I am wondering if anyone have any information on development boards where you can utilize ARM TrustZone? I have the BeagleBoard XM which uses TI's OMAP3530 with Cortex-A8 processor that supports trust zone, however TI confirmed that they have disabled the function on the board as it is a general purpose device.
Further research got me to the panda board which uses OMAP4430 but there is no response from TI and very little information on the internet. How do you learn how to use trust zone?
Best Regards Mr Gigu
To solve these issues, Arm introduced Arm® TrustZone® technology: Starting in 2004 with their Arm1176JZ-S™ processor. Included in all their A-Class (apps) designs since then. Arm recently started introducing it in their M-Class, IoT focused cores.
Abstract—ARM TrustZone is a hardware security extension technology, which aims to provide secure execution environment by splitting computer resources between two execution worlds, namely normal world and secure world.
In order to achieve a root of trust and further benefit from secured storage and reporting of security related platform metrics, a dedicated Trusted Platform Module (TPM) was incorporated into the ARM processor platform. Infineon's OPTIGA™ TPM, compliant with TPM 1.2 Rev.
The Arm® TrustZone® technology for Armv8-M is a security extension that is designed to partition the hardware into secure and non-secure worlds. With the Arm® TrustZone® technology and software method, the STM32L5/U5 microcontrollers (MCUs) provide a secure application with good design flexibility.
As far as I know, all the OMAP processors you can get off-the-shelf are GP devices, i.e. with the TrustZone functions disabled (or else they're processors in production devices such as off-the-shelf mobile phones, for which you don't get the keys). The situation is similar with other SoC manufacturers. Apart from ARM's limited publications (which only cover the common ARM features anyway, and not the chip-specific features such as memory management details, booting and loading trusted code), all documentation about TrustZone features comes under NDA. This is a pity because it precludes independent analysis of these security features or leverage by open-source software.
I'm afraid that if you want to program for a TrustZone device, you'll have to contact a representative of TI or one of their competitors, convince them that your application is something they want to happen, and obtain HS devices, the keys to sign code for your development boards, and the documentation without which you'll have a very hard time.
As of today OP-TEE runs on quite a few devices (see OP-TEE platforms supported) and several of them are development boards readily available. To name a few HiKey, Raspberry Pi3, ARM Juno Board, Freescale i.MX6 variants etc. Either you could pick up one of those or you could simply try it all using QEMU which is very well supported in OP-TEE.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With