We have been exploring the option to bring-up OP-TEE over imx6ULL board and we were going through the i.MX Porting Guide Section 5.3 OP-TEE booting flow. It is mentioned there that :
U-Boot binary specific to boot OP- TEE Only booting from the SD card is supported for TEE.
As we are currently using emmc to program the images, is that a limitation for u-boot-imx*_sd_optee.imx to boot up from SD card only.
Also does High Assurance Boot(HAB) is dependent on OP-TEE in any way?
Thanks for the help !
Hi,
The HAB does not depend on OPTEE, it is executed previously to authenticate the images.
You can review application note 4581 for more detailed information.
https://www.nxp.com/webapp/Download?colCode=AN4581&location=null
Best regards,
Diego
Hi Diego,
Thanks for the reply,
By your answer, Can we conclude that HAB is also not dependent or related to Trusted Firmware -A(TF-A) provided by ARM?
We have few more questions:
1. Can you also please share the secure storage options which can be used by iMX6ULL to store confidential information for enhanced security. We know about e-fuses, but does it support RPMB in eMMC as well? Also do we have any references to software TPM like fTPM fulfilling the purpose.
2. Also for imx6ULL ,Has TF-A has been ported in the past? If yes, please provide reference document or links around it.
Thanks for your help in advance.
Hello,
1. I share the documentation for secure storage where the RPMB filesystem is also mentioned:
https://optee.readthedocs.io/en/latest/architecture/secure_storage.html?highlight=rpmb#rpmb-secure-s...
2. According to the documentation, it has not been ported to i.MX 6, only to 7 and 8.
https://trustedfirmware-a.readthedocs.io/en/latest/plat/index.html
Best Regards,
Diego
Thanks for providing the information's around TFA and RPMB.
Can you please provides your thoughts around below question:
We have been exploring the option to bring-up OP-TEE over imx6ULL board and we were going through the i.MX Porting Guide Section 5.3 OP-TEE booting flow. It is mentioned there that :
U-Boot binary specific to boot OP- TEE Only booting from the SD card is supported for TEE.
As we are currently using emmc to program the images, is that a limitation for u-boot-imx*_sd_optee.imx to boot up from SD card only.
Quick response is appreciated.
Regards,
Vikas
I am also looking for this document Security Reference Manual for the i.MX 6ULL Applications Processor.
Quick help is appreciated here.