jbech-linaro
commented
5 years ago Hi @ChandlerBingg , it's OK to ask here, but usually people submit questions that doesn't fit anywhere else to the "OP-TEE OS" git (see here for more details).
I'm a bit puzzled here. My initial reply to you was going to be: _Each TA have a unique key (see here), so that is by design that you cannot load things from secure storage from another TA. Remember that a TA should basically work as a sandboxed application. What you can do if you need to retrieve the information from another TA is to use the "TA2TA" interface, to let two TA's talk to each other directly._
But when looking more closely into this, it seems like it all still rely on the FEK as the initial secure storage implementation did. In that case it looks like another TA should (incorrectly IMHO) be able to retrieve another TA's data. Need to dig into the details here a bit more as well as discuss with others.
jforissier
ChandlerBingg
Hi,
I've wrote a TA that stores random generated keys into the secure storage, following the examples available, able to read it out as well within the same TA. However, if I were to write another application to act as a "server" listening for request to retrieve a key in secure storage, when given the appropriate ID of the key stored. I'm unable to do so, receiving the following error.
read_raw_object:79 Failed to open persistent object, res=0xffff0008So I guess my question is, is it possible to read into secure storage via another TA, and not the initial TA that wrote into the secure storage, if so I'm probably doing something wrong.Sorry, for creating an issue here, I'm not sure if there's any forum that I could ask in regards to OP-TEE other than here.
Thanks in advance!