This article describes how to develop a Trusted Application for OP-TEE using an OpenSTLinux environment.
1. Starting from an example[edit source]
The simplest way to begin the development of a new OP-TEE Trusted Application is to start from a minimal example. Let's take the hello_world example from the official optee_examples.git repository:
git clone https://github.com/linaro-swg/optee_examples
2. Build[edit source]
At this point it is assumed OpenSTLinux SDK is installed and set up correctly.
The Trusted Application can be built by running make. For instance with the "hello_world" example:
make -C optee_examples/hello_world make[1]: Entering directory '…/optee_examples/hello_world/host' [...] make[1]: Leaving directory '…/optee_examples/hello_world/host' make[1]: Entering directory '…/optee_examples/hello_world/ta' [...] make[1]: Leaving directory '…/optee_examples/hello_world/ta'
3. Run[edit source]
Once built, the Trusted Application (here built from hello_world/ta/) and its client application (here built from hello_world/host) can be copied onto the running system at the expected location. For instance with the "hello_world" example, using scp:
scp optee_examples/hello_world/host/optee_example_hello_world root@<board ip address>:/usr/bin scp optee_examples/hello_world/ta/8aaaf200-2450-11e4-abe2-0002a5d5c51b.ta root@<board ip address>:/lib/optee_armtz/
Now it can be executed easily from the running system:
optee_example_hello_world D/TA: TA_CreateEntryPoint:39 has been called D/TA: TA_OpenSessionEntryPoint:68 has been called I/TA: Hello World! Invoking TA to increment 42 D/TA: inc_value:105 has been called I/TA: Got value: 42 from NW I/TA: Increase value to: 43 TA incremented value to 43 I/TA: Goodbye! D/TA: TA_DestroyEntryPoint:50 has been called
4. Going further[edit source]
To get more information on how to develop on OP-TEE Trusted Application, please refer to https://optee.readthedocs.io/en/latest/building/trusted_applications.html.
Section above shows how to install a Trusted Application on a Linux OS filesystem (here /lib/optee_armtz/ directory). Note however that there are alternate locations where an OP-TEE Trusted Application can be installed: the OP-TEE firmware image and the OP-TEE secure storage. Please refer to https://optee.readthedocs.io/en/latest/architecture/trusted_applications.html for more information.