Quick steps to evaluate optee solution on nuclei qemu

[fanghuaqi]

Recently, we have open source our OpTEE hardware and software solution in this repo, see OP-TEE/optee_os#6173, and now we also implement required hardware feature in Nuclei QEMU, so you can take a try with it.

latest source code of nuclei linux sdk is required.

General steps

Here are the basic steps to try it:

# pull latest source code of feature/optee_5.10 branch
git clone -b feature/optee_5.10 https://github.com/Nuclei-Software/nuclei-linux-sdk
cd nuclei-linux-sdk
# --depth=3 is used to do shallow clone, do less source code download
git submodule update --init --depth=3
# make sure all required source code are checked out
git submodule
# refer the doc here: https://github.com/Nuclei-Software/nuclei-linux-sdk/blob/feature/optee_5.10/optee/README_en.md
# download a special version of nuclei qemu
wget -q https://nucleisys.com/upload/files/toochain/qemu/nuclei_qemu-2023.07.19-linux.zip
unzip nuclei_qemu-2023.07.19-linux.zip
# you can also evaluate it using Nuclei Qemu 2023.10 downloaded from https://www.nucleisys.com/download.php#tools
export PATH=$(pwd)/linux_qemu/bin:$PATH
# install extra required tools following steps in https://github.com/Nuclei-Software/nuclei-linux-sdk/tree/feature/optee_5.10#ubuntu-2004-x86_64-host
# install extra packages for optee, for details check https://optee.readthedocs.io/en/latest/building/prerequisites.html
pip3 install -U pyelftools cryptography
# check whether qemu required share library is installed
ldd `which qemu-system-riscv64`
# if not, please install extra required packages to let it work
# here are sample packages for ubuntu 20.04
# sudo apt install -yq python3 python3-pip unzip libz-dev libssl-dev libglib2.0-dev libfdt-dev libpixman-1-dev zlib1g-dev libncursesw5-dev libncursesw5 libgmp-dev libmpfr-dev libmpc-dev libpng-dev libasound2-dev
qemu-system-riscv64 --version
# build images
make SOC=evalsoc CORE=ux900fd BOOT_MODE=sd freeloader
make SOC=evalsoc CORE=ux900fd BOOT_MODE=sd bootimages
# run and evaluate it on nuclei qemu
make SOC=evalsoc CORE=ux900fd BOOT_MODE=sd run_qemu

About how to check optee tests and examples, please check https://github.com/Nuclei-Software/nuclei-linux-sdk/blob/feature/optee_5.10/optee/README_en.md#start-and-running-log

Sample git submodule output as below(until 2023.07.19):

nuclei@8bfe7bdac196:~/nuclei-linux-sdk$ git status -uno
On branch feature/optee_5.10
Your branch is up to date with 'origin/feature/optee_5.10'.

nothing to commit (use -u to show untracked files)
nuclei@8bfe7bdac196:~/nuclei-linux-sdk$ git log --oneline -1
a8a4391 (HEAD -> feature/optee_5.10, origin/feature/optee_5.10) bump optee_os update max tee core to 8.
nuclei@8bfe7bdac196:~/nuclei-linux-sdk$ git submodule
 16931968ddf5225f92f93d0db2eaa1eafcd63c44 buildroot (2020.11.2-2-g16931968dd)
 c0c88a724998493932bb29cb64d7de88b02ac0cd freeloader (remotes/origin/feature/optee_5.10)
 9b9a37c4ec83cd46e2dc7c4fbadabd7cb017614a linux (v5.10-13-g9b9a37c4ec83)
 3deace78edea403815df51db6999e8a7127e89da opensbi (v0.9-17-g3deace7)
 0cbbcf206b0452a3aa6ad521ea61d907720ad553 optee/optee_benchmark (remotes/origin/nuclei_dev)
 1ad692a6868226429a438f9192a380de9fc4552b optee/optee_client (3.18.0-1-g1ad692a)
 cca34e82cc80dae0986707386da0c8c92eeac5f6 optee/optee_examples (remotes/origin/nuclei/3.18_dev)
 34e68e2b1b27e5222aaee4d9956aa2e53bd98808 optee/optee_os (3.18.0-103-g34e68e2b1)
 29eaa54b5adda4a096298ed2313eb852dc758e0d optee/optee_test (3.18.0-3-g29eaa54)
 b9162c6c8f30098b09bdf79aa2b40204deed7bfd u-boot (v2021.01-19-gb9162c6c8f)

Update

2023.08.11

Regarding facing issue of get source code or building linux sdk, we provide prebuilt qemu images, which can be executed directly using qemu, you can download this prebuilt qemu optee images, and directly try it.

unzip qemu_optee_images_20230811.zip
# set qemu path before execute it, see above steps
bash run_qemu.sh

Full run log see optee_5.10_full_runlog.txt

We also provide a docker image docker.io/nucleisoftware/linuxsdk:optee, in this docker, the source code is checkout to feature/optee_5.10 branch and requried software are installed, sudo password is riscv123.

docker run -it docker.io/nucleisoftware/linuxsdk:optee
# in docker now
cd nuclei-linux-sdk
# direct run in qemu
make SOC=evalsoc CORE=ux900fd BOOT_MODE=sd run_qemu

[fanghuaqi]

Feel free to take a try, and give us feedback.

[fanghuaqi]

Hello, an error was reported during the "make run_qemu" process: qemu system iscv64: unsupported machine type 'nuclei_u'. How can I resolve it? Thank you

You forget to download qemu, and set PATH, see above notes

wget -q https://nucleisys.com/upload/files/toochain/qemu/nuclei_qemu-2023.07.19-linux.zip
unzip nuclei_qemu-2023.07.19-linux.zip
export PATH=$(pwd)/linux_qemu/bin:$PATH

[fanghuaqi]

Could you check which qemu-system-riscv64 to see which qemu you are really using? maybe your system has different qemu installed, you need to verify you are using the one downloaded.

[fanghuaqi]

Sorry, I previously added 'export PATH=$(pwd)/Linux'_ Qemu/bin: $PATH "has been added to the~/. bashrc file and can now be run. If possible, could you tell me the difference between the two? Thank you

There is another issue, after executing make run qemu, it got stuck in this interface. How can I solve it? Thank you

1. The qemu downloaded from this link is the lastest qemu from Nuclei, still in development, and have some new features, you can check it by qemu-system-riscv64 --version, another one, I suppose you are download it from our website, it is a official release 2022.12.
2. Please remove work directory under nuclei linux sdk, and make sure you are on feature/optee_5.10 branch, and git submodule updated successfully, and no local changes have been made, and then rebuild this sdk. We also post sample git output in this issue.

Thanks

[fanghuaqi]

Hello, I just came into contact with the Riscv and tee fields, and I have another question. May I ask if this project uses qemu/spike to simulate the Riscv environment?

Hi @JESSIY225 , thanks for contact with me, here are some brief answer below:

1. This issue demostrated how to execute OpTEE on a RISC-V processor emulated using Nuclei QEMU
2. qemu and spike are both isa simulator, but qemu contains much more features, we can implement a simple virtual SoC in it, and execute software on it like a real SoC.
3. This RISC-V processor emulated in QEMU is Nuclei RISC-V Processor UX900 series, check https://nucleisys.com/product/900smp.php
4. If you have all your source code and preprequites list in this issue installed, you should be able to run it successfully, we have done this in our own PC many times, so please double check your build log, see what error you may miss

If you are looking for help with RISC-V architecture, please check isa manual here, if your research team are interested in commerical risc-v cpu product with TEE feature, you can contact with me, I can introduce our company sales to you.

Thanks