This project demonstrates how a Trusted Execution Environment (TEE) can be set up on an AMD Zynq UltraScale+ MPSoC device:
- Using ZCU102 Evaluation Kit with Zynq UltraScale+ ZU9EG (similar workflow can be used for other Zynq MPSoC devices)
- Using PetaLinux Tools & Vitis Embedded (version 2023.2)
- Linux as Rich Execution Environment (REE)
- OP-TEE OS as Trusted Execution Environment (TEE)
- TEE isolation based on Arm TrustZone technology
- Secure Boot with RSA authentication and AES encryption (including Linux kernel)
| Path | Description |
|---|---|
| ./trustzone_demo/ | PetaLinux project to build the linux kernel and OP-TEE, and create the boot image |
| ./write_bbram/ | Vitis Embedded workspace to build a boot image for writing the AES device key to BBRAM |
| ./doc_zcu102_tee_setup.pdf | Documentation providing background information and a step-by-step guide |
-
Use Ubuntu 22.04 (recommended) or Debian 12.
-
Install PetaLinux Tools 2023.2 to
~/petalinux/2023.2, as described in the Documentation. -
Install Vitis Embedded 2023.1 and 2023.2, as described in the Documentation.
-
Clone this repository to
~/petalinux. -
Rename the directory:
mv ~/petalinux/xilinx_zcu102_trustzone_demo/ ~/petalinux/projects/ -
Generate keys, write BBRAM, build Linux and OP-TEE, and generate the boot image as described in the Documentation.
-
Boot the system and test.
-
Start developing your own Trusted Applications!