文档
我要评分
获取效率
正确性
完整性
易理解
提交关闭

Procedure

This document uses the itrustee_sdk-1.0 version and rsa-demo code as an example to describe how to deploy the TA and CA compilation environment. The OS version is openEuler 20.03 LTS SP1.

Obtaining the iTrustee SDK

  1. Download the iTrustee SDK.

    https://gitee.com/openeuler/itrustee_sdk/tree/itrustee_sdk-1.0/

    Code branch: itrustee_sdk-1.0

  2. Decompress the iTrustee SDK package. The following figure shows the directory structure:

    The SDK includes the four directories: build, include, test, and thirdparty.

    • build/: stores the signature tool of TAs.
    • include/: stores the description of function interfaces supported by the iTrustee OS, including standard Global Platform (GP) interfaces and some Huawei extended interfaces.
    • test/: stores the source code of TAs and CAs.
    • thirdparty/: stores third-party libraries used by TAs and CAs.
  3. Download the libboundscheck safety function library.

    https://gitee.com/openeuler/libboundscheck

    Code branch: master

    Move the downloaded libboundscheck folder to the itrustee_sdk/thirdparty/open_source/ directory, as shown in the following figure:

Compiling the rsa-demo Applications

  1. Compile the rsa_demo CA.
    1
2
    		 
    cd itrustee_sdk/test/CA/rsa_demo/cloud
make

    After the compilation is complete, a CA binary file is generated in the directory of the Makefile file, as shown in the following figure:

  2. Compile the rsa_demo TA.
    1. Apply to the Huawei service owner for the compilation materials of the rsa_demo TA, including the private key and the config binary file issued by Huawei.

    2. Copy the compilation materials to the specified directory of the rsa_demo TA in the iTrustee SDK. 
      1
2
      		 
      cp rsa_demo/signed_config/config itrustee_sdk/test/TA/rsa_demo/cloud/signed_config/
cp rsa_demo/TA_cert/private_key.pem itrustee_sdk/test/TA/rsa_demo/cloud/TA_cert/
    3. Compile the rsa_demo TA. 
      1
2
      		 
      cd itrustee_sdk/test/TA/rsa_demo/cloud
make

    After the compilation is complete, a TA .sec file is generated in the directory of the Makefile file. The file name is the unique UUID of each TA application.

A standard TA contains the source code, TA private key, signed config file, config_cloud.ini file, and manifest.txt file, as shown in the following figure. The config_cloud.ini, config, and private_key.pem files are related to TA signing. For details about how to generate these files, see Applying for a TA Developer Certificate in a Debugging Environment. The manifest.txt file describes the resources that the TEE provides for TAs. These resources are prepared by developers.

An example of the manifest.txt file:

1
2
3
4
5
6
7
 
gpd.ta.appID:                   f68fd704-6eb1-4d14-b218-722850eb3ef0
gpd.ta.service_name:            rsa-demo
gpd.ta.singleInstance:          true
gpd.ta.multiSession:            false
gpd.ta.instanceKeepAlive:       false
gpd.ta.dataSize:                67928064
gpd.ta.stackSize:               40960

Among the preceding fields:

  • gpd.ta.appID is the TA UUID, which is generated by the user and is the same as the CA UUID. Each TA has a unique UUID.
  • gpd.ta.service_name is the TA name, which is a string consisting of 1 to 27 characters.
  • gpd.ta.dataSize is an integer, which indicates the size of the TA heap space, in bytes.
  • gpd.ta.stackSize is an integer, which indicates the size of the TA stack space, in bytes.

For other possible fields in the manifest.txt file, see the iTrustee SDK Developer Guide.

Please contact the Huawei service owner for this guide.