Running of the Trusted Application on Vim1S

VIM1S
1

Hi.
Is there any option to launch the trusted application on the S905Y4?
I compiled the sample TA but on board OP-TEE OS claims that the TA have to be signed

[TEE] E/TC:? 00 [ATOS] *ERROR* TA((null) 8aaaf200-2450-11e4-abe2-0002a5d5c51b) unsigned!
[TEE] E/LD:   init_elf:259 sys_open_ta_bin(8aaaf200-2450-11e4-abe2-0002a5d5c51b)
[TEE] E/TC:? 00 init_with_ldelf:229 ldelf failed with res: 0xffff000f

The problem is I cannot sign the sample TA with the custom RSA private key as the public part is not embedded into the OP-TEE.
…I guess the option is Khadas should share the test RSA key pair with the community.

2

@NewDwarf for VIM1S:

==== APP Signing for Windows & Linux PC ====

  1. According to your SBC model and system version, download the two platform key files [[https://dl.khadas.com/products/vim1s/development/signtools/platform.x509.pem|platform.x509.pem]] and [[https://dl.khadas.com/products/vim1s/development/signtools/platform.pk8|platform.pk8]].

  2. Download the Java Signing Tool [[https://dl.khadas.com/products/vim1s/development/signtools/signapk.jar|signapk.jar]].

  3. Download the library-dependency [[https://dl.khadas.com/products/vim1s/development/signtools/libconscrypt_openjdk_jni.so|libconscrypt_openjdk_jni.so]] and put it in the ‘‘signlib’’ directory.

  4. Install the [[https://docs.oracle.com/en/java/javase/17/install/overview-jdk-installation.html|JDK Tool]].

  5. Execute the shell command:

java -Djava.library.path=signlib -jar signapk.jar platform.x509.pem platform.pk8 unsigned.apk signed.apk
3

Thank you for your answer but my question was about signing the trusted application.
https://optee.readthedocs.io/en/latest/building/trusted_applications.html#signing-of-tas

The workflow of releasing of the signing key is

  1. Khadas generates the RSA key pair and shares the public part with the chipset vendor (AML).
  2. AML embeds the public RSA key into the ATOS (Amlogic Trusted OS).
  3. Khadas shares the RSA key pair with community.
  4. Anyone, who wants to run the trusted application on the VIM 1S board, signs the TA and launches it on the board.

…but your answer is about signing of the Android packages (*.APK).