GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → apache → incubator-teaclave-trustzone-sdk

apache / incubator-teaclave-trustzone-sdk

Licence: Apache-2.0 License
Teaclave TrustZone SDK enables safe, functional, and ergonomic development of trustlets.

Programming Languages

rust
11053 projects
shell
77523 projects

Labels

trustzoneteetrusted-execution-environmentsecure-computingconfidential-computing

Projects that are alternatives of or similar to incubator-teaclave-trustzone-sdk

enarx.github.io
Enarx.dev website and relevant assets
Stars: ✭ 42 (-66.67%)
Mutual labels:  trusted-execution-environment, confidential-computing
inclavare-containers
A novel container runtime, aka confidential container, for cloud-native confidential computing and enclave runtime ecosystem.
Stars: ✭ 510 (+304.76%)
Mutual labels:  tee, confidential-computing
multizone-linux
MultiZone® Security Enclave for Linux
Stars: ✭ 18 (-85.71%)
Mutual labels:  tee, trusted-execution-environment
mTower
mTower is Trusted Execution Environment specially designed to be used on MicroController Units (MCUs) supporting ARM TrustZone technology (e.g., Cortex-M23/33/35p). mTower operates well under restrictions typical for such environment – small RAM and ROM sizes, relatively low performance, absence of rich OSes providing variety of services availab…
Stars: ✭ 34 (-73.02%)
Mutual labels:  trustzone, trusted-execution-environment
gee
🏵 Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go
Stars: ✭ 65 (-48.41%)
Mutual labels:  tee
sana
SANA, Storage Area Network Anywhere, a point-to-point encrypted storage area node network based on Swarm, is established by the Github geeks.
Stars: ✭ 16 (-87.3%)
Mutual labels:  tee
QwerteeTelegramBot
This bot shows you today's posts from Qwertee.
Stars: ✭ 18 (-85.71%)
Mutual labels:  tee
sgxwallet
sgxwallet is the first-ever opensource high-performance hardware secure crypto wallet that is based on Intel SGX technology. First opensource product on Intel SGX whitelist. Scales to 100,000+ transactions per second. Currently supports ETH and SKALE, and will support BTC in the future. Sgxwallet is under heavy development and use by SKALE network.
Stars: ✭ 50 (-60.32%)
Mutual labels:  trusted-execution-environment
ltzvisor
LTZVisor: a Lightweight TrustZone-assisted Hypervisor
Stars: ✭ 64 (-49.21%)
Mutual labels:  trustzone
Penglai-Enclave
This is the main repo for Penglai.
Stars: ✭ 47 (-62.7%)
Mutual labels:  tee
subprocess-tee
A subprocess.run drop-in replacement that supports a tee mode, being able to display output in real time while still capturing it. No dependencies needed
Stars: ✭ 31 (-75.4%)
Mutual labels:  tee
confidential-computing-zoo
Confidential Computing Zoo provides confidential computing solutions based on Intel SGX, TDX, HEXL, etc. technologies.
Stars: ✭ 177 (+40.48%)
Mutual labels:  confidential-computing
ntee
Portable Unix shell command 'tee', with some extras - read from standard input and write to standard output and files
Stars: ✭ 22 (-82.54%)
Mutual labels:  tee
CipherCompute
The free EAP version of the Cosmian Collaborative Confidential Computing platform. Try it!
Stars: ✭ 20 (-84.13%)
Mutual labels:  confidential-computing

Teaclave TrustZone SDK

License Release Homepage

Teaclave TrustZone SDK (Rust OP-TEE TrustZone SDK) provides abilities to build safe TrustZone applications in Rust. The SDK is based on the OP-TEE project which follows GlobalPlatform TEE specifications and provides ergonomic APIs. In addition, it enables capability to write TrustZone applications with Rust's standard library and many third-party libraries (i.e., crates). Teaclave TrustZone SDK is a sub-project of Apache Teaclave (incubating).

Getting started

Quick start with the OP-TEE Repo for QEMUv8

Teaclave TrustZone SDK has been integrated into the OP-TEE Repo since OP-TEE Release 3.15.0 (18/Oct/21). The aarch64 Rust examples are built and installed into OP-TEE's default filesystem for QEMUv8. Follow this documentation to set up the OP-TEE repo and try the Rust examples!

Develop your trusted applications in Rust

The OP-TEE libraries are needed when building Rust applications, so you should finish the Quick start with the OP-TEE Repo for QEMUv8 part first. Then initialize the building environment in Teaclave TrustZone SDK, build Rust applications and copy them into the target's filesystem.

1. Update the project

Teaclave TrustZone SDK is located in YOUR_OPTEE_DIR/optee_rust/.Teaclave TrustZone SDK in OP-TEE repo is pinned to the release version. Alternatively, you can try the develop version using git pull:

$ cd [YOUR_OPTEE_DIR]/optee_rust/
$ git pull github master

2. Install Rust environment and initialize related submodules

  • Set the OP-TEE root directory:
$ export OPTEE_DIR=[YOUR_OPTEE_DIR]
  • Run the script as follows to install Rust environment and initialize submodules:
$ ./setup.sh

3. Set environment variables

Before building examples, the environment should be properly setup.

$ source environment

By default, the target platform is aarch64. If you want to build for the arm target, you can setup ARCH before source environment:

$ export ARCH=arm
$ source environment

4. Build Rust applications

Run this command to build all Rust examples:

$ make examples

Or build your own CA and TA:

$ make -C examples/[YOUR_APPLICATION]

5. Run Rust applications

The shared folder is needed to share CAs and TAs with the QEMU guest system. Recompile QEMU in OP-TEE to enable QEMU virtfs:

$ (cd $OPTEE_DIR/build && make QEMU_VIRTFS_ENABLE=y qemu)

Note: the path /project/root/dir/ should be replaced as the root directory of your local project "Teaclave TrustZone SDK". Copy all the Rust examples or your own applications to the shared folder:

$ mkdir shared_folder
$ (cd /project/root/dir/ && make examples-install)
$ cp -r /project/root/dir/out/* shared_folder/

Run QEMU.

$ (cd $OPTEE_DIR/build && make run-only QEMU_VIRTFS_ENABLE=y
QEMU_VIRTFS_HOST_DIR=$(pwd)/shared_folder)

After the QEMU has been booted, you need to mount the shared folder in QEMU guest system (username: root), in order to access the compiled CA/TA from QEMU. Run the command as follows in the QEMU guest terminal:

$ mkdir shared && mount -t 9p -o trans=virtio host shared

Then run CA and TA as this documentation describes.

Use OP-TEE libraries as submodules

If you are building trusted applications for other platforms (platforms OP-TEE supported). QEMU and the filesystem in OP-TEE repo are not needed. You can follow these steps to clone the project and build applications independently from the complete OP-TEE repo. In this case, the necessary OP-TEE libraries are initialized in the setup process.

1. Clone the project and install building dependencies

The complete list of prerequisites can be found here: OP-TEE Prerequisites.

Alternatively, you can use a docker container built with our Dockerfile.

# install dependencies
$ sudo apt-get install android-tools-adb android-tools-fastboot autoconf \
	automake bc bison build-essential ccache cscope curl device-tree-compiler \
	expect flex ftp-upload gdisk iasl libattr1-dev libc6:i386 libcap-dev \
	libfdt-dev libftdi-dev libglib2.0-dev libhidapi-dev libncurses5-dev \
	libpixman-1-dev libssl-dev libstdc++6:i386 libtool libz1:i386 make \
	mtools netcat python-crypto python3-crypto python-pyelftools \
	python3-pycryptodome python3-pyelftools python-serial python3-serial \
	rsync unzip uuid-dev xdg-utils xterm xz-utils zlib1g-dev

# clone the project
$ git clone [email protected]:apache/incubator-teaclave-trustzone-sdk.git
$ cd incubator-teaclave-trustzone-sdk

2. Set your OP-TEE directory

  • By default, the OPTEE_DIR is incubator-teaclave-trustzone-sdk/optee/.OP-TEE submodules (optee_os, optee_client and build) will be initialized automatically in setup.sh. If you already have OP-TEE repository cloned somewhere, you can set OP-TEE root directory:
$ export OPTEE_DIR=[YOUR_OPTEE_DIR]

Note that your OPTEE root directory should have build/, optee_os/ and optee_client/ as sub-directory.

  • Run the script as follows to install Rust environment and set up submodules.
$ ./setup.sh

3. Set environment variables

Before building examples, the environment should be properly setup.

$ source environment

By default, the target platform is aarch64. If you want to build for the arm target, you can setup ARCH before source environment like this:

$ export ARCH=arm
$ source environment

4. Build OP-TEE libraries

Then, download ARM toolchains and build OP-TEE libraries. Note that the OP-TEE target is QEMUv8, and you can modify the Makefile to other targets accordingly.

$ make optee

5. Build Rust examples

Run this command to build all Rust examples:

$ make examples

Collect all example CAs and TAs to /incubator-teaclave-trustzone-sdk/out:

$ make examples-install

6. Run Rust examples

Copy the applications to your platform and run.

Documentation

Publication

More details about the design and implementation can be found in our paper published in ACSAC 2020: RusTEE: Developing Memory-Safe ARM TrustZone Applications. Here is the BiBTeX record for your reference.

@inproceedings{wan20rustee,
    author    = "Shengye Wan and Mingshen Sun and Kun Sun and Ning Zhang and Xu
He",
    title     = "{RusTEE: Developing Memory-Safe ARM TrustZone Applications}",
    booktitle = "Proceedings of the 36th Annual Computer Security Applications
Conference",
    series    = "ACSAC '20",
    year      = "2020",
    month     = "12",
}

Contributing

Teaclave is open source in The Apache Way, we aim to create a project that is maintained and owned by the community. All kinds of contributions are welcome. Thanks to our contributors.

Community

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].