OP-TEE 설치

Dockerfile 빌드

• OP-TEE를 설치해서 TEE 환경에 대해 실습해보자

Dockerfile

• https://optee.readthedocs.io/en/latest/building/prerequisites.html

FROM ubuntu:22.04
ARG DEBIAN_FRONTEND=noninteractive
ENV FORCE_UNSAFE_CONFIGURE=1
RUN apt update && apt upgrade -y
RUN apt install -y \
    adb \
    acpica-tools \
    autoconf \
    automake \
    bc \
    bison \
    build-essential \
    ccache \
    cpio \
    cscope \
    curl \
    device-tree-compiler \
    e2tools \
    expect \
    fastboot \
    flex \
    ftp-upload \
    gdisk \
    git \
    libattr1-dev \
    libcap-ng-dev \
    libfdt-dev \
    libftdi-dev \
    libglib2.0-dev \
    libgmp3-dev \
    libhidapi-dev \
    libmpc-dev \
    libncurses5-dev \
    libpixman-1-dev \
    libslirp-dev \
    libssl-dev \
    libtool \
    libusb-1.0-0-dev \
    make \
    mtools \
    netcat \
    ninja-build \
    python3-cryptography \
    python3-pip \
    python3-pyelftools \
    python3-serial \
    python3-tomli \
    python-is-python3 \
    rsync \
    swig \
    unzip \
    uuid-dev \
    wget \
    xdg-utils \
    xsltproc \
    xterm \
    xz-utils \
    zlib1g-dev \ 
    sudo \
    libgnutls28-dev
RUN pip install tomli
RUN curl https://storage.googleapis.com/git-repo-downloads/repo > /bin/repo && chmod a+x /bin/repo
RUN mkdir /optee
RUN adduser --disabled-password --gecos "" user \
    && echo 'user:user' | chpasswd \
    && adduser user sudo \
    && echo 'user ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
RUN chown -R user:user /optee
USER user
WORKDIR /optee
RUN repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml && repo sync -j10
WORKDIR /optee/build
RUN make -j3 toolchains
RUN make -j$(nproc) check

• 공식 페이지에서 제공하는 dockerfile에서 오류가 있어 일부 수정하였다
• dockerfile을 보면 qemu_v8 manifest를 지정하였다

Dockerfile 빌드

docker build -t optee .

sijin@Sijin:~/optee$ docker image ls
REPOSITORY   TAG       IMAGE ID       CREATED          SIZE
optee        latest    33824b4a5378   12 minutes ago   23.3GB
ubuntu       22.04     b103ac8bf22e   4 weeks ago      77.9MB

• 빌드하면 약 23GB의 이미지가 만들어진다

OPTEE run

• 빌드된 docker 이미지로 컨테이너를 생성한다
• /optee/build에서 make run을 실행시키면 qemu console과 함께 Normal World, Secure World 2개의 UART console 창을 띄운다
• qemu console은 waiting 상태로, c를 입력해 continue 하면 두 환경 모두 부팅된다
  

UART console이 안뜬다면

• 아래와 같은 메세지랑 console이 안뜬다면, X11 포워딩 문제라고 한다

xterm: Xt error: Can't open display:
xterm: DISPLAY is not set
xterm: Xt error: Can't open display:
xterm: DISPLAY is not set

• vscode에서 dev container extension을 통해 docker container로 직접 접속한 후 make run을 실행하면 console 화면이 뜬다