[TRUSTY] Trusted Application Testing

Dear all,

I am experimenting development of Trusted Application on Trusty TEE, following Trusty documentation
I’ve been able build and flash TrustedOS on a AGX Xavier Jetson.

Trusty documentation gives a good overview of Trusted Application (TA) and CA (Client Application). But I would have some more –practical—questions regarding TA/CA testing.

The only TA I have been able to test is hwkey-agent.

But included in the trusted os, few other TAs are available: skel, skel1, spinner , …
I would like to test for example skel or timer samples -hello world alike TAs-.

How can I do it?

Can I use tipc_test for testing (e.g. list available TAs, send TIPC commands, …), or is there any other testing tools available TAs without developing a CA. If tipc_test should be used, do you have any documentation on this tool?

In addition, would you have additional CA sample code to call skel/spinner/timer TAs?

Thank you in advance for your help!

hello lgiori,

there’s already TA/CA sample, please check readme files for reference.
TA, trusty/app/sample/hwkey-agent/README
CA, trusty/app/sample/hwkey-agent/CA_sample/README

please also refer to below topic for more details,

How do you run the TA/CA sample on the Jetson AGX Xavier. I can build trusty and the samples on the host Linux machine, but how do I this on the Jetson?

hello dcapers44,

you should have your board enable Jetson security. so, during boot process, it’s bpmp to load EKS from eMMC, using PKC/SBK keys to decrypt EKS, after that, it’ll load SecureOS image from eMMC and decrypt/validate tos.img and write results to TZRAM.

it’s a Trusted Execution Environment (TEE) to provide secure environment for applications that running inside a SecureOS, those apps were known as Trusted Applications, TAs; there’s a client application (CA) running in the NSE (non-secure environment), typically has a partner trusted application (TA) running in the secure world.

please check developer guide, Secure Samples.
it shows an example and describes the scenarios that apply to the secure sample applications.

Dear JerryChang,

Thank you for your reply.

I’ve further digged into the luks-srv application source code to generate a new sample TA/CA application.
I have now: a CA sending data to a TA, a TA processing the data, and sending back the result to the CA.

Eventhough compilation and flashing processes were clearly described in atf_and_trusty.README, I have to admit that the development of new application could be a bit more explicit on the document. A step-by-step development & testing instructions would be appreciated.

Thank you again for your support !

hello lgiori,

currently, we don’t have such documentation for reference.

@JerryChang I believe lgiori knows a “step-by-step development & testing instructions” documentation does not exist… but was suggesting that one be created. I agree with lgiori. The documentation that is currently referenced is not straight forward…

hi all,

I understand it’s always not detail enough for the documentation.

we had readme file, atf_and_trusty.README, Trusted Application Development documentation, and related discussion thread, Topic 128041.
so, please kindly share the experience, which part of improvements you would like to have to make it better.

A detailed documentation would make the process way easier and accessible.