...
- PoC implementation of OP-TEE OS and OpenSBI
- Run optee_test on QEMU virt (riscv64, dual-core)
- Run optee_test on Andes AE350 platform (QEMU and FPGA)
...
- Leverage Leverage domain context switching and
RPXYMPXY extension for OP-TEE SPD driver
...
- Add CI support for QEMU RV64 virt in OP-TEE OS
- Integrate U-Boot
- Support dynamic shared memory
Components and Repos
- https://gitlab.com/riseproject/riscv-optee/optee_buildbuildroot.git
- https://gitlab.com/riseproject/riscv-optee/optee_os.git
- https://gitlab.com/riseproject/riscv-optee/opensbi.git
- https://gitlab.com/riseproject/riscv-optee/u-boot.git
- https://gitlab.com/riseproject/riscv-optee/linux.git
QEMU Virt test environment
This implementation uses PMP PMPs to isolate TEE and REE, no secure interrupt registered, ; software, timer and external interrupts will cause TEE managed exit to REE for interrupt handling.
Boot process overview:
Memory Layout:
Address | Usage | |
---|---|---|
RAM | 0x1_7FFF_FFFF 0x0_F220_0000 | N/A |
0x0_F1FF_FFFF 0x0_F100_0000 (16MiB) | OP-TEE OS core & TA | |
0x0_8129_D800 0x0_8120_0000 (630KiB) | U-Boot proper load address | |
0x0_8015_FFFF 0x0_8014_0000 | OpenSBI (data) | |
0x0_8013_FFFF 0x0_8010_0000 | OpenSBI (text) | |
0x0_8000_A000 0x0_8000_0000 | U-Boot SPL | |
MMIO | 0x0_0C5F_FFFF 0x0_0C40_0000 | PLIC |
0x0_0C3F_FFFF 0x0_0C00_0000 | PLIC | |
0x0_1000_0FFF 0x0_1000_0000 | UART | |
0x0_0200_FFFF 0x0_0200_0000 | CLINT |
build commandsHow to build and run optee_test:
Code Block | ||
---|---|---|
| ||
export WORKDIR=`pwd` git clone https://gitlab.com/riseproject/riscv-optee/optee_buildbuildroot.git -b main build git clone https://gitlab.com/riseproject/riscv-optee/optee_os.git -b main git clone https://gitlab.com/riseproject/riscv-optee/opensbi.git -b main git clone https://gitlab.com/riseproject/riscv-optee/u-boot.git -b main git clone https://gitlab.com/riseproject/riscv-optee/linux.git -b main git clone https://github.com/OP-TEE/optee_client.git -b 4.2.0 git clone https://github.com/OP-TEE/optee_test.git -b 4.2.0 git clone https://github.com/linaro-swg/optee_examples.git -b 4.2.0 git clone https://github.com/buildroot/buildroot -b 2022.11.1 git clone https://github.com/qemu/qemu -b v8.2.2 cd build make -f toolchain.mk ARCH=riscv -j $(nproc) make -f qemu_riscv64.mk qemu make -f qemu_riscv64.mk opensbi make -f qemu_riscv64.mk u-boot make -f qemu_riscv64.mk linux make -f qemu_riscv64.mk buildroot ln -s $WORKDIR/linux/arch/riscv/boot/dts/qemu/qemu_rv64_virt_domain.dtb $WORKDIR # qemu enabled semihosting for secure world console make -f qemu_riscv64.mk run-only dev-optee-mpxy cd buildroot make qemu_riscv64_virt_optee_defconfig make ./output/images/start-qemu.sh # launch another terminal and connect to normal world telnet localhost 64320 # run 'xtest' or 'optee_example*' in Linuxthe shell |
Stakeholders and Partners
...
Dependencies
- MPXY/RPMI Specification
- SBI_00_04 - Domain Context Switch Support
...
- IOPMP: To allow domains to request access ownership of devices
- AIA/APLIC: Secure/Non-secure interrupt handlingSecure boot: Integrate ZSBL & FSBL to verify the signature of images
- FF-A like ABI: Unified protocol used among Secure/Non-secure images (need to be standardised for RISC-V)
- SmMTT: Additional secure features e.g. memory isolation, assigning interrupts to domains, etc.
...
Page Properties | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||||||||||||||
|
...