• State
  • Locked Locked
  • Replies 7 replies
  • Subscribers 99 subscribers
  • Views 356 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

TDA4VM: Failed to run optee xtest under SDK 8.4

? ??
Prodigy 140 points
Part Number: TDA4VM


Tool/software:

Dear experts,

We are trying to test optee on a TDA4VM platform running SDK 8.4, but fail to run the xtest for optee. Error messages shows an error occured when loading the TA.

Here's part of the xtest log:

* regression_1004 Test User Crypt TA
/usr/src/debug/optee-test/3.17.0+gitAUTOINC+8a698baf9e-r0/git/host/xtest/regression_1000.c:459: xtest_teec_open_session( &session, &crypt_user_ta_uuid, ((void *)0), &ret_orig) has an unexpected value: 0xf0100003 = TEE_ERROR_STORAGE_NOT_AVAILABLE, expected 0x0 = TEEC_SUCCESS
regression_1004 FAILED

We didn't modify the optee's bb files yet. The meta-ti is at tag 08.00.04.005(commit: 762f4908189fcd5f62cb259767768534264d7702) and meta-arm is at tag 3.1.1(commit: c4f04f3fb66f8f4365b08b553af8206372e90a63) as mentioned in the release note for SDK 8.4.

Would you please have a check and give some advises if some modifications are needed to run the xtest when using SDK 8.4?

Thanks and best regards

Hui Baorui

  • 0
    TI__Guru 58885 points

    Hi Hui,

    Allow me some time to check on this.

    Regards
    Diwakar

  • 0 in reply to Diwakar Dhyani
    TI__Guru 58885 points

    Hi Hui,

    There were lots of feature which were not fully enabled on the 8.4 SDK(like secure storage) can you test this in the latest SDK.

    Regards
    Diwakar

  • 0 in reply to Diwakar Dhyani
    Prodigy 140 points

    Hi Diwakar,

    Thanks for you reply, it is helpful for us to make decisions.

    To share some background, our delivered product is a TDA4VM platfrom running SDK 8.4. Recently we received new customer requirement with functional security requirements, like, just as you mentioned, secure storage. It's an update to the delivered product, so we are investigating on how to implement such things using SDK 8.4.

    So would you please give us some more detail information on which features are not fully enabled on SDK 8.4 to fully support optee? And is it possible to enable them?

    Btw, we're investigating how to implement such functions using SDK 9.2. But migration to SDK 9.2 might cost more for us since we've made many customizations to PSDK.

    Thanks again and best regards

    Hui Baorui

  • 0 in reply to ? ??
    TI__Guru 58885 points

    Hi  Hui,

    ? ?? said:
    So would you please give us some more detail information on which features are not fully enabled on SDK 8.4 to fully support optee? And is it possible to enable them?

    To enable the secure storage you can refer to optee patch.
    plat-k3: Setup HUK for K3 HS Generic SOCs by manorit2001 · Pull Request #5292 · OP-TEE/optee_os · GitHub

    Regards
    Diwakar

  • 0 in reply to Diwakar Dhyani
    Prodigy 140 points

    Hi Diwakar,

    I've checked the pull request, seems it's already been merged into optee_os master branch? And I've checked the optee-os v3.17 which is required by the SDK 8.4, I could see these commits present under optee-os 3.17. So I think it is already been enabled for secure storage for optee-os 3.17 and SDK 8.4. Would you please confirm again?

    Thanks and best regards.

    Hui Baorui

  • 0 in reply to ? ??
    TI__Guru 58885 points

    Hi Hui

    Is secure storage is enabled in the config file which you are using ?

    Also increase the log level to get the more detail.

    Regards
    Diwakar

  • 0 in reply to Diwakar Dhyani
    Prodigy 140 points

    Hi Diwakar,

    Did you mean the the secure storage config for optee? Currently it is:

        CFG_REE_FS=y

        CFG_REE_FS_TA=y

        CFG_RPMB_FS=n

    Actually we made no changes to the commit indicated in meta-ti/recipes-security/optee/optee-os_%.bbappend.

    We do increased the log level and test also with 0900 to see the differences. Here's some discovery:

    In 0804, we see these logs when trying to invoke a optee example app and failed:

    And in 0900, which is successful, we see this:

    In 0900, both Secure Storage TA and REE TA search would occur, but in 0804, only Secure Storage TA  search sould occur. We're sure that the ta file is present under /lib/optee_armtz.

    Would you please help to confirm that whether REE TA can be used for 0804 or not?

    Thanks and best regards again.

    Hui Baorui