I'm trying to find a single core ARM based board on which the TrustZone technology is enabled in order to implement a dual execution environment (rich OS next to a microkernel running "in" the TrustZone that will be my TEE). When i search on the internet, I find that the TrustZone extension is enabled on ARM Cortex A8, A9, A15. But on most boards using these processors, this extension is not enabled. Can I have the name of a board on which the TrustZone is enabled ??
Asked
Active
Viewed 322 times
2 Answers
0
The extensions are enabled on all of those CPUs; it's just a question of whether or not they are already used. Take the TI OMAP 35** processors that come on the BBB and PandaBoard dev kits. These SoCs have native TZ support, but the BootROM will actually transition the system into the Normal world prior to switching execution to user-controlled code, like U-boot. So what you really need is a dev kit that has the extensions and doesn't use them. For this, I'd recommend the FriendlyARM board. It uses a Samsung 1176 processor that should be exactly what you're looking for.
engineereeyore
- 108
- 7
-
Thank you for your answer. But how can you know if a board boots on the normal or the secure world ? – EngineerN Apr 02 '15 at 21:05
0
Sorry, can't seem to comment.
Just read the SCR. One of two things will typically happen depending upon whether you are in the Secure world or Normal world. If the read succeeds and you get a '0' for the NS-bit, you're in the Secure world. If the read fails, you are in the Normal world. The SCR is not accessible from the Normal world, so when you attempt to read it, it should results in an Undefined Instruction exception.
If you're looking for a way to determine if you have access to the Secure world on a board before you actually purchase it, your best bet are forums and sometimes datasheets. The information is often not surrounded by neon lights unfortunately. For instance, the AM335 processor on the BBB has a section in the data sheet titled, "Secure Monitor Calls to Access CP15 Registers". It's obvious from reading this section the the Secure world is used by proprietary code and you're out of luck, but they don't ever seem to just come right out and say that. It's rather annoying. :)
engineereeyore
- 108
- 7
-
No problem. To read the register I saw in the ARM information center that i have to put this instruction : MRC p15, 0,
, c1, c1, 0 . But i know only to have access to my board in console mode. So to write this instruction, how can I do ? Create a C file on my PC with an __asm{ MRC p15, 0, – EngineerN Apr 04 '15 at 13:08, c1, c1, 0 ; Read SCR data} instruction, cross-compile it and send it to the board on which i execute it ? -
To execute that instruction (yay, comments work!), you need to do it with PL1 access. There are a couple things you can do. The first approach would be to add the call to a boot loader, such as u-boot, and then print out the value during the normal boot process. If using u-boot, you could just add it as a command so you can halt the boot process, execute the instruction, and get the value. Alternatively, you can write a simple little kernel module and load it once the kernel is up and running. Just put the MRC call into the init function of your module and do a printk of the value. – engineereeyore Apr 05 '15 at 14:39
-
Thank you very much ! You seem to have good knowledges of the ARM TrustZone, maybe i'll have other question to ask you later ahaha – EngineerN Apr 07 '15 at 09:08