Instructions for running Sirenia both on ManaTEE and non-ManaTEE environments.
cd ~/trunk/src/platform2/sirenia cargo build --workspace
The binaries are statically compiled so they can be copied to the target device using scp:
cd ~/trunk/src/platform2/sirenia ssh test-device-hostname mount -o remount,rw / scp ./target/debug/dugong ./target/debug/manatee ./target/debug/trichechus test-device-hostname:/usr/bin/
Unit testing using cargo
cd ~/trunk/src/platform2/sirenia cargo test --workspace
USE=sirenia
instructs target-chromium-os to install sirenia and its dependencies as well as enables the security.Manatee.fake tast test. It is set by default for the amd64-generic and arm64-generic boards, but can be set to enable the same features when building an image of your choice. In this mode the trichechus
and TEE app binaries are installed to /usr/bin/
alongside dugong
, and manatee
but the upstart init scripts are not installed for dugong
or cronista
.
USE=sirenia ./build_packages --board=${BOARD}
or
emerge-${BOARD} manatee-runtime manatee-client cronista sirenia cros deploy --deep <target> cronista manatee-client sirenia manatee-runtime
The trichechus, cronista, dugong, and tee binaries can be found in /usr/bin
Each command starts a part of the sirenia system and outputs the address and port to connect the next step in the setup process to. E.g. when you run cronista, it will output something like [INFO:src/main.rs:50] waiting for connection at: ip://127.0.0.1:32881
which is the address and port to connect trichechus to:
/sbin/minijail0 -u cronista -- /usr/bin/cronista -U ip://127.0.0.1:0 /usr/bin/trichechus -U ip://127.0.0.1:0 -C ip://127.0.0.1:<port> /sbin/minijail0 -u dugong -- /usr/bin/dugong -U ip://127.0.0.1:<port>
There are 2 options for telling dugong to start up a new TEE app. The preferred method is by calling manatee_runtime
like so:
manatee -a demo_app
The other option is to send a dbus command to dugong to start up a tee app
dbus-send --system --type=method_call --print-reply --dest=org.chromium.ManaTEE /org/chromium/ManaTEE1 org.chromium.ManaTEEInterface.StartTEEApplication string:demo_app
The binaries have usage messages when run with the -h
flag that say the build timestamp as well as the usage of the binary.
tast run test-device-hostname security.Manatee.fake
Note: Board must have been built with USE=sirenia set or you must add sirenia to /usr/local/etc/tast_use_flags.txt
Manatee boards set the manatee
USE flag which does the following:
Note: The only manatee board options at the moment are {hatch,volteer-brya}-manatee
.
emerge-${BOARD} manatee-runtime cronista sirenia
tast run test-device-hostname security.Manatee.real