IMX8 OPTEE

From Variscite Wiki
Revision as of 15:26, 22 May 2024 by Alex (talk | contribs) (Add Debian_Platform_Customization)
Warning: This page is designed to be used with a 'release' URL parameter.

This page is using the default release mx8mp-yocto-kirkstone-5.15-2.0.x-v1.0.
To view this page for a specific Variscite SoM and software release, please follow these steps:

  1. Visit variwiki.com
  2. Select your SoM
  3. Select the software release
DART-MX8M-PLUS OPTEE

OP-TEE Introduction

NXP i.MX Platforms support the use of OP-TEE.

OP-TEE (Open Portable Trusted Execution Environment) is an open-source Trusted Execution Environment (TEE) designed for ARM-based devices. A TEE is a secure area of a processor, isolated from the main operating system, that provides a secure environment for executing trusted applications. OP-TEE is designed to provide a secure environment for executing sensitive code and protecting the confidentiality and integrity of data on the device.

OP-TEE is based on the ARM TrustZone technology, which provides hardware-enforced isolation between the trusted and non-trusted parts of a system.

The main design goals are:

  • Isolation - the TEE provides isolation from the non-secure OS and protects the loaded Trusted Applications (TAs) from each other using underlying hardware support.
  • Small footprint - the TEE should remain small enough to reside in a reasonable amount of on-chip memory as found on ARM-based systems.
  • Portability - the TEE aims at being easily pluggable to different architectures and available HW and has to support various setups such as multiple client OSes or multiple TEEs.

For more information, please see the following resources from NXP:

Enable OP-TEE with Yocto

To enable OP-TEE, add the following to conf/local.conf:

MACHINE_FEATURES:append = " optee"
DISTRO_FEATURES:append = " optee"
IMAGE_INSTALL:append = " optee-os optee-test"

Then, rebuild the Yocto image and test OP-TEE using the xtest utility.

For more information about how to rebuild the Yocto, follow the steps here: Build Yocto from source code.

OP-TEE Memory Configuration

The DRAM memory size is hardcoded in optee-os and needs to be updated according to the memory configuration of your SoM.

The DRAM size is configured by the variable TEE_CFG_DDR_SIZE, which is initialized in https://github.com/varigit/meta-variscite-bsp/blob/kirkstone/conf/machine/imx8mp-var-dart.conf and may be updated directly or overidden in conf/local.conf.


For example, override TEE_CFG_DDR_SIZE to 4GB:

TEE_CFG_DDR_SIZE = "0x100000000"