1e656c62eSopenharmony_ci# TEE Client组件 2e656c62eSopenharmony_ci 3e656c62eSopenharmony_ci## 简介 4e656c62eSopenharmony_ci 5e656c62eSopenharmony_ciTEE Client组件向OpenHarmony侧CA(Client APP,即客户端应用)提供访问TEE的API接口,同时也包含TEE的代理服务,配合TEE实现安全存储、日志打印等功能。 6e656c62eSopenharmony_ci 7e656c62eSopenharmony_ciTEE Client组件包含如下模块: 8e656c62eSopenharmony_ci 9e656c62eSopenharmony_ci- libteec.so:为系统组件Native应用提供TEE Client API。 10e656c62eSopenharmony_ci- libteec_vendor.so:为芯片组件Native应用提供TEE Client API。 11e656c62eSopenharmony_ci- cadaemon:转发CA请求到Tzdriver驱动。 12e656c62eSopenharmony_ci- teecd:作为TEE的代理服务,支持TEE实现安全存储等功能。 13e656c62eSopenharmony_ci- tlogcat:支持打印TEE日志。 14e656c62eSopenharmony_ci 15e656c62eSopenharmony_ci图1 TEE Client组件架构图 16e656c62eSopenharmony_ci 17e656c62eSopenharmony_ci 18e656c62eSopenharmony_ci 19e656c62eSopenharmony_ci## 目录 20e656c62eSopenharmony_ci 21e656c62eSopenharmony_ci``` 22e656c62eSopenharmony_cibase/tee/tee_client 23e656c62eSopenharmony_ci├── frameworks 24e656c62eSopenharmony_ci│ └── libteec_vendor # libteec_vendor.so库,提供TEE Client API 25e656c62eSopenharmony_ci├── interfaces 26e656c62eSopenharmony_ci│ ├── inner_api # 本组件内部接口 27e656c62eSopenharmony_ci| └── kits # 发布到SDK中的libteec.so库和对应的TEE Client API 28e656c62eSopenharmony_ci└── services 29e656c62eSopenharmony_ci ├── authentication # CA身份识别(预留功能,暂未使能) 30e656c62eSopenharmony_ci ├── cadaemon # 转发CA请求 31e656c62eSopenharmony_ci ├── teecd # TEE代理服务 32e656c62eSopenharmony_ci └── tlogcat # TEE日志服务 33e656c62eSopenharmony_ci``` 34e656c62eSopenharmony_ci 35e656c62eSopenharmony_ci## 接口说明 36e656c62eSopenharmony_ci 37e656c62eSopenharmony_ciTEE Client组件对CA提供的API列表如下: 38e656c62eSopenharmony_ci 39e656c62eSopenharmony_ci| 名称 | 描述 | 40e656c62eSopenharmony_ci| ------------------------------------------------------------ | -------------------- | 41e656c62eSopenharmony_ci| TEEC_InitializeContext (const char *name, TEEC_Context *context) | 初始化TEE上下文。 | 42e656c62eSopenharmony_ci| TEEC_FinalizeContext (TEEC_Context *context) | 结束TEE上下文。 | 43e656c62eSopenharmony_ci| TEEC_OpenSession (TEEC_Context *context, TEEC_Session *session, const TEEC_UUID *destination, uint32_t connectionMethod, const void *connectionData, TEEC_Operation *operation, uint32_t *returnOrigin) | 建立与TEE的会话。 | 44e656c62eSopenharmony_ci| TEEC_CloseSession (TEEC_Session *session) | 关闭与TEE的会话。 | 45e656c62eSopenharmony_ci| TEEC_InvokeCommand (TEEC_Session *session, uint32_t commandID, TEEC_Operation *operation, uint32_t *returnOrigin) | 向TEE发送命令。 | 46e656c62eSopenharmony_ci| TEEC_RegisterSharedMemory (TEEC_Context *context, TEEC_SharedMemory *sharedMem) | 注册共享内存。 | 47e656c62eSopenharmony_ci| TEEC_AllocateSharedMemory (TEEC_Context *context, TEEC_SharedMemory *sharedMem) | 申请共享内存。 | 48e656c62eSopenharmony_ci| TEEC_ReleaseSharedMemory (TEEC_SharedMemory *sharedMem) | 释放共享内存。 | 49e656c62eSopenharmony_ci| TEEC_RequestCancellation (TEEC_Operation *operation) | 取消正在运行的操作。 | 50e656c62eSopenharmony_ci 51e656c62eSopenharmony_ci上述API均是GlobalPlatform TEE标准规定的,可参考《[TEE Client API Specification v1.0 (GPD_SPE_007)](https://globalplatform.org/specs-library/?filter-committee=tee)》。少量实现与GlobalPlatform TEE规范有差异,差异点如下: 52e656c62eSopenharmony_ci 53e656c62eSopenharmony_ci1. TEEC_OpenSession接口的TEEC_Context结构体成员 ta_path支持指定TA的文件路径(限制在/data目录)。 54e656c62eSopenharmony_ci 55e656c62eSopenharmony_ci 举例如下: 56e656c62eSopenharmony_ci 57e656c62eSopenharmony_ci ``` 58e656c62eSopenharmony_ci TEEC_Context context; 59e656c62eSopenharmony_ci context.ta_path = (uint8_t *)"/data/58dbb3b9-4a0c-42d2-a84d-7c7ab17539fc.sec" 60e656c62eSopenharmony_ci ``` 61e656c62eSopenharmony_ci 62e656c62eSopenharmony_ci 如果CA不通过ta_path指定TA的文件路径,则TEE Client会从缺省路径下读取uuid.sec(uuid需要替换为TA的真实uuid)命名的TA文件。缺省路径有两个:/system/bin和/vendor/bin。 63e656c62eSopenharmony_ci 64e656c62eSopenharmony_ci2. TEEC_OpenSession接口入参connectionMethod只支持TEEC_LOGIN_IDENTIFY。 65e656c62eSopenharmony_ci 66e656c62eSopenharmony_ci 对于TEEC_OpenSession函数中第四个入参connectionMethod,GP规范定义了六种Login Method,TEE Client组件拓展了TEEC_LOGIN_IDENTIFY的类型,且只支持该种connectionMethod。 67e656c62eSopenharmony_ci 68e656c62eSopenharmony_ci3. 调用TEEC_OpenSession时,TEEC_Operation参数有限制。 69e656c62eSopenharmony_ci 70e656c62eSopenharmony_ci 在调用TEEC_OpenSession接口时,TEEC_Operation中params[2]和params[3]是预留给系统的,不允许CA使用,CA仅可以使用params[0]和params[1]。 71e656c62eSopenharmony_ci 72e656c62eSopenharmony_ci## 编译指导 73e656c62eSopenharmony_ci 74e656c62eSopenharmony_ciTEE Client组件支持单独编译调试,以RK3568芯片为例,运行以下命令编译TEE Client组件: 75e656c62eSopenharmony_ci 76e656c62eSopenharmony_ci``` 77e656c62eSopenharmony_ci./build.sh --product-name rk3568 --ccache --build-target tee_client 78e656c62eSopenharmony_ci``` 79e656c62eSopenharmony_ci 80e656c62eSopenharmony_ci编译产物路径:out/rk3568/tee/tee_client 81e656c62eSopenharmony_ci 82e656c62eSopenharmony_ci可将编译产物自行推入设备中进行调试: 83e656c62eSopenharmony_ci 84e656c62eSopenharmony_ci``` 85e656c62eSopenharmony_cihdc file send cadaemon.json /system/profile/ 86e656c62eSopenharmony_cihdc file send cadaemon.cfg /system/etc/init/ 87e656c62eSopenharmony_cihdc file send libteec.so /system/lib/ 88e656c62eSopenharmony_cihdc file send libcadaemon.so /system/lib/ 89e656c62eSopenharmony_cihdc file send tlogcat /system/bin/ 90e656c62eSopenharmony_cihdc file send libteec_vendor.so /vendor/lib/ 91e656c62eSopenharmony_cihdc file send teecd /vendor/bin/ 92e656c62eSopenharmony_ci``` 93e656c62eSopenharmony_ci 94e656c62eSopenharmony_ci## 相关仓 95e656c62eSopenharmony_ci 96e656c62eSopenharmony_ci[tee_tzdriver](https://gitee.com/openharmony-sig/tee_tee_tzdriver) 97
