DPAA and TrustZone on LS1046A

adipoubelle2 · ‎01-21-2019

Hello everyone,

I’m doing some prototyping using QorIQ DPAA and ARM TrustZone mechanisms on the LS1046ARDB board. I was wondering if it was possible to isolate at least one Ethernet interface in the TEE, therefor being only usable by the secure-world, while the rest of the network interfaces would belong to the REE.

I’ve read on the QorIQ LS1046A Reference Manual Rev. 2, Chapter 14.5.1, p559 "The QMan is always a non-secure master”. So, if I understand correctly, this also implies BMan and FMan need to be non-secure. Basically, the entire DPAA can only run in non-secure mode. Meaning I cannot have a network interface only accessible by the secure-world. Is my conclusion correct ?

Many thanks for your answers

yipingwang · ‎02-21-2019

Hello adi poubelle,

Please refer to the following ARM Trustzone architecture in software perspective.

ARMV8 processor has four execution levels(EL0-EL3), EL3 divides a physical processor into two logical processors.

Linux(or common OS) including DPAA driver runs in EL1 in the normal world.

In fact TEE provides an isolated environment to ensue code/data(such as private keys, customer's data) integrity and confidentiality to avoid accessed and tampered from the normal world.

You could refer to this document OP-TEE Trusted Application on QorIQ ARM Based Processors to use OP-TEE to implement secure data storage.

Have a great day,
TIC

-------------------------------------------------------------------------------
Note:
- If this post answers your question, please click the "Mark Correct" button. Thank you!

- We are following threads for 7 weeks after the last post, later replies are ignored
Please open a new thread and refer to the closed one, if you have a related question at a later point in time.
-------------------------------------------------------------------------------

DPAA and TrustZone on LS1046A

DPAA and TrustZone on LS1046A

QorIQ LS1 Devices