Update to OP-TEE 4.2.0 (apache#126)

* Update to OP-TEE 4.2.0

- update to OP-TEE 4.2.0
- simplify test scripts
- use new docker img based on Ubuntu 24.04 (required by qemu libslirp)
- fix ci

.github/workflows/ci.yml

@@ -23,54 +23,47 @@ defaults:
 
 jobs:
    build-and-run-examples:
-     runs-on: ubuntu-20.04
-     container: teaclave/teaclave-trustzone-sdk-build:0.3.0
+     runs-on: ubuntu-latest
+     container: yuanz0/teaclave-trustzone-sdk:ubuntu-24.04
      steps:
        - name: Checkout repository
          uses: actions/checkout@v2
          with:
            submodules: recursive
        - name: Setting up $HOME
          run: |
-           cp /root/.bashrc $HOME/.bashrc &&
-           ln -sf /root/.rustup ~/.rustup &&
-           ln -sf /root/.cargo ~/.cargo
+           cp /root/.bashrc $HOME/.bashrc
        - name: Building
          run: |
-           apt update && apt install libslirp-dev -y
            export CARGO_NET_GIT_FETCH_WITH_CLI=true &&
            ./setup.sh &&
            source environment &&
            make optee &&
-           . ~/.cargo/env &&
            make examples
        - name: Run tests and examples
          run: |
            cd ci && ./ci.sh
    build-utee-teec:
-    runs-on: ubuntu-20.04
-    container: teaclave/teaclave-trustzone-sdk-build:0.3.0
+    runs-on: ubuntu-latest
+    container: yuanz0/teaclave-trustzone-sdk:ubuntu-24.04
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
         with:
           submodules: recursive
       - name: Setting up $HOME
         run: |
-          cp /root/.bashrc $HOME/.bashrc &&
-          ln -sf /root/.rustup ~/.rustup &&
-          ln -sf /root/.cargo ~/.cargo
+          cp /root/.bashrc $HOME/.bashrc
       - name: Building
         run: |
           export CARGO_NET_GIT_FETCH_WITH_CLI=true &&
           ./setup.sh &&
           source environment &&
           make optee &&
-          . ~/.cargo/env &&
           (cd optee-utee && xargo build --target aarch64-unknown-optee-trustzone -vv) &&
           (cd optee-teec && cargo build --target aarch64-unknown-linux-gnu -vv)
    license:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v2
       - name: Check License Header

Dockerfile

@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-FROM ubuntu:20.04
+FROM ubuntu:24.04
 MAINTAINER Teaclave Contributors <[email protected]>
 ENV DEBIAN_FRONTEND=noninteractive
 
@@ -53,15 +53,12 @@ RUN apt-get update && \
     libtool \
     make \
     mtools \
-    netcat \
     ninja-build \
-    python \
-    python-crypto \
-    python3-crypto \
-    python-pyelftools \
+    python3 \
     python3-pycryptodome \
     python3-pyelftools \
     python3-serial \
+    python3-cryptography \
     rsync \
     unzip \
     uuid-dev \
@@ -72,26 +69,9 @@ RUN apt-get update && \
     wget \
     cpio \
     libcap-ng-dev \
+    libslirp-dev \
     screen \
     libvdeplug-dev \
     libsdl2-dev \
     pip \
     ca-certificates
-
-RUN pip install cryptography
-
-RUN apt-get install -y software-properties-common && \
-    add-apt-repository ppa:linuxuprising/libpng12 && \
-    apt-get update && \
-    apt-get install libpng12-0
-
-# Install Rust
-RUN curl https://sh.rustup.rs -sSf | sh -s -- -y && \
-  . $HOME/.cargo/env && \
-  rustup default nightly-2021-09-20 && \
-  rustup component add rust-src && \
-  rustup target install aarch64-unknown-linux-gnu && \
-  rustup default 1.44.0 && cargo +1.44.0 install xargo && \
-  rustup default nightly-2021-09-20
-
-ENV PATH="/root/.cargo/bin:$PATH"

ci/ci.sh

@@ -40,5 +40,7 @@ pushd ../tests
 ./test_supp_plugin.sh
 ./test_tls_client.sh
 ./test_tls_server.sh
+echo "All tests passed!"
+./cleanup_all.sh
 
 popd

environment

@@ -15,6 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
+export PATH=$PATH:$HOME/.cargo/bin
 export RUST_TARGET_PATH="$(pwd)"
 export RUST_COMPILER_RT_ROOT=$RUST_TARGET_PATH/rust/rust/src/llvm-project/compiler-rt
 if [ -z "$OPTEE_DIR" ]

setup.sh

@@ -44,7 +44,7 @@ cargo +stable install xargo
 
 ########################################################
 # initialize submodules: optee_os / optee_client / build
-OPTEE_RELEASE_VERSION=3.20.0
+OPTEE_RELEASE_VERSION=4.2.0
 
 if [[ -z "$OPTEE_DIR" ]] || [[ "$OPTEE_DIR" == "$(pwd)/optee" ]]
 then

tests/cleanup_all.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set -xe
+
+rm -rf screenlog.0 shared
+rm -rf optee-qemuv8-*

tests/optee-qemuv8.sh

@@ -17,7 +17,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-cd optee-qemuv8-3.20.0-ubuntu-20.04 && ./qemu-system-aarch64 \
+cd $1 && ./qemu-system-aarch64 \
     -nodefaults \
     -nographic \
     -serial stdio -serial file:/tmp/serial.log \

tests/setup.sh

@@ -0,0 +1,60 @@
+#!/bin/bash
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+set -xe
+
+# Default value for NEED_EXPANDED_MEM
+: ${NEED_EXPANDED_MEM:=false}
+
+# Define IMG_VERSION
+IMG_VERSION="optee-qemuv8-4.2.0-ubuntu-24.04"
+
+# Set IMG based on NEED_EXPANDED_MEM
+if [ "$NEED_EXPANDED_MEM" = true ]; then
+    IMG="${IMG_VERSION}-expand-ta-memory"
+else
+    IMG="$IMG_VERSION"
+fi
+
+# Function to download image
+download_image() {
+    curl "https://nightlies.apache.org/teaclave/teaclave-trustzone-sdk/${IMG}.tar.gz" | tar zxv
+}
+
+# Functions for running commands in QEMU screen
+run_in_qemu() {
+    screen -S qemu_screen -p 0 -X stuff "$1\n"
+    sleep 5
+}
+
+# Check if the image file exists locally
+if [ ! -d "${IMG}" ]; then
+    echo "Image file '${IMG}' not found locally. Downloading from network."
+    download_image
+else
+    echo "Image file '${IMG}' found locally."
+fi
+
+mkdir -p shared
+
+# Start QEMU screen
+screen -L -d -m -S qemu_screen ./optee-qemuv8.sh $IMG
+sleep 30
+run_in_qemu "root"
+run_in_qemu "mkdir -p shared && mount -t 9p -o trans=virtio host shared && cd shared"

tests/test_acipher.sh

@@ -19,37 +19,26 @@
 
 set -xe
 
-rm -rf screenlog.0
-rm -rf optee-qemuv8-3.20.0-ubuntu-20.04
-rm -rf shared
+# Include base script
+source setup.sh
 
-curl https://nightlies.apache.org/teaclave/teaclave-trustzone-sdk/optee-qemuv8-3.20.0-ubuntu-20.04.tar.gz | tar zxv
-mkdir shared
+# Copy TA and host binary
 cp ../examples/acipher-rs/ta/target/aarch64-unknown-optee-trustzone/release/*.ta shared
 cp ../examples/acipher-rs/host/target/aarch64-unknown-linux-gnu/release/acipher-rs shared
 
-screen -L -d -m -S qemu_screen ./optee-qemuv8.sh
-sleep 30
-screen -S qemu_screen -p 0 -X stuff "root\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "mkdir shared && mount -t 9p -o trans=virtio host shared && cd shared\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "cp *.ta /lib/optee_armtz/\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "./acipher-rs 256 teststring\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "^C"
-sleep 5
+# Run script specific commands in QEMU
+run_in_qemu "cp *.ta /lib/optee_armtz/\n"
+run_in_qemu "./acipher-rs 256 teststring\n"
+run_in_qemu "^C"
 
+# Script specific checks
 {
-	grep -q "Success encrypt input text \".*\" as [0-9]* bytes cipher text:" screenlog.0 &&
-	grep -q "Success decrypt the above ciphertext as [0-9]* bytes plain text:" screenlog.0	
+    grep -q "Success encrypt input text \".*\" as [0-9]* bytes cipher text:" screenlog.0 &&
+    grep -q "Success decrypt the above ciphertext as [0-9]* bytes plain text:" screenlog.0
 } || {
-	cat -v screenlog.0
-	cat -v /tmp/serial.log
-        false
+    cat -v screenlog.0
+    cat -v /tmp/serial.log
+    false
 }
 
-rm -rf screenlog.0
-rm -rf optee-qemuv8-3.20.0-ubuntu-20.04
-rm -rf shared
+rm screenlog.0

tests/test_aes.sh

@@ -19,28 +19,19 @@
 
 set -xe
 
-rm -rf screenlog.0
-rm -rf optee-qemuv8-3.20.0-ubuntu-20.04
-rm -rf shared
+# Include base script
+source setup.sh
 
-curl https://nightlies.apache.org/teaclave/teaclave-trustzone-sdk/optee-qemuv8-3.20.0-ubuntu-20.04.tar.gz | tar zxv
-mkdir shared
+# Copy TA and host binary
 cp ../examples/aes-rs/ta/target/aarch64-unknown-optee-trustzone/release/*.ta shared
 cp ../examples/aes-rs/host/target/aarch64-unknown-linux-gnu/release/aes-rs shared
 
-screen -L -d -m -S qemu_screen ./optee-qemuv8.sh
-sleep 30
-screen -S qemu_screen -p 0 -X stuff "root\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "mkdir shared && mount -t 9p -o trans=virtio host shared && cd shared\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "cp *.ta /lib/optee_armtz/\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "./aes-rs\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "^C"
-sleep 5
+# Run script specific commands in QEMU
+run_in_qemu "cp *.ta /lib/optee_armtz/\n"
+run_in_qemu "./aes-rs\n"
+run_in_qemu "^C"
 
+# Script specific checks
 {
 	grep -q "Prepare encode operation" screenlog.0 &&
 	grep -q "Load key in TA" screenlog.0 &&
@@ -54,6 +45,4 @@ sleep 5
 	false
 }
 
-rm -rf screenlog.0
-rm -rf optee-qemuv8-3.20.0-ubuntu-20.04
-rm -rf shared
+rm screenlog.0

tests/test_authentication.sh

@@ -19,28 +19,19 @@
 
 set -xe
 
-rm -rf screenlog.0
-rm -rf optee-qemuv8-3.20.0-ubuntu-20.04
-rm -rf shared
+# Include base script
+source setup.sh
 
-curl https://nightlies.apache.org/teaclave/teaclave-trustzone-sdk/optee-qemuv8-3.20.0-ubuntu-20.04.tar.gz | tar zxv
-mkdir shared
+# Copy TA and host binary
 cp ../examples/authentication-rs/ta/target/aarch64-unknown-optee-trustzone/release/*.ta shared
 cp ../examples/authentication-rs/host/target/aarch64-unknown-linux-gnu/release/authentication-rs shared
 
-screen -L -d -m -S qemu_screen ./optee-qemuv8.sh
-sleep 30
-screen -S qemu_screen -p 0 -X stuff "root\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "mkdir shared && mount -t 9p -o trans=virtio host shared && cd shared\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "cp *.ta /lib/optee_armtz/\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "./authentication-rs\n"
-sleep 5
-screen -S qemu_screen -p 0 -X stuff "^C"
-sleep 5
+# Run script specific commands in QEMU
+run_in_qemu "cp *.ta /lib/optee_armtz/\n"
+run_in_qemu "./authentication-rs\n"
+run_in_qemu "^C"
 
+# Script specific checks
 {
 	grep -q "Clear text and decoded text match" screenlog.0 &&
 	grep -q "Success" screenlog.0
@@ -50,6 +41,4 @@ sleep 5
         false
 }
 
-rm -rf screenlog.0
-rm -rf optee-qemuv8-3.20.0-ubuntu-20.04
-rm -rf shared
+rm screenlog.0