Hi Christopher,
On 8 September 2016 at 17:27, LAMBERT Christopher <christopher.lambert@ mythalesgroup.com> wrote:
Hi Joakim,
I've seen that the Juno board may be a solution for what I want to do. Could you confirm that? Thanks,
Sorry for the delayed reply. Regarding a recommended board(s). It depends on what you are trying to achieve. If you're interested in learning about TEE and how to create TA's, but don't want to spend too much money. Then I'd say, go for HiKey or Raspberry Pi. I haven't tried the Xilinx and Freescale boards myself that are supported [1], but I don't think they are also good alternatives. You can go for Juno also, it's quite a bit more pricey compared to the other development boards. If you are interested in making a secure product for the consumer market, then you're in a much tougher situation, since the "development" boards aren't sufficient. The major issue is that you have no ability to get root of trust and therefore no chain of trust on those devices. I.e, the soc vendor usually don't provide tools and/or documentation how to blow fuses etc.
Based on your previous reply it doesn't sound like you are planning to make a secure consumer device. Everything you mention there can be achieved on the HiKey board if you forget about the root of trust. Stub the root key with a self signed key and then you can implement and play with secure boot in the rest of the boot stages. What's been described here [2] (not yet merged) is something you should be able to do on HiKey also (basically any device that uses ARM-TF and OP-TEE or any other TEE for that matter would work). You could probably achieve almost the same with RPi3, but the RPi3 boot with OP-TEE is a bit odd, so I would not recommend that in first place.
And you don't have to deal with low level code at all if you don't want too. In fact, if you just would like to learn how to write and run Trusted Applications, play with secure storage etc. Then you don't need any hardware. You can just download QEMU and run everything on your local PC (boot, secure OS, monitor, Linux kernel, client application user space and Trusted Applications ... all that works in QEMU). Setting up QEMU on a Linux machine is roughly typing 6-10 lines in bash, all stated here [4] (don't forget about to apt-get the prerequisites, see section 4) and 45 minutes later (downloading Linux kernel, toolchains is the majority of the time) you have all ready to be used.
So, summary: 1. QEMU 2. Hikey 3. Evaluate if the Xilinx or Freescale boards would be good enough (there are email addresses to the maintainers for those here [3] in case you have questions regarding the device they maintain) 4. Juno if you have money to spend 5. RPi3.
[1] https://github.com/OP-TEE/optee_os#3-platforms-supported [2] https://github.com/OP-TEE/optee_os/pull/1037 [3] https://github.com/OP-TEE/optee_os/blob/master/MAINTAINERS.md [4] https://github.com/OP-TEE/optee_os#5-repo-manifests
Regards, Joakim