Search code examples
armtrustzonesoctrusted-computing

How to setup a TrustZone development environment

I'd like to start playing with ARM TrustZone, so I'd like to setup a development environment, unfortunatelly I have the feeling I'm still missing something, I don't know how to put everything together.

This is my current picture:

  • A SoC with a Cortex-A processor is required
    • is it possible to develop without a board? i.e. emulators?
  • TrustZone is a Hardware & Software technology
    • If I get a SoC board, is the hardware part already covered?
    • The software (OS/Kernel) part may be solved with GlobalPlatform, OpenTEE, etc.
  • TrustedApplications development
    • Which IDE's are there?
    • How are they deployed to the board?

I know this is a quite extensive question, I'll be happy to get links to online material.

Edit:

Some parts of my question were partially answered, but the most important thing hasn't been answered yet: is the picture I detailed correct and complete? Yes/no, why?

And no, this is not a duplicate of Which ARM based development boards should I use?

Solution

  • For emulator, you can use ARM Fast Model (https://developer.arm.com/products/system-design/fast-models) if you have the budget.
    QEmu might have some Trustzone support but I am not sure how reliable is the Trustzone implementation (What works on QEmu might not work on real hardware). joakim-bech (one of the lead engineer working on an Open-Source implementation of Trusted OS) said in his stackoverflow response it should work; And he has still confirmed it in the blog post TEE Development With No Hardware - Is That Possible?...

    I would recommand you to have a look at the list of platforms supported by Optee - Open Portable Trusted Execution Environment: https://github.com/OP-TEE/optee_os#3-platforms-supported

    The answers to your other questions would really depend of the platform you use, your budget, your development environment, etc

    For less than $150:

    If you want to stick to Windows you might have to build qEmu yourself (qEmu seems to support Windows but I am not sure if the Windows already-built binaries support Trustzone). In term of HW board, I use the Hikey board (currently at $119) for my Trustzone development.
    Using Linux for the development will probably save you some time as for this budget you will probably have to use Open-Source solutions that generally primarily support Linux.

    To start developing a Trusted App for OP-TEE:
    I used this presentation: https://www.slideshare.net/linaroorg/lcu14103-how-to-create-and-run-trusted-applications-on-optee
    I updated/improved the original example code, my changes could be found here: https://github.com/oliviermartin/lcu14_optee_hello_world