How to communicate with QSEE in an Android applica

2019-05-23 08:31发布

I am interested in developing trusted applications using TEE. I have a Nexus 5 that has Android 5.1.1 (LMY48M) on it. I want to create a very basic hello world app to understand TEE logic running on a real device. Nexus 5 supports QSEE (Qualcomm Secure Execution Environment) but I couldn't found any documentation about how to include QSEE communication libraries on a regular Android application.

In an adb root shell,

cat /d/tzdbg/log
cat /d/tzdbg/qsee_log

commands displays empty result.

Is there any one who had try to develop an application like this before? Any help will be appreciated.

4条回答
一纸荒年 Trace。
2楼-- · 2019-05-23 08:42

I am afraid there is currently no straightforward way to do this.

If you want to learn to use a TEE right now, I would suggest that you use a VM running OP-TEE or Open-TEE (as I read you have in your response to @Cobain above), as the GlobalPlatform APIs are widely supported on different devices.

Unfortunately you essentially need to be a device OEM or an established software supplier to do what you want right now, but that is something which may get easier in the future - this is the downside of working with a relatively new technology.

A TSM is a Trusted Services Manager, which is a technology used by some GlobalPlatform TEE implementations to load a TA on a TEE. It is not applicable to QSEE.

Trusty is a Google proprietary TEE, and I'm not aware of any available device which exposes this to users. QSEE is the Qualcomm TEE. Unfortunately I am not able to comment on exactly what it may or may not do.

查看更多
Lonely孤独者°
3楼-- · 2019-05-23 08:46

If you found this: http://source.android.com/security/trusty/index.html

I believe this is the relevant section:

Currently all Trusty applications are developed by a single party and packaged with the Trusty kernel image. The entire image is signed and verified by the bootloader during boot. Third-party application development is not supported in this version of Trusty.

So unless you are creating your own Custom ROM, I don't think you can do anything with Trusty.

查看更多
狗以群分
4楼-- · 2019-05-23 08:54

I wanted to do the same but ended up using sequiturlabs framework for developing Trusted applications on OP-TEE on Raspberry Pi 3. It enabled a hello world TA on a hardware but I am still looking for something that would allow TA development for a secure OS with Android as REE.

https://www.sequiturlabs.com/media_portfolio/sequitur-labs-collaborates-with-linaro-to-lower-barriers-to-iot-security-education-for-raspberry-pi-maker-community/

查看更多
走好不送
5楼-- · 2019-05-23 08:58

First, for TEE one APP contains two parts, TA(Trust APP, runs in TEE) and CA(Client APP, runs in REE).

QSEE has implement GlobalPlatform(GP) API(not all the GP API), so you should read the GP API white paper and use them to develop CA and TA.

But, you cannot install CA and TA by yourself, because CA and TA should dispatch by TSM.

查看更多
登录 后发表回答