Secure return error 0xffff0003

我在使用OP-TEE新建一个secure storage的demo时，当我运行demo时返回了一些错误。
我的错误输出

#串口输出
zme@zme-0020:~$ sudo nvsecure_storage-app
[sudo] password for zme: 
Prepare session with the TA

Test on object "object#1"
- Create and load object in the TA secure storage
- Read back the object
- Delete ����the object
��E/TA:   delete_object:41 Failed to open persistent object, res=0xffff0003
��Command DELETE failed: 0xffff0003 / 4
nvsecure_storage-app: Failed to delete the object: 0xffff0003

似乎每次程序中第二次打开TEE_OpenPersistentObject就会有问题。
我的代码和demo几乎一样，我尝试将相同的代码放到qemu上运行，并无该错误，请问这是已知的issue吗？
我的系统版本是jetpack5.1.2

以下是我的步骤：
1.新建samples程序，基于optee_examples/secure_storage at master · linaro-swg/optee_examples · GitHub
2.编译并烧录

build src

cd ${workdir}/Linux_for_Tegra/sources/tegra/optee-src/nv-optee

./optee_src_build.sh -p t234

build dtb

cd ${workdir}/Linux_for_Tegra/sources/tegra/optee-src/nv-optee

dtc -I dts -O dtb -o ./optee/tegra234-optee.dtb ./optee/tegra234-optee.dts

build atf

cd ${workdir}/Linux_for_Tegra/sources/tegra/optee-src/atf/arm-trusted-firmware

make BUILD_BASE=./build \

CROSS_COMPILE="${CROSS_COMPILE_AARCH64}" \

DEBUG=0 LOG_LEVEL=20 PLAT=tegra SPD=opteed TARGET_SOC=t234 V=0

cd ../..

gen tos.img

cd ${workdir}/Linux_for_Tegra/nv_tegra/tos-scripts

./gen_tos_part_img.py --monitor ${workdir}/Linux_for_Tegra/sources/tegra/optee-src/atf/arm-trusted-firmware/build/tegra/t234/release/bl31.bin --os ${workdir}/Linux_for_Tegra/sources/tegra/optee-src/nv-optee/optee/build/t234/core/tee-raw.bin --dtb ${workdir}/Linux_for_Tegra/sources/tegra/optee-src/nv-optee/optee/tegra234-optee.dtb --tostype optee ./tos.img

replace tos

cd ${workdir}/Linux_for_Tegra/bootloader

cp tos-optee_t234.img tos-optee_t234.img.bak

cd ${workdir}/Linux_for_Tegra/nv_tegra/tos-scripts

cp tos.img ${workdir}/Linux_for_Tegra/bootloader/tos-optee_t234.img

download tos

sudo ./flash.sh -k A_secure-os -c bootloader/t186ref/cfg/flash_t234_qspi.xml jetson-orin-nano-devkit nvme0n1p1

Copy all the files under ./optee/install/t to the target.

Hi 1031150349,

Are you using the devkit or custom board for Orin NX?

Is there any error showing in dmesg at this moment?
Please share the full dmesg for further check.

What’s the difference between them?
Have you also tried to run the demo?

我使用的是devkit，在错误发生时会在串口打印log，dmesg并没有错误输出。这是我的dmesg:
dmesg0813.log (68.7 KB)
bootlog0813.log (32.3 KB)

这是我的demo，和github的代码仅仅是Makefile和头文件的一些差异。
secure_storage.zip (12.7 KB)

okay, it seems no related error showing in dmesg.

Have you also verified with the latest JP5.1.3(R35.5.0)?

Or using exact the same as the demo w/o any modification?

我只在5.1.2上面进行过测试，我稍后在6.0上测试下
如果和demo完全一致将会导致编译问题，我在移植时并没有更改代码本身的逻辑，相同逻辑的代码在qemu上验证过，这个问题应该还是OP-TEE本身问题，我试过运行程序每次只进行一次打开persist操作就不会有这样的问题。
比如我将main函数改成这样

int main(int argc, char *argv[])
{
	struct test_ctx ctx;
	char obj1_id[] = "object#1";		/* string identification for the object */
	char obj2_id[] = "object#2";		/* string identification for the object */
	char obj1_data[TEST_OBJECT_SIZE];
	char read_data[TEST_OBJECT_SIZE];
	TEEC_Result res;
	int go=0;
	int opt;

	printf("Prepare session with the TA\n");
	prepare_tee_session(&ctx);

	// 解析命令行选项
    while ((opt = getopt(argc, argv, "abc")) != -1) {
        switch (opt) {
            case 'a':
                go=1;
                break;
            case 'b':
                go=2;
                break;
            case 'c':
                go=3;
                break;
            default:
                fprintf(stderr, "Usage: %s [-a] [-b] [-c]\n", argv[0]);
                exit(EXIT_FAILURE);
        }
    }
	if(1==go)
	{	/*
		* Create object, read it, delete it.
		*/
		printf("\nTest on object \"%s\"\n", obj1_id);

		printf("- Create and load object in the TA secure storage\n");

		memset(obj1_data, 0xA1, sizeof(obj1_data));

		res = write_secure_object(&ctx, obj1_id,
					obj1_data, sizeof(obj1_data));
		if (res != TEEC_SUCCESS)
			errx(1, "Failed to create an object in the secure storage");

		printf("- Read back the object\n");

		res = read_secure_object(&ctx, obj1_id,
					read_data, sizeof(read_data));
		if (res != TEEC_SUCCESS)
			errx(1, "Failed to read an object from the secure storage");
		if (memcmp(obj1_data, read_data, sizeof(obj1_data)))
			errx(1, "Unexpected content found in secure storage");
	}
	//2
	if(2==go)
	{	printf("- Delete the object\n");

		res = delete_secure_object(&ctx, obj1_id);
		if (res != TEEC_SUCCESS)
			errx(1, "Failed to delete the object: 0x%x", res);
	}
	//3
	if(3==go)
	{	/*
		* Non volatile storage: create object2 if not found, delete it if found
		*/
		printf("\nTest on object \"%s\"\n", obj2_id);

		res = read_secure_object(&ctx, obj2_id,
					read_data, sizeof(read_data));
		if (res != TEEC_SUCCESS && res != TEEC_ERROR_ITEM_NOT_FOUND)
			errx(1, "Unexpected status when reading an object : 0x%x", res);

		if (res == TEEC_ERROR_ITEM_NOT_FOUND) {
			char data[] = "This is data stored in the secure storage.\n";

			printf("- Object not found in TA secure storage, create it.\n");

			res = write_secure_object(&ctx, obj2_id,
						data, sizeof(data));
			if (res != TEEC_SUCCESS)
				errx(1, "Failed to create/load an object");

		} else if (res == TEEC_SUCCESS) {
			printf("- Object found in TA secure storage, delete it.\n");

			res = delete_secure_object(&ctx, obj2_id);
			if (res != TEEC_SUCCESS)
				errx(1, "Failed to delete an object");
		}
	}
	printf("\nWe're done, close and release TEE resources\n");
	terminate_tee_session(&ctx);
	return 0;
}

我的运行结果

zme@zme-0020:~$ sudo nvsecure_storage-app -a
Prepare session with the TA

Test on object "object#1"
- Create and load object in the TA secure storage
- Read back the object

We're done, close and release TEE resources
zme@zme-0020:~$
zme@zme-0020:~$ sudo nvsecure_storage-app -b
Prepare session with the TA
- Delete the object

We're done, close and release TEE resources
zme@zme-0020:~$
zme@zme-0020:~$ sudo nvsecure_storage-app -b
Prepare session with the TA
- Delete the object
nvsecure_storage-app: Failed to delete the object: 0xffff0008
zme@zme-0020:~$
zme@zme-0020:~$ sudo nvsecure_storage-app -c
Prepare session with the TA

Test on object "object#2"
- Object found in TA secure storage, delete it.
Command DELETE failed: 0xffff0003 / 4
nvsecure_storage-app: Failed to delete an object
zme@zme-0020:~$

create_raw_object包含TEE_CreatePersistentObject
read_raw_object和delete_object包含TEE_OpenPersistentObject
当我单独运行-a 和 -b时不会有问题，因为无论如何只会有一次open操作。
当我运行-c时，此时同时read和delete就会报0xffff0003的错误，该错误的错误码是TEE_ERROR_ACCESS_CONFLICT。我猜测是否在5.1.2的源码中并没有正确的close PersistentObject？
如果方便的话，可否帮忙在您那边测试下？
这是我的op-tee版本信息

nv-optee
commit 3002010db67633448c9733611886f7d45db1f2f3 (HEAD -> mybranch_2024-01-30-1706579528, tag: jetson_35.4.1, origin/l4t/l4t-r35.4.ga, mybranch_2024-01-29-1706529276, mybranch_2024-01-25-1706162118, mybranch_2024-01-25-1706155266)

ATF
commit 794affd212cd6488079861dd18d57c0d510d6da9 (HEAD -> mybranch_2024-01-30-1706579528, tag: jetson_35.4.1, origin/l4t/l4t-r35.4.ga, mybranch_2024-01-29-1706529276, mybranch_2024-01-25-1706162117, mybranch_2024-01-25-1706155262)

我在jetpack6.0上进行了测试，结果是一样的

zme@zme-0010-jp60:~/t234/usr/sbin$ sudo ./nvsecure_storage-app -c
Prepare session with the TA

Test on object "object#2"
- O����bject found ��E��in TA secure stora��/��ge, delete it.
��TA:   delete_object:41 Failed to open persistent object, res=0xffff0003
��Command DELETE failed: 0xffff0003 / 4
nvsecure_storage-app: Failed to delete an object

Do you have any ideas for this problem? If not,I will avoid this problem when programming.

Sorry that I don’t have more idea about this error currently.
Have you also tried the latest Jetpack 5.1.3(R35.5.0)?

We have not tested 5.1.3 and we probably won’t use this version.
We avoid multiple opening operations when programming, this problem can be avoided.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.