OP-TEE with Rust

This document describes how to build OP-TEE client and trusted applications written in Rust with Teaclave TrustZone SDK.

Clone OP-TEE repo

Currently, Teaclave TrustZone SDK is compatible with QEMUv8 (aarch64).

Before building examples written with Teaclave TrustZone SDK, you should clone the OP-TEE repo first. For QEMUv8, run:

$ mkdir YOUR_OPTEE_DIR && cd YOUR_OPTEE_DIR
$ repo init -u https://github.com/OP-TEE/manifest.git -m qemu_v8.xml
$ repo sync

The source code of Teaclave TrustZone SDK is located in YOUR_OPTEE_DIR/optee_rust/ containing a set of examples written in Rust using the SDK.

For more information about building OP-TEE using QEMUv8, see run OP-TEE using QEMU .

Compile Rust examples

Rust example applications are located in optee_rust/examples/. To build and install them with Buildroot, run:

$ (cd build && make toolchains && make OPTEE_RUST_ENABLE=y CFG_TEE_RAM_VA_SIZE=0x00300000)

Then start QEMUv8:

$ (cd build && make run-only)

Hint

Note that if you are under the environment without GUI, you can use soc_term instead.

Access to normal world terminal:

$ ./build/soc_term.py 54320

Access to secure world terminal:

$ ./build/soc_term.py 54321

Run QEMU:

$ (cd build && make run-only)

To differentiate from client applications generated by optee_examples , OP-TEE Rust examples are not prefixed with optee_example_ but suffixed with -rs. More description about Rust examples can be found in Overview of OP-TEE Rust Examples .

During the build process, host applications are installed to /usr/bin/ and TAs are installed to /lib/optee_armtz/. After QEMU boots up, you can run host applications in normal world terminal. For example:

$ hello_world-rs
original value is 29
inc value is 129
dec value is 29
Success

TA log will be printed correspondingly in the secure terminal.

Development Documents

More information about developing OP-TEE applications in Rust can be found in Teaclave TrustZone SDK Documentation.