Is TrustZone feature enabled in DragonBoard 410c?


#1

Interested in knowing that if TrustZone feature is enabled in DragonBoard 410c? It seems the processor Cortex® A53 supports TrustZone. Thanks


#2

yes, it is enabled…

… but the firmware that runs in the secure world is proprietary and provided by QCOM, and it is not possible (for now) to change it.


#3

It is present in the hardware but is more or less impossible to access
from user modifiable software. If you’re interested in experimenting
with TrustZone this Hikey more suited to your needs.

Note that although Hikey does allow access to TrustZone there is no
support for signature checking the code it loads from eMMC so secure
boot cannot be implemented on this platform (i.e. it is good for TZ
develoment but not for deployment).


#4

Thanks for all your replies.
So for Hikey, I find it runs Android and Linux, rather than IoT OS, like Android things or Windows 10 IoT core.
Any board that you are aware of can support any IoT platform, and also with access to TrustZone?


#5

I don’t think any of the 96Boards can do this. You might be able to get
this working on RPi3 but I’m afraid you’d have to ask for details on
their forums :wink:


#6

Thank you so much!!!


#7

Hi Ggc_Rgfv

When you say IoT platform access to TrustZone, are you referring to hardware featuring Cortex M SoCs as in latest ARMv8-M architecture OR hardware featuring Cortex A SoCs with standard TrustZone as we know it.

Dragonboard 410c does have Windows 10 IoT core running, officially announced by Microsoft - https://blogs.windows.com/buildingapps/2015/10/28/announcing-dragonboard-410c-support-in-windows-10-iot-core-arduino-partnership-updates/

Does that answer your question?

HTHs


#8

I refer to cortex A SoC, since DragonBoard 410c uses A53.
Yes, Windows 10 IoT can run on DragonBoard, but as others mentioned, it is almost impossible to experiment DragonBoard trustzone


#9

Is there any way to verify whether firmware is running properly on the board, any official tests or via some apis.
I can see some qseecomd process are running on the board. Also 2 qsee binaries are present in /system/bin
qseecom_sample_client qseecom_security_test
Not sure what that do, or how to run that.


#10

Hi @ashu,

QCOM uses SCM (Secure Channel Manager) [1] to interact with the secure firmware (QSEE) running on Snapdragon chipsets via SMC.

There is no public API documents available AFAIK.

-Mani

[1] http://elixir.free-electrons.com/linux/v4.14-rc6/source/drivers/firmware/qcom_scm.c


#11

Hi @Mani

Thanks for reply.

Is there any way, someone can identify whether firmware is running properly.

What are the use of qsee binaries present on board.


#12

If you can boot the device then TrustZone is working.

The question is; what are you actually asking for? Do you want to use functionality that the Qualcomm TrustZone implementation provides (e.g. keystore), do you want to write code that runs in Qualcomm’s QSEE environment or do you want to be able to play around in TrustZone?