OP-TEE Development Guidance

Muhammad Saad saad.ucf at Knights.ucf.edu
Wed Jul 8 17:56:01 UTC 2020

Hi Jens,

I was able to do all those operations last week. I actually cloned a pseudo-TA, assign it a new UUID, and do all the required cryptographic operations as well as the secure storage.  However, now that I try to benchmark it, an error is thrown ([Benchmark] ERROR: TEEC_InvokeCommand: 0xffff000c). Can you tell me the right way of benchmarking a pseudo-TA? Also, if I want to take all the pseduo-TA code and make a new TA, what should be the simplest process?



From: Jens Wiklander <jens.wiklander at linaro.org>
Sent: Wednesday, July 8, 2020 11:26 AM
To: Muhammad Saad <saad.ucf at Knights.ucf.edu>
Cc: op-tee at lists.trustedfirmware.org <op-tee at lists.trustedfirmware.org>
Subject: Re: OP-TEE Development Guidance

Hi Saad,

On Thu, Jun 18, 2020 at 9:43 AM Muhammad Saad via OP-TEE
<op-tee at lists.trustedfirmware.org> wrote:
> Hello All,
> First, I hope you are safe and doing fine in the unfortunate COVID-19 situation. I am a Ph.D. student at the University of Central Florida. Currently, I am working on a TEE-based prototype application for a proof-of-concept. Since I am totally new in this domain, so it is taking some effort. I have a few questions and I hope you guys can help me in that.
> At present, I am able to set up OP-TEE on Qemu and run the examples on the normal world and the secure world. Additionally, I tweaked a few parameters (ie., the integer value in the main.c) for the CA and the addition and subtraction sequence in the TA. Upon building it again (cd/build/make all run), it seems to work. However, if I need to pass a normal string to the TA and the TA computes Sha256 of the string and returns the value, what steps do I need to take? In other words, how can I pass a tuple from the TA to the CA and obtain the Hash of the tuple. Additionally, if I am able to do that by tailoring the HelloWorld examples, how can I develop new CA and TA with unique UUID and perform the same procedure. Finally, instead of doing the entire (cd/build/make all run), is there a method by which I can simply build the application and alone and run it on Qemu?

You can find an example of doing some hashing at

You'll need to look around a little to get the whole picture, but it
shouldn't be too hard.

If you only change a TA or some client application it's enough to rebuild with:
make buildroot

and then run it with:
make run-only

A new UUID can be obtained with the Linux command uuidgen.


> I understand that these must be trivial questions, however, I will deeply appreciate if you can help me in figuring them out.
> Best,
> Saad
> --
> OP-TEE mailing list
> OP-TEE at lists.trustedfirmware.org
> https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.trustedfirmware.org%2Fmailman%2Flistinfo%2Fop-tee&data=02%7C01%7Csaad.ucf%40knights.ucf.edu%7C078dff5cf5884ef2466308d8235358b9%7C5b16e18278b3412c919668342689eeb7%7C0%7C1%7C637298188166072848&sdata=Jzi3jCUz6f0Hnw%2BZpsmJ24LIwfDT17xQtu8okvtbvXM%3D&reserved=0

More information about the OP-TEE mailing list