How to communicate with QSEE in an Android application?

为君一笑 提交于 2019-12-21 21:36:22

问题


I am interested in developing trusted applications using TEE. I have a Nexus 5 that has Android 5.1.1 (LMY48M) on it. I want to create a very basic hello world app to understand TEE logic running on a real device. Nexus 5 supports QSEE (Qualcomm Secure Execution Environment) but I couldn't found any documentation about how to include QSEE communication libraries on a regular Android application.

In an adb root shell,

cat /d/tzdbg/log
cat /d/tzdbg/qsee_log

commands displays empty result.

Is there any one who had try to develop an application like this before? Any help will be appreciated.


回答1:


First, for TEE one APP contains two parts, TA(Trust APP, runs in TEE) and CA(Client APP, runs in REE).

QSEE has implement GlobalPlatform(GP) API(not all the GP API), so you should read the GP API white paper and use them to develop CA and TA.

But, you cannot install CA and TA by yourself, because CA and TA should dispatch by TSM.




回答2:


I am afraid there is currently no straightforward way to do this.

If you want to learn to use a TEE right now, I would suggest that you use a VM running OP-TEE or Open-TEE (as I read you have in your response to @Cobain above), as the GlobalPlatform APIs are widely supported on different devices.

Unfortunately you essentially need to be a device OEM or an established software supplier to do what you want right now, but that is something which may get easier in the future - this is the downside of working with a relatively new technology.

A TSM is a Trusted Services Manager, which is a technology used by some GlobalPlatform TEE implementations to load a TA on a TEE. It is not applicable to QSEE.

Trusty is a Google proprietary TEE, and I'm not aware of any available device which exposes this to users. QSEE is the Qualcomm TEE. Unfortunately I am not able to comment on exactly what it may or may not do.




回答3:


I wanted to do the same but ended up using sequiturlabs framework for developing Trusted applications on OP-TEE on Raspberry Pi 3. It enabled a hello world TA on a hardware but I am still looking for something that would allow TA development for a secure OS with Android as REE.

https://www.sequiturlabs.com/media_portfolio/sequitur-labs-collaborates-with-linaro-to-lower-barriers-to-iot-security-education-for-raspberry-pi-maker-community/




回答4:


If you found this: http://source.android.com/security/trusty/index.html

I believe this is the relevant section:

Currently all Trusty applications are developed by a single party and packaged with the Trusty kernel image. The entire image is signed and verified by the bootloader during boot. Third-party application development is not supported in this version of Trusty.

So unless you are creating your own Custom ROM, I don't think you can do anything with Trusty.



来源:https://stackoverflow.com/questions/39350469/how-to-communicate-with-qsee-in-an-android-application

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!