Closed Muhammadhassan1234 closed 2 weeks ago
jforissier
commented
4 weeks ago Hi @Muhammadhassan1234,
When you are trying to read data from U-Boot, the linux userspace is not yet up and running, and therefore tee-supplicant is not available to service the RPMB requests from OP-TEE. There is work in progress to address this use case, please see https://lore.kernel.org/linux-mmc/20240812133127.865879-5-jens.wiklander@linaro.org/T/.
Muhammadhassan1234
commented
4 weeks ago Hi @jforissier Thank you for your reply. I got your point but I want to ask that android verified boot (AVB) have already done this in uboot. How are they doing it if tee-supplicant or any other equivalent is not available in uboot ?
jforissier
commented
4 weeks ago Hi @jforissier Thank you for your reply. I got your point but I want to ask that android verified boot (AVB) have already done this in uboot. How are they doing it if tee-supplicant or any other equivalent is not available in uboot ?
Sorry, you are right, there is an equivalent of tee-supplicant in U-Boot for the RPMB access. Perhaps more debug traces could help see why TEE_OpenPersistentObject() is failing.
Muhammadhassan1234
commented
4 weeks ago @jforissier I enabled the debug log but can't get any important information. Does anyone have a clue about this issue. if some other information is also required, I can provide it too.
Muhammadhassan1234
commented
3 weeks ago Here are the optee logs. Does anyone have any idea where is the issue?
D/TC:0 tee_entry_exchange_capabilities:100 Asynchronous notifications are disabled
D/TC:0 tee_entry_exchange_capabilities:109 Dynamic shared memory is enabled
D/TC:0 0 core_mmu_xlat_table_alloc:553 xlat tables used 4 / 8
D/TC:? 0 tee_ta_init_pseudo_ta_session:296 Lookup pseudo TA f4e750bb-1437-4fbf-8785-8d3580c34994
D/TC:? 0 ldelf_load_ldelf:96 ldelf load address 0x40006000
D/LD: ldelf:134 Loading TS f4e750bb-1437-4fbf-8785-8d3580c34994
F/TC:? 0 trace_syscall:151 syscall #3 (syscall_get_property)
F/TC:? 0 trace_syscall:151 syscall #5 (syscall_open_ta_session)
D/TC:? 0 ldelf_syscall_open_bin:142 Lookup user TA ELF f4e750bb-1437-4fbf-8785-8d3580c34994 (early TA)
D/TC:? 0 ldelf_syscall_open_bin:146 res=0
F/TC:? 0 trace_syscall:151 syscall #7 (syscall_invoke_ta_command)
F/TC:? 0 read_compressed:178 4096 bytes
F/TC:? 0 trace_syscall:151 syscall #11 (syscall_mask_cancellation)
F/TC:? 0 trace_syscall:151 syscall #7 (syscall_invoke_ta_command)
F/TC:? 0 read_compressed:178 55976 bytes
F/TC:? 0 trace_syscall:151 syscall #3 (syscall_get_property)
F/TC:? 0 trace_syscall:151 syscall #8 (syscall_check_access_rights)
F/TC:? 0 read_compressed:178 1024 bytes
F/TC:? 0 read_compressed:178 344 bytes
F/TC:? 0 read_compressed:178 1028 bytes
F/TC:? 0 trace_syscall:151 syscall #8 (syscall_check_access_rights)
F/TC:? 0 read_compressed:178 140 bytes
F/TC:? 0 read_compressed:178 1088 bytes
F/TC:? 0 trace_syscall:151 syscall #6 (syscall_close_ta_session)
F/TC:? 0 trace_syscall:151 syscall #3 (syscall_get_property)
D/LD: ldelf:168 ELF (f4e750bb-1437-4fbf-8785-8d3580c34994) at 0x4005d000
F/TC:? 0 plat_prng_add_jitter_entropy:72 0x79FA
F/TC:? 0 trace_syscall:151 syscall #8 (syscall_check_access_rights)
F/TC:? 0 trace_syscall:151 syscall #41 (syscall_storage_obj_open)
D/TC:? 0 tee_rpmb_init:1114 RPMB: Syncing device information
D/TC:? 0 tee_rpmb_init:1122 RPMB: RPMB size is 32*128 KB
D/TC:? 0 tee_rpmb_init:1123 RPMB: Reliable Write Sector Count is 1
D/TC:? 0 tee_rpmb_init:1150 RPMB INIT: Deriving key
D/TC:? 0 tee_rpmb_key_gen:302 RPMB: Using test key
D/TC:? 0 tee_rpmb_init:1165 RPMB INIT: Verifying Key
F/TC:? 0 dump_fat:1897 flags 0x1, size 288, address 0x3ffd00, filename '/00000000000000000000000000000000/74615F7665722E646200'
F/TC:? 0 dump_fat:1897 flags 0x1, size 68, address 0x3ffc00, filename '/BB50E7F43714BF4F87858D3580C34994/6F626A6563742332'
F/TC:? 0 dump_fat:1897 flags 0x1, size 29, address 0x3ffb00, filename '/BB50E7F43714BF4F87858D3580C34994/6F626A6563742331'
F/TC:? 0 dump_fat:1897 flags 0x1, size 0, address 0, filename '/610880392A1820479B672BCD622BC0B5/6B6579'
F/TC:? 0 dump_fat:1897 flags 0x1, size 279, address 0x3ff900, filename '/BB50E7F43714BF4F87858D3580C34994/6F626A6563742333'
F/TC:? 0 dump_fat:1897 flags 0x2, size 0, address 0, filename ''
D/TC:? 0 read_fat:2181 fat_address 0
D/TC:? 0 tee_rpmb_read:1250 Read 8 blocks at index 2
D/TC:? 0 tee_ta_invoke_command:821 Error: ffff0008 of 4Could you please add DHEXDUMP(object_id, object_id_len); on entry of syscall_storage_obj_open() and post the new traces? Thanks.
Muhammadhassan1234
commented
2 weeks ago @jforissier Thanks for the help. Avb built-in example got worked for me and I modified it according to my demand of work. But I don't know why my custom TA didn't work in uboot. I even debugged at code level but can't find the root cause of problem.
Hi Community,
I am new to optee and working on optee in u-boot these days. I am using the secure storage TA with rpmb as early_TA and trying to write data into it in the userspace and read it from the uboot.
When I write data into optee from the userspace and read it in userspace too, it gives me the perfect expected data. However, when I try to read the same object from the u-boot, it gives me the
TEE_ERROR_ITEM_NOT_FOUNDerrors. The optee_rpmb command is communicating with my TA and even hit the desired read function in TA but from thereTEE_OpenPersistentObjectalways return theTEE_ERROR_ITEM_NOT_FOUNDerror in uboot. I even hardcoded the object name in TA in case my TA is sending the wrong name as shown below but it gives the same error. But when I tried to read the object#3 value in userspace with the same TA in optee, it fetches the right data for meI have already enabled mmc 0 as FS_DEV in optee. Further RPMB_FS is enabled in optee and already checked its reading and writing function in userspace. Here are the flags I enabled in u-boot for optee and rpmb
Please guide me where I am making mistake in accessing rpmb via optee in uboot.