OPEN-TEE 代码同步及编译环境配置过程

本文将讲述 OPEN-TEE(一种遵循GP规范且开源的TEE方案)代码的同步及其编译环境的搭建过程。

1. 安装 OPEN-TEE 编译所依赖的库或工具

(1)为了确保 Android 源码可以正常编译,请参照 Android 官网执行以下命令安装依赖文件:

1
2
3
4
5
#aosp
$ sudo apt-get install git-core gnupg flex bison build-essential zip \
curl zlib1g-dev gcc-multilib g++-multilib libc6-dev-i386 \
lib32ncurses5-dev x11proto-core-dev libx11-dev lib32z1-dev \
libgl1-mesa-dev libxml2-utils xsltproc unzip fontconfig

(2)如果想使用adb/fastboot工具,可以执行以下命令获取:

1
$ sudo apt-get install android-tools-adb android-tools-fastboot

(3)为了确保 qemu 可以正常编译,请执行以下命令安装依赖文件:

1
2
3
#qemu
$ sudo apt-get install autoconf cscope gdisk libfdt-dev libglib2.0-dev \
libstdc++6:i386 libz1:i386 netcat xz-utils xterm python-crypto python-serial python-wand

2. 从 GitHub 获取 OPEN-TEE 源码

(1)可以使用repo工具下载整个 OPEN-TEE 项目代码:

1
2
3
4
$ mkdir -p linaro_optee
$ cd linaro_optee
$ repo init -u https://github.com/OP-TEE/manifest.git -m default.xml -b master
$ repo sync -j4 --no-clone-bundle

(2)也可以使用git clone命令或直接从 GitHub 下载所需的单个仓库代码:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
#OP-TEE gits
$ git clone https://github.com/OP-TEE/optee_client.git
$ git clone https://github.com/OP-TEE/optee_os.git
$ git clone https://github.com/OP-TEE/optee_test.git
$ git clone https://github.com/OP-TEE/build.git
#linaro-swg gits
$ git clone https://github.com/linaro-swg/linux.git
$ git clone https://github.com/linaro-swg/optee_benchmark.git
$ git clone https://github.com/linaro-swg/optee_examples.git
$ git clone https://github.com/linaro-swg/soc_term.git
#Misc gits
$ git clone https://github.com/buildroot/buildroot.git
$ git clone https://github.com/qemu/qemu.git
$ git clone https://github.com/TF-A/trusted-firmware-a.git
$ git clone https://github.com/u-boot.git

#$ git clone https://github.com/OP-TEE/manifest.git
#$ git clone https://github.com/linaro-swg/arm-trusted-firmware.git
#$ git clone https://github.com/OP-TEE/edk2.git
#$ git clone https://github.com/OP-TEE/optee_docs.git
#$ git clone https://github.com/OP-TEE/optee_linuxdriver.git
#$ git clone https://github.com/OP-TEE/optee_website.git
#$ git clone https://github.com/linaro-swg/optee_android_manifest.git
#$ git clone https://github.com/linaro-swg/optee_android_tools.git
#$ git clone https://github.com/linaro-swg/bios_qemu_tz_arm.git
#$ git clone https://github.com/linaro-swg/gen_rootfs.git
#$ git clone https://github.com/linaro-swg/qemu.git
#$ git clone https://github.com/linaro-swg/u-boot.git

3. 获取交叉编译工具链

(1)使用 build 目录的toolchain.mkget_clang.sh脚本自动下载解压gcc/clang编译工具:

1
2
3
4
5
6
#Using git scripts
$ cd linaro_optee
$ git clone https://github.com/OP-TEE/build.git
$ cd build
$ make -f toolchain.mk toolchains 2>&1 | tee toolchains.log
$ make -f toolchain.mk clang-toolchains 2>&1 | tee clang-toolchains.log

(2)也可以手动执行下面命令依次下载并解压gcc/clang编译工具:

1
2
3
4
5
6
7
8
9
10
11
#Direct download
$ mkdir toolchains && cd toolchains
$ wget -nv https://developer.arm.com/-/media/Files/downloads/gnu-a/8.3-2019.03/binrel/gcc-arm-8.3-2019.03-x86_64-arm-linux-gnueabihf.tar.xz
$ mkdir aarch32
$ tar xf gcc-arm-8.3-2019.03-x86_64-arm-linux-gnueabihf.tar.xz -C aarch32 --strip-components=1
$ wget -nv https://developer.arm.com/-/media/Files/downloads/gnu-a/8.3-2019.03/binrel/gcc-arm-8.3-2019.03-x86_64-aarch64-linux-gnu.tar.xz
$ mkdir aarch64
$ tar xf gcc-arm-8.3-2019.03-x86_64-aarch64-linux-gnu.tar.xz -C aarch64 --strip-components=1
$ wget -nv https://github.com/llvm/llvm-project/releases/download/llvmorg-9.0.1/clang+llvm-9.0.1-aarch64-linux-gnu.tar.xz
$ cd .. && mkdir clang-9.0.1 && cd clang-9.0.1
$ tar xf clang+llvm-9.0.1-aarch64-linux-gnu.tar.xz -C clang-aarch64 --strip-components=1

4. 编译 QEMU 平台工程

执行下面命令可以选择qemu.mk编译 QEMU 平台工程:

1
2
3
$ cd build
$ make -f qemu.mk all 2>&1 | tee qemu_all.log
#$ make -f qemu_v8.mk all 2>&1 | tee qemu_v8_all.log

下面整理了编译过程中所遇到的 4个编译报错及其解决方案。

(1)Error 1 – Cryptodome

1
2
3
4
5
6
7
8
9
10
11
12
#error log
Traceback (most recent call last):
File "scripts/pem_to_pub_c.py", line 61, in <module>
main()
File "scripts/pem_to_pub_c.py", line 24, in main
from Cryptodome.PublicKey import RSA
ImportError: No module named 'Cryptodome'
mk/subdir.mk:161: recipe for target 'out/arm/core/ta_pub_key.c' failed
make[1]: *** [out/arm/core/ta_pub_key.c] Error 1
make[1]: Leaving directory '/media/xiezeyang/CODE/linaro_optee/optee_os'
common.mk:370: recipe for target 'optee-os-common' failed
make: *** [optee-os-common] Error 2
1
2
3
#solution
$ pip3 install pycryptodomex
#$ sudo apt install python3-pycryptodomex

(2)Error 2 – elftools

1
2
3
4
5
6
7
8
9
10
#error log
Traceback (most recent call last):
File "scripts/gen_ldelf_hex.py", line 13, in <module>
from elftools.elf.elffile import ELFFile
ImportError: No module named 'elftools'
mk/subdir.mk:161: recipe for target 'out/arm/core/ldelf_hex.c' failed
make[1]: *** [out/arm/core/ldelf_hex.c] Error 1
make[1]: Leaving directory '/media/xiezeyang/CODE/linaro_optee/optee_os'
common.mk:370: recipe for target 'optee-os-common' failed
make: *** [optee-os-common] Error 2
1
2
3
#solution
$ pip3 install pyelftools
#$ sudo apt install python3-pyelftools

(3)Error 3 – pixman

1
2
3
4
5
6
#error log
ERROR: pixman >= 0.21.8 not present.
Please install the pixman devel package.

qemu.mk:83: recipe for target 'qemu' failed
make: *** [qemu] Error 1
1
2
#solution
$ sudo apt install libpixman-1-dev

(4)Error 4 – uuid

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
GenFvInternalLib.c:24:23: fatal error: uuid/uuid.h: No such file or directory
#include <uuid/uuid.h>
^
compilation terminated.
../Makefiles/footer.makefile:27: recipe for target 'GenFvInternalLib.o' failed
make[3]: *** [GenFvInternalLib.o] Error 1
make[3]: Leaving directory '/media/xiezeyang/CODE/linaro_optee_v8/edk2/BaseTools/Source/C/GenFv'
GNUmakefile:85: recipe for target 'GenFv' failed
make[2]: *** [GenFv] Error 2
make[2]: Leaving directory '/media/xiezeyang/CODE/linaro_optee_v8/edk2/BaseTools/Source/C'
GNUmakefile:25: recipe for target 'Source/C' failed
make[1]: *** [Source/C] Error 2
make[1]: Leaving directory '/media/xiezeyang/CODE/linaro_optee_v8/edk2/BaseTools'
common.mk:278: recipe for target 'edk2-common' failed
make: *** [edk2-common] Error 2
1
$ sudo apt-get install uuid-dev

(5) Error 5 – iasl-acpica

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
/bin/sh: 1: iasl: not found
GNUmakefile:609: recipe for target '/media/xiezeyang/CODE/linaro_optee_v8/edk2/Build/ArmVirtQemuKernel-AARCH64/RELEASE_GCC49/AARCH64/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe/OUTPUT/RamDisk.aml' failed
make[1]: *** [/media/xiezeyang/CODE/linaro_optee_v8/edk2/Build/ArmVirtQemuKernel-AARCH64/RELEASE_GCC49/AARCH64/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe/OUTPUT/RamDisk.aml] Error 127
make[1]: Leaving directory '/media/xiezeyang/CODE/linaro_optee_v8/edk2/Build/ArmVirtQemuKernel-AARCH64/RELEASE_GCC49/AARCH64/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe'
build.py...
: error 7000: Failed to execute command
make tbuild [/media/xiezeyang/CODE/linaro_optee_v8/edk2/Build/ArmVirtQemuKernel-AARCH64/RELEASE_GCC49/AARCH64/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe]
build.py...
: error F002: Failed to build module
/media/xiezeyang/CODE/linaro_optee_v8/edk2/MdeModulePkg/Universal/Disk/RamDiskDxe/RamDiskDxe.inf [AARCH64, GCC49, RELEASE]
- Failed -
Build end time: 10:10:36, Aug.13 2020
Build total time: 00:00:05
common.mk:278: recipe for target 'edk2-common' failed
make: *** [edk2-common] Error 1
1
$ sudo apt-get install acpica-tools

5. 启动 QEMU 平台的 OPEN-TEE

(1)使用下面指令可启动基于 QEMU 平台的 OPEN-TEE:

1
2
3
$ cd build
$ make -f qemu.mk run-only 2>&1 | tee qemu_run_only.log
#$ make -f qemu_v8.mk run-only 2>&1 | tee qemu_v8_run_only.log

(2)在启动 OPEN-TEE 的窗口输入c会启动2个新的终端窗口,一个是 OP-TEE 的终端窗口(对应安全世界状态),另一个是 linux 的终端窗口(对应正常世界状态)。

1
2
3
QEMU 5.0.0 monitor - type 'help' for more information
#continue
(qemu) c

(3)在 linux 的终端窗口输入 hello_world 或 xtest 指令会执行测试的 CA 文件:

1
2
3
root@Vexpress:/ hello_world
Invoking TA to increment 42
TA incremented value to 43

(4)在启动 OPEN-TEE 的终端窗口输入q会退出 OPEN-TEE:

1
2
3
QEMU 5.0.0 monitor - type 'help' for more information
#quit
(qemu) q