search

OP-TEE / optee_os

Trusted side of the TEE
Other
1.58k stars 1.07k forks source link

Question QEMU with optee and uboot using RPMB or REE possible? #5118

Closed svanschu closed 2 years ago

svanschu commented 2 years ago

Hi all, I'm new to all the secure boot stuff and I try to self educate myself. I now working on this topic several weeks and months and I tried to sort it out by reading docs, learn and debugging on my own. But unfortunately I failed at one point and I don't get it why. I would need some help to sort all and get a new input for further education. In theory and docu reading it sound pretty easy, but the practicle part was not that easy.

Problems

  1. it seems that optee is not running proberly I configured the output to maximum debug and there are only a view entrys.
  2. Some sort of emulated emmc is needed for use of rpmb. I read that there is a way to emulate the emmc with the tee_Supplicant, but I couldn't find how.
  3. simple print -e in uboot throws many errors
First I build EDK2 for arm64 to get the BL32_AP_MM.fd to use it in the optee_os build. Beside configure u-boot for OPTEE and build it. Config Option Description
CONFIG_TEE Trusted Execution Environment support
CONFIG_OPTEE Support OPTEE images
Library routines

(0x0E100000) OPTEE load address
(0x00D00000) Amount of Trust-Zone RAM for the OPTEE image
(0x0E300000) Base address of Trust-Zone RAM for the OPTEE image | | CONFIG_EFI_MM_COMM_TEE | UEFI variables storage service via OP-TEE| | CONFIG_SUPPORT_EMMC_RPMB | Support eMMC replay protected memory block (RPMB) | | CONFIG_CMD_OPTEE_RPMB | Enable read/write support on RPMB via OPTEE |

All three as described in https://optee.readthedocs.io/en/latest/building/efi_vars/stmm.html?highlight=j32#op-tee-build-instructions

After that I build the TF-A with make CROSS_COMPILE=aarch64-linux-gnu- PLAT=qemu BL32=tee-header_v2.bin BL32_EXTRA1=tee-pager_v2.bin BL32_EXTRA2=tee-pageable_v2.bin BL33=bl33.bin BL32_RAM_LOCATION=tdram SPD=opteed all fip optee as BL32 and u-boot.bin as BL33

How to start qemu I took from this documentation https://trustedfirmware-a.readthedocs.io/en/latest/plat/qemu.html

dd if=bl1.bin of=flash.bin bs=4096 conv=notrunc
dd if=fip.bin of=flash.bin seek=64 bs=4096 conv=notrunc
qemu-system-aarch64 -machine virt,secure=on -cpu cortex-a57  \
    -no-acpi                     \
    -smp 2 -m 1024 -bios flash.bin   \
    -d unimp \
    -device virtio-rng-pci
NOTICE:  Booting Trusted Firmware
NOTICE:  BL1: v2.5(debug):v2.5-480-gab5964aad
NOTICE:  BL1: Built : 16:35:51, Dec  1 2021
INFO:    BL1: RAM 0xe04e000 - 0xe056000
WARNING: BL1: cortex_a57: CPU workaround for 813419 was missing!
WARNING: BL1: cortex_a57: CPU workaround for 817169 was missing!
INFO:    BL1: cortex_a57: CPU workaround for disable_ldnp_overread was applied
WARNING: BL1: cortex_a57: CPU workaround for 826974 was missing!
WARNING: BL1: cortex_a57: CPU workaround for 826977 was missing!
WARNING: BL1: cortex_a57: CPU workaround for 828024 was missing!
WARNING: BL1: cortex_a57: CPU workaround for 829520 was missing!
WARNING: BL1: cortex_a57: CPU workaround for 833471 was missing!
WARNING: BL1: cortex_a57: CPU workaround for 859972 was missing!
WARNING: BL1: cortex_a57: CPU workaround for 1319537 was missing!
INFO:    BL1: cortex_a57: CPU workaround for cve_2017_5715 was applied
INFO:    BL1: cortex_a57: CPU workaround for cve_2018_3639 was applied
INFO:    BL1: Loading BL2
INFO:    Loading image id=1 at address 0xe01b000
INFO:    Image id=1 loaded: 0xe01b000 - 0xe024429
NOTICE:  BL1: Booting BL2
INFO:    Entry point address = 0xe01b000
INFO:    SPSR = 0x3c5
NOTICE:  BL2: v2.5(debug):v2.5-480-gab5964aad
NOTICE:  BL2: Built : 16:35:53, Dec  1 2021
INFO:    BL2: Doing platform setup
INFO:    BL2: Loading image id 3
INFO:    Loading image id=3 at address 0xe040000
INFO:    Image id=3 loaded: 0xe040000 - 0xe04b094
INFO:    BL2: Loading image id 4
INFO:    Loading image id=4 at address 0xe100000
INFO:    Image id=4 loaded: 0xe100000 - 0xe10001c
INFO:    OPTEE ep=0xe100000
INFO:    OPTEE header info:
INFO:          magic=0x4554504f
INFO:          version=0x2
INFO:          arch=0x1
INFO:          flags=0x0
INFO:          nb_images=0x1
INFO:    BL2: Loading image id 21
INFO:    Loading image id=21 at address 0xe100000
INFO:    Image id=21 loaded: 0xe100000 - 0xe1e2da8
INFO:    BL2: Skip loading image id 22
INFO:    BL2: Loading image id 5
INFO:    Loading image id=5 at address 0x60000000
INFO:    Image id=5 loaded: 0x60000000 - 0x600ca418
NOTICE:  BL1: Booting BL31
INFO:    Entry point address = 0xe040000
INFO:    SPSR = 0x3cd
NOTICE:  BL31: v2.5(debug):v2.5-480-gab5964aad
NOTICE:  BL31: Built : 16:35:56, Dec  1 2021
INFO:    ARM GICv2 driver initialized
INFO:    BL31: Initializing runtime services
WARNING: BL31: cortex_a57: CPU workaround for 813419 was missing!
WARNING: BL31: cortex_a57: CPU workaround for 817169 was missing!
INFO:    BL31: cortex_a57: CPU workaround for disable_ldnp_overread was applied
WARNING: BL31: cortex_a57: CPU workaround for 826974 was missing!
WARNING: BL31: cortex_a57: CPU workaround for 826977 was missing!
WARNING: BL31: cortex_a57: CPU workaround for 828024 was missing!
WARNING: BL31: cortex_a57: CPU workaround for 829520 was missing!
WARNING: BL31: cortex_a57: CPU workaround for 833471 was missing!
WARNING: BL31: cortex_a57: CPU workaround for 859972 was missing!
WARNING: BL31: cortex_a57: CPU workaround for 1319537 was missing!
INFO:    BL31: cortex_a57: CPU workaround for cve_2017_5715 was applied
INFO:    BL31: cortex_a57: CPU workaround for cve_2018_3639 was applied
INFO:    BL31: Initializing BL32
INFO:    BL31: Preparing for EL3 exit to normal world
INFO:    Entry point address = 0x60000000
INFO:    SPSR = 0x3c5

U-Boot 2021.07 (Dec 01 2021 - 16:34:50 +0100)

DRAM:  1 GiB
Flash: 32 MiB
MMC:   
Loading Environment from Flash... *** Warning - bad CRC, using default environment

In:    pl011@9000000
Out:   pl011@9000000
Err:   pl011@9000000
Net:   eth0: virtio-net#32
Hit any key to stop autoboot:  0 

printenv -e
Found 0 disks
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
Unable to open OP-TEE session (err=-5)
mm_communicate failed!
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
MMC Device 0 not found
Unable to open OP-TEE session (err=-5)
mm_communicate failed!
Setting OsIndications failed
Error: Cannot initialize UEFI sub-system, r = 3

Any help is welcome, so I can understand how all is fitting together. Thank You!

etienne-lms commented 2 years ago

Hello @svanschu,

  1. it seems that optee is not running proberly I configured the output to maximum debug and there are only a view entrys.

When using Qemu for arm/optee, the optee_os logs are emited to qeu secondary serial part, hence no OP-TEE trace in your logs. You need to specify both -serial ports arguments to qemu-system-aarch64 and to get the 2 consoles. I suggest you look at buildroot doc for board arm-vexpress-tz. The board run armv7/optee on Qemu but consoles info apply to armv8/optee also.

  1. Some sort of emulated emmc is needed for use of rpmb. I read that there is a way to emulate the emmc with the tee_Supplicant, but I couldn't find how.

It is true OP-TEE supplicant can emulate an RPMB, but that is only the Linux OS tee-supplicant, from optee_client.git. U-Boot OP-TEE supplicant does not implement RPMB emulation.

When running OP-TEE on Qemu, there is no RPMB device emulated by Qemu so we need to enable an emulation in tee-supplicant to at least test optee_os RPMB drivers during non-regression tests (optee_test xtest) running in Linux OS, together with optee_client's tee-supplicant. I think Qemu developers plan to implement an RPMB emulation but I have no pointer to give you.

  1. simple print -e in uboot throws many errors

As stated above, this is not supported in u-boot. However, there is an RPMB emulation patch for u-boot from @apalos that may help you. Try pick this change (you don't need the added _qemu_tfa_mmdefconfig file), and this fixup. I hope these patches can help you testing UEFI secure variables using Qemu. Note these url's are not permanent links.

svanschu commented 2 years ago

@etienne-lms thank you for the clarification. We can except that rpmb is not possible with qemu. Short question without opening another issue.

REE would work for OPTEE and qemu?

svanschu commented 2 years ago

@etienne-lms I turned CFG_RPMB_FS=n CFG_RPMB_FS_DEV_ID=0 CFG_RPMB_WRITE_KEY=n CFG_RPMB_TESTKEY=n off and turned CFG_REE_FS=y on.

make -j32 CFG_ARM64_core=y \
    PLATFORM=vexpress-qemu_armv8a CFG_STMM_PATH=BL32_AP_MM.fd CFG_RPMB_FS=n \
    CFG_RPMB_FS_DEV_ID=0 CFG_CORE_HEAP_SIZE=524288 CFG_RPMB_WRITE_KEY=n \
    CFG_CORE_HEAP_SIZE=524288 CFG_CORE_DYN_SHM=y CFG_RPMB_TESTKEY=n \
    CFG_REE_FS=y CFG_CORE_ARM64_PA_BITS=48  CFG_TEE_CORE_LOG_LEVEL=4 \
    CFG_TEE_TA_LOG_LEVEL=4 CFG_SCTLR_ALIGNMENT_CHECK=n \
    CFG_TEE_CORE_DEBUG=y CFG_CC_OPT_LEVEL=0 CFG_DEBUG_INFO=y

In the log output I still have RPMB messages (and a panic) included. Did I forgot something?

D/TC:? 0 spm_handle_svc:857 Received FFA direct request
D/TC:? 0 spm_handle_svc:857 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:792 RPMB read
D/TC:? 0 spm_handle_svc:857 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:798 RPMB write
D/TC:? 0 spm_handle_svc:857 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:792 RPMB read
D/TC:? 0 spm_handle_svc:857 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:798 RPMB write
D/TC:? 0 spm_handle_svc:857 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:792 RPMB read
D/TC:? 0 spm_handle_svc:857 Received FFA direct request
D/TC:? 0 stmm_handle_storage_service:798 RPMB write
D/TC:0 0 abort_handler:531 [abort] abort in User mode (TA will panic)
E/TC:? 0 
E/TC:? 0 User mode data-abort at address 0x0 (translation fault)
E/TC:? 0  esr 0x92000005  ttbr0 0x200000e27c000   ttbr1 0x00000000   cidr 0x0
E/TC:? 0  cpu #0          cpsr 0x60000000
E/TC:? 0  x0  0000000000000000 x1  0000000040285000
E/TC:? 0  x2  000000004000b290 x3  0000000040285000
svanschu commented 2 years ago

Ok I think I give up on that.

You can use OPTEE without RPMB and only REE, but we are using EDK2 and the stmm_handle_storage_service forces to use RPMB.

The only possibility would be to add RPMB support to QEMU to get this work in a meaningful way.

yli147 commented 1 year ago

Hi,

So is it possible test the stmm on a real h/w board ? Anyone know which board is used in this blog https://www.linaro.org/blog/protected-uefi-variables-with-u-boot/ ?

apalos commented 1 year ago

Hi,

So is it possible test the stmm on a real h/w board ? Anyone know which board is used in this blog https://www.linaro.org/blog/protected-uefi-variables-with-u-boot/ ?

as @etienne-lms mentioned running this on QEMU is not possible, because there's no RPMB device emulation.

I had a horribly hacked u-boot version here [0] which we used during devel. However, this provides an RPMB emulation via U-Boot and not QEMU. As a result, the RPMB is only usable before the kernel calls ExitBootServices. IOW you can only play around with it while U-Boot is running.

As far as supported boards, any board with OP-TEE support + an eMMC with an RPMB partition would work.
If you are looking for an easy way to start I'd suggest https://wiki.radxa.com/Rockpi4 (with an eMMC). There's a precompiled firmware available here [1]

[0] https://git.linaro.org/people/ilias.apalodimas/efi_optee_variables.git/ (I haven't touched this in ages, I am not sure it even compiles anymore) [1] https://gitlab.com/Linaro/trustedsubstrate/meta-ts#images

yli147 commented 1 year ago

Thank you Ilias for your kind reply.

image I'm also wondering wether there are any exisiting solutions for this architecture ?