How to integrate CA binaries without TA into roofts

[jianxingjianjin]

I have a CA and I want to load it into the system virtualized by qemu after opte is running. I am in optee_examples, but there is no ta showing that it cannot be loaded into roofts after compilation.

[jbech-linaro]

The QEMU setup that is provided by the OP-TEE project will do it automatically for you if you rebuild after making the changes. If you on the other hand want to push the files manually, then you mount the host PC and just copy the files.

Build with QEMU fs sharing enabled:

$ make QEMU_VIRTFS_ENABLE=y

Mount host filesystem in Buildroot and run this at the shell in Buildroot:

mkdir /host && mount -t 9p -o trans=virtio host /host

After this step you can in Buildroot just do cp /host/<path-to-ca-files/ /bin/

[jianxingjianjin]

thanks for your answer！

[jianxingjianjin]

Excuse me, for automatic construction, can there be no ta but only host?

[jforissier]

The QEMU setup that is provided by the OP-TEE project will do it automatically for you if you rebuild after making the changes. If you on the other hand want to push the files manually, then you mount the host PC and just copy the files.

Build with QEMU fs sharing enabled:

$ make QEMU_VIRTFS_ENABLE=y

True, and this procedure can be further simplified with QEMU_VIRTFS_AUTOMOUNT=y since commit 206aa468295c ("qemu: optionally preserve secure storage between reboots"). https://github.com/OP-TEE/build/blob/3.12.0/common.mk#L58-L62

[jbech-linaro]

Excuse me, for automatic construction, can there be no ta but only host?

Not sure I understand the question, but you can push TA's as well (cp TA's to /lib/optee_armtz/).

[jianxingjianjin]

OK ，thank you.

[github-actions[bot]]

This issue has been marked as a stale issue because it has been open (more than) 30 days with no activity. Remove the stale label or add a comment, otherwise this issue will automatically be closed in 5 days. Note, that you can always re-open a closed issue at any time.