I'm at the beginning of learning the arm architecture and I understand this question might have been answered somewhere in the A.R.M document. But I got confused with this particular question and some short answer would be helpful before digging into that thousand page document further.
Suppose I want to implement my own OS (and some standard firmware which goes right after the rom code, like for example UEFI). And I want to make its (their) Secure part(s) too. Can I implement the Monitor? Again I've read not much (to be honest), but the documentation from vendors looks cryptic somewhat on this. For example TRM on TI's Sitara AM3358 SoC in th description of its rom code and its work only states that it starts in Secure (private) mode and then switches into the Public mode. Ok, but what if I want to implement Monitor code with my UEFI/OS? with the present rom code my firmware would be loaded by it and it ends up being in the Non-secure state. The only thing I can do is to issue SMC for some whether not documented or just rudimentary implemented "services" from the monitor mode. But what If I want to take the responsibility of giving users this Secure/NonSecure splitting stuff by my own with my implemetation of this? Or this is impossible for third parties? If that is possible, how do I include my code into that supposed secured path, chain? I mean how do I replace the existing monitor with my own on a security extension capable arm SoC? Should I sign my code, send it for review or else? Maybe there are some answers to this or a direction (not offensive xD) to where should I look for getting the answers.
Thanks! (sorry for the poor english)
from the other posts, the monitor program of AM335x seems to run in the non-secure mode. Therefore, you cannot set your execution environment to the secure mode other than using the SMC instruction.
To avoid this situation, you would write an original boot program and download it into the flash memory (i.e. boot rom).
Of course, I don't know the concrete procedures to do so.
Thank you for the answer.
The monitor software which runs in the non-secure mode isn't a monitor software, as I've understood. Ok, you say that I should replace ROM code for the processor in order to become able to implement (put) my own Secure stack into the SoC. The question is whether I (or anybody else outside the SoC vendor) have a possibility to replace it? Since then I asked the question, I've read the ARM whitepaper on TrustZone and have learnt a lot about it. Still, it's not clear about the possibility to add myself (my secure software) in the chain of trust wich should be established in the Secure Extension capable ARM SoC. I definitely can not become the root of that chain, because I need to be able to put some cryptography related things (hashes of the keys) into the SoC's OTP memory wich is possible only on the SoC manufacture time. If the vendor gives such an ability to become a part of the chain of trust to 3d parties, then this obviously isn't done easily, because there is need to get somewhat validated, approved. What requires a validation process. I doubt vendors bother themselves with this. I never found a mention about such things, which is worse and makes that confusion. So, still, the question about 3d party possibilty of providing Secure software based on TrustZone technology isn't clear for me. And I see the evidence people really don't very understand how to work with it. The following is the quote from a (wellknown) arm SBC designer company support forum, given by the admin as an answer about the state of TZ support in their boards SoC:
"No. we don't know how to handle the TrustZone."
Like not very much motivating, right? If they who make boards and customize linux/u-boot to run on the boards, don't know, then how I may get to know?
according to the "AM335x Sitara™ Processors Technical Reference Manual", your expectation seems to be impossible.
Because Boot ROM would be protected in the secure mode, I guess that user could not write any secure programs.
Or there might be some procedures to write programs in the secure world.
Regarding it, you'd better to contact to Texas Instrument.
Portable display improves your work efficiency, and the convenience is beyond your imagination
View all questions in TrustZone for Armv8-M forum