Download and build

The Trusty repositories are available in the Android Open Source Project (AOSP).

Use these links to find the appropriate Trusty kernel branches in AOSP:

Install Repo

To download Trusty, first download and install Repo.

After Repo has been successfully installed you can clone the Android Trusty repository:

mkdir trusty
cd trusty
repo init -u https://android.googlesource.com/trusty/manifest -b main
repo sync -j32

Build

Use the following to build the generic arm64 image for Trusty:

./trusty/vendor/google/aosp/scripts/build.py generic-arm64

Build results are under build-root/build-generic-arm64/. Look for lk.bin, which is a TEE image with all apps compiled in:

ls build-root/build-generic-arm64/lk.bin

Install

You can assemble lk.bin into a firmware image and flash it to the device. Generating firmware images varies depending on the board being used. Contact your board manufacturer for instructions.

Trusty on QEMU

Install needed packages on host if you haven't already:

sudo apt install libpixman-1-dev libstdc++-8-dev pkg-config libglib2.0-dev libusb-1.0-0-dev

Build (using the build server scripts) trusty and qemu images:

trusty/vendor/google/aosp/scripts/build.py qemu-generic-arm64-test-debug

This also runs all the tests configured for this target.

To manually run a test-runner test (port activation) (com.android.ipc-unittest.ctrl):

build-root/build-qemu-generic-arm64-test-debug/run --headless --boot-test "com.android.ipc-unittest.ctrl"

To run a test-runner test (com.android.ipc-unittest.ctrl) with kernel debug output at boot:

build-root/build-qemu-generic-arm64-test-debug/run-qemu --boot-test "com.android.ipc-unittest.ctrl" --headless --verbose

ATF disables the console before returning to test-runner. To disable this locally comment out all the code in bl31_plat_runtime_setup in external/arm-trusted-firmware/plat/common/aarch64/plat_common.c.

To run a test from the Android shell:

build-root/build-qemu-generic-arm64-test-debug/run-qemu --shell-command "/data/nativetest64/tipc-test/tipc-test -t ta2ta-ipc" --headless

To boot to an interactive shell (from the checked in prebuilt):

build-root/build-qemu-generic-arm64-test-debug/run

This command also has a variety of other overrides available - check --help for more.

If adb devices -l fails when running qmeu.py, the version of adb server that is running on your system might be the wrong version:

adb kill-server

To boot an Android build you have locally:

build-root/build-qemu-generic-arm64-test-debug/run --android path/to/your/android/source/dir

To build Android for Trusty:

mkdir android
cd android
repo init -u https://android.googlesource.com/platform/manifest -b main
repo sync -j32
source build/envsetup.sh
lunch qemu_trusty_arm64-userdebug
m