Skip to content

This repository contains the project designed in the paper “RusTEE: Developing Memory-Safe ARM TrustZone Applications”. The paper will appear in the Annual Computer Security Applications Conference (ACSAC), Online, December 7-11, 2020. The project is awarded as ACM Reusable Badge.

License

Notifications You must be signed in to change notification settings

SunLab-GMU/RusTEE-CompileTAinRust

 
 

Repository files navigation

Rust OP-TEE TrustZone SDK

Build Status

Rust OP-TEE TrustZone SDK provides abilities to build safe TrustZone applications in Rust. The SDK is based on the OP-TEE project which follows GlobalPlatform TEE specifications and provides ergonomic APIs. In addition, it enables capability to write TrustZone applications with Rust's standard library and many third-party libraries (i.e., crates).

Getting started

To get started, you need to clone the project, initialize related submodules, and install building dependencies (The complete list of prerequisites can be found here: OP-TEE Prerequisites). Alternatively, you can use a docker container built with our Dockerfile.

# clone the project and initialize related submodules
$ git clone git@github.com:sccommunity/rust-optee-trustzone-sdk.git
$ cd rust-optee-trustzone-sdk
$ git submodule update --init
$ (cd rust/compiler-builtins && git submodule update --init libm)
$ (cd rust/rust && git submodule update --init src/stdsimd src/llvm-project)

# install dependencies
$ sudo apt-get install android-tools-adb android-tools-fastboot autoconf \
        automake bc bison build-essential ccache cscope curl device-tree-compiler \
        expect flex ftp-upload gdisk iasl libattr1-dev libc6:i386 libcap-dev \
        libfdt-dev libftdi-dev libglib2.0-dev libhidapi-dev libncurses5-dev \
        libpixman-1-dev libssl-dev libstdc++6:i386 libtool libz1:i386 make \
        mtools netcat python-crypto python3-crypto python-pyelftools \
        python3-pycryptodome python3-pyelftools python-serial python3-serial \
        rsync unzip uuid-dev xdg-utils xterm xz-utils zlib1g-dev

# install Rust and select a proper version
$ curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain nightly-2019-07-08
$ source $HOME/.cargo/env
$ rustup component add rust-src && rustup target install aarch64-unknown-linux-gnu arm-unknown-linux-gnueabihf

# install Xargo
$ rustup default 1.44.0 && cargo +1.44.0 install xargo
# switch to nightly
$ rustup default nightly-2019-07-08

Then, download ARM toolchains and build OP-TEE libraries. Note that the OP-TEE target is QEMUv8, and you can modify the Makefile to other targets accordingly.

$ make optee

Before building examples, the environment should be properly setup.

$ source environment

By default, the target platform is aarch64. If you want to build for the arm target, you can setup ARCH before source the environment like this:

$ export ARCH=arm
$ source environment

At last, you can get started with our examples.

$ make examples

Please read detailed instructions to run these examples on OP-TEE for QEMU. For other supported devices, please find more documents here.

Contributing

Contributions are very welcome, please submit issues or send pull requests.

License

Rust OP-TEE TrustZone SDK is distributed under the Apache License (Version 2.0). See LICENSE for details.

About

This repository contains the project designed in the paper “RusTEE: Developing Memory-Safe ARM TrustZone Applications”. The paper will appear in the Annual Computer Security Applications Conference (ACSAC), Online, December 7-11, 2020. The project is awarded as ACM Reusable Badge.

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Rust 93.3%
  • Shell 5.7%
  • Other 1.0%