4

I'd like to start playing with ARM TrustZone, so I'd like to setup a development environment, unfortunatelly I have the feeling I'm still missing something, I don't know how to put everything together.

This is my current picture:

  • A SoC with a Cortex-A processor is required
    • is it possible to develop without a board? i.e. emulators?
  • TrustZone is a Hardware & Software technology
    • If I get a SoC board, is the hardware part already covered?
    • The software (OS/Kernel) part may be solved with GlobalPlatform, OpenTEE, etc.
  • TrustedApplications development
    • Which IDE's are there?
    • How are they deployed to the board?

I know this is a quite extensive question, I'll be happy to get links to online material.

Edit:

Some parts of my question were partially answered, but the most important thing hasn't been answered yet: is the picture I detailed correct and complete? Yes/no, why?

And no, this is not a duplicate of Which ARM based development boards should I use?

ruizpauker
  • 384
  • 7
  • 19
  • Possible duplicate of [Which ARM based development boards should I use?](https://stackoverflow.com/questions/8148845/which-arm-based-development-boards-should-i-use), as well, there are several [Cortex-A5 boards](https://www.fs-net.de/en/products/armstone/armstonea5/) with some cheaper than the first one I found. Probably other boards come and go. I think that some Pi boards can use TrustZone. – artless noise Jan 11 '18 at 16:45
  • I just edited my question highlighting the missing parts. – ruizpauker Jan 11 '18 at 17:22
  • Please remove 'any recommendations' on the board then. This is also off topic for stack overflow. Also, you have many many questions, not one. You need to do some more research. Specifics will depend on the application of TrustZone. A question like "how do I use 'C'" is too general. Some of your questions are very general because you ask for recommendations and then ask questions about the recommendations. Please read [tag:trust-zone] QA. – artless noise Jan 11 '18 at 19:10
  • Possible duplicate of https://stackoverflow.com/questions/29390762/how-to-emulate-trustzone-in-qemu/55685392#55685392 – Stoogy Apr 15 '19 at 08:45
  • @Stoogy no, it's not, that question is QEMU specific, this one is more about hardware. – ruizpauker Apr 18 '19 at 12:22
  • You are asking multiple questions. This is for the first question you asked ("I'd it possible to develop without a board"). – Stoogy Apr 18 '19 at 20:54

1 Answers1

5

For emulator, you can use ARM Fast Model (https://developer.arm.com/products/system-design/fast-models) if you have the budget.
QEmu might have some Trustzone support but I am not sure how reliable is the Trustzone implementation (What works on QEmu might not work on real hardware). joakim-bech (one of the lead engineer working on an Open-Source implementation of Trusted OS) said in his stackoverflow response it should work; And he has still confirmed it in the blog post TEE Development With No Hardware - Is That Possible?...

I would recommand you to have a look at the list of platforms supported by Optee - Open Portable Trusted Execution Environment: https://github.com/OP-TEE/optee_os#3-platforms-supported

The answers to your other questions would really depend of the platform you use, your budget, your development environment, etc

For less than $150:

If you want to stick to Windows you might have to build qEmu yourself (qEmu seems to support Windows but I am not sure if the Windows already-built binaries support Trustzone). In term of HW board, I use the Hikey board (currently at $119) for my Trustzone development.
Using Linux for the development will probably save you some time as for this budget you will probably have to use Open-Source solutions that generally primarily support Linux.

To start developing a Trusted App for OP-TEE:
I used this presentation: https://www.slideshare.net/linaroorg/lcu14103-how-to-create-and-run-trusted-applications-on-optee
I updated/improved the original example code, my changes could be found here: https://github.com/oliviermartin/lcu14_optee_hello_world

OlivierM
  • 2,820
  • 24
  • 41
  • I'm running mainly Windows with an Intel processor, but I could also use linux, my budget is around $200, I'm used to VisualStudio and Eclipse IDE's. – ruizpauker Jan 10 '18 at 18:38
  • @ruizpauker I edited my answer with a Trustzone development environment suggestion for a budget of $150 or less. – OlivierM Jan 10 '18 at 19:25
  • thank you very much, very appreciated! I'll read Hikey docs thoroughly to see if I can fill the gaps. You mention you develop(ed) TrustedApps, would you mind to share some links on how to do it? – ruizpauker Jan 11 '18 at 17:32
  • @ruizpauker Post updated with Trusted App development – OlivierM Jan 11 '18 at 17:41
  • The slide you provided mostly filled the gaps. – ruizpauker Jan 11 '18 at 17:54