Unable to read secure storage from optee-ftpm after reboot

[TallGuy74]

Hi,

I am trying to run the optee-ftpm TA on a TI board. I've enabled CFG_REE_FS=y, and with this configuration I am able to start optee-ftpm with an empty secure storage (stored in /mnt/config/optee). optee-ftpm is able to create the storage objects, and everything works on that boot. When I reboot the system (with the storage objects stored in /mnt/config/optee), after booting the optee-ftpm TA is able to read object id's 0x54504d00 and 0x54504d01, but fails on 0x54504d02.

I've done a couple experiments:

1. Start up with an empty tee storage path. This allows optee-ftpm to run correctly. It creates it's storage objects, and can access them without a problem.
2. Start up with a populated tee storage path. All the storage objects are present (and the same as before reboot, checked with sha512sum). optee-ftpm will be able to read 0x54504d00 and 0x54504d01, but will fail on 0x54504d02 (receives -ENOENT).
3. Start up with an empty tee storage path. optee-ftpm creates the storage objects, and is able to run. After this, remove the optee-ftpm TA with an unbind of the TA id in /sys/bus/tee/drivers/optee-ftpm, and restart tee-supplicant. This will show a similar error as point 2.

My questions:

1. Am I in the right place with this issue (or should this be reported in optee-client?)
2. Is there a way to check what objects are available in the secure store?
3. What could cause the errors above?
4. How can I fix this and/or get more information about what's happening here?

Thanks for any help you can give,

Bas Vermeulen

[TallGuy74]

This is using OP-TEE 4.1.0 btw.