TrustZone Support on TI AM335x Sitara Starter Kit

Rolf Sommerhalder rolf.sommerhalder at ...278...
Wed Apr 15 12:38:16 CEST 2015

Dear list,

With a specific project in mind that requires two 1 GE network
interfaces to essentially bridge Ethernet traffic, I am tempted to order
a TMDSSK3358 - AM335x Starter Kit for development [1], and eventually
later move to the Little Universal Network Appliance (LUNA) [2, 3].

For 200 USD/Euro (even in Switzerland), this kit seems to be pretty good
value, considering that it includes a 720 MHz AM3358, dual Gigabit
Ethernet interfaces, and also provides JTAG to USB as well as UART to
USB converters on-board (no need for JTAG Debug or serial adaptors),
besides a touch-screen LCD.

What still holds me back is somewhat conflicting information from TI
about TrustZone support in their AM335x Sitara family, and no word about
TZ support by their Starter Kit.
After doing some in-depth research, my current understanding is that TI
Sitara have TZ support inherently baked in being ARM v7 Cortex-A8
processors. However, they boot into "normal mode" with no way to get
back into "secure mode" [4]. Unless I could convince TI to let me sign a
NDA in order to get access to documentation (eventually blow on-chip
fuses, and keys to sign my OS/app?) which might let my code boot/run in
"secure mode" with the TMDSSK3358 [5, 6].

Has anyone experience with TrustZone support on AM335x, and can confirm
my understanding, or provide additional pointers?

Alternatively, can you recommend other ARM dev boards with dual NICs
(not via USB!), TrustZone support like the Freescale i.MX53 ARM
Cortex™-A8 that is on the USB Armory, and which is "affordable"?

Thank you,


More information about the users mailing list