Merge branch 'master' of github.com:fxlin/p3-tee

docs/issues.md

@@ -1,5 +1,31 @@
 # Common issues
 
+## python version mismatch
+Jan 2024
+
+Symptom:
+```
+/sw/ubuntu-22.04/python/3.10.11/bin/python3: /lib/x86_64-linux-gnu/libm.so.6: version `GLIBC_2.35' not found (required by /sw/ubuntu-22.04/python/3.10.11/bin/python3)
+... 
+```
+Cause: granger1/2 run Ubuntu 20.04, while python3 for Ubuntu 22.04 (as managed by the ``module'' system, /sw/...) somehow gets invoked. The newer python3 expects GLIBC versions that do not exist on Ubuntu 20.04
+
+Solution: only use Python3 that comes with Ubuntu20.04. $PATH is clean, not containing anything like "/sw/...". Also unload any python ("module unload python..."). No conda env ("conda deactivate"). This should solve most of the problem. 
+
+FL: some errors were seen in "make buildroot", which I did not fully eliminate. It does not breaking the build.
+
+## (from sec world) Error: ... failed ffff000? from origin ?
+The way to debug is to understand the optee error code definition ffff000? and its origin ?. See table below. Also GIYF. You may find the [doc for developing CA](https://globalplatform.org/wp-content/uploads/2010/07/TEE_Client_API_Specification-V1.0.pdf) and [doc for developing TA](https://globalplatform.org/wp-content/uploads/2018/06/GPD_TEE_Internal_Core_API_Specification_v1.1.2.50_PublicReview.pdf) exceptionally helpful. Search your error code, function name, etc in these two docs.
+
+![image.png](optee-error-codes.png)
+
+## make run-only... xterm problems
+
+/usr/bin/xterm: Xt error Can't open display; DISPLAY is not set etc. 
+Can be strange even if xterm is not being launched. 
+
+Try to comment out `$(call check-terminal)` in build/qemu_v8.mk
+
 ## Address already in use
 
 In qemu_v8.mk, the line `-serial tcp:localhost:50324 -serial tcp:localhost:50323` tells QEMU to listen on two ports for incoming GDB connection. 
@@ -62,6 +88,7 @@ arm-tf missing. Rebuild it. ``make arm-tf''.
 Kernel missing. 
 
 ## regression_1000.c:(.text+0x3300): undefined reference to `sdp_basic_test'
+## Error: open session to target test TA failed ffff0008 3 Test failed!"
 missing CFG_SECURE_DATA_PATH=y  in make command
 
 ## Failure to install dependencies of QEMU

docs/quickstart-req.md

@@ -69,6 +69,12 @@ In addition:
 sudo apt install python3-pycryptodome python-is-python3 python2
 ```
 
+In addition, to support the debugging script: 
+
+```
+sudo apt install binutils-aarch64-linux-gnu
+```
+
 ## Check Python versions 
 
 On shell, do 

docs/secure-vision.md

@@ -53,9 +53,11 @@ Secure world console:
 
 **To implement your own CA:** we will give you Python code that encrypts given images with AES. In this way, your CA only needs to load the encrypted images and send to the secure world for processing. 
 
-## The artifacts we give to you: 
-* Boilerplate code of TA, which should be copied to optee_examples/. 
+## We give you a tarball including: 
+* Boilerplate code of TA/CA. 
 * A Python program for encrypting images and decrypting images
+* See its README for details. 
+*
 ## You'll need to implement: 
 * TA: `ta/cnn_ta.c`
 * CA: `host/main.c`
@@ -77,4 +79,4 @@ Each design decision you made above is crucial to the security of the system. Co
 * What is the implication of accepting user-input images and run algorithms on them inside secure world? Is the system safe for good by putting the security sensitive code inside secure world?
 * With your choice of crypto, what additional assumptions you **must** make to ensure security? Hints: 
   * Symmetric encryption uses only one key. Can you expose it to normal world? If you have to do so to encrypt images, what assumption you must make to ensure the images are still confidential?  
-  * How do you store the key(s)? Can you bake them into TA and why?   
+  * How do you store the key(s)? Can you bake them into TA and why?