TrustZone Support on TI AM335x Sitara Starter Kit

robjsstewart at ...196... robjsstewart at ...196...
Wed Apr 15 13:53:15 CEST 2015


I've used the TI Beaglebone development board (AM335x) for about a year-and-a-half. You're understanding of Trustzone support for that proceesor is correct. It's not disabled, but once the bootcode switches from the secure world to the public world prior to handing control to the bootloader, there is no documented way of switching back. Signing an NDA may not be too bad if you really want to use TI, but the path of least resistance would certainly be to us the imx products where Trustzone is well supported and it's implemented in Genode.

You may want to take a look at a Chinese company,, who do offer a range of ARM development boards including a dual nic am335x board. I'm waiting for an AM437x (basically the same as an AM335x with a Cortex A9 processor) based board from them, but have not yet used any of there product.

Bob Stewart

Sent from my android device.

-----Original Message-----
From: Rolf Sommerhalder <rolf.sommerhalder at ...278...>
To: genode-main at
Sent: Wed, 15 Apr 2015 6:38 AM
Subject: TrustZone Support on TI AM335x Sitara Starter Kit

Dear list,

With a specific project in mind that requires two 1 GE network
interfaces to essentially bridge Ethernet traffic, I am tempted to order
a TMDSSK3358 - AM335x Starter Kit for development [1], and eventually
later move to the Little Universal Network Appliance (LUNA) [2, 3].

For 200 USD/Euro (even in Switzerland), this kit seems to be pretty good
value, considering that it includes a 720 MHz AM3358, dual Gigabit
Ethernet interfaces, and also provides JTAG to USB as well as UART to
USB converters on-board (no need for JTAG Debug or serial adaptors),
besides a touch-screen LCD.

What still holds me back is somewhat conflicting information from TI
about TrustZone support in their AM335x Sitara family, and no word about
TZ support by their Starter Kit.
After doing some in-depth research, my current understanding is that TI
Sitara have TZ support inherently baked in being ARM v7 Cortex-A8
processors. However, they boot into "normal mode" with no way to get
back into "secure mode" [4]. Unless I could convince TI to let me sign a
NDA in order to get access to documentation (eventually blow on-chip
fuses, and keys to sign my OS/app?) which might let my code boot/run in
"secure mode" with the TMDSSK3358 [5, 6].

Has anyone experience with TrustZone support on AM335x, and can confirm
my understanding, or provide additional pointers?

Alternatively, can you recommend other ARM dev boards with dual NICs
(not via USB!), TrustZone support like the Freescale i.MX53 ARM
Cortex™-A8 that is on the USB Armory, and which is "affordable"?

Thank you,


BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises event?utm_
genode-main mailing list
genode-main at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list