文档
我要评分
获取效率
正确性
完整性
易理解
提交关闭

Failed to Load a CA/TA

Symptom

A CA/TA fails to be run. Related error information is displayed in the system log or TEE.

Impact on the System

  • Non-TrustZone system functions are not affected.
  • The CA and TA cannot be loaded and service functions are affected.

Possible Causes

  • The REE patch is not properly deployed or loaded.
  • The CA/TA is not properly deployed or the CA is not running in the absolute path.
  • The TA is using a libc or OpenSSL API that iTrustee does not support.
  • The TA is not correctly compiled. It may use an unmatched config binary file or manifest.txt file.

Fault Locating

Figure 1 shows the fault locating process.

Figure 1 Failed to load a CA/TA

Procedure

  1. Check whether the REE patch is properly deployed and loaded.
    1. Check whether the dynamic library is properly deployed.
      ldconfig -p | grep -E "teec|boundscheck"

      Expected result:

    2. Check whether the teecd and tzdriver files are properly loaded.
      ps aux | grep teecd
lsmod | grep tzdriver

    3. If the REE patch is not properly deployed or loaded, redeploy it by following instructions in Loading the REE Driver. Otherwise, go to 2.
      1. The .so file of the dynamic library must be stored in the /usr/lib64 directory and can be found by the default dynamic library of the system.
      2. The teecd daemon must be run in the absolute path. That is, the teecd daemon must be loaded by running the /usr/bin/teecd command.
  2. Check security logs in the TEE.
    tlogcat
    • If any error information about TA loading exists in the TEE security logs, rectify the fault by following instructions in Common Error Logs. If the fault persists, contact Huawei technical support.
    • If the TEE does not contain any error information or new logs, go to 3.
  3. Check the REE system logs.
    journalctl --since "1 min ago"
    • Collect and view system user-mode logs generated within 1 minute, including logs of the teecd user-mode process and CA. Rectify the fault by following instructions in Common Error Logs. If the fault persists, contact Huawei technical support.
    • If no teecd log information is displayed, contact Huawei technical support.
Parent topic: Troubleshooting Cases