How to run OP-TEE with U-Boot

kanimozhi_t · ‎07-05-2021

Hi,

We're trying to have a secure world on i.MX 6SoloX and hence integrated OPTEE OS & Client. With the default implementation, we can have the secure world (TEE) in parallel to the non-secure world (Rich Linux OS).

But, we would like to have the secure world when bootloader is initiating. However, the i.MX Porting Guide shows that the OPTEE and Linux kernel are loaded by the bootloader. Hence we would like to get an expert opinion on this.

To summarise,

1. Can we run a Trusted Execution Environment in parallel to the bootloader (U-Boot)?

2. If we can configure OPTEE to run in parallel with the U-Boot, how do we do that?

Feel free to share your opinions and revert for any clarifications. Thanks in advance.

igorpadykov · ‎07-05-2021

Hi Kanimozhi

one can try solution provided on (post from eugenetodoruk) :

https://community.nxp.com/t5/i-MX-Processors/OP-TEE-on-i-MX6Q/m-p/589959

Best regards
igor

kanimozhi_t · ‎07-06-2021

Hi @igorpadykov

Thank you for the link, but we've already enabled the OP-TEE successfully.

What we want to accomplish is running OP-TEE in parallel to U-Boot (instead of default kernel). The below diagram should shed some light on this.

Here, the default boot sequence is the second flow (TEE initialised after U-Boot)

We want the TEE to be initialised before U-Boot (as circled in red).

It would be grateful if you could share your thoughts on this. Feel free to revert for more details.

Looking forward for your reply.

How to run OP-TEE with U-Boot

How to run OP-TEE with U-Boot

i.MX6SoloX

i.MX6UL

Linux

Security

Yocto Project