Navigation

    全志在线开发者论坛
    • Register
    • Login
    • Search
    • Categories
    • Tags
    • 在线文档
    • 社区主页

    【FAQ】全志R系列在Tina下如何设置optee-secure-storage默认保存路径

    其它全志芯片讨论区
    r329 r818 r328 faq 技术支持
    1
    1
    253
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • q1215200171
      budbool LV 8 last edited by

      问题背景
      optee REE SecureStorage的默认存储路径是 /data/tee,不符合客户自身的使用场景,需要进行更换。

      问题分析
      首先,上官网查找相关资料,官网上介绍比较简单,没有具体说明。

      TEE File Structure in Linux File System
OP-TEE by default uses /data/tee/ as the secure storage space in the Linux file system. Each persistent object is assigned an internal identifier. It is an integer which is visible in the Linux file system as /data/tee/<file number>.

A directory file, /data/tee/dirf.db, lists all the objects that are in the secure storage. All normal world files are integrity protected and encrypted, as described below.

      接着分析,rootfs中的/data/tee目录原本是不存在的,但是启动到控制台后,默认就存在了,所以极有可能是在非安全端的后台应用程序tee-supplicant中进行创建的,打开其源码,进行搜索,结果如下

      x```
      xx@xxx:~/xxx/optee_client-3.7.0$ grep -r '/data/tee'
      config.mk:CFG_TEE_FS_PARENT_PATH ?= /data/tee
      匹配到二进制文件 out/export/usr/sbin/tee-supplicant
      匹配到二进制文件 out/tee-supplicant/tee_supp_fs.o
      匹配到二进制文件 out/tee-supplicant/tee-supplicant
      匹配到二进制文件 ipkg-sunxi/optee-client-3.7/usr/sbin/tee-supplicant
      libteec/CMakeLists.txt:set (CFG_TEE_CLIENT_LOG_FILE "/data/tee/teec.log" CACHE STRING "Location of libteec log")
      tee-supplicant/CMakeLists.txt:set (CFG_TEE_FS_PARENT_PATH "/data/tee" CACHE STRING "Location of TEE filesystem (secure storage)")

      
可以看到,最后一行CMakeLists.txt有个宏变量 CFG_TEE_FS_PARENT_PATH ,其注释为TEE FS的路径,有可能是这个。接续迭代搜索,见下面流程,阅读代码,确认就是这个影响。

      xxx@xxx:~/xxx/optee_client-3.7.0$ grep -r 'CFG_TEE_FS_PARENT_PATH'

      tee-supplicant/tee_supplicant_android.mk:               -DTEE_FS_PARENT_PATH=\"$(CFG_TEE_FS_PARENT_PATH)\"
tee-supplicant/Makefile:                   -DTEE_FS_PARENT_PATH=\"$(CFG_TEE_FS_PARENT_PATH)\" \
tee-supplicant/CMakeLists.txt:set (CFG_TEE_FS_PARENT_PATH "/data/tee" CACHE STRING "Location of TEE filesystem (secure storage)")
tee-supplicant/CMakeLists.txt:  PRIVATE -DTEE_FS_PARENT_PATH="${CFG_TEE_FS_PARENT_PATH}"
...
xxx@xxx:~/xxx/optee_client-3.7.0$ grep -rn 'TEE_FS_PARENT_PATH'
tee-supplicant/src/tee_supp_fs.c:124:   n = snprintf(tee_fs_root, sizeof(tee_fs_root), "%s/", TEE_FS_PARENT_PATH);

      查看tee-supplicant/src/tee_supp_fs.c文件第124行,符合猜想。

      static int tee_supp_fs_init(void)
{
        size_t n = 0;
        mode_t mode = 0700;

        n = snprintf(tee_fs_root, sizeof(tee_fs_root), "%s/", TEE_FS_PARENT_PATH);
        if (n >= sizeof(tee_fs_root))
                return -1;

        if (mkpath(tee_fs_root, mode) != 0)
                return -1;

        return 0;
}

      问题解决
      config.mk与tee-supplicant/CMakeLists.txt都包含CFG_TEE_FS_PARENT_PATH,根据Tina下编译规则,发现这个包是用Makefile编译的,修改config.mk下的CFG_TEE_FS_PARENT_PATH为目标路径即可解决。

      1 Reply Last reply Reply Quote Share 0
      • Referenced by  q1215200171 q1215200171 
      • Referenced by  q1215200171 q1215200171 
      • Referenced by  q1215200171 q1215200171 
      • Referenced by  q1215200171 q1215200171 
      • Referenced by  q1215200171 q1215200171 
      • 1 / 1
      • First post
        Last post

      Copyright © 2023 深圳全志在线有限公司 粤ICP备2021084185号 粤公网安备44030502007680号

      行为准则 | 用户协议 | 隐私权政策