Does Hikey provide access to the secure mode of TrustZone?


#1

The OP-TEE project tells me that it supports Hikey board, so I guess Hikey must support TrustZone. But I’m not sure whether I have free access to the secure mode to TrustZone(this feature is disabled in some boards although the ARM processor supports it, and some already has code running in secure world). What I mean is that can I run my own code using TrustZone without restrictions(i.e. NDA).
<br />
Has anyone run some codes successfully in Hikey board?
<be />
Thanks in advance.
Tgn


#2

You can take a look at https://github.com/96boards/documentation/wiki/HiKeyUEFI.
It includes the binaries and source code for Arm Trusted Firmware (TrustZone) (https://github.com/96boards/arm-trusted-firmware) which is open source.


#3

@Tgn, you can run your own TrustZone code without restrictions on Hikey. All tools etc that we have been using when porting OP-TEE to Hikey are publicly available. Beware that this however is not true for all 96boards, some vendors decided to keep it open some don’t (so please double check before buying a device if you intend to do TrustZone development). But again Hikey is open and is a good choice for TrustZone development.


#4

Thank you for your reply. It is a very useful project, although I am not able to find any available Hikey board on market.


#5

Thanks for your advice. That’s exactly what appeals to me: unrestricted, affordable, with open-sourced documentation and a lot of developmers. I have contacted a distributor in my country and was told that I might have to wait for over a month before hikey is available(trial production).
Hikey is definitely a good choice, so I don’t intend to pay twice(some even ten times!) as much money as hikey to buy other boards so far. Maybe I should learn more about the GlobalPlatform API while watiing for hikey to be available so that I can get my hands on it more quickly when it really is.


#6

Hi all and sorry for my English writing,

When I look at the code of the ATF and OPTEE there is no reference to the TZC controller used . I would like to know which controller is used ? TZC400 or TZC380 …

If so TZC400 it used which NSAID it used by hikey?

Thanks for your help and happy new years.


#7

You can grep/search https://github.com/96boards/arm-trusted-firmware for tzc and find many references there.

Driver code is here: drivers/arm/tzc400/tzc400.c

The NSAIDs are not setup in hikey but you can reference them in the FVP and Juno’s platform code:
plat/fvp/fvp_def.h
plat/juno/juno_def.h

Use of the NSAIDs along with TZC400 can be referenced here:
plat/fvp/fvp_security.c
plat/juno/plat_security.c


#8

Thank you very much for this information,

but I thought I understood that NSAIDs are a bitmap image in the soc . Normally, I was thinking that user setting use to hard bitmap for associated a peripheral to secure world.

The Nsaid define the compenent master of bus that access to secure world for exemple:

./plat/juno/juno_def.h


#define TZC400_NSAID_CCI400        0  /* Note: Same as default NSAID!! */
#define TZC400_NSAID_PCIE          1
#define TZC400_NSAID_HDLCD0        2
#define TZC400_NSAID_HDLCD1        3
#define TZC400_NSAID_USB           4
#define TZC400_NSAID_DMA330        5
#define TZC400_NSAID_THINLINKS     6
#define TZC400_NSAID_AP            9
#define TZC400_NSAID_GPU           10
#define TZC400_NSAID_SCP           11
#define TZC400_NSAID_CORESIGHT     12

./plat/juno/plat_security.c


TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CCI400)    |
TZC_REGION_ACCESS_RDWR(TZC400_NSAID_PCIE)    |
TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD0)    |
TZC_REGION_ACCESS_RDWR(TZC400_NSAID_HDLCD1)    |
TZC_REGION_ACCESS_RDWR(TZC400_NSAID_USB)    |
TZC_REGION_ACCESS_RDWR(TZC400_NSAID_DMA330)    |
TZC_REGION_ACCESS_RDWR(TZC400_NSAID_THINLINKS)    |
TZC_REGION_ACCESS_RDWR(TZC400_NSAID_AP)        |
TZC_REGION_ACCESS_RDWR(TZC400_NSAID_GPU)    |
TZC_REGION_ACCESS_RDWR(TZC400_NSAID_CORESIGHT));
TZC_REGION_ACCESS_RDWR(TZC400_NSAID_SCP));

Where is locate the address of TZC400? at the same of FVP? What is bitmap hikey organisation to use?

For now, I do not have hikey I need wait patiently and use your help.

So I think it is necessary to know the bitmap TrustZone organization hikey for using the TrustZone functionality.

let91,


#9

I say a mistake,

“The Nsaid define the compenent master of bus that access to secure world for”

The NSAID define a Non Secure component (master on the bus) that acces into area with specifique rights (read or write or nothing).

sorry.


#10

@let91 yes, unfortunately, the vendor seemed to have chosen not to include the relevant info in their documentation.

Perhaps you might be able to find some useful info from the possibly related example below: