_SUBDIRECTORY(ta) diff --git a/examples/LICENSE b/examples/LICENSE new file mode 100644 index 0000000..9b17c34 --- /dev/null +++ b/examples/LICENSE @@ -0,0 +1,203 @@ +Copyright (c) 2017 Samsung Electronics Co., Ltd. All rights reserved. + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/examples/ca1/CMakeLists.txt b/examples/ca1/CMakeLists.txt new file mode 100644 index 0000000..cd29973 --- /dev/null +++ b/examples/ca1/CMakeLists.txt @@ -0,0 +1,49 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file +# @author Igor Kotrasinski (i.kotrasinsk@partner.samsung.com) +# @brief CMakeLists for example CA +# + +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT("tee-usage-example") + +INCLUDE(FindPkgConfig) + +PKG_CHECK_MODULES(CA_DEPS REQUIRED + tef-libteec + ) + +SET(CMAKE_C_FLAGS "-std=c99") + +SET(CA_SOURCES + ${CA1_PATH}/src/main.c + ) + +SET(TARGET_CA ca-example1) + +ADD_EXECUTABLE(${TARGET_CA} + ${CA_SOURCES} + ) + +INCLUDE_DIRECTORIES( + ${CA_DEPS_INCLUDE_DIRS} + ) + +TARGET_LINK_LIBRARIES(${TARGET_CA} + ${CA_DEPS_LIBRARIES} + ) + +INSTALL(TARGETS ${TARGET_CA} DESTINATION ${BIN_DIR}) diff --git a/examples/ca1/src/main.c b/examples/ca1/src/main.c new file mode 100644 index 0000000..fb7059e --- /dev/null +++ b/examples/ca1/src/main.c @@ -0,0 +1,62 @@ +/** + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file + * @author Igor Kotrasinski (i.kotrasinsk@partner.samsung.com) + * @brief Example Hello World CA + */ + +#include +#include +#include + +int main(int argc, char *argv[]) +{ + TEEC_Result result; + TEEC_Context ctx; + TEEC_Session sess; + TEEC_Operation op; + uint32_t error; + TEEC_UUID uuid = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0xFA, 0xCE, 0xBE, 0xEF, 0x01} }; + + op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); + op.params[0].value.a = 1; + op.params[0].value.b = 0; + + result = TEEC_InitializeContext(NULL, &ctx); + if (result != TEEC_SUCCESS) { + printf("TEEC_InitializeContext failed with result %x\n", result); + return -1; + } + + result = TEEC_OpenSession(&ctx, &sess, &uuid, TEEC_LOGIN_PUBLIC, NULL, NULL, NULL); + if (result != TEEC_SUCCESS) { + printf("TEEC_OpenSession failed with result %x\n", result); + return -2; + } + + result = TEEC_InvokeCommand(&sess, 0, &op, &error); + if (result != TEEC_SUCCESS) { + printf("TEEC_InvokeCommand failed with result %x, error %x\n", result, error); + return -3; + } + printf("TA incremented value to %d\n", op.params[0].value.a); + + TEEC_CloseSession(&sess); + TEEC_FinalizeContext(&ctx); + return 0; +} diff --git a/examples/ca2/CMakeLists.txt b/examples/ca2/CMakeLists.txt new file mode 100644 index 0000000..50a7479 --- /dev/null +++ b/examples/ca2/CMakeLists.txt @@ -0,0 +1,49 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file +# @author Igor Kotrasinski (i.kotrasinsk@partner.samsung.com) +# @brief CMakeLists for example CA +# + +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT("tee-usage-example") + +INCLUDE(FindPkgConfig) + +PKG_CHECK_MODULES(CA_DEPS REQUIRED + tef-libteec + ) + +SET(CMAKE_C_FLAGS "-std=c99") + +SET(CA_SOURCES + ${CA2_PATH}/src/main.c + ) + +SET(TARGET_CA ca-example2) + +ADD_EXECUTABLE(${TARGET_CA} + ${CA_SOURCES} + ) + +INCLUDE_DIRECTORIES( + ${CA_DEPS_INCLUDE_DIRS} + ) + +TARGET_LINK_LIBRARIES(${TARGET_CA} + ${CA_DEPS_LIBRARIES} + ) + +INSTALL(TARGETS ${TARGET_CA} DESTINATION ${BIN_DIR}) diff --git a/examples/ca2/src/main.c b/examples/ca2/src/main.c new file mode 100644 index 0000000..745503d --- /dev/null +++ b/examples/ca2/src/main.c @@ -0,0 +1,85 @@ +/** + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file + * @author Igor Kotrasinski (i.kotrasinsk@partner.samsung.com) + * @brief Example Hello World CA + */ + +#include +#include +#include +#include + +int main(int argc, char *argv[]) +{ + TEEC_Result result; + TEEC_Context ctx; + TEEC_Session sess; + TEEC_Operation op; + uint32_t error; + TEEC_UUID uuid = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0xFA, 0xCE, 0xBE, 0xEF, 0x02} }; + + if (argc < 2) { + printf("Expected at least one argument\n"); + return 1; + } + + if (!strcmp("save", argv[1])) { + if (argc < 3) { + printf("Expected a value to save\n"); + return 1; + } + op.params[0].value.a = 0; + op.params[0].value.b = atoi(argv[2]); + if (op.params[0].value.b < 0) { + printf("Expected a non-negative value\n"); + return 1; + } + } else if (!strcmp("load", argv[1])) { + op.params[0].value.a = 1; + } else { + printf("Expected \"save\" or \"load\"\n"); + return 1; + } + + op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_NONE, TEEC_NONE, TEEC_NONE); + + result = TEEC_InitializeContext(NULL, &ctx); + if (result != TEEC_SUCCESS) { + printf("TEEC_InitializeContext failed with result %x\n", result); + return -1; + } + + result = TEEC_OpenSession(&ctx, &sess, &uuid, TEEC_LOGIN_PUBLIC, NULL, NULL, NULL); + if (result != TEEC_SUCCESS) { + printf("TEEC_OpenSession failed with result %x\n", result); + return -2; + } + + result = TEEC_InvokeCommand(&sess, 0, &op, &error); + if (result != TEEC_SUCCESS) { + printf("TEEC_InvokeCommand failed with result %x, error %x\n", result, error); + return -3; + } + if (op.params[0].value.a == 1) + printf("Currently stored value: %d\n", op.params[0].value.b); + + TEEC_CloseSession(&sess); + TEEC_FinalizeContext(&ctx); + return 0; +} diff --git a/examples/ca3/CMakeLists.txt b/examples/ca3/CMakeLists.txt new file mode 100644 index 0000000..524d768 --- /dev/null +++ b/examples/ca3/CMakeLists.txt @@ -0,0 +1,49 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file +# @author Igor Kotrasinski (i.kotrasinsk@partner.samsung.com) +# @brief CMakeLists for example CA +# + +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) +PROJECT("tee-usage-example") + +INCLUDE(FindPkgConfig) + +PKG_CHECK_MODULES(CA_DEPS REQUIRED + tef-libteec + ) + +SET(CMAKE_C_FLAGS "-std=c99") + +SET(CA_SOURCES + ${CA3_PATH}/src/main.c + ) + +SET(TARGET_CA ca-example3) + +ADD_EXECUTABLE(${TARGET_CA} + ${CA_SOURCES} + ) + +INCLUDE_DIRECTORIES( + ${CA_DEPS_INCLUDE_DIRS} + ) + +TARGET_LINK_LIBRARIES(${TARGET_CA} + ${CA_DEPS_LIBRARIES} + ) + +INSTALL(TARGETS ${TARGET_CA} DESTINATION ${BIN_DIR}) diff --git a/examples/ca3/src/main.c b/examples/ca3/src/main.c new file mode 100644 index 0000000..7676469 --- /dev/null +++ b/examples/ca3/src/main.c @@ -0,0 +1,124 @@ +/** + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file + * @author Igor Kotrasinski (i.kotrasinsk@partner.samsung.com) + * @brief Example Hello World CA + */ + +#include +#include +#include +#include + +static unsigned char in[128], out[129]; + +static void buf2hex(char *hex, unsigned char *buf, size_t sz) +{ + int low, high; + for (size_t i = 0; i < sz; i++) { + low = buf[i] % 16; + high = buf[i] / 16; + if (low < 10) + hex[i*2] = '0' + low; + else + hex[i*2] = 'A' + (low - 10); + if (high < 10) + hex[i*2+1] = '0' + high; + else + hex[i*2+1] = 'A' + (high - 10); + } +} + +static void hex2buf(unsigned char *buf, char *hex, size_t sz) +{ + int low, high; + for (size_t i = 0; i < sz; i++) { + if ('0' <= hex[i*2] && hex[i*2] <= '9') + low = hex[i*2] - '0'; + else + low = (hex[i*2] - 'A') + 10; + if ('0' <= hex[i*2+1] && hex[i*2+1] <= '9') + high = hex[i*2+1] - '0'; + else + high = (hex[i*2+1] - 'A') + 10; + buf[i] = low + 16 * high; + } +} + +int main(int argc, char *argv[]) +{ + TEEC_Result result; + TEEC_Context ctx; + TEEC_Session sess; + TEEC_Operation op; + uint32_t error; + TEEC_UUID uuid = { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0xFA, 0xCE, 0xBE, 0xEF, 0x03} }; + + if (argc < 3) { + printf("Expected two arguments\n"); + return 1; + } + if (!strcmp("encrypt", argv[1])) { + op.params[0].value.a = 0; + memset(in, 0, 128); + strcpy(in, argv[2]); + } else if (!strcmp("decrypt", argv[1])) { + op.params[0].value.a = 1; + hex2buf(in, argv[2], 128); + } else { + printf("Expected \"encrypt\" or \"decrypt\"\n"); + return 1; + } + op.params[1].tmpref.buffer = in; + op.params[1].tmpref.size = 128; + op.params[2].tmpref.buffer = out; + op.params[2].tmpref.size = 128; + + op.paramTypes = TEEC_PARAM_TYPES(TEEC_VALUE_INOUT, TEEC_MEMREF_TEMP_INPUT, TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE); + + result = TEEC_InitializeContext(NULL, &ctx); + if (result != TEEC_SUCCESS) { + printf("TEEC_InitializeContext failed with result %x\n", result); + return -1; + } + + result = TEEC_OpenSession(&ctx, &sess, &uuid, TEEC_LOGIN_PUBLIC, NULL, NULL, NULL); + if (result != TEEC_SUCCESS) { + printf("TEEC_OpenSession failed with result %x\n", result); + return -3; + } + + result = TEEC_InvokeCommand(&sess, 0, &op, &error); + if (result != TEEC_SUCCESS) { + printf("TEEC_InvokeCommand failed with result %x, error %x\n", result, error); + return -4; + } + + if (op.params[0].value.a == 0) { + char hexout[257]; + hexout[256] = '\0'; + buf2hex(hexout, out, 128); + printf("%s\n", hexout); + } else { + out[128] = '\0'; + printf("%s\n", out); + } + TEEC_CloseSession(&sess); + TEEC_FinalizeContext(&ctx); + return 0; +} diff --git a/examples/packaging/example-ta.manifest b/examples/packaging/example-ta.manifest new file mode 100644 index 0000000..be304d9 --- /dev/null +++ b/examples/packaging/example-ta.manifest @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/examples/packaging/example-ta.spec b/examples/packaging/example-ta.spec new file mode 100644 index 0000000..9a3810a --- /dev/null +++ b/examples/packaging/example-ta.spec @@ -0,0 +1,65 @@ +%define lib_dir %{?TZ_SYS_LIB:%TZ_SYS_LIB}%{!?TZ_SYS_LIB:%_libdir} +%define include_dir %{?TZ_SYS_INCLUDE:%TZ_SYS_INCLUDE}%{!?TZ_SYS_INCLUDE:%_includedir} +%define bin_dir %{?TZ_SYS_BIN:%TZ_SYS_BIN}%{!?TZ_SYS_BIN:%_bindir} + +# Different TEE backends use different naming conventions for TAs - this macro +# lets us not worry about any of them. +%define ta1_name %{unified_ta_devkit_get_ta_name 0000000000000000000000FACEBEEF01} +%define ta2_name %{unified_ta_devkit_get_ta_name 0000000000000000000000FACEBEEF02} +%define ta3_name %{unified_ta_devkit_get_ta_name 0000000000000000000000FACEBEEF03} + +Name: example-ta +Summary: Example TA +Version: 0.0.1 +Release: 1 +Group: Security +License: Apache-2.0 +Source0: %{name}-%{version}.tar.gz +Source1: %{name}.manifest + +Provides: %{name} + +BuildRequires: cmake +BuildRequires: unified-ta-devkit +BuildRequires: pkgconfig(tef-libteec) + +%description +A set of example TAs. + +%prep +%setup -q +cp %{SOURCE1} . + +%build + +%{unified_ta_devkit_export} +%ifarch %{arm} aarch64 +%{?asan:%gcc_unforce_options} +%endif +mkdir -p build +cd build +%cmake .. \ + -DCMAKE_BUILD_TYPE=%{?build_type:%build_type}%{!?build_type:RELEASE} \ + -DTASTORE_DIR=%{_tastoredir} \ + -DBIN_DIR=%{bin_dir} \ + -DTA1_NAME=%{ta1_name} \ + -DTA2_NAME=%{ta2_name} \ + -DTA3_NAME=%{ta3_name} +make %{?jobs:-j%jobs} + +%install +cd build +%make_install + +%clean + + +%files -n %{name} +%license LICENSE +%manifest example-ta.manifest +%{_tastoredir}/%{ta1_name} +%{_tastoredir}/%{ta2_name} +%{_tastoredir}/%{ta3_name} +%{bin_dir}/ca-example1 +%{bin_dir}/ca-example2 +%{bin_dir}/ca-example3 diff --git a/examples/resources/gbs.conf b/examples/resources/gbs.conf new file mode 100644 index 0000000..1e66c99 --- /dev/null +++ b/examples/resources/gbs.conf @@ -0,0 +1,12 @@ +[general] +profile = profile.tizenorg_unified + +[profile.tizenorg_unified] +repos = repo.tizenorg_unified,repo.tizenorg_base +buildroot = ~/.GBS_ROOT + +[repo.tizenorg_base] +url = http://download.tizen.org/snapshots/tizen/base/latest/repos/standard/packages/ + +[repo.tizenorg_unified] +url = http://download.tizen.org/snapshots/tizen/unified/latest/repos/standard/packages/ diff --git a/examples/resources/sd_fusing_rpi.sh b/examples/resources/sd_fusing_rpi.sh new file mode 100755 index 0000000..653032f --- /dev/null +++ b/examples/resources/sd_fusing_rpi.sh @@ -0,0 +1,328 @@ +#!/bin/bash + +declare FORMAT="" +declare DEVICE="" + +# Binaires array for fusing +declare -a FUSING_BINARY_ARRAY +declare -i FUSING_BINARY_NUM=0 + +declare CONV_ASCII="" +declare -i FUS_ENTRY_NUM=0 + +# binary name | part number | bs +declare -a PART_TABLE=( + "boot.img" 1 512 + "rootfs.img" 2 4M + "system-data.img" 3 4M + "user.img" 5 4M + "modules.img" 6 512 + "ramdisk.img" 7 512 + "ramdisk-recovery.img" 8 512 + ) + +declare -r -i PART_TABLE_ROW=3 +declare -r -i PART_TABLE_COL=${#PART_TABLE[*]}/${PART_TABLE_ROW} + +# partition table support +function get_index_use_name () { + local -r binary_name=$1 + + for ((idx=0;idx<$PART_TABLE_COL;idx++)); do + if [ ${PART_TABLE[idx * ${PART_TABLE_ROW} + 0]} == $binary_name ]; then + return $idx + fi + done + + # return out of bound index + return $idx +} + +function print_message () { + local color=$1 + local message=$2 + + tput setaf $color + tput bold + echo "" + echo $message + tput sgr 0 +} + +function fusing_image () { + local -r fusing_img=$1 + + # get binary info using basename + get_index_use_name $(basename $fusing_img) + local -r -i part_idx=$? + + if [ $part_idx -ne $PART_TABLE_COL ];then + local -r device=$DEVICE${PART_TABLE[${part_idx} * ${PART_TABLE_ROW} + 1]} + local -r bs=${PART_TABLE[${part_idx} * ${PART_TABLE_ROW} + 2]} + else + echo "Not supported binary: $fusing_img" + return + fi + + local -r input_size=`du -b $fusing_img | awk '{print $1}'` + + print_message 2 "[Fusing $1]" + umount $device + dd if=$fusing_img | pv -s $input_size | dd of=$device bs=$bs + resize2fs -f $device +} + +function fuse_image_tarball () { + local -r filepath=$1 + local -r temp_dir="tar_tmp" + + mkdir -p $temp_dir + tar xvf $filepath -C $temp_dir + cd $temp_dir + + for file in * + do + fusing_image $file + done + + cd .. + rm -rf $temp_dir + eval sync +} + +function fuse_image () { + + if [ "$FUSING_BINARY_NUM" == 0 ]; then + return + fi + + for ((fuse_idx = 0 ; fuse_idx < $FUSING_BINARY_NUM ; fuse_idx++)) + do + local filename=${FUSING_BINARY_ARRAY[fuse_idx]} + + case "$filename" in + *.tar | *.tar.gz) + fuse_image_tarball $filename + ;; + *) + fusing_image $filename + ;; + esac + done + echo "" +} + +# partition format +function mkpart_3 () { + # NOTE: if your sfdisk version is less than 2.26.0, then you should use following sfdisk command: + # sfdisk --in-order --Linux --unit M $DISK <<-__EOF__ + + # NOTE: sfdisk 2.26 doesn't support units other than sectors and marks --unit option as deprecated. + # The input data needs to contain multipliers (MiB) instead. + local version=`sfdisk -v | awk '{print $4}'` + local major=${version%%.*} + local version=${version:`expr index $version .`} + local minor=${version%%.*} + local sfdisk_new=0 + + if [ $major -gt 2 ]; then + sfdisk_new=1 + else + if [ $major -eq 2 -a $minor -ge 26 ]; then + sfdisk_new=1 + fi + fi + + local -r DISK=$DEVICE + local -r SIZE=`sfdisk -s $DISK` + local -r SIZE_MB=$((SIZE >> 10)) + + local -r BOOT_SZ=64 + local -r ROOTFS_SZ=3072 + local -r DATA_SZ=512 + local -r MODULE_SZ=20 + local -r RAMDISK_SZ=8 + local -r RAMDISK_RECOVERY_SZ=12 + if [ $sfdisk_new == 1 ]; then + local -r EXTEND_SZ=8 + else + local -r EXTEND_SZ=4 + fi + + let "USER_SZ = $SIZE_MB - $BOOT_SZ - $ROOTFS_SZ - $DATA_SZ - $MODULE_SZ - $RAMDISK_SZ - $RAMDISK_RECOVERY_SZ - $EXTEND_SZ" + + local -r BOOT=boot + local -r ROOTFS=rootfs + local -r SYSTEMDATA=system-data + local -r USER=user + local -r MODULE=modules + local -r RAMDISK=ramdisk + local -r RAMDISK_RECOVERY=ramdisk-recovery + + if [[ $USER_SZ -le 100 ]] + then + echo "We recommend to use more than 4GB disk" + exit 0 + fi + + echo "========================================" + echo "Label dev size" + echo "========================================" + echo $BOOT" " $DISK"1 " $BOOT_SZ "MB" + echo $ROOTFS" " $DISK"2 " $ROOTFS_SZ "MB" + echo $SYSTEMDATA" " $DISK"3 " $DATA_SZ "MB" + echo "[Extend]"" " $DISK"4" + echo " "$USER" " $DISK"5 " $USER_SZ "MB" + echo " "$MODULE" " $DISK"6 " $MODULE_SZ "MB" + echo " "$RAMDISK" " $DISK"7 " $RAMDISK_SZ "MB" + echo " "$RAMDISK_RECOVERY" " $DISK"7 " $RAMDISK_RECOVERY_SZ "MB" + + local MOUNT_LIST=`mount | grep $DISK | awk '{print $1}'` + for mnt in $MOUNT_LIST + do + umount $mnt + done + + echo "Remove partition table..." + dd if=/dev/zero of=$DISK bs=512 count=16 conv=notrunc + + if [ $sfdisk_new == 1 ]; then + sfdisk $DISK <<-__EOF__ + 4MiB,${BOOT_SZ}MiB,0xE,* + 8MiB,${ROOTFS_SZ}MiB,,- + 8MiB,${DATA_SZ}MiB,,- + 8MiB,,E,- + ,${USER_SZ}MiB,,- + ,${MODULE_SZ}MiB,,- + ,${RAMDISK_SZ}MiB,,- + ,${RAMDISK_RECOVERY_SZ}MiB,,- + __EOF__ + else + sfdisk --in-order --Linux --unit M $DISK <<-__EOF__ + 4,$BOOT_SZ,0xE,* + ,$ROOTFS_SZ,,- + ,$DATA_SZ,,- + ,,E,- + ,$USER_SZ,,- + ,$MODULE_SZ,,- + ,$RAMDISK_SZ,,- + ,$RAMDISK_RECOVERY_SZ,,- + __EOF__ + fi + + mkfs.vfat -F 16 ${DISK}1 -n $BOOT + mkfs.ext4 -q ${DISK}2 -L $ROOTFS -F + mkfs.ext4 -q ${DISK}3 -L $SYSTEMDATA -F + mkfs.ext4 -q ${DISK}5 -L $USER -F + mkfs.ext4 -q ${DISK}6 -L $MODULE -F + mkfs.ext4 -q ${DISK}7 -L $RAMDISK -F + mkfs.ext4 -q ${DISK}8 -L $RAMDISK_RECOVERY -F +} + +function show_usage () { + echo "- Usage:" + echo " sudo ./sd_fusing*.sh -d [-b ..] [--format]" +} + +function check_partition_format () { + if [ "$FORMAT" != "2" ]; then + echo "-----------------------" + echo "Skip $DEVICE format" + echo "-----------------------" + return 0 + fi + + echo "-------------------------------" + echo "Start $DEVICE format" + echo "" + mkpart_3 + echo "End $DEVICE format" + echo "-------------------------------" + echo "" +} + +function check_args () { + if [ "$DEVICE" == "" ]; then + echo "$(tput setaf 1)$(tput bold)- Device node is empty!" + show_usage + tput sgr 0 + exit 0 + fi + + if [ "$DEVICE" != "" ]; then + echo "Device: $DEVICE" + fi + + if [ "$FUSING_BINARY_NUM" != 0 ]; then + echo "Fusing binary: " + for ((bid = 0 ; bid < $FUSING_BINARY_NUM ; bid++)) + do + echo " ${FUSING_BINARY_ARRAY[bid]}" + done + echo "" + fi + + if [ "$FORMAT" == "1" ]; then + echo "" + echo "$(tput setaf 3)$(tput bold)$DEVICE will be formatted, Is it OK? [y/n]" + tput sgr 0 + read input + if [ "$input" == "y" ] || [ "$input" == "Y" ]; then + FORMAT=2 + else + FORMAT=0 + fi + fi +} + +function print_logo () { + echo "" + echo "Raspberry Pi3 downloader, version 0.1" + echo "" +} + +print_logo + +function add_fusing_binary() { + local declare binary_name=$1 + FUSING_BINARY_ARRAY[$FUSING_BINARY_NUM]=$binary_name + + FUSING_BINARY_NUM=$((FUSING_BINARY_NUM + 1)) +} + + +declare -i binary_option=0 + +while test $# -ne 0; do + option=$1 + shift + + case $option in + --f | --format) + FORMAT="1" + binary_option=0 + ;; + -d) + DEVICE=$1 + binary_option=0 + shift + ;; + -b) + add_fusing_binary $1 + binary_option=1 + shift + ;; + *) + if [ $binary_option == 1 ];then + add_fusing_binary $option + else + echo "Unkown command: $option" + exit + fi + ;; + esac +done + +check_args +check_partition_format +fuse_image diff --git a/examples/ta/CMakeLists.txt b/examples/ta/CMakeLists.txt new file mode 100644 index 0000000..645cfc4 --- /dev/null +++ b/examples/ta/CMakeLists.txt @@ -0,0 +1,33 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +# @file +# @author Igor Kotrasinski (i.kotrasinsk@partner.samsung.com) +# @brief CMakeLists for example CA and TA +# + +CMAKE_MINIMUM_REQUIRED(VERSION 2.6) + +SET(TA1_PATH ${PROJECT_SOURCE_DIR}/ta/ta1) +SET(TA2_PATH ${PROJECT_SOURCE_DIR}/ta/ta2) +SET(TA3_PATH ${PROJECT_SOURCE_DIR}/ta/ta3) + +# This sets various required compilation & linking flags, as well as provides +# the TA image creation macro. To avoid contaminating CAs with these flags we +# only include it in this subdirectory. +INCLUDE(UnifiedTADevkit) + +ADD_SUBDIRECTORY(ta1) +ADD_SUBDIRECTORY(ta2) +ADD_SUBDIRECTORY(ta3) diff --git a/examples/ta/ta1/CMakeLists.txt b/examples/ta/ta1/CMakeLists.txt new file mode 100644 index 0000000..028f0eb --- /dev/null +++ b/examples/ta/ta1/CMakeLists.txt @@ -0,0 +1,44 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############# Entry defines ############# + +SET(TARGET_TA 00000000-0000-0000-0000-00FACEBEEF01.elf) + +############# TA ############# + +SET(TA_SOURCES + ${TA1_PATH}/src/ta.c + ) + +INCLUDE(FindPkgConfig) + +PKG_CHECK_MODULES(TA_DEPS REQUIRED + unified-ta-devkit + ) + +ADD_EXECUTABLE(${TARGET_TA} + ${TA_SOURCES} + ) + +TARGET_LINK_LIBRARIES(${TARGET_TA} + ${TA_DEPS_LIBRARIES} + ${TA_DEPS_STATIC_LIBRARIES} + ) + +# In order - TA image target name, built TA ELF target, directory to +# backend-specific files, final TA name. +GENERATE_TA_IMAGE(SIGNED_TA1 ${TARGET_TA} ${TA1_PATH}/backends ${TA1_NAME}) +INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/${TA1_NAME} DESTINATION ${TASTORE_DIR}) diff --git a/examples/ta/ta1/backends/optee/include/user_ta_header_defines.h b/examples/ta/ta1/backends/optee/include/user_ta_header_defines.h new file mode 100644 index 0000000..89a515b --- /dev/null +++ b/examples/ta/ta1/backends/optee/include/user_ta_header_defines.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * The name of this file must not be modified + */ + +#ifndef USER_TA_HEADER_DEFINES_H +#define USER_TA_HEADER_DEFINES_H + +//#include + +#define KM_TA_UUID { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0xFA, 0xCE, 0xBE, 0xEF, 0x01} } + +#define TA_UUID KM_TA_UUID + +#define TA_FLAGS (TA_FLAG_MULTI_SESSION | TA_FLAG_EXEC_DDR) +#define TA_STACK_SIZE (2 * 1024) +#define TA_DATA_SIZE (32 * 1024) + +#define TA_CURRENT_TA_EXT_PROPERTIES \ + { "gp.ta.description", USER_TA_PROP_TYPE_STRING, \ + "Hello World TA" }, \ + { "gp.ta.version", USER_TA_PROP_TYPE_U32, &(const uint32_t){ 0x0010 } } + +#endif /*USER_TA_HEADER_DEFINES_H*/ + diff --git a/examples/ta/ta1/backends/simulator/manifest.xml b/examples/ta/ta1/backends/simulator/manifest.xml new file mode 100644 index 0000000..1d7046a --- /dev/null +++ b/examples/ta/ta1/backends/simulator/manifest.xml @@ -0,0 +1,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + "Key manager Trusted Application." + "Samsung Electronics" + "This sample Application is provided as is. All rights reserved." + "Copyright (c) 2017 Samsung Electronics" + + + diff --git a/examples/ta/ta1/src/ta.c b/examples/ta/ta1/src/ta.c new file mode 100644 index 0000000..7dd22c7 --- /dev/null +++ b/examples/ta/ta1/src/ta.c @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2017 - 2018 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include + +TEE_Result TA_CreateEntryPoint(void) +{ + return TEE_SUCCESS; +} + +void TA_DestroyEntryPoint(void) +{ +} + +TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes, TEE_Param params[4], void **sessionContext) +{ + (void)paramTypes; + (void)params; + (void)sessionContext; + return TEE_SUCCESS; +} + +void TA_CloseSessionEntryPoint( +#if defined(TEF_BUILD_SIMULATOR) + const +#endif + void *sessionContext) +{ + (void)sessionContext; +} + +TEE_Result TA_InvokeCommandEntryPoint( +#if defined(TEF_BUILD_SIMULATOR) + const +#endif + void *sessionContext, uint32_t commandID, uint32_t param_types, + TEE_Param param[4]) +{ + (void)sessionContext; + (void)commandID; + (void)param_types; + + param[0].value.a++; + return TEE_SUCCESS; +} diff --git a/examples/ta/ta2/CMakeLists.txt b/examples/ta/ta2/CMakeLists.txt new file mode 100644 index 0000000..3274d6c --- /dev/null +++ b/examples/ta/ta2/CMakeLists.txt @@ -0,0 +1,42 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############# Entry defines ############# + +SET(TARGET_TA 00000000-0000-0000-0000-00FACEBEEF02.elf) + +############# TA ############# + +SET(TA_SOURCES + ${TA2_PATH}/src/ta.c + ) + +INCLUDE(FindPkgConfig) + +PKG_CHECK_MODULES(TA_DEPS REQUIRED + unified-ta-devkit + ) + +ADD_EXECUTABLE(${TARGET_TA} + ${TA_SOURCES} + ) + +TARGET_LINK_LIBRARIES(${TARGET_TA} + ${TA_DEPS_LIBRARIES} + ${TA_DEPS_STATIC_LIBRARIES} + ) + +GENERATE_TA_IMAGE(SIGNED_TA2 ${TARGET_TA} ${TA2_PATH}/backends ${TA2_NAME}) +INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/${TA2_NAME} DESTINATION ${TASTORE_DIR}) diff --git a/examples/ta/ta2/backends/optee/include/user_ta_header_defines.h b/examples/ta/ta2/backends/optee/include/user_ta_header_defines.h new file mode 100644 index 0000000..be449ab --- /dev/null +++ b/examples/ta/ta2/backends/optee/include/user_ta_header_defines.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * The name of this file must not be modified + */ + +#ifndef USER_TA_HEADER_DEFINES_H +#define USER_TA_HEADER_DEFINES_H + +//#include + +#define KM_TA_UUID { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0xFA, 0xCE, 0xBE, 0xEF, 0x02} } + +#define TA_UUID KM_TA_UUID + +#define TA_FLAGS (TA_FLAG_MULTI_SESSION | TA_FLAG_EXEC_DDR) +#define TA_STACK_SIZE (2 * 1024) +#define TA_DATA_SIZE (32 * 1024) + +#define TA_CURRENT_TA_EXT_PROPERTIES \ + { "gp.ta.description", USER_TA_PROP_TYPE_STRING, \ + "Hello World TA" }, \ + { "gp.ta.version", USER_TA_PROP_TYPE_U32, &(const uint32_t){ 0x0010 } } + +#endif /*USER_TA_HEADER_DEFINES_H*/ + diff --git a/examples/ta/ta2/backends/simulator/manifest.xml b/examples/ta/ta2/backends/simulator/manifest.xml new file mode 100644 index 0000000..01b21c8 --- /dev/null +++ b/examples/ta/ta2/backends/simulator/manifest.xml @@ -0,0 +1,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + "Key manager Trusted Application." + "Samsung Electronics" + "This sample Application is provided as is. All rights reserved." + "Copyright (c) 2017 Samsung Electronics" + + + diff --git a/examples/ta/ta2/src/ta.c b/examples/ta/ta2/src/ta.c new file mode 100644 index 0000000..aaaf876 --- /dev/null +++ b/examples/ta/ta2/src/ta.c @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2017 - 2018 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include + +TEE_Result TA_CreateEntryPoint(void) +{ + return TEE_SUCCESS; +} + +void TA_DestroyEntryPoint(void) +{ +} + +TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes, TEE_Param params[4], void **sessionContext) +{ + (void)paramTypes; + (void)params; + (void)sessionContext; + return TEE_SUCCESS; +} + +void TA_CloseSessionEntryPoint( +#if defined(TEF_BUILD_SIMULATOR) + const +#endif + void *sessionContext) +{ + (void)sessionContext; +} + +static char obj_id[8] = {0xBA, 0xDA, 0xB1, 0x16, 0xBA, 0xDA, 0xB0, 0x00}; + +static TEE_Result save(uint32_t num) +{ + TEE_Result res; + TEE_ObjectHandle obj; + + res = TEE_CreatePersistentObject(TEE_STORAGE_PRIVATE, + obj_id, sizeof(obj_id), + TEE_DATA_FLAG_ACCESS_READ | + TEE_DATA_FLAG_ACCESS_WRITE | + TEE_DATA_FLAG_ACCESS_WRITE_META | +#if defined(TEF_BUILD_SIMULATOR) + TEE_DATA_FLAG_EXCLUSIVE, +#else + TEE_DATA_FLAG_OVERWRITE, +#endif + TEE_HANDLE_NULL, + 0, 0, + &obj); + if (res != TEE_SUCCESS) + return res; + + res = TEE_WriteObjectData(obj, &num, sizeof(num)); + TEE_CloseObject(obj); + return res; +} + +static TEE_Result load(uint32_t *num) +{ + TEE_Result res; + TEE_ObjectHandle obj; + uint32_t read; + + res = TEE_OpenPersistentObject(TEE_STORAGE_PRIVATE, + obj_id, sizeof(obj_id), + TEE_DATA_FLAG_ACCESS_READ, + &obj); + if (res != TEE_SUCCESS) + return res; + + res = TEE_ReadObjectData(obj, num, sizeof(*num), &read); + TEE_CloseObject(obj); + + if (res != TEE_SUCCESS) + return res; + if (read != sizeof(*num)) + return TEE_ERROR_GENERIC; + return TEE_SUCCESS; +} + +TEE_Result TA_InvokeCommandEntryPoint( +#if defined(TEF_BUILD_SIMULATOR) + const +#endif + void *sessionContext, uint32_t commandID, uint32_t param_types, + TEE_Param param[4]) +{ + (void)sessionContext; + (void)commandID; + (void)param_types; + + if (param[0].value.a == 0) + return save(param[0].value.b); + else + return load(¶m[0].value.b); +} + diff --git a/examples/ta/ta3/CMakeLists.txt b/examples/ta/ta3/CMakeLists.txt new file mode 100644 index 0000000..263d399 --- /dev/null +++ b/examples/ta/ta3/CMakeLists.txt @@ -0,0 +1,42 @@ +# Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +############# Entry defines ############# + +SET(TARGET_TA 00000000-0000-0000-0000-00FACEBEEF03.elf) + +############# TA ############# + +SET(TA_SOURCES + ${TA3_PATH}/src/ta.c + ) + +INCLUDE(FindPkgConfig) + +PKG_CHECK_MODULES(TA_DEPS REQUIRED + unified-ta-devkit + ) + +ADD_EXECUTABLE(${TARGET_TA} + ${TA_SOURCES} + ) + +TARGET_LINK_LIBRARIES(${TARGET_TA} + ${TA_DEPS_LIBRARIES} + ${TA_DEPS_STATIC_LIBRARIES} + ) + +GENERATE_TA_IMAGE(SIGNED_TA3 ${TARGET_TA} ${TA3_PATH}/backends ${TA3_NAME}) +INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/${TA3_NAME} DESTINATION ${TASTORE_DIR}) diff --git a/examples/ta/ta3/backends/optee/include/user_ta_header_defines.h b/examples/ta/ta3/backends/optee/include/user_ta_header_defines.h new file mode 100644 index 0000000..bd73d70 --- /dev/null +++ b/examples/ta/ta3/backends/optee/include/user_ta_header_defines.h @@ -0,0 +1,40 @@ +/* + * Copyright (c) 2017 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +/** + * The name of this file must not be modified + */ + +#ifndef USER_TA_HEADER_DEFINES_H +#define USER_TA_HEADER_DEFINES_H + +//#include + +#define KM_TA_UUID { 0x00000000, 0x0000, 0x0000, { 0x00, 0x00, 0x00, 0xFA, 0xCE, 0xBE, 0xEF, 0x03} } + +#define TA_UUID KM_TA_UUID + +#define TA_FLAGS (TA_FLAG_MULTI_SESSION | TA_FLAG_EXEC_DDR) +#define TA_STACK_SIZE (2 * 1024) +#define TA_DATA_SIZE (32 * 1024) + +#define TA_CURRENT_TA_EXT_PROPERTIES \ + { "gp.ta.description", USER_TA_PROP_TYPE_STRING, \ + "Hello World TA" }, \ + { "gp.ta.version", USER_TA_PROP_TYPE_U32, &(const uint32_t){ 0x0010 } } + +#endif /*USER_TA_HEADER_DEFINES_H*/ + diff --git a/examples/ta/ta3/backends/simulator/manifest.xml b/examples/ta/ta3/backends/simulator/manifest.xml new file mode 100644 index 0000000..8cf7a79 --- /dev/null +++ b/examples/ta/ta3/backends/simulator/manifest.xml @@ -0,0 +1,42 @@ + + + + + + + + + + + + + + + + + + + + + + + + "Key manager Trusted Application." + "Samsung Electronics" + "This sample Application is provided as is. All rights reserved." + "Copyright (c) 2017 Samsung Electronics" + + + diff --git a/examples/ta/ta3/src/ta.c b/examples/ta/ta3/src/ta.c new file mode 100644 index 0000000..09d83da --- /dev/null +++ b/examples/ta/ta3/src/ta.c @@ -0,0 +1,102 @@ +/* + * Copyright (c) 2017 - 2018 Samsung Electronics Co., Ltd All Rights Reserved + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License + */ + +#include + +TEE_Result TA_CreateEntryPoint(void) +{ + return TEE_SUCCESS; +} + +void TA_DestroyEntryPoint(void) +{ +} + +TEE_Result TA_OpenSessionEntryPoint(uint32_t paramTypes, TEE_Param params[4], void **sessionContext) +{ + (void)paramTypes; + (void)params; + (void)sessionContext; + return TEE_SUCCESS; +} + +void TA_CloseSessionEntryPoint( +#if defined(TEF_BUILD_SIMULATOR) + const +#endif + void *sessionContext) +{ + (void)sessionContext; +} + +static char keyval[32] = "5772156649015328606065120900824"; + +static char iv[32]; + +static TEE_Result crypt(uint32_t dir, void *in, size_t insz, void *out, size_t outsz) +{ + TEE_Result res; + TEE_OperationHandle op; + TEE_ObjectHandle key; + TEE_Attribute key_attrs[1]; + + key_attrs[0].attributeID = TEE_ATTR_SECRET_VALUE; + key_attrs[0].content.ref.buffer = keyval; + key_attrs[0].content.ref.length = 32; + + res = TEE_AllocateTransientObject(TEE_TYPE_AES, 256, &key); + if (res != TEE_SUCCESS) + goto exit; + res = TEE_PopulateTransientObject(key, key_attrs, 1); + if (res != TEE_SUCCESS) + goto free_key; + + res = TEE_AllocateOperation(&op, TEE_ALG_AES_ECB_NOPAD, + dir == 0 ? TEE_MODE_ENCRYPT : TEE_MODE_DECRYPT, + 256); + if (res != TEE_SUCCESS) + goto free_key; + res = TEE_SetOperationKey(op, key); + if (res != TEE_SUCCESS) + goto free_op; + + TEE_MemFill(iv, 0, 32); + TEE_CipherInit(op, iv, 32); + res = TEE_CipherDoFinal(op, in, insz, out, &outsz); + if (outsz != 128) + return TEE_ERROR_GENERIC; +free_op: + TEE_FreeOperation(op); +free_key: + TEE_FreeTransientObject(key); +exit: + return res; +} + +TEE_Result TA_InvokeCommandEntryPoint( +#if defined(TEF_BUILD_SIMULATOR) + const +#endif + void *sessionContext, uint32_t commandID, uint32_t param_types, + TEE_Param param[4]) +{ + (void)sessionContext; + (void)commandID; + (void)param_types; + return crypt(param[0].value.a, + param[1].memref.buffer, param[1].memref.size, + param[2].memref.buffer, param[2].memref.size); +} -- 2.34.1