Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Instructions on Using the Confidential OS SDK

The TEE OS that supports high-level languages has been upgraded to confidential OS. If a Java or Python program needs to invoke an SO dynamic library, the SO dynamic library must be compiled using the associated confidential OS SDK before being loaded to the TEE. In addition to the SO dynamic library on which high-level language applications depend, the Java or Python runtime environment and third-party libraries involving SO dynamic libraries also need to be recompiled using the confidential OS SDK.

In the source file or software package analysis result for Java or Python application reconstruction, if there are dependency files to be ported, refer to the following operations. The following uses the SO dynamic library as an example to demonstrate how to use the confidential OS SDK to recompile the library and deploy it to the TEE for higher porting efficiency.

Installing the Confidential OS SDK and Enabling the Compiler

For details about how to install the confidential OS SDK and enable the compiler, see Kunpeng BoostKit for Confidential Computing TrustZone Kit Feature Guide.

Using the pack-App Packaging and Signing Tool

To use high-level language applications, Java or Python runtime environment, and third-party libraries, you need to use a certificate to sign them first and generate SEC files before deploying them into the TEE. You can use the pack-App tool to perform packaging and signing.

  1. Create a folder (for example, demo) in the /usr/local/kunpeng-sc-devel/utils/pack-App/ directory.
  2. Place the high-level language application in the created demo folder.
  3. Apply for a TA certificate for the high-level language package demo.
  4. Place the requested certificate and the corresponding private key in the pack-App/pack_tools directory and name them ta_cert.der and private_key.pem respectively.
  5. Obtain the SEC file (for example, demo.sec) from the pack-App directory.
  • The high-level language must be Java or Python.
  • The total size of the high-level language program package must be less than 300 MB. If the size is greater than 300 MB, you are advised to process them in batches.
Parent topic: Java or Python Projects