I am interested in developing trusted applications using TEE. I have a Nexus 5 that has Android 5.1.1 (LMY48M) on it. I want to create a very basic hello world app to understand TEE logic running on a real device. Nexus 5 supports QSEE (Qualcomm Secure Execution Environment) but I couldn't found any documentation about how to include QSEE communication libraries on a regular Android application.
In an adb root shell,
cat /d/tzdbg/log
cat /d/tzdbg/qsee_log
commands displays empty result.
Is there any one who had try to develop an application like this before? Any help will be appreciated.
I am afraid there is currently no straightforward way to do this.
If you want to learn to use a TEE right now, I would suggest that you use a VM running OP-TEE or Open-TEE (as I read you have in your response to @Cobain above), as the GlobalPlatform APIs are widely supported on different devices.
Unfortunately you essentially need to be a device OEM or an established software supplier to do what you want right now, but that is something which may get easier in the future - this is the downside of working with a relatively new technology.
A TSM is a Trusted Services Manager, which is a technology used by some GlobalPlatform TEE implementations to load a TA on a TEE. It is not applicable to QSEE.
Trusty is a Google proprietary TEE, and I'm not aware of any available device which exposes this to users. QSEE is the Qualcomm TEE. Unfortunately I am not able to comment on exactly what it may or may not do.
If you found this: http://source.android.com/security/trusty/index.html
I believe this is the relevant section:
So unless you are creating your own Custom ROM, I don't think you can do anything with Trusty.
I wanted to do the same but ended up using sequiturlabs framework for developing Trusted applications on OP-TEE on Raspberry Pi 3. It enabled a hello world TA on a hardware but I am still looking for something that would allow TA development for a secure OS with Android as REE.
https://www.sequiturlabs.com/media_portfolio/sequitur-labs-collaborates-with-linaro-to-lower-barriers-to-iot-security-education-for-raspberry-pi-maker-community/
First, for TEE one APP contains two parts, TA(Trust APP, runs in TEE) and CA(Client APP, runs in REE).
QSEE has implement GlobalPlatform(GP) API(not all the GP API), so you should read the GP API white paper and use them to develop CA and TA.
But, you cannot install CA and TA by yourself, because CA and TA should dispatch by TSM.