examples/optee_gp: Add a OP-TEE GP API client example

gpoulios · xiaoxiang781216 · commit 7b383d05625d · 2025-05-13T21:17:51.000+08:00
Add an example app that opens a session with the devices pseudo-TA
and enumerates the available devices (prints their UUIDs only)
using the GlobalPlatform API and libteec.

The example showcases:
  - initializing the context
  - opening a session
  - invoking a command using NULL references
  - invoking a command using temp shared memory
  - invoking a command using registered shared memory
  - closing the session
  - finalizing the context

Enabled with CONFIG_EXAMPLES_OPTEE_GP.

Signed-off-by: George Poulios &lt;gpoulios@census-labs.com&gt;
diff --git a/examples/optee_gp/CMakeLists.txt b/examples/optee_gp/CMakeLists.txt
@@ -0,0 +1,33 @@
+# ##############################################################################
+# apps/examples/optee_gp/CMakeLists.txt
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more contributor
+# license agreements.  See the NOTICE file distributed with this work for
+# additional information regarding copyright ownership.  The ASF licenses this
+# file to you under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License.  You may obtain a copy of
+# the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+# License for the specific language governing permissions and limitations under
+# the License.
+#
+# ##############################################################################
+
+if(CONFIG_EXAMPLES_OPTEE_GP)
+  nuttx_add_application(
+    NAME
+    ${CONFIG_EXAMPLES_OPTEE_GP_PROGNAME}
+    SRCS
+    optee_gp_main.c
+    STACKSIZE
+    ${CONFIG_EXAMPLES_OPTEE_GP_STACKSIZE}
+    PRIORITY
+    ${CONFIG_EXAMPLES_OPTEE_GP_PRIORITY})
+endif()
diff --git a/examples/optee_gp/Kconfig b/examples/optee_gp/Kconfig
@@ -0,0 +1,30 @@
+#
+# For a description of the syntax of this configuration file,
+# see the file kconfig-language.txt in the NuttX tools repository.
+#
+
+config EXAMPLES_OPTEE_GP
+	tristate "OP-TEE GP API client example"
+	depends on LIBTEEC
+	default n
+	---help---
+		Enable the OP-TEE GP API client example which uses libteec
+
+if EXAMPLES_OPTEE
+
+config EXAMPLES_OPTEE_GP_PROGNAME
+	string "Program name"
+	default "optee_gp"
+	---help---
+		This is the name of the program that will be used when the NSH ELF
+		program is installed.
+
+config EXAMPLES_OPTEE_GP_PRIORITY
+	int "OP-TEE GP task priority"
+	default 100
+
+config EXAMPLES_OPTEE_GP_STACKSIZE
+	int "OP-TEE GP stack size"
+	default DEFAULT_TASK_STACKSIZE
+
+endif
diff --git a/examples/optee_gp/Make.defs b/examples/optee_gp/Make.defs
@@ -0,0 +1,25 @@
+############################################################################
+# apps/examples/optee_gp/Make.defs
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.  The
+# ASF licenses this file to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance with the
+# License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+############################################################################
+
+ifneq ($(CONFIG_EXAMPLES_OPTEE_GP),)
+CONFIGURED_APPS += $(APPDIR)/examples/optee_gp
+endif
diff --git a/examples/optee_gp/Makefile b/examples/optee_gp/Makefile
@@ -0,0 +1,34 @@
+############################################################################
+# apps/examples/optee_gp/Makefile
+#
+# SPDX-License-Identifier: Apache-2.0
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.  The
+# ASF licenses this file to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance with the
+# License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+# License for the specific language governing permissions and limitations
+# under the License.
+#
+############################################################################
+
+include $(APPDIR)/Make.defs
+
+# OP-TEE GP API client built-in application info
+
+PROGNAME  = $(CONFIG_EXAMPLES_OPTEE_GP_PROGNAME)
+PRIORITY  = $(CONFIG_EXAMPLES_OPTEE_GP_PRIORITY)
+STACKSIZE = $(CONFIG_EXAMPLES_OPTEE_GP_STACKSIZE)
+MODULE    = $(CONFIG_EXAMPLES_OPTEE_GP)
+
+MAINSRC = optee_gp_main.c
+
+include $(APPDIR)/Application.mk
diff --git a/examples/optee_gp/optee_gp_main.c b/examples/optee_gp/optee_gp_main.c
@@ -0,0 +1,190 @@
+/****************************************************************************
+ * apps/examples/optee_gp/optee_gp_main.c
+ *
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.  The
+ * ASF licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the
+ * License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.  See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ *
+ ****************************************************************************/
+
+/****************************************************************************
+ * Included Files
+ ****************************************************************************/
+
+#include <nuttx/config.h>
+#include <nuttx/tee.h>
+#include <tee_client_api.h>
+#include <teec_trace.h>
+#include <uuid.h>
+
+/****************************************************************************
+ * Pre-processor definitions
+ ****************************************************************************/
+
+/* This UUID is taken from the OP-TEE OS built-in pseudo TA:
+ * https://github.com/OP-TEE/optee_os/blob/4.6.0/
+ *   lib/libutee/include/pta_device.h
+ */
+#define PTA_DEVICE_ENUM_UUID                               \
+    {                                                      \
+      0x7011a688, 0xddde, 0x4053,                          \
+        {                                                  \
+            0xa5, 0xa9, 0x7b, 0x3c, 0x4d, 0xdf, 0x13, 0xb8 \
+        }                                                  \
+    }
+
+#define PTA_CMD_GET_DEVICES 0x0
+
+/****************************************************************************
+ * Public Functions
+ ****************************************************************************/
+
+/****************************************************************************
+ * optee_gp_main
+ ****************************************************************************/
+
+int main(int argc, FAR char *argv[])
+{
+  TEEC_Result res;
+  TEEC_Context ctx;
+  TEEC_Session sess;
+  TEEC_Operation op;
+  TEEC_UUID uuid = PTA_DEVICE_ENUM_UUID;
+  void *buf;
+  TEEC_SharedMemory io_shm;
+  uint32_t err_origin;
+  unsigned int count;
+  const uuid_t *raw_ta_uuid;
+  uuid_t ta_uuid;
+  char *ta_uuid_s;
+
+  res = TEEC_InitializeContext(NULL, &ctx);
+  if (res != TEEC_SUCCESS)
+    {
+      EMSG("TEEC_InitializeContext failed with code 0x%08x\n", res);
+      goto exit;
+    }
+
+  memset(&op, 0, sizeof(op));
+
+  /* Open a session with the devices pseudo TA */
+
+  res = TEEC_OpenSession(&ctx, &sess, &uuid, TEEC_LOGIN_PUBLIC, NULL,
+                         &op, &err_origin);
+  if (res != TEEC_SUCCESS)
+    {
+      EMSG("TEEC_Opensession failed with code 0x%08x origin 0x%08x", res,
+           err_origin);
+      goto exit_with_ctx;
+    }
+
+  /* Invoke command with NULL buffer to get required size */
+
+  op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE,
+                                   TEEC_NONE, TEEC_NONE);
+  op.params[0].tmpref.buffer = NULL;
+  op.params[0].tmpref.size = 0;
+
+  res = TEEC_InvokeCommand(&sess, PTA_CMD_GET_DEVICES, &op, &err_origin);
+  if (err_origin != TEEC_ORIGIN_TRUSTED_APP ||
+      res != TEEC_ERROR_SHORT_BUFFER)
+    {
+      EMSG("TEEC_InvokeCommand failed: code 0x%08x origin 0x%08x",
+          res, err_origin);
+      goto exit_with_session;
+    }
+
+  /* Invoke command using temporary memory */
+
+  op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_TEMP_OUTPUT, TEEC_NONE,
+                                   TEEC_NONE, TEEC_NONE);
+
+  op.params[0].tmpref.buffer = buf = malloc(op.params[0].tmpref.size);
+  if (!op.params[0].tmpref.buffer)
+    {
+      EMSG("Failed to allocate %zu bytes of memory to share with TEE",
+           op.params[0].tmpref.size);
+      goto exit_with_session;
+    }
+
+  res = TEEC_InvokeCommand(&sess, PTA_CMD_GET_DEVICES, &op, &err_origin);
+  if (res != TEEC_SUCCESS)
+    {
+      EMSG("TEEC_InvokeCommand failed: code 0x%08x origin 0x%08x",
+          res, err_origin);
+      goto exit_with_buf;
+    }
+
+  /* Invoke command using pre-allocated, pre-registered memory */
+
+  io_shm.size = op.params[0].tmpref.size;
+  io_shm.flags = TEEC_MEM_OUTPUT;
+  res = TEEC_AllocateSharedMemory(&ctx, &io_shm);
+  if (res != TEEC_SUCCESS)
+    {
+      EMSG("TEEC_AllocateSharedMemory failed: code 0x%08x", res);
+      goto exit_with_buf;
+    }
+
+  op.paramTypes = TEEC_PARAM_TYPES(TEEC_MEMREF_WHOLE, TEEC_NONE, TEEC_NONE,
+                                   TEEC_NONE);
+  op.params[0].memref.parent = &io_shm;
+
+  res = TEEC_InvokeCommand(&sess, PTA_CMD_GET_DEVICES, &op, &err_origin);
+  if (res != TEEC_SUCCESS)
+    {
+      EMSG("TEEC_InvokeCommand failed: code 0x%08x origin 0x%08x",
+          res, err_origin);
+      goto exit_with_shm;
+    }
+
+  /* Sanity check that both outputs are the same */
+
+  if (memcmp(buf, io_shm.buffer, io_shm.size))
+    {
+      EMSG("Different results with temp vs registered memory");
+      goto exit_with_shm;
+    }
+
+  /* Print results to stdout */
+
+  IMSG("Available devices:");
+
+  count = io_shm.size / sizeof(uuid_t);
+  raw_ta_uuid = (uuid_t *)io_shm.buffer;
+
+  while (count--)
+    {
+      uuid_dec_be(raw_ta_uuid, &ta_uuid);
+      uuid_to_string(&ta_uuid, &ta_uuid_s, NULL);
+
+      IMSG("  %s", ta_uuid_s);
+
+      free(ta_uuid_s);
+      raw_ta_uuid++;
+    }
+
+exit_with_shm:
+  TEEC_ReleaseSharedMemory(&io_shm);
+exit_with_buf:
+  free(buf);
+exit_with_session:
+  TEEC_CloseSession(&sess);
+exit_with_ctx:
+  TEEC_FinalizeContext(&ctx);
+exit:
+  return res;
+}
