Rust Trusted Applications (TAs) for the OP-TEE OS.
This repo does not contain the optee OS, CAs, or tee-supplicant.
Note
Cross compiling from macos is not currently supported for orb-rustzone. To get
things working, we recommend using a devcontainer. Command line users can run
.devcontainer/run.sh, which requires installing the devcontainer CLI (nix profile add nixpkgs#devcontainer or brew install devcontainer).
Note
If you are on an aarch64 machine (for example on apple silicon), you may need
to comment out the following settings to optee/.cargo/config.toml:
# [target.aarch64-unknown-linux-gnu]
# linker = "aarch64-unknown-linux-gnu-gcc"You must pass RUSTC_BOOTSTRAP=1 in front of all your cargo commands to use
some necessary nightly features. Be sure you are in the optee directory.
Alternatively, you can call cargo x optee ta build -p <your_optee_package>.
AWS_PROFILE=trustzone-stage cargo x optee ta sign -p <your_optee_package>.
Note that this assumes you have set up an aws profile called trustzone-stage
or trustzone-prod. Try adding this to your ~/.aws/config directory:
Note
Actual values are different, check the docs for the real values.
[profile trustzone-stage]
sso_session = my-sso
sso_account_id = 777777777777
sso_role_name = PowerUserAccess
region = eu-central-1
[sso-session my-sso]
sso_start_url = https://d-3333333333.awsapps.com/start/#
sso_region = us-east-1
sso_registration_scopes = sso:account:accessOnce your config is set up, you can log in with
AWS_PROFILE=trustzone-stage aws sso login --use-device-code.
Note that prod builds can only be done in CI, not by hand.
- If Uuid::parse_str() returns an InvalidLength error, there may be an extra
newline in your uuid.txt file. You can remove it by running
truncate -s 36 uuid.txt. - TAs do not share the top-level cargo workspace, but CAs do. For this reason,
to get your LSP to work for TAs, you need to open your editor in the
opteedirectory instead of the regular toplevel directory. The two cargo workspaces are mutually exclusive so you may have to switch betweeen two instances of vscode / LSPs.
Unless otherwise specified, all code in this repository is dual-licensed under either:
- MIT License (LICENSE-MIT)
- Apache License, Version 2.0, with LLVM Exceptions (LICENSE-APACHE)
at your option. This means you may select the license you prefer to use.
Any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.