Hi Christopher,
On 8 September 2016 at 17:27, LAMBERT Christopher <christopher.lambert@
mythalesgroup.com> wrote:
> Hi Joakim,
>
> I've seen that the Juno board may be a solution for what I want to do.
> Could you confirm that?
> Thanks,
>
Sorry for the delayed reply. Regarding a recommended board(s). It depends
on what you are trying to achieve. If you're interested in learning about
TEE and how to create TA's, but don't want to spend too much money. Then
I'd say, go for HiKey or Raspberry Pi. I haven't tried the Xilinx and
Freescale boards myself that are supported [1], but I don't think they are
also good alternatives. You can go for Juno also, it's quite a bit more
pricey compared to the other development boards. If you are interested in
making a secure product for the consumer market, then you're in a much
tougher situation, since the "development" boards aren't sufficient. The
major issue is that you have no ability to get root of trust and therefore
no chain of trust on those devices. I.e, the soc vendor usually don't
provide tools and/or documentation how to blow fuses etc.
Based on your previous reply it doesn't sound like you are planning to make
a secure consumer device. Everything you mention there can be achieved on
the HiKey board if you forget about the root of trust. Stub the root key
with a self signed key and then you can implement and play with secure boot
in the rest of the boot stages. What's been described here [2] (not yet
merged) is something you should be able to do on HiKey also (basically any
device that uses ARM-TF and OP-TEE or any other TEE for that matter would
work). You could probably achieve almost the same with RPi3, but the RPi3
boot with OP-TEE is a bit odd, so I would not recommend that in first place.
And you don't have to deal with low level code at all if you don't want
too. In fact, if you just would like to learn how to write and run Trusted
Applications, play with secure storage etc. Then you don't need any
hardware. You can just download QEMU and run everything on your local PC
(boot, secure OS, monitor, Linux kernel, client application user space and
Trusted Applications ... all that works in QEMU). Setting up QEMU on a
Linux machine is roughly typing 6-10 lines in bash, all stated here [4]
(don't forget about to apt-get the prerequisites, see section 4) and 45
minutes later (downloading Linux kernel, toolchains is the majority of the
time) you have all ready to be used.
So, summary:
1. QEMU
2. Hikey
3. Evaluate if the Xilinx or Freescale boards would be good enough (there
are email addresses to the maintainers for those here [3] in case you have
questions regarding the device they maintain)
4. Juno if you have money to spend
5. RPi3.
[1] https://github.com/OP-TEE/optee_os#3-platforms-supported
[2] https://github.com/OP-TEE/optee_os/pull/1037
[3] https://github.com/OP-TEE/optee_os/blob/master/MAINTAINERS.md
[4] https://github.com/OP-TEE/optee_os#5-repo-manifests
Regards,
Joakim
