Hi, the Secure Provisioning Tool is very nice. Thanks for bringing all these steps into a single place.
If I take the blinky demo, I can make a signed image and load onto a board and it works.
But if I take another demo, such as freertos_hello, and make a signed image and load it onto the board it doesn't work. It only works IF TrustZone pre-config is set to "Enabled (preset)" in the provisioning tool.
The freertos_hello project had a TrustZone directory, it was deleted. The "power switch" in the TEE config tools is off. In the Compiler settings, the TrustZone project type is set to "none", and ditto in Linker.
Why must TrustZone be enabled in order for freertos_hello to run?
Thanks
已解决! 转到解答。
OK, thanks for the clue about the start address. That must be the issue I will check next time I'm back at problem. Thanks!
Hi Marek,
MCUXpresso IDE 11.2.1, SDK 2.8.2, processor is LPC55s16 64 pin on custom board. Secure Provisioning Tool is Version 2.1.
I took the freertos_hello, configured an output pin for an LED, and then toggled that LED in a loop. If signed image is picked in the provisioning tool, the image doesn't run. If I enable TrustZone, then it runs.
Thanks!
Hi Matt,
can you please double check what is start address at build page? It is expected to be zero. I'm asking because if TrustZone is used, it forces zero start address using VTOR register.
> The freertos_hello project had a TrustZone directory, it was deleted.
I do not see any "TrustZone" directory. Could you send a screenshot? May be I do not understand what you mean.
Do other examples work for you? For example hello_world or some other simple example without FreeRTOS?
Regards
Marek
Hi @marek, I have confirmed the start address is zero.
I have another problem that might be related. I can build release/debug images and sign as needed with provisioning tool (all required TrustZone = Enabled as previously discussed). I can write the images no problem as long as 'ENABLED SECURITY' isn't checked. Everything works exactly as expected. I can also upgrade with new signed images via my own bootloader.
For the first time, I ticked 'enable security" and the flash completed and showed green in Provisioning tool, but the image doesn't boot. The target is no longer reachable with "Test Connection" in Provisioning tool, meaning it's not running bootloader code any more.
I can go back to unsecured board and everything works again as expected.
Why would ticking "enable security" cause the booting to stop?
Hi Matt from Seattle,
can you please provide additional details:
- what SDK package are you using? What processor or board is it? What version?
- Is this problem related to SDK example "rtos_examples\freertos_hello"?
- What toolchain did you use to build the project?
Thanks, Marek