當前位置:網站首頁>【OPTEE開發】從TA到安全驅動的功能設計

【OPTEE開發】從TA到安全驅動的功能設計

2022-01-26 23:26:57 樓中望月

一、功能需求

實現普通TA通過系統調用到增加的Driver側功能,實現完整的通路。
功能:在TA中通過系統調用安全驅動中的write和read功能,增加rot service系統服務,封裝libutee對TA提供的對外接口,實現完整的通路功能。

本篇主要是通過增加這個功能,來加深對TA調用通路的理解,當然也可以不采用此通路設計,可以直接設計成TA調用PTA完成基本功能。

原創不易,轉載請注明出處:https://blog.csdn.net/jackone12347/article/details/122487418

二、TA到Driver層的架構

1. 軟件層架構

在這裏插入圖片描述

2. 實現思路

為了實現這個功能,需要完成如下幾個子模塊的設計和實現。

2.3 封裝libutee層系統API

在libutee中增加對TA調用的系統接口,方便普通的TA通過libutee庫進行調用。

2.2 core中增加系統服務層

libutee中的接口封裝OK後,需要在core serivce中增加自己的service,銜接libutee到 driver的功能。
增加的service本身也可以init初始化一些自己的基本功能,類似android的Framework中的serivce。
同時,可以增加core service有一個好處是將driver側的實現細節屏蔽掉,只提供一個對外的接口。

2.1 Driver側接口和實現

driver側的功能用途:一般driver側用來初始化一些私有的數據和操作安全設備。
我們這裏增加rot的write和read功能。

三、詳細實現

下面是詳細的設計實現。

1. 修改清單

下面是所有的涉及到的文件修改列錶:
在這裏插入圖片描述
對應的git修改列錶:

        modified:   core/arch/arm/tee/arch_svc.c
        modified:   core/drivers/sub.mk
        modified:   core/tee/sub.mk
        modified:   lib/libutee/arch/arm/utee_syscalls_asm.S
        modified:   lib/libutee/include/tee_api.h
        modified:   lib/libutee/include/tee_syscall_numbers.h
        modified:   lib/libutee/include/utee_syscalls.h
        modified:   lib/libutee/tee_api.c
        modified:   mk/config.mk

        core/drivers/driver_rot.c
        core/include/drivers/driver_rot.h
        core/include/tee/tee_rot.h
        core/tee/tee_rot.c

2. 詳細設計

2.1 libutee對外接口設計

這裏直接修改原始的tee_api.h,當然也可以不這麼設計,可以直接添加和libutee同級別的lib庫也是可以的。

TA調用接口:\lib\libutee\include\tee_api.h中增加三個調用接口:

TEE_Result Tee_Rot_Write(void *buf, size_t blen, size_t offset);

TEE_Result Tee_Rot_Read(void *buf, size_t blen, size_t offset);

TEE_Result Tee_Rot_Dump(void *buf, size_t blen);

三個接口實現:optee_os\lib\libutee\tee_api.c


TEE_Result Tee_Rot_Write(void *buf, size_t blen, size_t offset)
{
    
	TEE_Result res = TEE_SUCCESS;

	res = _utee_rot_driver_write(buf, blen, offset);

	return res;
}

TEE_Result Tee_Rot_Read(void *buf, size_t blen, size_t offset)
{
    
	TEE_Result res = TEE_SUCCESS;

	res = _utee_rot_driver_read(buf, blen, offset);

	return res;
}

TEE_Result Tee_Rot_Dump(void *buf, size_t blen)
{
    
	TEE_Result res = TEE_SUCCESS;
	
	res = _utee_rot_driver_dump(buf, blen);
	
	return res;
}

其中_utee_rot_driver_write、_utee_rot_driver_read、_utee_rot_driver_dump需要在core中繼續封裝和實現,tee_rot的封裝如下:
@core/include/tee/tee_rot.h


#include <drivers/driver_rot.h>

struct rot_service_ops {
    
    const char* name;
    struct rot_driver_ops_s rot_driver;
};

extern TEE_Result syscall_rot_driver_write(void *buf, size_t blen, size_t offset);
extern TEE_Result syscall_rot_driver_read(void *buf, size_t blen, size_t offset);
extern TEE_Result syscall_rot_driver_dump(void *buf, size_t blen);

@core/tee/tee_rot.c實現如下:

#include <drivers/driver_rot.h>
#include <tee/tee_rot.h>
#include <tee/tee_svc.h>
#include <trace.h>

TEE_Result syscall_rot_driver_write(void *buf, size_t blen, size_t offset);
TEE_Result syscall_rot_driver_read(void *buf, size_t blen, size_t offset);
TEE_Result syscall_rot_driver_dump(void *buf, size_t blen);

struct rot_service_ops rot_ops = {
    
    .name = "RotDriver",
	.rot_driver = {
    
        .device_init = device_init,
        .write_rot = write_rot,
        .read_rot = read_rot,
        .driver_dump = driver_dump,
	},
};


TEE_Result syscall_rot_driver_write(void *buf, size_t blen, size_t offset)
{
    
    uint8_t* src = NULL;
	DMSG("pis syscall_rot_driver_write entry.\n");
    src = malloc(blen);

	memcpy(src, buf, blen);
    rot_ops.rot_driver.write_rot(src, blen, offset);
    free(src);
   
    return TEE_SUCCESS;
}


TEE_Result syscall_rot_driver_read(void *buf, size_t blen, size_t offset)
{
    
    uint8_t* dst = NULL;
	
	DMSG("pis syscall_rot_driver_read entry.\n");
    dst = malloc(blen);
    rot_ops.rot_driver.read_rot(dst, blen, offset);

	memcpy(buf, dst, blen);

    free(dst);
    return TEE_SUCCESS;

}

TEE_Result syscall_rot_driver_dump(void *buf, size_t blen)
{
    
    uint8_t* dst = NULL;
    dst = malloc(blen);
    rot_ops.rot_driver.driver_dump(dst, blen);

	memcpy(buf, dst, blen);

    free(dst);
    return TEE_SUCCESS;
}


static TEE_Result tee_rot_init(void)
{
    
    DMSG("Strat to start rot servie\n");
	if (rot_ops.rot_driver.device_init)
		rot_ops.rot_driver.device_init();
    DMSG("rot servcie initial is ok\n");
	return TEE_SUCCESS;
}

service_init(tee_rot_init);

這裏有兩個地方需要重要注意:
rot_service_ops是core serivce中定義的結構體,而rot_driver_ops_s是driver對外的結構體;
service_init(tee_rot_init)是我們新的rot service的初始化的地方。

2.2 core服務設計

core service一般在OPTEE的initcall段的代碼啟動和初始化。
所以,這裏我們增加兩個文件,tee_rot.h和tee_rot.c文件,起到承上啟下的作用。

在2.1章節中調用了_utee_rot_driver_write等函數,普通TA是運行在用戶空間,不能直接調用到core service側,需要syscall轉化一下。
所以,先增加syscall通路,列錶如下:

    modified:   lib/libutee/include/utee_syscalls.h
    modified:   lib/libutee/arch/arm/utee_syscalls_asm.S
    modified:   core/arch/arm/tee/arch_svc.c
    modified:   lib/libutee/include/tee_syscall_numbers.h

內容分別如下:
@lib/libutee/include/utee_syscalls.h

	TEE_Result _utee_rot_driver_write(uint8_t *data, size_t len, size_t offset);
	TEE_Result _utee_rot_driver_read(uint8_t *dst, size_t len, size_t offset);
	TEE_Result _utee_rot_driver_dump(void *buf, size_t blen);

@lib/libutee/arch/arm/utee_syscalls_asm.S,第三個參數錶示參數的個數。

    UTEE_SYSCALL _utee_rot_driver_write, TEE_SCN_ROT_DRIVER_WRITE, 3
    UTEE_SYSCALL _utee_rot_driver_read, TEE_SCN_ROT_DRIVER_READ, 3
    UTEE_SYSCALL _utee_rot_driver_dump, TEE_SCN_ROT_DRIVER_DUMP, 2

@core/arch/arm/tee/arch_svc.c,增加三個syscall函數

static const struct syscall_entry tee_svc_syscall_table[] = {
    
...
	SYSCALL_ENTRY(syscall_rot_driver_write),
	SYSCALL_ENTRY(syscall_rot_driver_read),
	SYSCALL_ENTRY(syscall_rot_driver_dump),
}

@lib/libutee/include/tee_syscall_numbers.h 增加三個syscall,MAX修改為73

#define TEE_SCN_ROT_DRIVER_WRITE 71
#define TEE_SCN_ROT_DRIVER_READ 72
#define TEE_SCN_ROT_DRIVER_DUMP 73
#define TEE_SCN_MAX 73

2.3 Driver驅動側設計

最後再增加driver側的實現

    core/drivers/driver_rot.c
    core/include/drivers/driver_rot.h

頭文件的定義:
@core/include/drivers/driver_rot.h

#ifndef MOUDLE_ROT_DRIVER_H_
#define MOUDLE_ROT_DRIVER_H_

#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <utee_defines.h>
#include <trace.h>
#include <tee_api_types.h>
#include <string_ext.h>
#include <util.h>
#include <kernel/panic.h>

struct rot_driver_ops_s {
    
    TEE_Result (*device_init)(void);
    TEE_Result (*write_rot)(uint8_t *data, size_t len, size_t offset);
    TEE_Result (*read_rot)(uint8_t *dst, size_t len, size_t offset);
    TEE_Result (*driver_dump)(uint8_t *data, size_t len);
};


#ifndef MOUDLE_ROT_DRIVER_C_

extern TEE_Result device_init(void);
extern TEE_Result write_rot(uint8_t *data, size_t len, size_t offset);
extern TEE_Result read_rot(uint8_t *dst, size_t len, size_t offset);
extern TEE_Result driver_dump(uint8_t *data, size_t len);


#endif
#endif /* MOUDLE_ROT_DRIVER_H_*/

syscall_rot_driver_write是core serivce中對應的,這樣TA -》core serivce -> TA driver就完整的實現了通路。

下面是driver_rot.c的實現的完整代碼:
@core/drivers/driver_rot.c

#define MOUDLE_ROT_DRIVER_C_

#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <utee_defines.h>
#include <trace.h>
#include <tee_api_types.h>
#include <string_ext.h>
#include <util.h>
#include <kernel/panic.h>
#include <kernel/thread.h>
#include <kernel/thread_spmc.h>
#include <tee/tee_svc.h>
#include <trace.h>

TEE_Result device_init(void);
TEE_Result write_rot(uint8_t *data, size_t len, size_t offset);
TEE_Result read_rot(uint8_t *dst, size_t len, size_t offset);
TEE_Result driver_dump(uint8_t *data, size_t len);

uint8_t g_buffer[64] = {
    0};

TEE_Result device_init(void)
{
    
    DMSG("pis driver device rot init.\n");
    memset(g_buffer, 0, 64);
    return TEE_SUCCESS;
}

TEE_Result write_rot(uint8_t *data, size_t len, size_t offset)
{
    
    DMSG("pis driver write rot entry ====\n");

	memset(g_buffer, 0, 64);
    memcpy(&(g_buffer[offset]), data, len);

	size_t j = 0;
	for(; j < len; j++)
	{
    
		DMSG("pis driver write_rot:0x%x\n", g_buffer[j]);
	}

	DMSG("pis driver write rot done ==== \n");

    return TEE_SUCCESS;
}

TEE_Result read_rot(uint8_t *dst, size_t len, size_t offset)
{
    
    DMSG("pis driver read rot entry ====\n");

    memcpy(dst, &(g_buffer[offset]), len);

	size_t i = 0;
	for(; i < len; i++)
	{
    
		DMSG("pis driver read_rot:0x%x\n", dst[i]);
	}

	DMSG("pis driver read rot done.\n");
    return TEE_SUCCESS;
}

TEE_Result driver_dump(uint8_t *data, size_t len)
{
    
    DMSG("pis driver rot dump.\n");
    memcpy(data, &(g_buffer[0]), len);

    return TEE_SUCCESS;
}

2.4 TA應用側實現

有了以上三個部分的實現後,TA中的調用就比較簡單了,就可以和普通的lib庫一樣調用即可。
比起TA通過openTAsession等函數方便多了~~~

測試代碼如下,實現了寫入和讀取數據,數據是存在driver中的全局變量。

#include <tee_internal_api.h>
#include <tee_internal_api_extensions.h>
#include <tee_api_types.h>

TEE_Result get_rot_data()
{
    
	TEE_Result res = TEE_SUCCESS;

	DMSG("pis 1 get_rot_data entry. \n");
	res = Tee_Rot_Write((void *)"aaaabbbbccccdddd1111222233334444aaaabbbbccccdddd1111222233334444", 64, 0);
	DMSG ("pis 22 Tee_Rot_Write result:%d", res);

	uint8_t *temp = NULL;
	temp = malloc(65);

	res = Tee_Rot_Read(temp, 64, 0);
	DMSG ("pis 1 Tee_Rot_Read result:%d", res);
	int i = 0;
	for(; i < 64; i++) {
    
		DMSG ("pis Tee_Rot_Read content:0x%x", temp[i]);
	}

	free(temp);

	DMSG("pis 1 get_rot_data done. \n");

	return res;
}

運行結果:
rot service在OPTEE啟動的時候的打印,可以看到rot service正常啟動和init初始化了。

D/TC:4 0 call_initcalls:21 level 3 tee_rot_init()
D/TC:4 0 tee_rot_init:76 Strat to start rot servie
D/TC:4 0 device_init:29 pis driver device rot init.
D/TC:4 0 tee_rot_init:79 rot servcie initial is ok

寫ROT數據:

D/TA:  get_rot_data:1514 pis get_rot_data entry.
F/TC:? 0 trace_syscall:155 syscall #71 (syscall_rot_driver_write)
D/TC:? 0 syscall_rot_driver_write:35 pis syscall_rot_driver_write entry.
D/TC:? 0 write_rot:36 pis driver write rot entry ====
D/TC:? 0 write_rot:44 pis driver write_rot:0x61
D/TC:? 0 write_rot:44 pis driver write_rot:0x61
D/TC:? 0 write_rot:44 pis driver write_rot:0x61
D/TC:? 0 write_rot:44 pis driver write_rot:0x61
D/TC:? 0 write_rot:44 pis driver write_rot:0x62
D/TC:? 0 write_rot:44 pis driver write_rot:0x62
D/TC:? 0 write_rot:44 pis driver write_rot:0x62
D/TC:? 0 write_rot:44 pis driver write_rot:0x62
D/TC:? 0 write_rot:44 pis driver write_rot:0x63
D/TC:? 0 write_rot:44 pis driver write_rot:0x63
D/TC:? 0 write_rot:44 pis driver write_rot:0x63
D/TC:? 0 write_rot:44 pis driver write_rot:0x63
D/TC:? 0 write_rot:44 pis driver write_rot:0x64
D/TC:? 0 write_rot:44 pis driver write_rot:0x64
D/TC:? 0 write_rot:44 pis driver write_rot:0x64
D/TC:? 0 write_rot:44 pis driver write_rot:0x64
D/TC:? 0 write_rot:44 pis driver write_rot:0x31
D/TC:? 0 write_rot:44 pis driver write_rot:0x31
D/TC:? 0 write_rot:44 pis driver write_rot:0x31
D/TC:? 0 write_rot:44 pis driver write_rot:0x31
D/TC:? 0 write_rot:44 pis driver write_rot:0x32
D/TC:? 0 write_rot:44 pis driver write_rot:0x32
D/TC:? 0 write_rot:44 pis driver write_rot:0x32
D/TC:? 0 write_rot:44 pis driver write_rot:0x32
D/TC:? 0 write_rot:44 pis driver write_rot:0x33
D/TC:? 0 write_rot:44 pis driver write_rot:0x33
D/TC:? 0 write_rot:44 pis driver write_rot:0x33
D/TC:? 0 write_rot:44 pis driver write_rot:0x33
D/TC:? 0 write_rot:44 pis driver write_rot:0x34
D/TC:? 0 write_rot:44 pis driver write_rot:0x34
D/TC:? 0 write_rot:44 pis driver write_rot:0x34
D/TC:? 0 write_rot:44 pis driver write_rot:0x34
D/TC:? 0 write_rot:44 pis driver write_rot:0x61
D/TC:? 0 write_rot:44 pis driver write_rot:0x61
D/TC:? 0 write_rot:44 pis driver write_rot:0x61
D/TC:? 0 write_rot:44 pis driver write_rot:0x61
D/TC:? 0 write_rot:44 pis driver write_rot:0x62
D/TC:? 0 write_rot:44 pis driver write_rot:0x62
D/TC:? 0 write_rot:44 pis driver write_rot:0x62
D/TC:? 0 write_rot:44 pis driver write_rot:0x62
D/TC:? 0 write_rot:44 pis driver write_rot:0x63
D/TC:? 0 write_rot:44 pis driver write_rot:0x63
D/TC:? 0 write_rot:44 pis driver write_rot:0x63
D/TC:? 0 write_rot:44 pis driver write_rot:0x63
D/TC:? 0 write_rot:44 pis driver write_rot:0x64
D/TC:? 0 write_rot:44 pis driver write_rot:0x64
D/TC:? 0 write_rot:44 pis driver write_rot:0x64
D/TC:? 0 write_rot:44 pis driver write_rot:0x64
D/TC:? 0 write_rot:44 pis driver write_rot:0x31
D/TC:? 0 write_rot:44 pis driver write_rot:0x31
D/TC:? 0 write_rot:44 pis driver write_rot:0x31
D/TC:? 0 write_rot:44 pis driver write_rot:0x31
D/TC:? 0 write_rot:44 pis driver write_rot:0x32
D/TC:? 0 write_rot:44 pis driver write_rot:0x32
D/TC:? 0 write_rot:44 pis driver write_rot:0x32
D/TC:? 0 write_rot:44 pis driver write_rot:0x32
D/TC:? 0 write_rot:44 pis driver write_rot:0x33
D/TC:? 0 write_rot:44 pis driver write_rot:0x33
D/TC:? 0 write_rot:44 pis driver write_rot:0x33
D/TC:? 0 write_rot:44 pis driver write_rot:0x33
D/TC:? 0 write_rot:44 pis driver write_rot:0x34
D/TC:? 0 write_rot:44 pis driver write_rot:0x34
D/TC:? 0 write_rot:44 pis driver write_rot:0x34
D/TC:? 0 write_rot:44 pis driver write_rot:0x34
D/TC:? 0 write_rot:65 pis driver write rot done ====
D/TA:  get_rot_data:1518 pis Tee_Rot_Write result:0

再讀取ROT數據

F/TC:? 0 trace_syscall:155 syscall #72 (syscall_rot_driver_read)
D/TC:? 0 syscall_rot_driver_read:50 pis syscall_rot_driver_read entry.
D/TC:? 0 read_rot:72 pis driver read rot entry ====
D/TC:? 0 read_rot:82 pis driver read rot done.
D/TA:  get_rot_data:1524 pis 1 Tee_Rot_Read result:0
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x61
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x61
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x61
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x61
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x62
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x62
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x62
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x62
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x63
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x63
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x63
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x63
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x64
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x64
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x64
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x64
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x31
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x31
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x31
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x31
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x32
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x32
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x32
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x32
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x33
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x33
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x33
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x33
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x34
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x34
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x34
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x34
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x61
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x61
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x61
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x61
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x62
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x62
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x62
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x62
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x63
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x63
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x63
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x63
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x64
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x64
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x64
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x64
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x31
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x31
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x31
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x31
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x32
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x32
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x32
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x32
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x33
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x33
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x33
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x33
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x34
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x34
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x34
D/TA:  get_rot_data:1527 pis Tee_Rot_Read content:0x34
D/TA:  get_rot_data:1532 pis 1 get_rot_data done.

版權聲明
本文為[樓中望月]所創,轉載請帶上原文鏈接,感謝
https://cht.chowdera.com/2022/01/202201262326571259.html

隨機推薦