Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Procedure

This document uses the itrustee_sdk-1.0 version and rsa-demo code as an example to describe how to deploy the TA and CA compilation environment. The OS version is openEuler 20.03 LTS SP1.

Obtaining the iTrustee SDK

  1. Download the iTrustee SDK.

    https://gitee.com/openeuler/itrustee_sdk/tree/itrustee_sdk-1.0/

    Code branch: itrustee_sdk-1.0

    The following figure shows the directory structure of the SDK.

    The SDK includes the four directories: build, include, test, and thirdparty.

    • build/: stores the signature tool of TAs.
    • include/: stores the description of function interfaces supported by the iTrustee OS, including standard Global Platform (GP) interfaces and some Huawei extended interfaces.
    • test/: stores the source code of TAs and CAs.
    • thirdparty/: stores third-party libraries used by TAs and CAs.
  2. Obtain the libboundscheck bounds check function library.

    https://gitee.com/openeuler/libboundscheck

    Code branch: master

    Move the downloaded libboundscheck folder to the itrustee_sdk/thirdparty/open_source/ directory, as shown in the following figure:

Compiling the rsa-demo Applications

  1. Compile the rsa_demo CA.
    1
2
    		 
    cd itrustee_sdk/test/CA/rsa_demo/cloud
make

    After the compilation is complete, a CA binary file is generated in the directory of the Makefile file, as shown in the following figure:

  2. Compile the rsa_demo TA.
    1. Apply to the Huawei service owner for the compilation materials of the rsa_demo TA, including the private key and the config binary issued by Huawei. The following figure shows the file information:

    2. Copy the compilation materials to the specified directory of the rsa_demo TA in the iTrustee SDK. 
      1
2
      		 
      cp rsa_demo/signed_config/config itrustee_sdk/test/TA/rsa_demo/cloud/signed_config/
cp rsa_demo/TA_cert/private_key.pem itrustee_sdk/test/TA/rsa_demo/cloud/TA_cert/
    3. Compile the rsa_demo TA. 
      1
2
      		 
      cd itrustee_sdk/test/TA/rsa_demo/cloud
make

      After the compilation is complete, a TA .sec file is generated in the directory of the Makefile file. The file name is the unique UUID of each TA.

Configuring the manifest.txt File

A standard TA contains the source code, TA private key, signed config file, config_cloud.ini file, and manifest.txt file, as shown in the following figure. The config_cloud.ini, config, and private_key.pem files are related to TA signing. For details about how to generate these files, see Applying for a TA Developer Certificate in a Debugging Environment. The manifest.txt file describes the resources that the TEE provides for TAs. These resources are prepared by users.

An example of the manifest.txt file:

1
2
3
4
5
6
7
8
 
gpd.ta.appID:                   f68fd704-6eb1-4d14-b218-722850eb3ef0
gpd.ta.service_name:            rsa-demo
gpd.ta.singleInstance:          true
gpd.ta.multiSession:            false
gpd.ta.instanceKeepAlive:       false
gpd.ta.dataSize:                67928064
gpd.ta.stackSize:               40960
gpd.ta.mem_page_align:          false

Among the preceding fields:

  • gpd.ta.appID is the TA UUID, which is generated by the user and is the same as the CA UUID. Each TA has a unique UUID.

    You can run the cat /proc/sys/kernel/random/uuid command to obtain the UUID.

  • gpd.ta.service_name is the TA name, which is a string consisting of 1 to 27 characters.
  • gpd.ta.dataSize is the TA heap space size, which is an integer equal to 1 byte when mem_page_align is set to false and 4096 bytes when mem_page_align is set to true.
  • gpd.ta.stackSize is the TA stack space size, which is an integer equal to 1 byte when mem_page_align is set to false and 4096 bytes when mem_page_align is set to true.

For other possible fields in the manifest.txt file, see the iTrustee SDK Developer Guide.

Please contact the Huawei service owner for this guide.