blackbeard420/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf synced 2025-03-10 09:39:10 -04:00
Code Issues Projects Releases Wiki Activity
esp-idf/examples/security/tee/tee_basic
History
Laukik Hase c4eec756f3
refactor(esp_tee): Revised the secure service ID numbering scheme 
Also:
- Split the secure service table into two parts: one DRAM-resident and the
  other DROM-resident. The former holds the services invoked when the cache is
  disabled or suspended while the latter holds rest of the services.
2025-01-23 12:39:19 +05:30
..
components/example_secure_service
refactor(esp_tee): Revised the secure service ID numbering scheme
2025-01-23 12:39:19 +05:30
main
CMakeLists.txt
feat(esp_tee): Make the attestation service configurable
2025-01-23 12:39:17 +05:30
pytest_tee_basic.py
README.md
sdkconfig.defaults
feat(esp_tee): Make the attestation service configurable
2025-01-23 12:39:17 +05:30

README.md

Supported Targets ESP32-C6

Basic TEE example

Overview

  • This example illustrates the ESP-TEE (Trusted Execution Environment) framework to encrypt/decrypt data using AES within a secure environment.
  • The non-secure world i.e. the Rich Execution Environment (REE) raises a request for AES operation in TEE through the secure service call interface. The TEE performs encrypts/decrypts the given buffer with the AES-256-CBC mode using the key protected by TEE. If the operation is successful, the result of the AES operation is returned in the output buffer provided in the secure service call by the REE.
  • This example also demonstrates how to add custom service calls to TEE. You can refer to components/example_service for more information - see the structure below.
└── example_secure_service       # Component parent directory
    ├── CMakeLists.txt
    ├── example_service.c        # Custom secure service APIs
    ├── example.tbl              # Custom secure service table, which is appended to the default one provided by TEE
    ├── include
    │   └── example_service.h
    └── tee_project.cmake        # To be manually included in the project's top level CMakeLists.txt before project(...)
                                 # Processes the custom service table

How to use the example

Hardware Required

This example can be executed on any development board with a Espressif SOC chip supporting the TEE framework (see Supported Targets table above).

Build and Flash

Before building the example, be sure to set the correct chip target using idf.py set-target <chip_name>.

Build the project and flash it to the board, then run the monitor tool to view the serial output:

idf.py -p PORT flash monitor

(To exit the serial monitor, type Ctrl-].)

See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.

Example Output

I (315) main_task: Calling app_main()
I (315) example_tee_basic: AES-256-CBC operations in TEE
TEE: Secure service call for AES-256-CBC operation
TEE: In PROTECTED M-mode
I (325) example_tee_basic: AES encryption successful!
I (325) example_tee_basic: Cipher text -
I (325) example_tee_basic: ee 04 9b ee 95 6f 25 04 1e 8c e4 4e 8e 4e 7a d3
TEE: Secure service call for AES-256-CBC operation
TEE: In PROTECTED M-mode
I (345) example_tee_basic: AES decryption successful!
I (345) main_task: Returned from app_main()