OP-TEE / optee_os

Trusted side of the TEE
Other
1.59k stars 1.07k forks source link

optee rpmb secure storage example in u-boot: TEE_ERROR_ITEM_NOT_FOUND #6986

Closed Muhammadhassan1234 closed 2 months ago

Muhammadhassan1234 commented 3 months ago

Hi Community,

I am new to optee and working on optee in u-boot these days. I am using the secure storage TA with rpmb as early_TA and trying to write data into it in the userspace and read it from the uboot.

When I write data into optee from the userspace and read it in userspace too, it gives me the perfect expected data. However, when I try to read the same object from the u-boot, it gives me the TEE_ERROR_ITEM_NOT_FOUND errors. The optee_rpmb command is communicating with my TA and even hit the desired read function in TA but from there TEE_OpenPersistentObject always return the TEE_ERROR_ITEM_NOT_FOUND error in uboot. I even hardcoded the object name in TA in case my TA is sending the wrong name as shown below but it gives the same error. But when I tried to read the object#3 value in userspace with the same TA in optee, it fetches the right data for me

    res = TEE_OpenPersistentObject(TEE_STORAGE_PRIVATE_RPMB,
                    "object#3", 8,
                    TEE_DATA_FLAG_ACCESS_READ |
                    TEE_DATA_FLAG_SHARE_READ | TEE_DATA_FLAG_ACCESS_WRITE,
                    &object);
    if (res != TEE_SUCCESS) {
        TEE_Free(obj_id);
        TEE_Free(data);
        return res;
    }

I have already enabled mmc 0 as FS_DEV in optee. Further RPMB_FS is enabled in optee and already checked its reading and writing function in userspace. Here are the flags I enabled in u-boot for optee and rpmb

+CONFIG_ARM_SMCCC=y
+CONFIG_MMC_RPMB_TRACE=y
+CONFIG_SUPPORT_EMMC_RPMB=y
+CONFIG_CMD_MMC_RPMB=y
+CONFIG_TEE=y
+CONFIG_OPTEE=y
+CONFIG_OPTEE_LIB=y
+CONFIG_OPTEE_TA_AVB=y
+CONFIG_CMD_OPTEE_RPMB=y

Please guide me where I am making mistake in accessing rpmb via optee in uboot.

jforissier commented 3 months ago

Hi @Muhammadhassan1234,

When you are trying to read data from U-Boot, the linux userspace is not yet up and running, and therefore tee-supplicant is not available to service the RPMB requests from OP-TEE. There is work in progress to address this use case, please see https://lore.kernel.org/linux-mmc/20240812133127.865879-5-jens.wiklander@linaro.org/T/.

Muhammadhassan1234 commented 3 months ago

Hi @jforissier Thank you for your reply. I got your point but I want to ask that android verified boot (AVB) have already done this in uboot. How are they doing it if tee-supplicant or any other equivalent is not available in uboot ?

jforissier commented 3 months ago

Hi @jforissier Thank you for your reply. I got your point but I want to ask that android verified boot (AVB) have already done this in uboot. How are they doing it if tee-supplicant or any other equivalent is not available in uboot ?

Sorry, you are right, there is an equivalent of tee-supplicant in U-Boot for the RPMB access. Perhaps more debug traces could help see why TEE_OpenPersistentObject() is failing.

Muhammadhassan1234 commented 3 months ago

@jforissier I enabled the debug log but can't get any important information. Does anyone have a clue about this issue. if some other information is also required, I can provide it too.

Muhammadhassan1234 commented 3 months ago

Here are the optee logs. Does anyone have any idea where is the issue?

D/TC:0   tee_entry_exchange_capabilities:100 Asynchronous notifications are disabled
D/TC:0   tee_entry_exchange_capabilities:109 Dynamic shared memory is enabled
D/TC:0 0 core_mmu_xlat_table_alloc:553 xlat tables used 4 / 8
D/TC:? 0 tee_ta_init_pseudo_ta_session:296 Lookup pseudo TA f4e750bb-1437-4fbf-8785-8d3580c34994
D/TC:? 0 ldelf_load_ldelf:96 ldelf load address 0x40006000
D/LD:  ldelf:134 Loading TS f4e750bb-1437-4fbf-8785-8d3580c34994
F/TC:? 0 trace_syscall:151 syscall #3 (syscall_get_property)
F/TC:? 0 trace_syscall:151 syscall #5 (syscall_open_ta_session)
D/TC:? 0 ldelf_syscall_open_bin:142 Lookup user TA ELF f4e750bb-1437-4fbf-8785-8d3580c34994 (early TA)
D/TC:? 0 ldelf_syscall_open_bin:146 res=0
F/TC:? 0 trace_syscall:151 syscall #7 (syscall_invoke_ta_command)
F/TC:? 0 read_compressed:178 4096 bytes
F/TC:? 0 trace_syscall:151 syscall #11 (syscall_mask_cancellation)
F/TC:? 0 trace_syscall:151 syscall #7 (syscall_invoke_ta_command)
F/TC:? 0 read_compressed:178 55976 bytes
F/TC:? 0 trace_syscall:151 syscall #3 (syscall_get_property)
F/TC:? 0 trace_syscall:151 syscall #8 (syscall_check_access_rights)
F/TC:? 0 read_compressed:178 1024 bytes
F/TC:? 0 read_compressed:178 344 bytes
F/TC:? 0 read_compressed:178 1028 bytes
F/TC:? 0 trace_syscall:151 syscall #8 (syscall_check_access_rights)
F/TC:? 0 read_compressed:178 140 bytes
F/TC:? 0 read_compressed:178 1088 bytes
F/TC:? 0 trace_syscall:151 syscall #6 (syscall_close_ta_session)
F/TC:? 0 trace_syscall:151 syscall #3 (syscall_get_property)
D/LD:  ldelf:168 ELF (f4e750bb-1437-4fbf-8785-8d3580c34994) at 0x4005d000
F/TC:? 0 plat_prng_add_jitter_entropy:72 0x79FA
F/TC:? 0 trace_syscall:151 syscall #8 (syscall_check_access_rights)
F/TC:? 0 trace_syscall:151 syscall #41 (syscall_storage_obj_open)
D/TC:? 0 tee_rpmb_init:1114 RPMB: Syncing device information
D/TC:? 0 tee_rpmb_init:1122 RPMB: RPMB size is 32*128 KB
D/TC:? 0 tee_rpmb_init:1123 RPMB: Reliable Write Sector Count is 1
D/TC:? 0 tee_rpmb_init:1150 RPMB INIT: Deriving key
D/TC:? 0 tee_rpmb_key_gen:302 RPMB: Using test key
D/TC:? 0 tee_rpmb_init:1165 RPMB INIT: Verifying Key
F/TC:? 0 dump_fat:1897 flags 0x1, size 288, address 0x3ffd00, filename '/00000000000000000000000000000000/74615F7665722E646200'
F/TC:? 0 dump_fat:1897 flags 0x1, size 68, address 0x3ffc00, filename '/BB50E7F43714BF4F87858D3580C34994/6F626A6563742332'
F/TC:? 0 dump_fat:1897 flags 0x1, size 29, address 0x3ffb00, filename '/BB50E7F43714BF4F87858D3580C34994/6F626A6563742331'
F/TC:? 0 dump_fat:1897 flags 0x1, size 0, address 0, filename '/610880392A1820479B672BCD622BC0B5/6B6579'
F/TC:? 0 dump_fat:1897 flags 0x1, size 279, address 0x3ff900, filename '/BB50E7F43714BF4F87858D3580C34994/6F626A6563742333'
F/TC:? 0 dump_fat:1897 flags 0x2, size 0, address 0, filename ''
D/TC:? 0 read_fat:2181 fat_address 0  
D/TC:? 0 tee_rpmb_read:1250 Read 8 blocks at index 2
D/TC:? 0 tee_ta_invoke_command:821 Error: ffff0008 of 4
jforissier commented 3 months ago

Could you please add DHEXDUMP(object_id, object_id_len); on entry of syscall_storage_obj_open() and post the new traces? Thanks.

Muhammadhassan1234 commented 2 months ago

@jforissier Thanks for the help. Avb built-in example got worked for me and I modified it according to my demand of work. But I don't know why my custom TA didn't work in uboot. I even debugged at code level but can't find the root cause of problem.