RFC: An effort to standardize OP-TEE rust based TAs development environment

.github/workflows/ci.yml

@@ -67,7 +67,7 @@ jobs:
           source environment &&
           make optee &&
           . ~/.cargo/env &&
-          (cd optee-utee && xargo build --target aarch64-unknown-optee-trustzone -vv) &&
+          (cd optee-utee && cargo build --target aarch64-unknown-linux-gnu --no-default-features -vv) &&
           (cd optee-teec && cargo build --target aarch64-unknown-linux-gnu -vv)
   build-and-run-examples-in-OPTEE-repo:
     runs-on: ubuntu-20.04

Makefile

@@ -30,12 +30,12 @@ ifneq ($(ARCH), arm)
 	VENDOR := qemu_v8.mk
 	AARCH_CROSS_COMPILE := $(OPTEE_PATH)/toolchains/aarch64/bin/aarch64-linux-gnu-
 	HOST_TARGET := aarch64-unknown-linux-gnu
-	TA_TARGET := aarch64-unknown-optee-trustzone
+	TA_TARGET := aarch64-unknown-linux-gnu
 else
 	VENDOR := qemu.mk
 	ARCH_CROSS_COMPILE := $(OPTEE_PATH)/toolchains/aarch32/bin/arm-linux-gnueabihf-
 	HOST_TARGET := arm-unknown-linux-gnueabihf
-	TA_TARGET := arm-unknown-optee-trustzone
+	TA_TARGET := arm-unknown-linux-gnueabihf
 endif
 
 all: toolchains optee-os optee-client examples

docs/debugging-optee-ta.md

@@ -46,7 +46,7 @@ D/LD:  ldelf:168 ELF (133af0ca-bdab-11eb-9130-43bf7873bf67) at 0x40014000
 
 Then, you can load symbols from TA file (in debug build) to the address.
 ```sh
-(gdb) add-symbol-file /path/to/examples/hello_world-rs/ta/target/aarch64-unknown-optee-trustzone/debug/ta 0x40014000
+(gdb) add-symbol-file /path/to/examples/hello_world-rs/ta/target/aarch64-unknown-linux-gnu/debug/ta 0x40014000
 ```
 Now, you can add breakpoints according to your own needs in the corresponding
 functions or addresses.

examples/acipher-rs/host/Makefile

@@ -24,10 +24,12 @@ ifeq ($(ARCH), arm)
 	OPTEE_BIN := $(OPTEE_DIR)/toolchains/aarch32/bin
 	OBJCOPY := $(OPTEE_BIN)/arm-linux-gnueabihf-objcopy
 	TARGET := arm-unknown-linux-gnueabihf
+	LINKER_CFG := target.arm-unknown-linux-gnueabihf..linker=\"arm-linux-gnueabihf-gcc\"
 else
 	OPTEE_BIN := $(OPTEE_DIR)/toolchains/$(ARCH)/bin
 	OBJCOPY := $(OPTEE_BIN)/aarch64-linux-gnu-objcopy
 	TARGET := aarch64-unknown-linux-gnu
+	LINKER_CFG := target.aarch64-unknown-linux-gnu.linker=\"aarch64-linux-gnu-gcc\"
 endif
 
 OUT_DIR := $(CURDIR)/target/$(TARGET)/release
@@ -36,7 +38,7 @@ OUT_DIR := $(CURDIR)/target/$(TARGET)/release
 all: host strip
 
 host:
-	@cargo build --target $(TARGET) --release
+	@cargo build --target $(TARGET) --release --config $(LINKER_CFG)
 
 strip:
 	@$(OBJCOPY) --strip-unneeded $(OUT_DIR)/$(NAME) $(OUT_DIR)/$(NAME)

examples/acipher-rs/proto/Cargo.toml

@@ -27,4 +27,4 @@ edition = "2018"
 [dependencies]
 
 [build_dependencies]
-uuid = { version = "0.8" }
+uuid = { version = "1.6.1", default-features = false }

examples/acipher-rs/proto/src/lib.rs

@@ -15,6 +15,8 @@
 // specific language governing permissions and limitations
 // under the License.
 
+#![no_std]
+
 pub enum Command {
     GenKey,
     GetSize,

examples/acipher-rs/ta/Cargo.toml

@@ -25,15 +25,15 @@ description = "An example of Rust OP-TEE TrustZone SDK."
 edition = "2018"
 
 [dependencies]
-libc = { path = "../../../rust/libc" }
 proto = { path = "../proto" }
-optee-utee-sys = { path = "../../../optee-utee/optee-utee-sys" }
-optee-utee = { path = "../../../optee-utee" }
+optee-utee-sys = { path = "../../../optee-utee/optee-utee-sys", default-features = false }
+optee-utee = { path = "../../../optee-utee", default-features = false }
 
 [build_dependencies]
-uuid = { version = "0.8" }
+uuid = { version = "1.6.1", default-features = false }
 proto = { path = "../proto" }
 
 [profile.release]
+panic = "abort"
 lto = true
 opt-level = 1

examples/acipher-rs/ta/Makefile

@@ -26,21 +26,23 @@ ifeq ($(ARCH), arm)
 	SIGN := $(OPTEE_OS_DIR)/out/arm/export-ta_arm32/scripts/sign_encrypt.py
 	OPTEE_BIN := $(OPTEE_DIR)/toolchains/aarch32/bin
 	OBJCOPY := $(OPTEE_BIN)/arm-linux-gnueabihf-objcopy
-	TARGET := arm-unknown-optee-trustzone
+	TARGET := arm-unknown-linux-gnueabihf
+	LINKER_CFG := target.arm-unknown-linux-gnueabihf.linker=\"arm-linux-gnueabihf-ld.bfd\"
 else
 	TA_SIGN_KEY ?= $(OPTEE_OS_DIR)/out/arm/export-ta_arm64/keys/default_ta.pem
 	SIGN := $(OPTEE_OS_DIR)/out/arm/export-ta_arm64/scripts/sign_encrypt.py
 	OPTEE_BIN := $(OPTEE_DIR)/toolchains/$(ARCH)/bin
 	OBJCOPY := $(OPTEE_BIN)/aarch64-linux-gnu-objcopy
-	TARGET := aarch64-unknown-optee-trustzone
+	TARGET := aarch64-unknown-linux-gnu
+	LINKER_CFG := target.aarch64-unknown-linux-gnu.linker=\"aarch64-linux-gnu-ld.bfd\"
 endif
 
 OUT_DIR := $(CURDIR)/target/$(TARGET)/release
 
 all: ta strip sign
 
 ta:
-	@xargo build --target $(TARGET) --release --verbose
+	@cargo build --target $(TARGET) --release --verbose --config $(LINKER_CFG)
 
 strip:
 	@$(OBJCOPY) --strip-unneeded $(OUT_DIR)/ta $(OUT_DIR)/stripped_ta
@@ -50,4 +52,4 @@ sign:
 	@echo "SIGN =>  ${UUID}"
 
 clean:
-	@xargo clean
+	@cargo clean

examples/acipher-rs/ta/build.rs

@@ -18,7 +18,7 @@
 use proto;
 use std::env;
 use std::fs::File;
-use std::io::Write;
+use std::io::{BufRead, BufReader, Write};
 use std::path::{Path, PathBuf};
 use uuid::Uuid;
 
@@ -42,14 +42,38 @@ fn main() -> std::io::Result<()> {
 }};",
         time_low, time_mid, time_hi_and_version, clock_seq_and_node
     )?;
+
     let optee_os_dir = env::var("OPTEE_OS_DIR").unwrap_or("../../../optee/optee_os".to_string());
+    let optee_os_path = &PathBuf::from(optee_os_dir.clone());
     let search_path = match env::var("ARCH") {
         Ok(ref v) if v == "arm" => {
-            File::create(out.join("ta.lds"))?.write_all(include_bytes!("ta_arm.lds"))?;
+            let mut ta_lds = File::create(out.join("ta.lds"))?;
+            let f = File::open(optee_os_path.join("out/arm/export-ta_arm32/src/ta.ld.S"))?;
+            let f = BufReader::new(f);
+
+            write!(ta_lds, "OUTPUT_FORMAT(\"elf32-littlearm\")\n")?;
+            write!(ta_lds, "OUTPUT_ARCH(arm)\n")?;
+            for line in f.lines() {
+                write!(ta_lds, "{}\n", line?)?;
+            }
             Path::new(&optee_os_dir).join("out/arm/export-ta_arm32/lib")
         },
         _ => {
-            File::create(out.join("ta.lds"))?.write_all(include_bytes!("ta_aarch64.lds"))?;
+            let mut ta_lds = File::create(out.join("ta.lds"))?;
+            let f = File::open(optee_os_path.join("out/arm/export-ta_arm64/src/ta.ld.S"))?;
+            let f = BufReader::new(f);
+
+            write!(ta_lds, "OUTPUT_FORMAT(\"elf64-littleaarch64\")\n")?;
+            write!(ta_lds, "OUTPUT_ARCH(aarch64)\n")?;
+            for line in f.lines() {
+                let l = line?;
+
+                if l == "\t. = ALIGN(4096);" {
+                    write!(ta_lds, "\t. = ALIGN(65536);\n")?;
+                } else {
+                    write!(ta_lds, "{}\n", l)?;
+                }
+            }
             Path::new(&optee_os_dir).join("out/arm/export-ta_arm64/lib")
         }
     };
@@ -58,5 +82,12 @@ fn main() -> std::io::Result<()> {
 
     println!("cargo:rustc-link-search={}", search_path.display());
     println!("cargo:rustc-link-lib=static=utee");
+    println!("cargo:rustc-link-lib=static=utils");
+    println!("cargo:rustc-link-arg=-Tta.lds");
+    println!("cargo:rustc-link-arg=-e__ta_entry");
+    println!("cargo:rustc-link-arg=-pie");
+    println!("cargo:rustc-link-arg=-Os");
+    println!("cargo:rustc-link-arg=--sort-section=alignment");
+    println!("cargo:rustc-link-arg=--dynamic-list=dyn_list");
     Ok(())
 }

examples/acipher-rs/ta/dyn_list

@@ -0,0 +1,6 @@
+{
+__elf_phdr_info;
+trace_ext_prefix;
+trace_level;
+ta_head;
+};

examples/acipher-rs/ta/src/main.rs

@@ -15,8 +15,13 @@
 // specific language governing permissions and limitations
 // under the License.
 
+#![no_std]
 #![no_main]
+#![feature(c_size_t)]
 
+extern crate alloc;
+
+use alloc::boxed::Box;
 use optee_utee::{
     ta_close_session, ta_create, ta_destroy, ta_invoke_command, ta_open_session, trace_println,
 };