Trust App(高通)

高嘉熙
2023-12-01

本文转载自简书,原文作者:后知晚觉,https://www.jianshu.com/p/17af7a8f7864

CP代码编译方法

交叉编译工具下载

在高通网站上下载llvm,

llvm编译器版本,可以在llvm.py脚本中通过print获取:

vim /....../CP/TZ.XF.5.1/trustzone_images/tools/build/scons/scripts/llvm.py +189

增加代码:print(os.environ.has_key('LLVMBIN'))

我的环境中,打印LLVMBIN的路径为:/pkg/LLVM/8.0.9

下载完成后,解压后,将目录重命名为8.0.9,并mv到/pkg/LLVM目录下。

然后在CP目录下执行./build.sh tz命令。

会报错,提示找不到gcc-linaro编译器,根据报错版本描述,在linaro网站下下载对应的版本。

我搜到的下载地址为:https://releases.linaro.org/archive/14.07/components/toolchain/binaries/

下载解压后,mv到报错提示的位置:/pkg/LLVM/linaro/

编译

再次在CP目录下执行./build.sh tz命令:

./build.sh tz

提示编译成功:

scons: done building targets.

==============================================================================
   SCons build summary
==============================================================================
** Build time...
 Build start  : Wed Jun  9 09:28:52 2021
 Build end    : Wed Jun  9 09:28:58 2021
 Elapsed time : 0:00:06

Start Time = 2021年 06月 09日 星期三 09:28:52 CST - End Time = 2021年 06月 09日 星期三 09:28:58 CST
Elapsed Time = 6 seconds
WARNING:build_all:Extra artifacts: devcfg.mbn, focal32.mbn, gpsample.mbn, smplap32.mbn, smplap64.mbn, smplcert.mbn, smplserv.mbn, teetest.mbn, teetest64.mbn
INFO:build_all:Build completed successfully
INFO:build_all:Total elapsed time: 0 minutes, 8 seconds

上面的步骤是整编trustzone,如果只编译某个App,则执行下面的命令:

cd /....../CP/TZ.XF.5.1/trustzone_images/build/ms
python build_all.py -b TZ.XF.5.1 CHIPSET=kamorta --cbt=sampleapp

测试

将编译好的sampleapp push到系统中测试:

adb root
adb remount 
adb shell mount -o remount,RW /vendor/firmware_mnt
cd /....../TZ.XF.5.1/trustzone_images/build/ms/bin/PIL_IMAGES/SPLITBINS_FADAANAA/signed
adb push smplap* /vendor/firmware_mnt/image/
adb shell sync

运行测试程序:

$ adb shell qseecom_sample_client v smplap32 0 1
Note: Command line arguments do not belong to legacy test
Starting qsc_run_get_version test: cmd = 0, thread = 1
qsc_run_get_version PASSED 

调试

执行qseecom_sample_client命令时,查看TA侧的log:

$ adb shell cat /sys/kernel/debug/tzdbg/qsee_log
[7eb1a0662]<1>smplap32: SAMPLEApp constructor
[7eb1a072d]<1>smplap32: SAMPLEApp constructor2
[7eb1a07d3]<1>smplap32: SAMPLEApp Init 
[7eb1a0875]<1>smplap32: Version: 1.3
[7eb1c3af2]<1>smplap32: TZ App cmd handler, cmd_id = 0
[7eb1c3c5a]<1>smplap32: ****PASSED : get version test
[7eb1c9864]<1>smplap32: SAMPLE App shutdown
[7eb1c9a33]<1>smplap32: SAMPLEApp destructor2
[7eb1c9acc]<1>smplap32: SAMPLEApp destructor

TA侧的log可以反映出sampleapp源码的app_main.c中的生命周期函数。

app_main.c中的如下函数被依次执行:

  1. tz_contructor
  2. tz_contructor2
  3. tz_app_init
  4. tz_app_cmd_handler
  5. tz_app_shutdown
  6. tz_destructor2
  7. tz_destructor

sampleapp中cmd_id为0命令为获取sampleapp的版本号,对应tz_app_cmd_handler函数中“case CLIENT_CMD0_GET_VERSION" 逻辑。

自定义TA---keyzeroapp

参考sampleapp创建app

拷贝sampleapp,重命名为hellotrustapp。

sampleapp代码在/....../CP/TZ.XF.5.1/trustzone_images/ssg/securemsm/trustzone/qsapps目录下。

并将src目录下的SConscript文件中红出现的smplap和sampleapp字符串修改为hellota和hellotrustapp。

修复hellotrustapp中的uuid变量值,使用HelloTrustApp字符串对应的十六进制值:

HelloTrustApp -> 48656c6c6f5472757374417070

修改app_main.c中的SAMPLEApp字符串为:HelloTrustApp

增加编译配置

编辑/....../CP/TZ.XF.5.1/trustzone_images/ssg/bsp/trustzone/build/SConscript文件,按照sampleapp的配置,复制出hellotrustapp的编译配置(共三处)。

增加hellotrustapp的依赖文件:

在/....../CP/TZ.XF.5.1/trustzone_images/ssg/bsp/trustzone/qsapps目录下,复制sampleapp和smplap64目录,重命名为hellotrustapp和hellota64目录。

配置mdt split规则

/....../CP/TZ.XF.5.1/trustzone_images/sectools/config/kamorta/kamorta_secimage.xml

在kamorta_secimage文件中按照sampleapp的格式编写hellotrustapp的文件split规则。

添加整编规则

vim /....../CP/TZ.XF.5.1/trustzone_images/build/ms/build_config_deploy_kamorta.xml

在文件中sampleapp前面增加:

<alias build-once="false" disable="false" internal-test="false" name="keyzeroapp" recompile="true" strip="false">
    <artifact name="keyzero32"/>
    <artifact name="keyzero64"/>
    <mapreport path="ssg/bsp/trustzone/qsapps"/>
</alias>

编译

整编:

cd /....../CP
./build.sh tz

只有整编的情况下,才会生成split文件,生成的split文件在/....../CP/TZ.XF.5.1/trustzone_images/build/ms/bin/PIL_IMAGES/SPLITBINS_FADAANAA目录下:

SPLITBINS_FADAANAA$ ls hellota*
hellota32.b00  hellota32.b02  hellota32.b04  hellota32.b06  hellota32.mdt  hellota64.b01  hellota64.b03  hellota64.b05  hellota64.b07
hellota32.b01  hellota32.b03  hellota32.b05  hellota32.b07  hellota64.b00  hellota64.b02  hellota64.b04  hellota64.b06  hellota64.mdt

测试

push到设备中:

adb push hellota* /vendor/firmware_mnt/image/
hellota32.b00: 1 file pushed. 0.0 MB/s (308 bytes in 0.027s)
hellota32.b01: 1 file pushed. 0.3 MB/s (6952 bytes in 0.025s)
hellota32.b02: 1 file pushed. 3.3 MB/s (256860 bytes in 0.074s)
hellota32.b03: 1 file pushed. 0.0 MB/s (205 bytes in 0.013s)
hellota32.b04: 1 file pushed. 13.0 MB/s (1475900 bytes in 0.108s)
hellota32.b05: 1 file pushed. 0.1 MB/s (1212 bytes in 0.009s)
hellota32.b06: 1 file pushed. 0.0 MB/s (152 bytes in 0.011s)
hellota32.b07: 1 file pushed. 2.5 MB/s (42991 bytes in 0.016s)
hellota32.mdt: 1 file pushed. 0.5 MB/s (7260 bytes in 0.013s)
hellota64.b00: 1 file pushed. 0.0 MB/s (512 bytes in 0.013s)
hellota64.b01: 1 file pushed. 0.4 MB/s (6952 bytes in 0.015s)
hellota64.b02: 1 file pushed. 4.6 MB/s (305840 bytes in 0.064s)
hellota64.b03: 1 file pushed. 0.0 MB/s (249 bytes in 0.014s)
hellota64.b04: 1 file pushed. 13.2 MB/s (1485648 bytes in 0.108s)
hellota64.b05: 1 file pushed. 0.2 MB/s (2424 bytes in 0.009s)
hellota64.b06: 1 file pushed. 0.0 MB/s (304 bytes in 0.007s)
hellota64.b07: 1 file pushed. 4.8 MB/s (78789 bytes in 0.016s)
hellota64.mdt: 1 file pushed. 0.7 MB/s (7464 bytes in 0.010s)
18 files pushed. 6.1 MB/s (3680022 bytes in 0.575s)

adb shell sync

运行测试程序:

$ adb shell qseecom_sample_client v hellota32 0 1
Note: Command line arguments do not belong to legacy test
Starting qsc_run_get_version test: cmd = 0, thread = 1
qsc_run_get_version PASSED 

观察TA运行日志:

 adb shell cat /sys/kernel/debug/tzdbg/qsee_log
[66fc0d1a7b]<1>hellota32: HelloTrustApp constructor
[66fc0d1b6c]<1>hellota32: HelloTrustApp constructor2
[66fc0d1c1b]<1>hellota32: HelloTrustApp Init 
[66fc0d1cb7]<1>hellota32: Version: 1.3
[66fc0f7c30]<1>hellota32: TZ App cmd handler, cmd_id = 0
[66fc0f7da9]<1>hellota32: ****PASSED : get version test
[66fc0fe53b]<1>hellota32: SAMPLE App shutdown
[66fc0fe702]<1>hellota32: HelloTrustApp destructor2
[66fc0fe7a3]<1>hellota32: HelloTrustApp destructor
 类似资料: