ARM Technical Support Knowledge Articles

Cortex-A9 TrustZone example

Applies to: Cortex-A9

Answer

Answer

This example demonstrates two images running in parallel, using the TrustZone Security Extensions.  One image runs in the "Secure world" the other runs in the "Normal world".  Execution periodically switches between the two security states by issuing SMC instructions.

Requirements

The examples are designed to be used with RVDS 4.1 Professional SP1 (or later).  There are two versions:

Hardware targets will require a RealView-ICE or DStream JTAG Debug Unit.

Building the examples

Each example provides a build.bat file that generates either VE_TrustZone_Example.axf or EB_TrustZone_Example.axf.  These images should be loaded, through the debugger, onto the target platform or the RTSM.  The images will contain code to be run in the Secure world and the Normal world.

The Versatile Express Motherboard with CoreTile Express A9x4 contains a BP147 TrustZone Protection Controller (TZPC) which can be used to partition the memory system to only allow secure accesses.  VE_TrustZone_Example.axf contains code to initialise the TZPC, the only other differences between the two examples are to conform to the memory maps of the target platforms.

<plat>_TrustZone_Example.axf contains all the executable code and debug symbols for the secure and normal worlds.  The file normal.axf contains code and debug symbols only for the normal world.  To debug the normal world code load the symbols only from this image into the non-secure memory space.

Running the examples

Cortex-A9 MPCore (single core) RTSM

Create a new RTSM configuration using RTSM_EB_Cortex-A9_MPx1.dll.  Initialise a connection to the RTSM in RVD and load EB_TrustZone_Example.axf.

Hardware platforms

Initialise a connection to the hardware platform and use RVD to load the correct image for that platform onto CPU 0.  In a mulitcore environment the image can be loaded into all CPUs but only CPU 0 will run active code, CPU IDs > 0 will be put into a Wait for Event (WFE) state.

Semihosting debug must be enabled in your debugger.  To enable semihosting in RVD see: infocenter.arm.com/help/topic/com.arm.doc.faqs/ka3652.html

To enable semihosting in DS-5 enter the command "set semihosting enable on" into the command pane before running the example.

After loading the Program Counter should be automatically set to the correct entry point for the image.

The code will initialise the system in the Secure world before issuing SMC calls to move from one security state to the other.  The expected output is:

hello from Normal world

hello from Secure world

hello from Normal world

hello from Secure world

hello from Normal world

hello from Secure world

hello from Normal world

hello from Secure world

hello from Normal world

hello from Secure world

hello from Normal world

hello from Secure world

hello from Normal world

hello from Secure world

hello from Normal world

hello from Secure world

hello from Normal world

hello from Secure world

hello from Normal world

hello from Secure world

Limitations

This example is not intended as a reference for developing a trusted execution environment.  The monitor code only provides a partial context switch.

Porting the examples

To port these examples to another ARM based development board they will need to be altered to conform to the memory map of the new target.  The location of the Normal world code and memory is defined by scatter_normal.txt.  The Secure world code and memory location is defined by scatter_secure.txt.

Attachments: EB_TrustZone_Example.zip , VersatileExpress_TrustZone_Example.zip

Article last edited on: 2013-08-08 10:50:40

Rate this article

[Bad]
|
|
[Good]
Disagree? Move your mouse over the bar and click

Did you find this article helpful? Yes No

How can we improve this article?

Link to this article
Copyright © 2011 ARM Limited. All rights reserved. External (Open), Non-Confidential