DemesneGH
commented
1 year ago Hi @HakonToemte
The main commit of porting to OP-TEE in ring is: https://github.com/veracruz-project/ring/commit/808f1f6184b72266ac633e2f0e9a05ad4942a77c, where the random generation function has been patched to optee_utee::Random.
The other example is the Rustls crate in tls-client and tls-server, we patched time for OP-TEE use: https://github.com/DemesneGH/rustls/commit/5517587a235f27dee09a88010f57f2ea5d5a90b3.
How can one turn a non-compatible crate into a compatible one?
Replace the incompatible syscalls with the ones provided in TrustZone SDK. The functionalities TrustZone SDK provided are in SDK/optee-utee/src. But if a crate uses the syscall OP-TEE unsupported, it cannot be compatible with OP-TEE.
You can find the already altered crates in our examples. There are Ring and Rustls for now. If we have ported a new crate we will add an example for it.
mssun
HakonToemte
Good day! In the signature_verification-rs example, an altered and Rust OPTEE compatible version of ring is used.
ring = { git = "https://github.com/veracruz-project/ring.git", branch = "veracruz", version = "=0.16.11", features = ["std"] }I suppose this is done because the official ring crate is non-compatible, atleastring = "0.16.11"does not compile for me. I realize this probably means the official ring crate uses system calls.How can one turn a non-compatible crate into a compatible one? How much work is this usually? Also, do you have any tricks to find any already altered and compatible versions of crates online?
Thank you!