Documentation install steps do not work for Ubuntu 16.04 LTS

[justincranford]

The documentation page (https://open-tee.github.io/documentation/) shows an apt-get install command for Ubuntu 15.04 and up. However, the listed command fails on Ubuntu 16.04 LTS with two issues.

1) python is missing 2) libelfg0-dev is not found

To fix the command for 16.04 LTS, I had to add "python" and change "libelfg0-dev" to "libelf-dev".

sudo apt-get install python autoconf automake libtool uuid-dev libssl-dev libglu1-mesa-dev libelf-dev mesa-common-dev build-essential git curl htop pkg-config qbs gdb libfuse-dev -y

In addition, I would recommend stating an assumption at the top of the documentation page. State that the install should be done as a non-root user with sudoer privilege. It is implied but not obvious. My first attempt to install failed because I tried to execute the install as root, and newly created directories had incorrect ownership. I do see non-root mentioned in the context of GDB debugging, but that comes after the install instructions.

[justincranford]

To automate installation, I wrapped the steps in a Vagrantfile. If you have Vagrant and Virtual Box installed on Windows, running "vagrant up" in a directory with this saved "Vagrantfile" will provision a new Ubuntu 16.04 LTS VM and install Open-TEE. The file includes the two apt-get fixes mentioned above for 16.04 LTS.

Note: Download the file and remove the ".txt" extension. Running "vagrant up" on the command line looks for "Vagrantfile" in the current directory by default. I have to specify .txt extension to upload the file, otherwise Github refused to save it. Vagrantfile.txt

[jonsof]

Justin hello, can you please guide me in creating a trusted execution environment just by using open TEE platform ? I need this due to a project i have and i want some help.

Kind Regards

[justincranford]

That is off topic for my documentation issue. However, I can answer it.

Open-TEE is not a TEE. According to the docs, it is a test framework for debugging and verification only. After you verify with Open-TEE, you have to cross-compile to run in a platform-specific TEE. Platform vendors offer their own versions, or you can use something like OP-TEE. However, it is too hard to debug in those real TEEs, so you still need Open-TEE for debugging and testing.

Take Raspberry Pi3 as an example. After testing your rich/trusted apps in Open-TEE, you cross-compile for ARM. You install OP-TEE bootloader, OP-TEE Trusted OS, and Raspbian 8 on a SD card. In Raspbian, you add the kernel model for TrustZone support, and add your rich apps. If you find a bug in your trusted app, debug in Open-TEE and start over.

[jonsof]

Justin thank you very much for your response!

I appreciate your help by giving me usefull informations. You made the whole subject much clearer to me, although i have some issues, that i have to clear first in my head, by start testing the platform. I'm wondering if i can use in addition a tpm development kit(atmel AT97SC3205P-SDK2) that i have in my ownership combine with Open-TEE..

Thanks again for your kind support!