How to emulate TrustZone in QEMU?

Question

I'm trying to emulate TrustZone features in Qemu. I've found two links that seems explain this process.

The First Reference doesn't attach the image kernel that supports TrustZone (where can I find it?)

The Second Reference explains how can I compile a kernel but it doesn't start with the command line written in the first website which is as follows

./arm-softmmu/qemu-system-arm -kernel $PATH_TO_KERNEL/zImage -M vexpress-a15 -cpu cortex-a15 -dtb PATH_TO_DTB/vexpress-v2p-ca15-tc1.dtb -m 1024 -append 'console=ttyAMA0,38400n8' -serial stdio -initrd $PATH_TO_INITRD/initrd.img

Is there an alternate way to run a TrustZone emulator?

Answer 1

With OP-TEE (an open source TEE) it's very easy to run TrustZone on QEMU. You have the entire stack running code from normal world user space and Linux kernel down to secure world, running both the TEE itself as well as Trusted Applications. QEMU + OP-TEE works on both ARMv7-A and ARMv8-A. If you want to try it out on a local PC I encourage that you head over to optee_os/README.md and follow the instructions in section 4.1, 5 (only QEMU related) and 6. All in all, we're talking about less than 10 commands in a shell and you'll have all the source code downloaded, compiled and everything up and running locally on your PC.

I wrote a blog post about why QEMU is a pretty good choice for doing TrustZone development.