m4sterchain opened a new issue, #189:
URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/issues/189
The current Quick Start for the Teaclave TrustZone SDK requires first-time
Trusted Application (TA) developers to manually follow multiple setup steps,
making the onboarding process cumbersome. Meanwhile, the project already has
reproducible CI environments in place—but those aren't directly usable by
developers.
This proposal introduces prebuilt Docker images tailored for TA development,
aiming to streamline the setup process and accelerate prototyping. These images
will be parameterized built and versioned, which include:
- Specific combination of Teaclave SDK version and OP-TEE version
- Target platform (e.g. qemu_v8) and architecture for OP-TEE setup
- Build mode (e.g. build or dev)
- Runtime configuration (e.g. std or no_std) for Teaclave TA build
## Docker Image Naming Convention
Images will follow this format:
```
teaclave-${SDK_VER}-optee-${OPTEE_VER}-${platform}-${ARCH}-${std|no_std}-${build|dev}
```
Examples:
```
teaclave-0.4.1-optee-4.5.0-qemu_v8-arm-no_std-build
teaclave-0.4.1-optee-4.5.0-qemu_v8-aarch64-std-build
teaclave-0.4.1-optee-4.5.0-qemu_v8-aarch64-no_std-dev
```
## Image Types
- 🛠️ build: Contains all necessary toolchains to build TAs for the target
platform.
- 🧪 dev: Superset of build, with additional runtime dependencies to run/test
TAs on QEMU for daily development.
## Benefits
- 🧃 One-step setup for new developers
- 📦 Reproducible builds with pinned dependencies
- 🧱 Configurable via Docker build arguments for advanced use cases
- 🚀 Enables real "Quick Start" experience
## Example Usage
Once the images are published on DockerHub, beginner TA developers can start
using the SDK out of the box with minimal setup, ideal for experimenting and
developing in Rust. For more advanced developers, the provided Dockerfiles
expose configurable build arguments, allowing them to customize and build
images tailored to their specific platforms or preferences.
```
git clone https://github.com/apache/incubator-teaclave-trustzone-sdk.git
cd incubator-teaclave-trustzone-sdk
docker run -it -v $(pwd):/root/teaclave-sdk \
teaclave-0.4.1-optee-4.5.0-qemu_v8-arm-no_std-build /bin/bash
cd teaclave-sdk
make examples
...
```
@ivila @DemesneGH — since you're the experts on the existing CI image setup,
I’d love your input on extending the multi-stage Dockerfile to support
customizable build/dev images for TA developers. This is still a rough
proposal, so feel free to refine any part of it. Just wanted to share the
concept and get your thoughts on how we might align this with the existing CI
flow.
The idea is to streamline onboarding for beginners by providing prebuilt
images, while also enabling advanced users to tweak their setup via build
arguments. Here’s a rough sketch of the direction:
```
ARG SDK_VER=0.4.1
ARG OPTEE_VER=4.5.0
ARG PLATFORM=qemu_v8
ARG ARCH=aarch64
ARG STD_TYPE=no_std
FROM ubuntu:24.04 AS base
# Install dependencies (toolchains, etc.)
FROM base AS build
# Setup build environment based on parameters
FROM build AS dev
# Setup dev environment (e.g., QEMU, test tools)
```
Build example:
```
docker build \
--build-arg SDK_VER=${SDK_VER} \
--build-arg OPTEE_VER=${OPTEE_VER} \
--build-arg PLATFORM=${PLATFORM} \
--build-arg ARCH=${ARCH} \
--build-arg STD_TYPE=${STD_TYPE} \
--target ${stage} \
-t ${TAG}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
