TEE文件系统中的文件拆分成一个meta文件和多个block文件存储在非安全端，文件结果如下

/*
 * We split a TEE file into multiple blocks and store them
 * on REE filesystem. A TEE file is represented by a REE file
 * called meta and a number of REE files called blocks. Meta
 * file is used for storing file information, e.g. file size
 * and backup version of each block.
 *
 * REE files naming rule is as follows:
 *
 *   <tee_file_name>/meta.<backup_version>
 *   <tee_file_name>/block0.<backup_version>
 *   ...
 *   <tee_file_name>/block15.<backup_version>
 *
 * Backup_version is used to support atomic update operation.
 * Original file will not be updated, instead we create a new
 * version of the same file and update the new file instead.
 *
 * The backup_version of each block file is stored in meta
 * file, the meta file itself also has backup_version, the update is
 * successful after new version of meta has been written.
 */

以下为TEE通过rpc调用非安全端读写接口

static int ree_fs_open_ree(const char *file, int flags, ...)

static int ree_fs_read_ree(int fd, void *buf, size_t len)

static int ree_fs_write_ree(int fd, const void *buf, size_t len)

static int ree_fs_ftruncate_ree(int fd, tee_fs_off_t length)

static int ree_fs_close_ree(int fd)

static tee_fs_off_t ree_fs_lseek_ree(int fd, tee_fs_off_t offset, int whence)

static int ree_fs_mkdir_ree(const char *path, tee_fs_mode_t mode)

static struct tee_fs_dir *ree_fs_opendir_ree(const char *name)

static int ree_fs_closedir_ree(struct tee_fs_dir *d)

static struct tee_fs_dirent *ree_fs_readdir_ree(struct tee_fs_dir *d)

static int ree_fs_rmdir_ree(const char *name)

static int ree_fs_link_ree(const char *old, const char *new)

static int ree_fs_unlink_ree(const char *file)

static int ree_fs_access_ree(const char *name, int mode)

以下为TEE FS主要函数

static int create_block_file(struct tee_fs_fd *fdp, struct tee_fs_file_meta *new_meta, int block_num)

        //创建block文件，同时修改meta->info.backup_version_table[index] ^= block_mask;

static int remove_block_file(struct tee_fs_fd *fdp, size_t block_num)//删除block文件

static int encrypt_and_write_file(int fd,
        enum tee_fs_file_type file_type,
        void *data_in, size_t data_in_size,
        uint8_t *encrypted_fek)//加密数据并写入到文件

static int read_and_decrypt_file(int fd,
        enum tee_fs_file_type file_type,
        void *data_out, size_t *data_out_size,
        uint8_t *encrypted_fek)//读取加密数据并解密

static struct tee_fs_file_meta *create_meta_file(const char *file)//创建meta文件，meta->info.backup_version_table全ff,

                                 // meta->info.length = 0;meta->encrypted_fek随机，meta->backup_version=0，加密写入

static int commit_meta_file(struct tee_fs_fd *fdp,
        struct tee_fs_file_meta *new_meta)//写入新的meta,删除旧的meta文件

static struct tee_fs_file_meta *open_meta_file(
        const char *file, int version)//读取meta文件

static int read_block_from_storage(struct tee_fs_fd *fdp, struct block *b)//读取block数据

static int flush_block_to_storage(struct tee_fs_fd *fdp, struct block *b,
        struct tee_fs_file_meta *new_meta)//创建block文件并写入数据，更新meta->info.backup_version_table

static int ree_fs_open(TEE_Result *errno, const char *file, int flags, ...)//文件不存在则创建meta文件，存在则读取meta文件、

static int ree_fs_write(TEE_Result *errno, int fd, const void *buf, size_t len)

//创建新block文件并写入数据，更新meta->info.backup_version_table

写入新的meta,删除旧的meta文件

删除旧的block文件

简单总结：比如是原文件是meta0 block1;当写入新的数据时，我们先读取并解密block1，替换要写入的数据，再加密数据，创建新的block0并写入数据，更新meta数据并创建meta1并写入meta数据，最后删除meta0 block1数据。文件系统变成meta1 block0

疑问：若写入新的meta文件时，创建新的meta文件成功，但是在写入新meta数据时断电，此时断电保护可能会失效吧！

新meta文件存在，读取数据长度却为0，可能报    TEE_ASSERT(file_size >= header_size);错误