Hikey board as secure/trustzone developpement board


#1

Hi,

I am looking for a developpement board in order to setup a secure environement.
So I want to use OP-TEE OS for trustzone part (this OS can be Used on the Hikey).
But I have also need secure boot.

So before buy this board , I want to check that all elements are available.

It’s seems that Hi6220 SoC specifications are missing.

The best document is http://mirror.lemaker.org/Hi6220V100_Multi-Mode_Application_Processor_Function_Description.pdf

But a lot information is missing.
For example , this document talk about a secure boot flag.
But there is nothing about how setup secure boot, key management etc etc…

Where found true specification of this SoC ?
Without this specification this board is useless for me.

Thank,
Regards,
Olivier


#2

Hi Olivier, welcome to the forums!

I think your research so far is pretty accurate.

The Hikey is a good platform for developing and testing secure applications; it is cheap, contains 64-bit hardware and the secure world is accessible for people to use however they like (this is not true of all platforms). As a result is has good OP-TEE support and just enough of the SoC security hardware is enabled to prevent the normal world from directly affect secure world memory. The current settings make us safe from Murphy (a developer who makes mistakes) but not from Machiavelli (a hostile actor). This is sufficient to provide a development environment where we can exercise most use-cases, including the ARM trusted firmware boot flows.

However, as you have observed, it is a development vehicle only and is not suitable for secure deployment. Specifically I’m not aware of any way to securely load ARM trusted firmware’s BL1 bootloader.