1--- 2permalink: /trustzone-sdk-docs/debugging-optee-ta.md 3--- 4 5# Debugging OP-TEE TA 6 7When developing applications, it is inevitable that there will be a need for 8debugging. This tutorial introduces how to configure the debug environment in 9OP-TEE enabled QEMU environment. You may also check 10[OP-TEE documentation](https://optee.readthedocs.io/en/latest/building/devices/qemu.html) 11for more information about running QEMU for Arm v8. 12 13To debug TEE core running QEMU with GDB, it is necessary to disable TEE ASLR with 14`CFG_CORE_ASLR ?= n` in `OP-TEE/optee_os/mk/config.mk`. Note that you need to 15recompile QEMU with `make run` again. You can also choose to add the compilation 16information directly at compile time. 17```sh 18$ make run CFG_CORE_ASLR=n 19``` 20 21Since we will debug the TA remotely with a `gdb` server, please also add the 22`GDBSERVER=y` flag when compiling QEMU. 23 24To debug a TA, you need to first start a gdb on the host machine. Then run 25`target remote :1234` to connect to the remote QEMU GDB server. 26 27```sh 28$ ./path/to/qemu-v8-project/out-br/host/bin/aarch64-buildroot-linux-gnu-gdb 29(gdb) target remote :1234 30Remote debugging using :1234 31warning: No executable has been specified and target does not support 32determining executable automatically. Try using the "file" command. 330xffffb30b00ea12b4 in ?? () 34``` 35Next, in the GDB console, load the symbol table of the TEE core library. 36 37```sh 38(gdb) symbol-file /path/to/qemu-v8-project/optee_os/out/arm/core/tee.elf 39``` 40Taking `hello_world-rs` as an example, you can get the start address of the text 41section from the log in the secure world console, which is 0x40014000. 42 43```sh 44D/LD: ldelf:168 ELF (133af0ca-bdab-11eb-9130-43bf7873bf67) at 0x40014000 45``` 46 47Then, you can load symbols from TA file (in debug build) to the address. 48```sh 49(gdb) add-symbol-file /path/to/examples/hello_world-rs/ta/target/aarch64-unknown-linux-gnu/debug/ta 0x40014000 50``` 51Now, you can add breakpoints according to your own needs in the corresponding 52functions or addresses. 53```sh 54(gdb) b invoke_command 55Breakpoint 2 at 0xe11bb08: invoke_command. (6 locations) 56``` 57Last, initiate the boot. You can execute `hello_world-rs` in the normal world 58console, and will see that the breakpoint we set was hit. 59```sh 60(gdb) c 61Continuing. 62[Switching to Thread 1.2] 63 64Thread 2 hit Breakpoint 2, ta::invoke_command (cmd_id=0, params=0x4010ff00) at src/main.rs:50 6550 trace_println!("[+] TA invoke command"); 66``` 67