Hi Manorit,
You may be interested in the Trusted Services project and its relation to OP-TEE.
This recent announcement on the op-tee mailing list describes an extension of OP-TEE with an additional feature:
https://lists.trustedfirmware.org/archives/list/op-tee@lists.trustedfirmwar…
The key message in the linked wiki entry https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/ from your perspective might be that OP-TEE now has a capability to run so called Trusted Services, which implement PSA Functional API, including, but not limited to, its Secure Storage API:
https://www.psacertified.org/development-resources/building-in-security/spe…
This provides a client application with a generic interface for using secure storage functionality.
Please be mindful of the limitations mentioned on the linked page as this is project is still work in progress, but we would be more than happy to get feedback on what we have done, and whether it can meet your expectations.
Regards,
Miklos
-----Original Message-----
From: Manorit Chawdhry <m-chawdhry(a)ti.com>
Sent: 23 February 2022 13:10
To: Joakim Bech <joakim.bech(a)linaro.org>
Cc: op-tee(a)lists.trustedfirmware.org; p.yadav(a)ti.com
Subject: Re: Secure Storage Applications
On 09:56-20220223, Joakim Bech wrote:
> Hi,
>
Hi,
Thank you all for your replies. Those have been really helpful!
Though from all the links you have shared, I am still wondering if there is any core part in OP-TEE which could allow to provide a generic interface for using the secure storage functionality instead of we needing to setup our own TA ( along with some binary on the host with the simple purpose of putting files from Linux in secure storage. )
As this seemed somewhat intuitive to me from a perspective of user wanting to try out secure_storage and would be interested to know if something like this is available in it.
Thanks and regards,
Manorit
> On Wed, Feb 23, 2022 at 11:37:33AM +0530, Sumit Garg wrote:
> > Hi Manorit,
> >
> > On Tue, 22 Feb 2022 at 18:59, Manorit Chawdhry <m-chawdhry(a)ti.com> wrote:
> > >
> > > Hi,
> > >
> > > I have been exploring secure storage in OP-TEE for a few days and
> > > I need some help in putting some files into it.
> > >
> > > I have been trying to find some tool which could help me put any
> > > files from Linux into secure storage and retrieve them back later
> > > so that I could see secure storage in action but haven't been able to find any yet.
> > >
> > > Is there any tool which you guys might know of which helps put
> > > files in secure storage and retrieve them back later?
> > >
> >
> > I would suggest you have a look at storage tests from OP-TEE test
> > suite here: client [1] and TA [2].
> >
> > [1]
> > https://github.com/OP-TEE/optee_test/blob/master/host/xtest/regressi
> > on_6000.c [2]
> > https://github.com/OP-TEE/optee_test/tree/master/ta/storage
> >
> In addition to that we also have the secure storage example TA [3],
> that comes deployed with our developer environments (QEMU [4] is an
> example of such an environment).
>
> [3]
> https://github.com/linaro-swg/optee_examples/tree/master/secure_storag
> e [4]
> https://optee.readthedocs.io/en/latest/building/devices/qemu.html
>
> > -Sumit
> >
> > > Best Regards,
> > > Manorit
>
> // Regards,
> Joakim
Hi all,
As part of Trusted Services project we are extending OP-TEE to be a full complaint FF-A S-EL1 SPMC.
This work is still on going but some of the Trusted Services applications are already compatible.
We created https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/
which gives the current status of the SPMC work and can be a starting point for everyone who wants to get started with the Trusted Services or OP-TEE as a S-EL1 SPMC.
Please feel free to ask any questions on the Trusted Service and the OP-TEE mailing list.
https://lists.trustedfirmware.org/mailman3/lists/trusted-services.lists.tru…https://lists.trustedfirmware.org/mailman3/lists/op-tee.lists.trustedfirmwa…
Regards,
Jelle
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
