A question about RPI3
danielwangksu opened this issue · 6 comments
Hi there,
I'm not sure if this is a good place to ask. I saw the disclaimer in rpi3.md and I'm wondering what mechanisms are we talking about
Although the Raspberry Pi3 processor provides ARM TrustZone
exception states, the mechanisms and hardware required to
implement secure boot, memory, peripherals or other secure
functions are not available.
Hi Daniel,
For easier understanding, you can think of TrustZone as a package that consists of many IPs/features and the RPi3 SoC only provides the basic/minimum features enough to run a Secure World but none of the more advanced or extra features.
HTH
Another way to put it is that RPi3 is a good device for learning TEE development. When it is up and running it behaves according to the specification. But it lacks the necessary features to be able to make a secure product based on it. So, study, prototype and learning = good device. Making a secure product = not a good device.
@jbech-linaro right but practically it's the same for the other publicly available boards such as HiKey960, which has the hardware support but for which we have no documentation...
@jforissier of course, but the question was about RPi3 :) The general advice is, if you are going to actually make a secure products using TrustZone, then you most likely need to partner with a SoC vendor or OEM in one or another way, since the amount of devices out there that a) has all security features needed b) is open to anyone c) has all documentation ... are unfortunately almost non-existing.
Thank you, everyone, for your comments. I'm not familiar with TrustZone and I would like to learn as much detail as possible. I'm currently reading the OPTEE code. Could you point out some reading materials for me regards to Cortex-A9 or A15 processor? Thank you very much
I'm a bit late to the party, but maybe this comment of mine can also help a bit: ARM-software/tf-issues#606