search

apache / incubator-teaclave-trustzone-sdk

Teaclave TrustZone SDK enables safe, functional, and ergonomic development of trustlets.
https://teaclave.apache.org
Apache License 2.0
206 stars 59 forks source link

How can I use crates other than optee_utee on TA side? #23

Closed ChoKyuWon closed 3 years ago

ChoKyuWon commented 3 years ago

Hi! I make a little project with this rust-optee-trustzone-sdk. But when I try to use extern crate like crypto or rand in TA, I can build the host and TA but it panic with generic errno, 0xffff0000.

How can I use extern crate in this sdk? I know dynamic link is not allowed in TA, so I can't use other crate than optee_utee?

Error message in normal world is like this: Error: Non-specific cause. (error code 0xffff0000) and message in secure world is like this:

D/TC:? 0 tee_ta_init_pseudo_ta_session:299 Lookup pseudo TA 1234f200-2450-11e4-abe2-0002a5d5c51b
D/TC:? 0 ldelf_load_ldelf:91 ldelf load address 0x104000
D/LD:  ldelf:134 Loading TA 1234f200-2450-11e4-abe2-0002a5d5c51b
D/TC:? 0 ldelf_syscall_open_bin:140 Lookup user TA ELF 1234f200-2450-11e4-abe2-0002a5d5c51b (Secure Storage TA)
D/TC:? 0 ldelf_syscall_open_bin:144 res=0xffff0008
D/TC:? 0 ldelf_syscall_open_bin:140 Lookup user TA ELF 1234f200-2450-11e4-abe2-0002a5d5c51b (REE)
D/TC:? 0 ldelf_syscall_open_bin:144 res=0
D/LD:  load_main:1090 Reloading TA 1234f200-2450-11e4-abe2-0002a5d5c51b as legacy TA
D/TC:? 0 ldelf_syscall_open_bin:140 Lookup user TA ELF 1234f200-2450-11e4-abe2-0002a5d5c51b (Secure Storage TA)
D/TC:? 0 ldelf_syscall_open_bin:144 res=0xffff0008
D/TC:? 0 ldelf_syscall_open_bin:140 Lookup user TA ELF 1234f200-2450-11e4-abe2-0002a5d5c51b (REE)
D/TC:? 0 ldelf_syscall_open_bin:144 res=0
D/TC:0 0 abort_handler:518 [abort] abort in User mode (TA will panic)
E/TC:? 0 
E/TC:? 0 User mode data-abort at address 0x82b64c8 (translation fault)
E/TC:? 0  fsr 0x00000005  ttbr0 0x0e19786a  ttbr1 0x0e19006a  cidr 0x2
E/TC:? 0  cpu #0          cpsr 0x20000130
E/TC:? 0  r0 0x02060fcf      r4 0x0010f088    r8 0x0010f0b4   r12 0x00000000
E/TC:? 0  r1 0x00000000      r5 0x0010ee48    r9 0x00000000    sp 0x00103e80
E/TC:? 0  r2 0x0013258c      r6 0x0010ee44   r10 0x00000000    lr 0x00107d43
E/TC:? 0  r3 0x082b64c8      r7 0x00103e98   r11 0x00000000    pc 0x00107aa8
E/TC:? 0  region  0: va 0x00100000 pa 0x0e100000 size 0x001000 flags ---R-X
E/TC:? 0  region  1: va 0x00102000 pa 0x0e300000 size 0x002000 flags rw-RW-
E/TC:? 0  region  2: va 0x00104000 pa 0x0e302000 size 0x00b000 flags r-x---
E/TC:? 0  region  3: va 0x0010f000 pa 0x0e30d000 size 0x001000 flags rw-RW-
E/TC:? 0  region  4: va 0x00110000 pa 0x0e30e000 size 0x004000 flags rw-RW-
E/TC:? 0  region  5: va 0x00114000 pa 0x0e312000 size 0x001000 flags r--R--
E/TC:? 0  region  6: va 0x00115000 pa 0x0e313000 size 0x01e000 flags r-xR--
E/TC:? 0  region  7: va 0x00133000 pa 0x0e331000 size 0x00b000 flags rw-RW-
E/TC:? 0  region  8: va 0x0013e000 pa 0x0e33c000 size 0x001000 flags rw-RW-
E/TC:? 0 ldelf_init_with_ldelf:122 ldelf panicked
D/TC:? 0 tee_ta_open_session:720 init session failed 0xffff0000
D/TC:0   console_itr_cb:109 cpu 0: got 0x3
SimonWan commented 3 years ago

Hi, generally speaking, the SDK should be compatible with (at least) some external crates, and our serde example is using the external crate serde. Please refer to the example to double-check you are using the extra crate correctly.

Also, by taking a quick look at your log, your TA is getting the error 0xffff0008, which is the item not found error. Though I'm not 100% sure, it looks like the TA is not compiled correctly, so probably you can go over your logs again to see what's happening when building the TA.

ChoKyuWon commented 3 years ago

First, I look around serde example code, but some linker script make confusing me. There's some extra work other than add packagename=VERSION on Cargo.toml?

Second, I think item not found is just for lookup walking. When I try to run normal TA, It also poped up, so it;s not main cause of error. Here is message when I run optee_example_hello_world: There's also 0xffff0008 exist.

D/TC:? 0 tee_ta_init_pseudo_ta_session:299 Lookup pseudo TA 8aaaf200-2450-11e4-abe2-0002a5d5c51b
D/TC:? 0 ldelf_load_ldelf:91 ldelf load address 0x104000
D/LD:  ldelf:134 Loading TA 8aaaf200-2450-11e4-abe2-0002a5d5c51b
D/TC:? 0 ldelf_syscall_open_bin:140 Lookup user TA ELF 8aaaf200-2450-11e4-abe2-0002a5d5c51b (Secure Storage TA)
D/TC:? 0 ldelf_syscall_open_bin:144 res=0xffff0008
D/TC:? 0 ldelf_syscall_open_bin:140 Lookup user TA ELF 8aaaf200-2450-11e4-abe2-0002a5d5c51b (REE)
D/TC:? 0 ldelf_syscall_open_bin:144 res=0
D/LD:  ldelf:168 ELF (8aaaf200-2450-11e4-abe2-0002a5d5c51b) at 0x11a000
D/TA:  TA_CreateEntryPoint:39 has been called
D/TA:  TA_OpenSessionEntryPoint:68 has been called
I/TA: Hello World!
D/TA:  inc_value:105 has been called
I/TA: Got value: 42 from NW
I/TA: Increase value to: 43
D/TC:? 0 tee_ta_close_session:514 csess 0xb90916b0 id 1
D/TC:? 0 tee_ta_close_session:533 Destroy session
I/TA: Goodbye!
D/TA:  TA_DestroyEntryPoint:50 has been called
D/TC:? 0 destroy_context:310 Destroy TA ctx (0xb9091670)

Thanks for your help.

DemesneGH commented 3 years ago

Hi @ChoKyuWon

It seems that ldelf panic occurs.ldelf is a user mode ELF loader in OPTEE OS(reference here).

  1. We have upgraded the sdk to OPTEE 3.11.0.TAs built with previous sdk will probably cause a ldelf panic when running on newer OPTEE OS(such as OPTEE 3.11.0).Maybe you could try the latest sdk version.
  2. If not working,debugging the ldelf using GDB may help(reference here and here).

Best Regards, Yuan

ChoKyuWon commented 3 years ago

@DemesneGH Thanks! upgrade SDK is the perfect solution for me.