Copying an email exchange between me and Norman to teh mailing list. I have a few master's students who are starting to work on Trustzone, so I am trying to find out the best way to get them up and running.
Target platform is the i.MX6 Sabrelite board from Freescale. later we will move to our own open source i.MX6 board.
----------------------------------------------------------------------------------- Hello,
My student started work today. I have asked him to post on the group. I am defining the scope of work for him for the next 1 year. Basically I want him to complete the trustzone integration on the i.MX6 board. Do you think there is 6-8 months of work left for 1 person in this effort ?
the answer very much depends on the experience of the developer and degree of trustzone support you want to achieve. Given that base-hw support trustzone on the Cortex-A9 already (for the Versatile Express platform) and also the i.MX53 SoC, I don't expect any difficulties to get the TZ world switch running in principle.
If you really care about thoroughly protecting the secure world from the normal world, however, there is much more work to do. E.g., in our current demo scenario, we cut some corners, which might not be good idea in a real product. E.g. we grant the normal world access to the system-and-clock management unit. Revoking access to this unit from the normal world is easy. But to get Linux running w/o access to it is quite difficult. We'd need to either provide a virtualized version of the device (using a trap-and-emulate scheme) or change the Linux kernel to use custom smc "hypercalls" to the TZ VMM instead of accessing the device directly.
Also, as an additional challenge, it would be worthwhile to investigate a solution for the problem described in the last paragraphs of the Section "Additional device drivers" of our article:
http://genode.org/documentation/articles/trustzone#Additional_device_drivers
The DMA problem (GPU and IPU are using the same DMA channel) is quite serious. It would be interesting to investigate if i.MX6 has fixed that.
To sum it up, the task can be scaled from a few months (just experimenting with the world switch and granting most devices to the normal world) to more than a year (when revoking devices from the normal world while still making Linux happy to run in the normal world). ---------------------------------------------------------------------------------
Madhu