Additional steps need to implement to setup shadow-boxV2 OPTEE on Raspberry PI

  sonic0002        2019-05-20 08:52:55       1,415        0    

We followed the Shadow-box v2 project from the https://github.com/kkamagui/shadow-box-for-arm to set up the trustZone on Raspberry PI modeB to protect the Linux Kernel. But got a problem when doing the step: [3.6.5. Activate Shadow-Box for ARM and Start Secure Pi!] to create the hash for the memory area. The result is not shown.

If you met the same problem, this is what I did to fix the problem on my PI:

1.1  When we do the step [3.5.1. Copy OP-TEE OS with Shadow-Box for ARM and New Linux Kernel to Raspbian OS], make sure the ‘image’ was copied in the boot1 and boot folder:

No alt text provided for this image

We also need to copy the file to boot1 folder by use cmd:

$sudo gunzip -cd $HOME/shadow-box/gen_rootfs/filesystem.cpio.gz | sudo cpio -iudmv "boot1/*"

Check whether The folder 4.6.3-17586g76cacae is in the rootfs/lib/modules folder in the Raspberry PI’s SD card. 

No alt text provided for this image

1.2  When we run the cmd “$ sudo shadow_box_client –g” in step [3.6.5. Activate Shadow-Box for ARM and  Start Secure Pi], there will be no result shown. Check the file shadow_box_client in Raspberry Pi /bin folder:  If the file size is less than 4.8MB, which means the file is not copied correctly. In our experiment, the file is an empty file with file size 1kb. So we need to make the file front the build computer again. In the computer which we build the shadow-box project shadow-box/optee_examples_shadow_box_client/host folder, find the executable file “shadow_box_client”. As show below: 

- If the executable file is not in the folder, use “make” to create it. 

Copy the file shadow_box_client to Raspberry Pi’s /bin folder: 

No alt text provided for this image

After copied the file, use the img_sign.sh to sign the program: 

$ sudo ./img_sign.sh /bin/shadow_box_client

Then we can continuous to do the step3.6.5 in the Shadow-Box OPTEE's document. 

Note: This post is authorized to republish here by Yuancheng Liu, Systems Software Engineer at ZycraftUSV.PTE.LTD. Original post is here.

HARDWARE  RASPBERRY PI 

       

  RELATED


  0 COMMENT


No comment for this article.



  RANDOM FUN

Just before deploying to product server