trust-zone

I'm trying to emulate TrustZone features in Qemu. I've found two links that seems explain this process. The First Reference doesn't attach the image kernel that supports TrustZone (where can I find it?) The Second Reference explains how can I compile a kernel but it doesn't start with the command line written in the first website which is as follows ./arm-softmmu/qemu-system-arm -kernel $PATH_TO_KERNEL/zImage -M vexpress-a15 -cpu cortex-a15 -dtb PATH_TO_DTB/vexpress-v2p-ca15-tc1.dtb -m 1024 -append 'console=ttyAMA0,38400n8' -serial stdio -initrd $PATH_TO_INITRD/initrd.img Is there an alternate

Context I want to have a rich GNU/Linux OS running in the Normal world and a small OS with an integrated Monitor running in the Secure world . Requirement We have to absolutely avoid the Normal world to access the Secure world memory region. Question Which feature(s) of TrustZone do we need to use/activate to fulfill this requirement? I'd like to use only the necessary features to minimize the work needed. Details I've read quite a lot of ARM TrustZone documentation, I'm aware of TZPC , TZASC , MMU with security extensions, but I can't figure out how to avoid the following threat: What would

Does anyone know how to implement the example of TrustZone running "Secure world" and "Normal world" given on the ARM documentation website below on the ZedBoard? Any documentation on this subject (running TrustZone on the ZedBoard) would be also helpful. http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.faqs/ka15417.html The ZedBoard has a Xilinx : Zynq® -7000 All Programmable SoC Dual ARM® Cortex™-A9 MPCore™. More information on the ZedBoard can be found here: http://www.zedboard.org/content/overview This is a broad topic. Hopefully some of the following information will help.

I am wondering if anyone have any information on development boards where you can utilize ARM TrustZone? I have the BeagleBoard XM which uses TI's OMAP3530 with Cortex-A8 processor that supports trust zone, however TI confirmed that they have disabled the function on the board as it is a general purpose device. Further research got me to the panda board which uses OMAP4430 but there is no response from TI and very little information on the internet. How do you learn how to use trust zone? Best Regards Mr Gigu As far as I know, all the OMAP processors you can get off-the-shelf are GP devices, i

Can some one please explain to me that after the CPU is taken to secured mode, (Monitor program sets the NS = 0 ), how does the secure OS gets scheduled? Is it that now that the CPU is in secured mode, the timer tick interrupt would be handled by the Secured OS and not the Non-Secured world? artless noise The monitor mode setting NS=0 will set CP15 registers visible from monitor mode. See: monitor mode IFAR/IFSR... . When the monitor mode switches to another mode and NS=0 , then the mode is the secure world version; meaning the banked CP15 registers are the secure version. Also the NS bit is

How can I develop applications that use Arm's trust zone? Specifically, I want to develop a program that can save sensitive data in the secure world. Should this program run in the normal world or the secure world? I know there are trustlets in the secure world, do I need to develop trustlets? Are there SDK or API that I can use to directly interact with an existing secure world os or do I need to compile and install my own secure os? Any advice will be greatly appreciated. Thank you! artless noise There are two extremes. These are documented in the Software overview chapter of ARMs Security

As per this link http://infocenter.arm.com/help/index.jsp?topic=/com.arm.doc.ddi0333h/Chdfjdgi.html under System boot sequence ... Program the partition checker to allocate physical memory available to the Non-secure OS. What is the partition checker? Is it a subsystem which has registers, what is its programming model ? artless noise What is the partition checker? It is outside of the TrustZone specification for the CPU. However, in a nut shell it partitions or divided memory spaces into different permitted accesses. If the access is not permitted, it throws an external BUS error . Is it a