Data Isolation of the Trusted Storage Function in the Secure OS

4.1.8

Verify that data can be isolated using the trusted storage function in the secure OS.

See Test Networking.

1. The TrustZone kit has been burnt into the servers (at least two servers) and the TrustZone license has been activated.
2. The REE patch has been loaded to the server. The CA and TA can be loaded and can communicate with each other properly.

1. Log in to the REE OS and load the TrustZone REE patch. (See Expected Result 1.)

   insmod tzdriver

   /usr/bin/teecd &

2. Write the test CA 1 and TA 1. Ensure that TA 1 calls the GP trusted storage API to persistently store the randomly generated data to the /ta1/data1 path of the drive.
3. Write the test CA 2 and TA 2. Ensure that TA 2 calls the GP trusted storage API to read the data of /ta1/data1. (See Expected Result 2.)
4. Copy the test CA 1 and TA 1 and the generated data in /ta1/data1 to another server. Ensure that TA 1 reads the data of /ta1/data1. (See Expected Result 3.)

1. The REE patch is loaded and no error information is displayed.
2. TA 2 fails to call the trusted storage API, and a message is displayed indicating that the TA does not have the permission.
3. TA 1 fails to call the trusted storage API, and a message is displayed indicating that the decryption fails.