Trust App(高通)
本文转载自简书,原文作者:后知晚觉,https://www.jianshu.com/p/17af7a8f7864
CP代码编译方法
交叉编译工具下载
在高通网站上下载llvm,
llvm编译器版本,可以在llvm.py脚本中通过print获取:
vim /....../CP/TZ.XF.5.1/trustzone_images/tools/build/scons/scripts/llvm.py +189
增加代码:print(os.environ.has_key('LLVMBIN'))
我的环境中,打印LLVMBIN的路径为:/pkg/LLVM/8.0.9
下载完成后,解压后,将目录重命名为8.0.9,并mv到/pkg/LLVM目录下。
然后在CP目录下执行./build.sh tz命令。
会报错,提示找不到gcc-linaro编译器,根据报错版本描述,在linaro网站下下载对应的版本。
我搜到的下载地址为:https://releases.linaro.org/archive/14.07/components/toolchain/binaries/
下载解压后,mv到报错提示的位置:/pkg/LLVM/linaro/
编译
再次在CP目录下执行./build.sh tz命令:
./build.sh tz
提示编译成功:
scons: done building targets.
==============================================================================
SCons build summary
==============================================================================
** Build time...
Build start : Wed Jun 9 09:28:52 2021
Build end : Wed Jun 9 09:28:58 2021
Elapsed time : 0:00:06
Start Time = 2021年 06月 09日 星期三 09:28:52 CST - End Time = 2021年 06月 09日 星期三 09:28:58 CST
Elapsed Time = 6 seconds
WARNING:build_all:Extra artifacts: devcfg.mbn, focal32.mbn, gpsample.mbn, smplap32.mbn, smplap64.mbn, smplcert.mbn, smplserv.mbn, teetest.mbn, teetest64.mbn
INFO:build_all:Build completed successfully
INFO:build_all:Total elapsed time: 0 minutes, 8 seconds
上面的步骤是整编trustzone,如果只编译某个App,则执行下面的命令:
cd /....../CP/TZ.XF.5.1/trustzone_images/build/ms
python build_all.py -b TZ.XF.5.1 CHIPSET=kamorta --cbt=sampleapp
测试
将编译好的sampleapp push到系统中测试:
adb root
adb remount
adb shell mount -o remount,RW /vendor/firmware_mnt
cd /....../TZ.XF.5.1/trustzone_images/build/ms/bin/PIL_IMAGES/SPLITBINS_FADAANAA/signed
adb push smplap* /vendor/firmware_mnt/image/
adb shell sync
运行测试程序:
$ adb shell qseecom_sample_client v smplap32 0 1
Note: Command line arguments do not belong to legacy test
Starting qsc_run_get_version test: cmd = 0, thread = 1
qsc_run_get_version PASSED
调试
执行qseecom_sample_client命令时,查看TA侧的log:
$ adb shell cat /sys/kernel/debug/tzdbg/qsee_log
[7eb1a0662]<1>smplap32: SAMPLEApp constructor
[7eb1a072d]<1>smplap32: SAMPLEApp constructor2
[7eb1a07d3]<1>smplap32: SAMPLEApp Init
[7eb1a0875]<1>smplap32: Version: 1.3
[7eb1c3af2]<1>smplap32: TZ App cmd handler, cmd_id = 0
[7eb1c3c5a]<1>smplap32: ****PASSED : get version test
[7eb1c9864]<1>smplap32: SAMPLE App shutdown
[7eb1c9a33]<1>smplap32: SAMPLEApp destructor2
[7eb1c9acc]<1>smplap32: SAMPLEApp destructor
TA侧的log可以反映出sampleapp源码的app_main.c中的生命周期函数。
app_main.c中的如下函数被依次执行:
- tz_contructor
- tz_contructor2
- tz_app_init
- tz_app_cmd_handler
- tz_app_shutdown
- tz_destructor2
- tz_destructor
sampleapp中cmd_id为0命令为获取sampleapp的版本号,对应tz_app_cmd_handler函数中“case CLIENT_CMD0_GET_VERSION" 逻辑。
自定义TA---keyzeroapp
参考sampleapp创建app
拷贝sampleapp,重命名为hellotrustapp。
sampleapp代码在/....../CP/TZ.XF.5.1/trustzone_images/ssg/securemsm/trustzone/qsapps目录下。
并将src目录下的SConscript文件中红出现的smplap和sampleapp字符串修改为hellota和hellotrustapp。
修复hellotrustapp中的uuid变量值,使用HelloTrustApp字符串对应的十六进制值:
HelloTrustApp -> 48656c6c6f5472757374417070
修改app_main.c中的SAMPLEApp字符串为:HelloTrustApp
增加编译配置
编辑/....../CP/TZ.XF.5.1/trustzone_images/ssg/bsp/trustzone/build/SConscript文件,按照sampleapp的配置,复制出hellotrustapp的编译配置(共三处)。
增加hellotrustapp的依赖文件:
在/....../CP/TZ.XF.5.1/trustzone_images/ssg/bsp/trustzone/qsapps目录下,复制sampleapp和smplap64目录,重命名为hellotrustapp和hellota64目录。
配置mdt split规则
/....../CP/TZ.XF.5.1/trustzone_images/sectools/config/kamorta/kamorta_secimage.xml
在kamorta_secimage文件中按照sampleapp的格式编写hellotrustapp的文件split规则。
添加整编规则
vim /....../CP/TZ.XF.5.1/trustzone_images/build/ms/build_config_deploy_kamorta.xml
在文件中sampleapp前面增加:
<alias build-once="false" disable="false" internal-test="false" name="keyzeroapp" recompile="true" strip="false">
<artifact name="keyzero32"/>
<artifact name="keyzero64"/>
<mapreport path="ssg/bsp/trustzone/qsapps"/>
</alias>
编译
整编:
cd /....../CP
./build.sh tz
只有整编的情况下,才会生成split文件,生成的split文件在/....../CP/TZ.XF.5.1/trustzone_images/build/ms/bin/PIL_IMAGES/SPLITBINS_FADAANAA目录下:
SPLITBINS_FADAANAA$ ls hellota*
hellota32.b00 hellota32.b02 hellota32.b04 hellota32.b06 hellota32.mdt hellota64.b01 hellota64.b03 hellota64.b05 hellota64.b07
hellota32.b01 hellota32.b03 hellota32.b05 hellota32.b07 hellota64.b00 hellota64.b02 hellota64.b04 hellota64.b06 hellota64.mdt
测试
push到设备中:
adb push hellota* /vendor/firmware_mnt/image/
hellota32.b00: 1 file pushed. 0.0 MB/s (308 bytes in 0.027s)
hellota32.b01: 1 file pushed. 0.3 MB/s (6952 bytes in 0.025s)
hellota32.b02: 1 file pushed. 3.3 MB/s (256860 bytes in 0.074s)
hellota32.b03: 1 file pushed. 0.0 MB/s (205 bytes in 0.013s)
hellota32.b04: 1 file pushed. 13.0 MB/s (1475900 bytes in 0.108s)
hellota32.b05: 1 file pushed. 0.1 MB/s (1212 bytes in 0.009s)
hellota32.b06: 1 file pushed. 0.0 MB/s (152 bytes in 0.011s)
hellota32.b07: 1 file pushed. 2.5 MB/s (42991 bytes in 0.016s)
hellota32.mdt: 1 file pushed. 0.5 MB/s (7260 bytes in 0.013s)
hellota64.b00: 1 file pushed. 0.0 MB/s (512 bytes in 0.013s)
hellota64.b01: 1 file pushed. 0.4 MB/s (6952 bytes in 0.015s)
hellota64.b02: 1 file pushed. 4.6 MB/s (305840 bytes in 0.064s)
hellota64.b03: 1 file pushed. 0.0 MB/s (249 bytes in 0.014s)
hellota64.b04: 1 file pushed. 13.2 MB/s (1485648 bytes in 0.108s)
hellota64.b05: 1 file pushed. 0.2 MB/s (2424 bytes in 0.009s)
hellota64.b06: 1 file pushed. 0.0 MB/s (304 bytes in 0.007s)
hellota64.b07: 1 file pushed. 4.8 MB/s (78789 bytes in 0.016s)
hellota64.mdt: 1 file pushed. 0.7 MB/s (7464 bytes in 0.010s)
18 files pushed. 6.1 MB/s (3680022 bytes in 0.575s)
adb shell sync
运行测试程序:
$ adb shell qseecom_sample_client v hellota32 0 1
Note: Command line arguments do not belong to legacy test
Starting qsc_run_get_version test: cmd = 0, thread = 1
qsc_run_get_version PASSED
观察TA运行日志:
adb shell cat /sys/kernel/debug/tzdbg/qsee_log
[66fc0d1a7b]<1>hellota32: HelloTrustApp constructor
[66fc0d1b6c]<1>hellota32: HelloTrustApp constructor2
[66fc0d1c1b]<1>hellota32: HelloTrustApp Init
[66fc0d1cb7]<1>hellota32: Version: 1.3
[66fc0f7c30]<1>hellota32: TZ App cmd handler, cmd_id = 0
[66fc0f7da9]<1>hellota32: ****PASSED : get version test
[66fc0fe53b]<1>hellota32: SAMPLE App shutdown
[66fc0fe702]<1>hellota32: HelloTrustApp destructor2
[66fc0fe7a3]<1>hellota32: HelloTrustApp destructor