基于qemu_v8 + optee400构建自定义app

构建基于libckteec的tls安全通信应用程序，应用目录结构

$ tree -L 2
.
├── libp11
│   ├── libp11-libp11-0.4.12
│   ├── mk_optee_three_part.sh
│   └── out
├── openssl
│   ├── mk_optee_three_part.sh
│   ├── openssl-1.1.1w
│   └── out
└── tls_demo├── mk_optee_three_part.sh├── out└── p11_engine_app

SDK目录结构

$ tree -L 1
.
├── build
├── buildroot
├── hafnium
├── linux
├── mbedtls
├── optee_benchmark
├── optee_client
├── optee_examples
├── optee_os
│   ├── CHANGELOG.md
│   ├── core
│   ├── keys
│   ├── ldelf
│   ├── lib
│   ├── LICENSE
│   ├── MAINTAINERS
│   ├── Makefile
│   ├── mk
│   ├── out
│   ├── README.md
│   ├── scripts
│   ├── ta
│   └── typedefs.checkpatch
├── optee_rust
├── optee_test
├── out
├── out-br
├── qemu
├── toolchains
│   ├── aarch32
│   ├── aarch64
│   ├── arm-gnu-toolchain-11.3.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
│   └── arm-gnu-toolchain-11.3.rel1-x86_64-arm-none-linux-gnueabihf.tar.xz
├── trusted-firmware-a
└── u-boot

先构建OpenSSL，被其他应用

FILEPATH=$(readlink -f "$0")
DIRPATH=$(dirname "$FILEPATH")optee_dir="/home/test0923/workspace/optee400"echo $FILEPATH
echo $DIRPATHexport PATH="$optee_dir/toolchains/aarch64/bin:$PATH"
export CROSS_COMPILE_HOST=aarch64-linux-gnu-
export ARCH=armexport OPENSSL_ENGINES=/libcd openssl-1.1.1w
./config no-asm --prefix=$DIRPATH/out \--cross-compile-prefix=aarch64-linux-gnu-
sed -i 's/-m64/ /g' Makefile# --openssldir=/usr
# old="ENGINESDIR=\$(libdir)\/engines-1.1"
# new="ENGINESDIR=\/usr\/lib\/engine-1.1"
# sed -i "s/$old/$new/g" Makefilemake -j16
make install
cd -echo "Copy "$FILEPATH" three part bin to $optee_dir/out-br/-------------------"
cp -aux ./out/lib/*.so*  $optee_dir/out-br/target/usr/lib/
cp -aux ./out/bin/*      $optee_dir/out-br/target/usr/bin

构建libpkcs11

# 依赖aarch64的libcrypto
# 需要先构建opensslFILEPATH=$(readlink -f "$0")
DIRPATH=$(dirname "$FILEPATH")optee_dir="/home/test0923/workspace/optee400"echo $FILEPATH
echo $DIRPATHexport PATH="$optee_dir/toolchains/aarch64/bin:$PATH"
export CROSS_COMPILE_HOST=aarch64-linux-gnu
export ARCH=armexport OPENSSL_CFLAGS="-I$DIRPATH/../openssl/out/include"
export OPENSSL_LIBS="-L$DIRPATH/../openssl/out/lib -lcrypto"cd libp11-libp11-0.4.12
./bootstrap
./configure --prefix=$DIRPATH/out \--with-enginesdir=$DIRPATH/out/engine \--host=aarch64-linux-gnu \CFLAGS="$OPENSSL_CFLAGS" \LDFLAGS="$OPENSSL_LIBS"make -j16
make install
cd -echo "Copy "$FILEPATH" three part bin to $optee_dir/out-br/-------------------"
cp -aux ./out/*/*.so*   $optee_dir/out-br/target/usr/lib/
mkdir -p $optee_dir/out-br/target/usr/lib/engines-1.1/
cp -aux ./out/engine/*  $optee_dir/out-br/target/usr/lib/engines-1.1/

构建tls

# 依赖aarch64的libcrypto
# 需要先构建opensslFILEPATH=$(readlink -f "$0")
DIRPATH=$(dirname "$FILEPATH")optee_dir="/home/test0923/workspace/optee400"echo $FILEPATH
echo $DIRPATHexport PATH="$optee_dir/toolchains/aarch64/bin:$PATH"
export CROSS_COMPILE=aarch64-linux-gnu-
export ARCH=armexport OPENSSL_CFLAGS="-I$DIRPATH/../openssl/out/include"
export OPENSSL_LIBS="-L$DIRPATH/../openssl/out/lib -lssl -lcrypto"cd p11_engine_app
make
cd -echo "Copy "$FILEPATH" three part bin to $optee_dir/out-br/-------------------"
cp -aux ./out/*      $optee_dir/out-br/target/usr/bin

集成自定义应用

$ ls -l out-br/target/usr/lib/libssl.so*
lrwxrwxrwx 1 test0923 test0923     13  6月 26 22:27 out-br/target/usr/lib/libssl.so -> libssl.so.1.1
-rwxr-xr-x 5 test0923 test0923 584816  6月 26 23:51 out-br/target/usr/lib/libssl.so.1.1
$ ls -l out-br/target/usr/lib/libcrypto.so*
lrwxrwxrwx 1 test0923 test0923      16  6月 26 22:27 out-br/target/usr/lib/libcrypto.so -> libcrypto.so.1.1
-rwxr-xr-x 5 test0923 test0923 2560744  6月 26 23:51 out-br/target/usr/lib/libcrypto.so.1.1
$ ls -l out-br/target/usr/lib/libp*
libp11.so             libp11.so.3.5.0       libpcsclite.so.1      libpcscspy.so         libpcscspy.so.0.0.0   
libp11.so.3           libpcsclite.so        libpcsclite.so.1.0.0  libpcscspy.so.0       libpkcs11.so          
$ ls -l out-br/target/usr/lib/libpkcs11.so*
lrwxrwxrwx 1 test0923 test0923 9  6月 26 23:49 out-br/target/usr/lib/libpkcs11.so -> pkcs11.so
$ ls -l out-br/target/usr/bin/tls_demo 
-rwxr-xr-x 1 test0923 test0923 10232  6月 26 23:51 out-br/target/usr/bin/tls_demo

更新qemu rootfs

make -f qemu_v8.mk uRootfs -j32

配置环境变量[可选]

# 更改构建时未正确指定的引擎路径
# error:25066067:DSO support routines:dlfcn_load:could not load the shared library:crypto/dso/dso_dlfcn.c:118:filename(/usr/local/openssl/lib/engines-1.1/pkcs11.so): /usr/local/openssl/lib/engines-1.1/pkcs11.so: cannot open shared object file: No such file or directory
export OPENSSL_ENGINES=/usr/lib/engines-1.1

准备密钥

pkcs11-tool --module /usr/lib/libckteec.so --init-token --label "mytoken" --so-pin 12345
pkcs11-tool --module /usr/lib/libckteec.so --init-pin --slot 0 --so-pin 12345 --pin 1234
pkcs11-tool --module /usr/lib/libckteec.so --login --pin 1234 --keypairgen --key-type rsa:2048 --id 01 --label "mytoken"

本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若转载，请注明出处：http://www.mzph.cn/diannao/35728.shtml

如若内容造成侵权/违法违规/事实不符，请联系多彩编程网进行投诉反馈email:809451989@qq.com，一经查实，立即删除！