I'm exploring the possibility of using the Qualcomm Trust Zone to secure TLS certificates and sensitive data, in a Quectel EC21, which mounts a Qualcomm MDM9607
I don't know if Quectel EC21 is suitable for Trust Zone final users usages.
I’m running EC21EFAR06A05M4G_OCPU_20.002.20.002 Quectel FW Version, and typing “make kernel_menuconfig” I found “CONFIG_QTZONE” kernel configuration option. Once enabled it, I built the kernel and flashed, I was able to found a new device in /dev (/dev/tzone).
Quectel EC21 mounts Qualcomm MDM9607 SOC.
Moreover in EC21EFAR06A05M4G_OCPU_20.002.20.002_SDK (the Quectel released SDK) is present a Trust Zone example (ql-ol-sdk/ql-ol-extsdk/example/tzone)
I built it and after tried to execute it, I got
root@mdm9607-perf:/# ./tzapp
dev tzone fd = 3
tzapp aes_gen_key key.blob
tzapp aes_import_key key.blob
tzapp aes_enc key.blob plain_file enc_file
tzapp aes_dec key.blob enc_file dec_file
tzapp rsa_gen_key key.blob
tzapp rsa_sign key.blob plain_file sign_file
tzapp rsa_verify key.blob plain_file sign_file
tzapp rsa_import_keypair key.blob
tzapp rsa_export_pubkey key.blob pubkey_file
tzapp random_gen rnd.blob
tzapp fuse_read <row_num>
I’m not able to got how I could use it. I really don't know how tzapp could import or export rsa keys, and general how it works.
