Working on LPC55S69-EVK (SB, TrustZone, secure debuge)

mohammed_aitben · ‎02-12-2020

Hey All,

Have some questions to ask you about the TrustZone, TFM uses cases and secure debug :

1- If I understood correctly, we can't debug once secure boot is enabled, therefore we can't talk about secure debug too ?

2- I don't know how secure boot ROM it works because i don't have access, but in this sense can you confirm that the ROM code doesn't enable TrustZone for SB security features ?

3- Last question but not least, in your SDK last release you provide TFM implementation ? Can you please explain the perspectives of this implem and the eventual use cases ?

I mean today your SB doesn't relies to PSA-RoT so i can't understand if your are planing to integer in SB or others appli ?

Thank you in advance

Best regards

mohammed_aitben · ‎02-13-2020

Hey sabinabruce‌

Thank you for your answers. I updated the thread then it disappeared !

1- Ok for debug authentication. I don't know if there is an example implementation of debug authentication provided in SDK?

2- By TZEN i wanted to say TrustZone.

3- OK for TFM documentation, but how NXP platform could use the TFM application ?

Thanks

Sabina_Bruce · ‎02-19-2020

Hello,

1. At the moment there is not an example for debug authentication.

2. Section 7.5.3 describes the support for trustzone-M during secure boot. It does not mean that secure boot is implemented with trustzone, instead once the user application is started it will know whether to jump to secure mode or not. This can be configured in the SECURE_BOOT_CFG fields.

3. The TF - M examples have three main objectives, but it's up to the customer how much further they would like to implement it.

First example is a simple demo which serves as a template and a sanity check for the TF-M core and RoT services.
The second, PSA Dev API test application provides verification that secure service API behaviours are implemented correctly. This is secure part of the application.
The regression test application provides testing of the TF-M core and its RoT services

Best Regards,

Sabina

Sabina_Bruce · ‎02-13-2020

Hello ,

Hope you are doing well.

To answer your questions:

1- If I understood correctly, we can't debug once secure boot is enabled, therefore we can't talk about secure debug too ?

Not necessarily, you can access the secure part of the device with the debugger if a debug authentication method is implemented. Please review the details of this in section 51.7 Debug Authentication.

2- I don't know how secure boot ROM it works because i don't have access, but in this sense can you confirm that the ROM code doesn't enable TZEN for SB security features ?

For information regarding the secure boot, you can refer to AN12283. Could you please specify what you mean by TZEN?

3- Last question but not least, in your SDK last release you provide TFM implementation ? Can you please explain the perspectives of this implem and the eventual use cases ?

The examples we provide are designed to help our customer's get started with their applications using Trusted Firmware - M. For more information about the usage and applications I recommend to check the links provided in the following webpage. Here you will find the information of how TF-M works.

Hope it helps!

Sabina

-----------------------------------------------------------------------------------------------------------------------

Note: If this post answers your question, please click the Correct Answer button. Thank you!

-----------------------------------------------------------------------------------------------------------------------