【FAQ】全志R系列在Tina下如何设置optee-secure-storage默认保存路径

budbool LV 9

问题背景
optee REE SecureStorage的默认存储路径是 /data/tee，不符合客户自身的使用场景，需要进行更换。

问题分析
首先，上官网查找相关资料，官网上介绍比较简单，没有具体说明。

TEE File Structure in Linux File System
OP-TEE by default uses /data/tee/ as the secure storage space in the Linux file system. Each persistent object is assigned an internal identifier. It is an integer which is visible in the Linux file system as /data/tee/<file number>.

A directory file, /data/tee/dirf.db, lists all the objects that are in the secure storage. All normal world files are integrity protected and encrypted, as described below.

接着分析，rootfs中的/data/tee目录原本是不存在的，但是启动到控制台后，默认就存在了，所以极有可能是在非安全端的后台应用程序tee-supplicant中进行创建的，打开其源码，进行搜索，结果如下

x```
xx@xxx:~/xxx/optee_client-3.7.0$ grep -r '/data/tee'
config.mk:CFG_TEE_FS_PARENT_PATH ?= /data/tee
匹配到二进制文件 out/export/usr/sbin/tee-supplicant
匹配到二进制文件 out/tee-supplicant/tee_supp_fs.o
匹配到二进制文件 out/tee-supplicant/tee-supplicant
匹配到二进制文件 ipkg-sunxi/optee-client-3.7/usr/sbin/tee-supplicant
libteec/CMakeLists.txt:set (CFG_TEE_CLIENT_LOG_FILE "/data/tee/teec.log" CACHE STRING "Location of libteec log")
tee-supplicant/CMakeLists.txt:set (CFG_TEE_FS_PARENT_PATH "/data/tee" CACHE STRING "Location of TEE filesystem (secure storage)")


可以看到，最后一行CMakeLists.txt有个宏变量 CFG_TEE_FS_PARENT_PATH ，其注释为TEE FS的路径，有可能是这个。接续迭代搜索，见下面流程，阅读代码，确认就是这个影响。

xxx@xxx:~/xxx/optee_client-3.7.0$ grep -r 'CFG_TEE_FS_PARENT_PATH'

tee-supplicant/tee_supplicant_android.mk:               -DTEE_FS_PARENT_PATH=\"$(CFG_TEE_FS_PARENT_PATH)\"
tee-supplicant/Makefile:                   -DTEE_FS_PARENT_PATH=\"$(CFG_TEE_FS_PARENT_PATH)\" \
tee-supplicant/CMakeLists.txt:set (CFG_TEE_FS_PARENT_PATH "/data/tee" CACHE STRING "Location of TEE filesystem (secure storage)")
tee-supplicant/CMakeLists.txt:  PRIVATE -DTEE_FS_PARENT_PATH="${CFG_TEE_FS_PARENT_PATH}"
...
xxx@xxx:~/xxx/optee_client-3.7.0$ grep -rn 'TEE_FS_PARENT_PATH'
tee-supplicant/src/tee_supp_fs.c:124:   n = snprintf(tee_fs_root, sizeof(tee_fs_root), "%s/", TEE_FS_PARENT_PATH);

查看tee-supplicant/src/tee_supp_fs.c文件第124行，符合猜想。

static int tee_supp_fs_init(void)
{
        size_t n = 0;
        mode_t mode = 0700;

        n = snprintf(tee_fs_root, sizeof(tee_fs_root), "%s/", TEE_FS_PARENT_PATH);
        if (n >= sizeof(tee_fs_root))
                return -1;

        if (mkpath(tee_fs_root, mode) != 0)
                return -1;

        return 0;
}

问题解决
config.mk与tee-supplicant/CMakeLists.txt都包含CFG_TEE_FS_PARENT_PATH，根据Tina下编译规则，发现这个包是用Makefile编译的，修改config.mk下的CFG_TEE_FS_PARENT_PATH为目标路径即可解决。