Documentation
Rate This Document
Findability
Accuracy
Completeness
Readability
SubmitClose

Installing and Uninstalling the iTrustee SDK

  • The Development Assistant enables you to create GlobalPlatform-compliant secure computing projects and high-level language projects with ease, reconstruct existing Java or Python projects, deploy SDKs, and check the compilation environment.
    • For a GlobalPlatform-based secure computing application, you can create an empty project or a CA, TA, RSA, confidential data storage, secret voting, or certificate issuing project. For a Java or Python application, you can create a high-level language project or reconstruct an existing Java or Python project. New projects run in the REE or TEE. When TrustZone is enabled, hardware in the REE and TEE is isolated from each other and runs at the same time. The trusted OS in the TEE protects data and other resources.
    • An application project contains source code and abundant samples, which greatly improve coding efficiency.
    • In the secure computing application project development framework, you can hover your mouse pointer over next to a component to see descriptions about the function of each TEE component.
  • A trusted execution environment (TEE) works based on the TrustZone technology. TrustZone allows a CPU to work in either normal or secure mode. The rich execution environment (REE) runs in normal mode, whereas the TEE runs in secure mode. In secure mode, peripheral hardware resources, such as memory and peripherals, are protected and isolated to isolate the TEE from the REE and protect the TEE.
  • The iTrustee SDK contains kunpeng-sc and kunpeng-sc-devel. kunpeng-sc is used to run Kunpeng secure computing applications, and kunpeng-sc-devel used to develop Kunpeng secure applications. Therefore, to run a Kunpeng secure application, you only need to install kunpeng-sc. To develop a Kunpeng security application, you need to install kunpeng-sc and kunpeng-sc-devel.

Prerequisites

  • The TEE feature has been enabled on the server. To enable it, access the BIOS and choose Advanced > TEE Config > Support TEE > Enable.
  • The OS is CentOS 7.6 Arm, openEuler 20.03 LTS SP1 Arm, UOS 20 SP1 Server Arm64, or Kylin V10 Arm running on physical machines.

Installation Directory Structure

Table 1 Structure of the kunpeng-sc installation directory

File Type

Installation Path

Description

SO file

/usr/lib64/libboundscheck.so

/usr/lib64/libteec.so

/usr/lib64/libteec_adaptor.so

Installation paths of SO files.

Binary file

/usr/bin/teecd

/usr/bin/tlogcat

Installation paths of binary files.

Software package

/usr/local/kunpeng-sc

Installation path of the software package (including the driver).
Table 2 Structure of the kunpeng-sc-devel installation directory

File Type

Installation Path

Description

Header file

/usr/include/itrustee_sdk

Installation path of the header file.

Software package

/usr/local/kunpeng-sc-devel

Installation path of the software package (including the demo, packaging tool, and SDK source code).

Installing and Uninstalling the iTrustee SDK

  • SDK installation and uninstallation (CentOS 7.6 or openEuler 20.03 LTS SP1)
    1. Obtain the iTrustee SDK installation packages.
    2. Decompress the installation packages.
      1
2
      tar -zxvf kunpeng-sc-xxx.aarch64.tar.gz
tar -zxvf kunpeng-sc-devel-xxx.aarch64.tar.gz
    3. Go to the decompressed directories and install the SDK packages.

      kunpeng-sc:

      1
      rpm -ivh kunpeng-sc-xxx.aarch64.rpm

      kunpeng-sc-devel:

      1
      rpm -ivh kunpeng-sc-devel-xxx.aarch64.rpm
    4. Uninstall the SDK.

      kunpeng-sc-devel:

      1
      rpm -e kunpeng-sc-devel

      kunpeng-sc:

      1
      rpm -e kunpeng-sc
  • SDK installation and uninstallation (Kylin V10)
    1. Obtain the iTrustee SDK installation package from the Kunpeng mirror.
    2. Decompress the installation packages.
      1
2
      tar -zxvf kunpeng-sc-xxx.ky10.aarch64.tar.gz
tar -zxvf kunpeng-sc-devel-xxx.ky10.aarch64.tar.gz
    3. Go to the decompressed directories and install the SDK packages.

      kunpeng-sc:

      1
      rpm -ivh kunpeng-sc-xxx.ky10.aarch64.rpm
      kunpeng-sc-devel:
      1
      rpm -ivh kunpeng-sc-devel-xxx.ky10.aarch64.rpm
    4. Uninstall the SDK.

      kunpeng-sc-devel:

      1
      rpm -e kunpeng-sc-devel
      kunpeng-sc:
      1
      rpm -e kunpeng-sc
  • SDK installation and uninstallation (UOS 20 SP1)
    1. Obtain the iTrustee SDK installation package from the Kunpeng mirror.
    2. Decompress the installation packages.
      1
2
      tar -zxvf kunpeng-sc_xxx_arm64.tar.gz
tar -zxvf kunpeng-sc-devel_xxx_arm64.tar.gz
    3. Go to the decompressed directories and install the SDK packages.

      kunpeng-sc:

      1
      dpkg -i kunpeng-sc_xxx_arm64.deb
      kunpeng-sc-devel:
      1
      dpkg -i kunpeng-sc-devel_xxx_arm64.deb
    4. Uninstall the SDK.

      kunpeng-sc-devel:

      1
      dpkg --purge kunpeng-sc-devel
      kunpeng-sc:
      1
      dpkg --purge kunpeng-sc
  • Obtain the latest TAR.GZ installation packages from the URLs given above, decompress the packages, and install the software.
  • The kunpeng-sc-devel and kunpeng-sc software packages are dependent on each other. You must install the kunpeng-sc software package before installing the kunpeng-sc-devel software package. Before uninstalling the kunpeng-sc software package, ensure that the kunpeng-sc-devel software package has been uninstalled.
  • Ensure that kunpeng-sc and kunpeng-sc-devel software packages are of the same version.
  • xxx indicates the version number. The iTrustee SDK has been updated to version 2.0.1.

Demo Usage

After the installation is successful, refer to the README file of the corresponding demo in the /usr/local/{TEE_DIR}/example directory for details.