从零开始的openEuler/CCA开发环境搭建:依赖安装到源码编译全攻略

发布时间:2026/7/2 20:53:19

从零开始的openEuler/CCA开发环境搭建:依赖安装到源码编译全攻略 从零开始的openEuler/CCA开发环境搭建依赖安装到源码编译全攻略【免费下载链接】CCAARM Confidential Computing Architecture stacks and solutions项目地址: https://gitcode.com/openeuler/CCA前往项目官网免费下载https://ar.openeuler.org/ar/openEuler/CCA是ARM Confidential Computing Architecture机密计算架构的开源实现本文将带你完成从依赖安装到源码编译的完整开发环境搭建流程帮助新手快速上手这一安全计算技术。 环境准备硬件与系统要求搭建openEuler/CCA开发环境需要满足以下基础条件处理器架构aarch64ARM64操作系统openEuler-25.09内核版本Linux 6.6.0-102.0.0.5.oe2509.aarch64Host及Guest终端工具建议使用MobaXterm Professional Edition v10.5及更高版本 第一步安装核心依赖工具1.1 初始化repo工具repo工具用于管理多仓库代码执行以下命令安装curl -L https://mirrors.tuna.tsinghua.edu.cn/git/git-repo -o repo chmod x repo1.2 配置rpmbuild环境rpmbuild用于构建RPM包执行yum install rpm-build mkdir -p /root/rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}1.3 安装必备依赖包执行以下命令安装开发所需的依赖组件pip install cryptography -i https://pypi.tuna.tsinghua.edu.cn/simple yum install python3-pyelftools yum install acpica-tools yum install cmake yum install elfutils-libelf-devel dwarves yum install xterm xorg-x11-xauth yum install go1.4 配置wget证书验证创建wget配置文件关闭证书验证echo check_certificate off ~/.wgetrc 第二步获取与初始化源码仓库2.1 克隆openEuler/CCA项目使用以下命令克隆官方仓库git clone https://gitcode.com/openeuler/CCA cd CCA2.2 初始化QEMU虚拟环境创建工作目录并同步代码mkdir ~/cca cd ~/cca repo init -u https://git.codelinaro.org/linaro/dcap/op-tee-4.2.0/manifest.git -b cca/v9 -m qemu_v8_cca.xml --repo-url https://mirrors.tuna.tsinghua.edu.cn/git/git-repo repo sync -j8 --no-clone-bundle2.3 编译工具链初始化构建环境并编译工具链cd build make -j8 toolchains make -j8⚙️ 第三步源码配置与编译3.1 准备内核源码获取并配置Linux内核源码# 安装内核源码包 rpm -ivh kernel-6.6.0-102.0.0.5.oe2509.src.rpm rpmbuild -bp /root/rpmbuild/SPECS/kernel.spec --nodeps # 拷贝源码到工作目录 mv ~/cca/linux ~/cca/linux-default cp -r /root/rpmbuild/BUILD/kernel-6.6.0/linux-6.6.0-102.0.0.5.aarch64 ~/cca/linux3.2 配置内核编译选项进入内核目录并配置编译选项cd ~/cca/linux make openeuler_defconfig通过make menuconfig开启以下CCA必要选项CONFIG_NET_9Py CONFIG_VIRTIO_CONSOLEy CONFIG_NET_9p_VIRTIOY CONFIG_NET_FAILOVERy CONFIG_VIRTIO_BLKy CONFIG_SCSI_VIRTIOy CONFIG_MACVLANY CONFIG_MACVTAPY CONFIG_VIRTIO_NETy CONFIG_VIRTIO_PCIy CONFIG_VIRTIO_MMIOy CONFIG_EXT4_FSy CONFIG_NETFS_SUPPORTy CONFIG_9P_FSy CONFIG_TSM_REPORTy CONFIG_ARM_CCA_GUESTy编译内核镜像make -j Image3.3 编译QEMU与libvirt3.3.1 准备QEMU源码rpm -ivh qemu-8.2.0-44.oe2509.src.rpm rpmbuild -bp /root/rpmbuild/SPECS/qemu.spec --nodeps cp -r /root/rpmbuild/BUILD/qemu-8.2.0 ~/cca/3.3.2 准备libvirt源码rpm -ivh libvirt-9.10.0-18.oe2509.src.rpm rpmbuild -bp /root/rpmbuild/SPECS/libvirt.spec --nodeps cp -r /root/rpmbuild/BUILD/libvirt-9.10.0 ~/cca/3.3.3 配置源码路径cd ~/cca/out-br vim local.mk # 添加以下内容 QEMU_CCA_OVERRIDE_SRCDIR~/cca/qemu-8.2.0 LIBVIRT_OVERRIDE_SRCDIR~/cca/libvirt-9.10.03.3.4 编译QEMUcd ~/cca/buildroot-external-cca # 应用补丁详见官方文档 cd ~/cca/buildroot make qemu-cca-dirclean O../out-br make -j qemu-cca O../out-br3.3.5 编译libvirtcd ~/cca/buildroot # 应用补丁详见官方文档 make BR2_EXTERNAL../buildroot-external-cca cca_defconfig make menuconfig # 配置选项 make savedefconfig make libvirt-dirclean O../out-br make -j libvirt O../out-br3.4 生成rootfs文件系统cd ~/cca/build make buildroot️ 第四步启动与验证环境4.1 启动Host虚拟机cd ~/cca/build make run-only正常启动后会出现4个终端窗口FirmWare、HostHost OS、Secure和RealmGuest OS。4.2 创建并启动Guest虚拟机4.2.1 创建配置文件创建realm.xml配置文件domain typekvm xmlns:qemuhttp://libvirt.org/schemas/domain/qemu/1.0 namerealm/name memory unitMiB2048/memory vcpu placementstatic2/vcpu os type archaarch64 machinevirthvm/type kernel/mnt/out/bin/Image/kernel initrd/mnt/out-br/images/rootfs.cpio/initrd cmdlinerodatafull earlyconpl011,0x10009000000 consolettyAMA0/cmdline /os launchSecurity typecca measurement-algosha256/measurement-algo personalization-valueICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIEknbSBhIHRlYXBvdA/personalization-value measurement-log stateoff/ /launchSecurity features gic version3 itson/ kvm hidden stateoff/ /kvm /features cpu modehost-passthrough/ devices console typepty target typeserial port0/ /console /devices qemu:commandline qemu:arg value-nographic/ /qemu:commandline /domain4.2.2 启动虚拟机在Host OS中执行# 配置libvirtd vim /etc/libvirt/libvirtd.conf # 设置 listen_tls 0 并配置日志 # 启动服务 mkdir /var/log/libvirt touch /var/log/libvirt/libvirtd.log virtlogd libvirtd --daemon --listen --config /etc/libvirt/libvirtd.conf # 创建并启动虚拟机 cd /mnt virsh define realm.xml virsh start realm4.2.3 登录与验证virsh console realm # 在Guest OS中执行证明报告生成命令 cca-workload-attestation report 参考资料官方使用指南docs/zh/2509/cca_user_guide.md驱动代码driver/SDK示例sdk/samples/远程证明组件部署sdk/coco/docs/部署远程证明组件.md通过以上步骤你已成功搭建openEuler/CCA开发环境。如果遇到编译错误可以参考官方文档中的常见编译错误章节进行排查。祝你的机密计算开发之旅顺利【免费下载链接】CCAARM Confidential Computing Architecture stacks and solutions项目地址: https://gitcode.com/openeuler/CCA创作声明:本文部分内容由AI辅助生成(AIGC),仅供参考

相关新闻