基于qemu_v8 + optee400構建自定義app

構建基于libckteec的tls安全通信應用程序，應用目錄結構

$ tree -L 2
.
├── libp11
│ ? ├── libp11-libp11-0.4.12
│ ? ├── mk_optee_three_part.sh
│ ? └── out
├── openssl
│ ? ├── mk_optee_three_part.sh
│ ? ├── openssl-1.1.1w
│ ? └── out
└── tls_demo├── mk_optee_three_part.sh├── out└── p11_engine_app

SDK目錄結構

$ tree -L 1
.
├── build
├── buildroot
├── hafnium
├── linux
├── mbedtls
├── optee_benchmark
├── optee_client
├── optee_examples
├── optee_os
│   ├── CHANGELOG.md
│   ├── core
│   ├── keys
│   ├── ldelf
│   ├── lib
│   ├── LICENSE
│   ├── MAINTAINERS
│   ├── Makefile
│   ├── mk
│   ├── out
│   ├── README.md
│   ├── scripts
│   ├── ta
│   └── typedefs.checkpatch
├── optee_rust
├── optee_test
├── out
├── out-br
├── qemu
├── toolchains
│   ├── aarch32
│   ├── aarch64
│   ├── arm-gnu-toolchain-11.3.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
│   └── arm-gnu-toolchain-11.3.rel1-x86_64-arm-none-linux-gnueabihf.tar.xz
├── trusted-firmware-a
└── u-boot

先構建OpenSSL，被其他應用

FILEPATH=$(readlink -f "$0")
DIRPATH=$(dirname "$FILEPATH")optee_dir="/home/test0923/workspace/optee400"echo $FILEPATH
echo $DIRPATHexport PATH="$optee_dir/toolchains/aarch64/bin:$PATH"
export CROSS_COMPILE_HOST=aarch64-linux-gnu-
export ARCH=armexport OPENSSL_ENGINES=/libcd openssl-1.1.1w
./config no-asm --prefix=$DIRPATH/out \--cross-compile-prefix=aarch64-linux-gnu-
sed -i 's/-m64/ /g' Makefile# --openssldir=/usr
# old="ENGINESDIR=\$(libdir)\/engines-1.1"
# new="ENGINESDIR=\/usr\/lib\/engine-1.1"
# sed -i "s/$old/$new/g" Makefilemake -j16
make install
cd -echo "Copy "$FILEPATH" three part bin to $optee_dir/out-br/-------------------"
cp -aux ./out/lib/*.so*  $optee_dir/out-br/target/usr/lib/
cp -aux ./out/bin/*      $optee_dir/out-br/target/usr/bin

構建libpkcs11

# 依賴aarch64的libcrypto
# 需要先構建opensslFILEPATH=$(readlink -f "$0")
DIRPATH=$(dirname "$FILEPATH")optee_dir="/home/test0923/workspace/optee400"echo $FILEPATH
echo $DIRPATHexport PATH="$optee_dir/toolchains/aarch64/bin:$PATH"
export CROSS_COMPILE_HOST=aarch64-linux-gnu
export ARCH=armexport OPENSSL_CFLAGS="-I$DIRPATH/../openssl/out/include"
export OPENSSL_LIBS="-L$DIRPATH/../openssl/out/lib -lcrypto"cd libp11-libp11-0.4.12
./bootstrap
./configure --prefix=$DIRPATH/out \--with-enginesdir=$DIRPATH/out/engine \--host=aarch64-linux-gnu \CFLAGS="$OPENSSL_CFLAGS" \LDFLAGS="$OPENSSL_LIBS"make -j16
make install
cd -echo "Copy "$FILEPATH" three part bin to $optee_dir/out-br/-------------------"
cp -aux ./out/*/*.so*   $optee_dir/out-br/target/usr/lib/
mkdir -p $optee_dir/out-br/target/usr/lib/engines-1.1/
cp -aux ./out/engine/*  $optee_dir/out-br/target/usr/lib/engines-1.1/

構建tls

# 依賴aarch64的libcrypto
# 需要先構建opensslFILEPATH=$(readlink -f "$0")
DIRPATH=$(dirname "$FILEPATH")optee_dir="/home/test0923/workspace/optee400"echo $FILEPATH
echo $DIRPATHexport PATH="$optee_dir/toolchains/aarch64/bin:$PATH"
export CROSS_COMPILE=aarch64-linux-gnu-
export ARCH=armexport OPENSSL_CFLAGS="-I$DIRPATH/../openssl/out/include"
export OPENSSL_LIBS="-L$DIRPATH/../openssl/out/lib -lssl -lcrypto"cd p11_engine_app
make
cd -echo "Copy "$FILEPATH" three part bin to $optee_dir/out-br/-------------------"
cp -aux ./out/*      $optee_dir/out-br/target/usr/bin

集成自定義應用

$ ls -l out-br/target/usr/lib/libssl.so*
lrwxrwxrwx 1 test0923 test0923     13  6月 26 22:27 out-br/target/usr/lib/libssl.so -> libssl.so.1.1
-rwxr-xr-x 5 test0923 test0923 584816  6月 26 23:51 out-br/target/usr/lib/libssl.so.1.1
$ ls -l out-br/target/usr/lib/libcrypto.so*
lrwxrwxrwx 1 test0923 test0923      16  6月 26 22:27 out-br/target/usr/lib/libcrypto.so -> libcrypto.so.1.1
-rwxr-xr-x 5 test0923 test0923 2560744  6月 26 23:51 out-br/target/usr/lib/libcrypto.so.1.1
$ ls -l out-br/target/usr/lib/libp*
libp11.so             libp11.so.3.5.0       libpcsclite.so.1      libpcscspy.so         libpcscspy.so.0.0.0   
libp11.so.3           libpcsclite.so        libpcsclite.so.1.0.0  libpcscspy.so.0       libpkcs11.so          
$ ls -l out-br/target/usr/lib/libpkcs11.so*
lrwxrwxrwx 1 test0923 test0923 9  6月 26 23:49 out-br/target/usr/lib/libpkcs11.so -> pkcs11.so
$ ls -l out-br/target/usr/bin/tls_demo 
-rwxr-xr-x 1 test0923 test0923 10232  6月 26 23:51 out-br/target/usr/bin/tls_demo

更新qemu rootfs

make -f qemu_v8.mk uRootfs -j32

配置環境變量[可選]

# 更改構建時未正確指定的引擎路徑
# error:25066067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(/usr/local/openssl/lib/engines-1.1/pkcs11.so): /usr/local/openssl/lib/engines-1.1/pkcs11.so: cannot open shared object file: No such file or directory
export OPENSSL_ENGINES=/usr/lib/engines-1.1

準備密鑰

pkcs11-tool --module /usr/lib/libckteec.so --init-token --label "mytoken" --so-pin 12345
pkcs11-tool --module /usr/lib/libckteec.so --init-pin --slot 0 --so-pin 12345 --pin 1234
pkcs11-tool --module /usr/lib/libckteec.so --login --pin 1234 --keypairgen --key-type rsa:2048 --id 01 --label "mytoken"

本文來自互聯網用戶投稿，該文觀點僅代表作者本人，不代表本站立場。本站僅提供信息存儲空間服務，不擁有所有權，不承擔相關法律責任。
如若轉載，請注明出處：http://www.pswp.cn/diannao/35728.shtml
繁體地址，請注明出處：http://hk.pswp.cn/diannao/35728.shtml
英文地址，請注明出處：http://en.pswp.cn/diannao/35728.shtml

如若內容造成侵權/違法違規/事實不符，請聯系多彩編程網進行投訴反饋email:809451989@qq.com，一經查實，立即刪除！