[Librem-5-dev] Plans for boot flow / secure world
angus.ainslie at puri.sm
Sun Dec 30 07:34:04 PST 2018
On 2018-12-28 5:13 p.m., Andy Green via Librem-5-dev wrote:
> Hi -
> iMX8 has boot support in Arm Trusted Firmware
> I'm wondering what the plans / goals for boot, trustzone and TEE on
> the final product are. One way to look at it is that you need a TEE
> to support some applications that are coming that are split between a
> regular application and a TA. Another equally valid way to look at it
> is this simply enables "trusted" (by whom...) code to mess with your
> device at a low level. So I am curious about the approach.
> OP-TEE has support up to imx7 from a quick look
> so probably not a huge amount needed there.
> From the boot console at the moment, either ATF is silent or not
> present, presumably the latter.
ATF is being installed as part of the the u-boot/build install
> ATF has some advantages that it can provide chain-of-trust boot for
> Secure World TEE as you would expect, but also with some minor
> modifications it can boot a Linux image directly from the signed BL3
> However it needs both some support from NXP in terms of disclosing the
> trustzone implementation a bit, and ultimately how to read keys from
> fuses etc to actually make it secure.
> Librem-5-dev mailing list
> Librem-5-dev at lists.community.puri.sm
More information about the Librem-5-dev