• State Accepted Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 346 subscribers
  • Views 7227 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

AM3352 TrustZone

Roma B.

Hello,

We want to develop complete IoT platform using  ARMmbed OS platform for an IoT application, based on TI's AM3352. Security and over the air firmware upgrade of another co-processor are of primary concern. As per our understanding, to build TrustZone, using ARMmbed we need to develop a Trust Execution Environment, which is based on Trusted (secure) Boot and Trusted OS.

We have following queries:

- How do we implement Secure boot or Trusted boot feature using AM3352. Refer link of datasheet (http://www.ti.com/lit/gpn/am3352) which clearly mentions Secure Boot is possible. However, unable to find any further reference for same.

- ARMmbed OS Secure architecture implemented on uVisor, however this is only available for ARM M0 and M4 based CPU, can we port ARMmbed OS on AM3352 (A8 core) implementing all security features. Kindly confirm.

- Has ARMmbed OS (OS2 or OS5) been implemented on AM3352 board platform? Is there BSP and other software files available for same? Kindly confirm.

- Additionally, from our understanding, we need "Monitor" mode to support TrustZone, so if ARM based CPU does not have this feature, we cannot use that processor. Kindly do confirm.

- Can we port ARMmbed OS version 5 on AM3352? From our understanding ARMmbed OS 5 version has RTOS integrated, from hardware aspect, additional to Secure Boot interface and Secure memory interface we will also need to have Secure RTC timer. Is this correct?

Kindly do revert to our queries, at the earliest.

Thanks,

Roma

  • +1

    A secure monitor is present in ROM on TI SoCs, but in "GP" (General Purpose) parts all it does is lock secure world down and perform an essentially irreversible transition to non-secure world (apart from providing a few secure monitor calls to write to certain CP15 registers).

    If you want secure boot on a TI SoC you will need an "HS" (High Security) part, for which you will need to contact TI to obtain details under NDA. (There's one exception to this: the OMAP-L138 and some related parts have "Basic Secure Boot", but no TrustZone)

    Either way you can't deploy your own TrustZone secure monitor on these SoCs as far as I know.