Hello everyone,
I’m doing some prototyping using QorIQ DPAA and ARM TrustZone mechanisms on the LS1046ARDB board. I was wondering if it was possible to isolate at least one Ethernet interface in the TEE, therefor being only usable by the secure-world, while the rest of the network interfaces would belong to the REE.
I’ve read on the QorIQ LS1046A Reference Manual Rev. 2, Chapter 14.5.1, p559 "The QMan is always a non-secure master”. So, if I understand correctly, this also implies BMan and FMan need to be non-secure. Basically, the entire DPAA can only run in non-secure mode. Meaning I cannot have a network interface only accessible by the secure-world. Is my conclusion correct ?
Many thanks for your answers
Hello adi poubelle,
Please refer to the following ARM Trustzone architecture in software perspective.
ARMV8 processor has four execution levels(EL0-EL3), EL3 divides a physical processor into two logical processors.
Linux(or common OS) including DPAA driver runs in EL1 in the normal world.
In fact TEE provides an isolated environment to ensue code/data(such as private keys, customer's data) integrity and confidentiality to avoid accessed and tampered from the normal world.
You could refer to this document OP-TEE Trusted Application on QorIQ ARM Based Processors to use OP-TEE to implement secure data storage.
Have a great day,
TIC
-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!
- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------