Hello everyone,First of all, I am not entirely sure if this is the correct forum for my question, but I hope someone can help me.
I have set up JetPack SDK on my Jetson Orin Nano, flashed it with a Custom Kernel and set up OP-TEE along with Disk Encryption. Now, I am trying to implement Measured Boot, with the goal of using the measured data for attestation in the future. While researching, I came across a presentation titled "Measured Boot Support in Trusted Firmware-A (TF-A) project", created by Arm Ltd. employees. This presentation shows that TF-A already has a Measured Boot implementation using a specific driver.
My main question is: Is it possible to use this TF-A driver even though I am working with OP-TEE? I am somewhat unsure about this because, in many places, the TF-A Developer Guide and NVIDIA's documentation seem to be closely intertwined. Additionally, while following the setup instructions, I ended up with an arm-trusted-firmware directory inside /Linux_for_Tegra/source, which was explicitly required at some point in the process. This strongly suggests that OP-TEE and TF-A are designed to work together. However, at the same time, they are technically different TEE OS implementations, which makes me wonder whether this TF-A Measured Boot driver can be used in my setup.
If you need more details (e.g., about my setup), please let me know.Additionally, if using this driver is possible, could someone guide me on how to build it correctly?I have already tried the following command while being in "/home/nik71841/jetpack/jp62/target/Linux_for_Tegra/source/atf_build/arm-trusted-firmware":
make PLAT=tegra TARGET_SOC=t234 MEASURED_BOOT=1 TRUSTED_BOARD_BOOT=1 TPM_HASH_ALG=sha256
With that command I was able to build a bl31 folder in "/home/nik71841/jetpack/jp62/target/Linux_for_Tegra/source/atf_build/arm-trusted-firmware/build/tegra/t234/release" along with the folders "lib, libc, libwrapper and romlib". But I have no idea if thats correct or what to do with that to enable / test measured boot.