search

Keysight / optee_fuzzer

This repository contains the code for a fuzzing prototype for the OP-TEE system call interface using AFL.
GNU General Public License v3.0
133 stars 36 forks source link

make error #2

Closed 21212124 closed 4 years ago

21212124 commented 4 years ago

When I do "make" I have this error. How can I solve it?

make

c01dkit commented 3 years ago

Same problem. Did you solve it?

MartijnB commented 3 years ago

Is there a folder out/export/lib in optee_client? If not, try running make optee-client-common

c01dkit commented 3 years ago

@MartijnB

Is there a folder out/export/lib in optee_client? If not, try running make optee-client-common

Thx for your rapid reply and it works like a charm ! 🚀

And what's next? Following the README I think I should make fuzzer, however there is no rules for it in any makefiles……

Now simply make seems no error ( but the time it takes is much shorter than making the normal op-tee system, I don't know whether it is right or wrong...)

I also tried make run and it prompts as following:

image

I was struggling on recurrenting optee-fuzzer for a whole week and solved many errors, and I'm so longing for your help 😭

PS:

The former error was that no /edk2/Build folder generated and I solve it by downloading and compiling the normal optee 3.3.0 branch and copy the Build folder to this place. Is this a proper solution? Or should I use some other commands ( make xxx , maybe? ) to solve it ?

Truly thanks for your help !

MartijnB commented 3 years ago

So the idea is that you first do a checkout of the normal OPTEE tree, in which you then clone this repository + the AFL repository. It seems that currently, you don't have a full OPTEE checkout, due to which soc_term is missing. Or it is not compiled yet.

It might be that "make fuzzer" should be "make afl-tee". However, more importantly, you need have OPTEE building & be able to run in Qemu before you start setting up the fuzzer as the fuzzer is very fragile. This will also ensure you compile all dependencies required to normally run OPTEE.

MartijnB commented 3 years ago

Also, it seems that the patches I committed by mistake also contain the removal of some build dependencies (for speed during development).

So please run this as that should compile most if not all dependencies: make qemu soc-term linux buildroot edk2 optee-os

c01dkit commented 3 years ago

make qemu soc-term linux buildroot edk2 optee-os

Yeah that really works ! ( After a long time of compiling)...

I tried both building the original OPTEE and make qemu soc-term linux buildroot edk2 optee-os. Finally both could set up qemu and get secure and normal worlds' terminal.

However ( even not beyond expectation...) , new error occurs after press 'c' in qemu:

image

and the secure world is this:

image

I tried to sovle this through https://git.lumina-sensum.com/LuminaSensum/arm-trusted-firmware/commit/e2af1cadf7cbbb04caa74bbbb0e61578bc446a3a?diff=split , but it does not help.

This error exists in both original OPTEE and the fuzzer. Is it due to the wrong version ( Is that so?)

The manifest.xml in .repo is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<manifest>
        <remote name="github"   fetch="https://github.com" />

        <default remote="github" revision="master" />

        <!-- OP-TEE gits -->
        <project path="optee_client"         name="OP-TEE/optee_client.git" revision="refs/tags/3.3.0" clone-depth="1" />
        <project path="optee_os"             name="OP-TEE/optee_os.git" revision="refs/tags/3.3.0" clone-depth="1" />
        <project path="optee_test"           name="OP-TEE/optee_test.git" revision="refs/tags/3.3.0" clone-depth="1" />
        <project path="build"                name="OP-TEE/build.git" revision="refs/tags/3.3.0" clone-depth="1">
                <linkfile src="qemu_v8.mk" dest="build/Makefile" />
                <linkfile src="../toolchains/aarch64/bin/aarch64-linux-gnu-gdb" dest="build/gdb" />
        </project>

        <!-- linaro-swg gits -->
        <project path="linux"                name="linaro-swg/linux.git"                  revision="75065d7a22b08115477ae75b42139c5336e28293" />
        <project path="optee_benchmark"      name="linaro-swg/optee_benchmark.git" revision="refs/tags/3.3.0" clone-depth="1"/>
        <project path="optee_examples"       name="linaro-swg/optee_examples.git" revision="refs/tags/3.3.0" clone-depth="1" />
        <project path="soc_term"             name="linaro-swg/soc_term.git"               revision="5493a6e7c264536f5ca63fe7511e5eed991e4f20" />

        <!-- Misc gits -->
        <project path="arm-trusted-firmware" name="ARM-software/arm-trusted-firmware.git" revision="refs/tags/v1.5-rc2" clone-depth="1" />
        <project path="edk2"                 name="tianocore/edk2.git"                    revision="dd4cae4d82c7477273f3da455084844db5cca0c0" />
        <project path="qemu"                 name="qemu/qemu.git"                         revision="refs/tags/v2.12.0" clone-depth="1" />
        <project path="buildroot"            name="buildroot/buildroot.git"               revision="refs/tags/2018.08" clone-depth="1" />
</manifest>

This is so strange. The OPTEE itself is not correct on branch 3.3.0.

Should I try to apply the fuzzer to the newest optee? The newest one can start qemu and run normally.

Maybe I should also turn to optee's repo for help

MartijnB commented 3 years ago

So this also happens on a cleanly checked out OP-TEE v3.3.0 build? This is then a new issue, likely due to not correctly pinning some dependency. For sure, this issue was not there 2-3 years ago. This is also an error message I have never seen before.

Porting the fuzzer to the latest OP-TEE version will require some work. Among others the TA loader now runs in user mode and also some other internals have changed breaking the current patches. However, I don't expect it to be very difficult, if you are familar with the OP-TEE code.