根据手册说明,为了使用gdb调试TEE core,在禁用优化的情况下,不必指定特殊参数。需要有四个console:
- QEMU console
- NW UART console
- SW UART console
- GDB console
前三个console是测试xtest时介绍过的,最后一个需要我们手动启动。
启动qemu。
这里需要注意,编译或启动需要禁用CFG_CORE_ASLR;所有的操作时基于工程路径的。
$ cd build
# make run-only also works if you don't want to rebuild things
$ make -j2 run QEMU_VIRTFS_ENABLE=y QEMU_USERNET_ENABLE=y GDBSERVER=y CFG_CORE_ASLR=n CFG_TA_ASLR=n
在GDB console操作
$ toolchains/aarch64/bin/aarch64-linux-gnu-gdb -q
在gdb中连接QEMU GDB server,注意下面输出消息中的地址
(gdb) target remote localhost:1234
Remote debugging using localhost:1234
warning: No executable has been specified and target does not support
determining executable automatically. Try using the "file" command.
0x0000000000000000 in ?? ()
加载符号表
(gdb) symbol-file optee_os/out/arm/core/tee.elf
Reading symbols from optee_os/out/arm/core/tee.elf...
设置断点
(gdb) b tee_entry_std
Breakpoint 1 at 0xe1113d8: file core/arch/arm/tee/entry_std.c, line 528.
(gdb) b tee_ta_init_pseudo_ta_session
Breakpoint 2 at 0xe1058a8: file core/arch/arm/kernel/pseudo_ta.c, line 299.
启动程序
在第2步后,为了启动内核,需要在GDB console中运行continue,
(gdb) c
Continuing.
与此同时,我们可以看到Linux kernel启动,TEE启动的输出信息,而且停止在了断点出。
[Switching to Thread 1.2]
Thread 2 hit Breakpoint 1, tee_entry_std (arg=arg@entry=0xf000000,
num_params=num_params@entry=2) at core/arch/arm/tee/entry_std.c:528
528 return __tee_entry_std(arg, num_params);
查看调用栈,截图如下
参考
Question: fail to hit the breakpoint on vexpress-qemu_virt(armv8)
Question: GDB: How to figure out the tee.elf load address?
版权声明:本文为zmnbehappy原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。