ARM TrustZone on Jetson TK1

Hi, I am a graduate student that is implementing a security project in Jetson TK1. I hope to use the TrustZone feature. I saw that NVIDIA have this thing called TLK and its github seem to contain some source code in this area.

I have yet to look through this, but I was wondering if there are any documentations/tutorials that specifically tells you how to do some of the following (or whether these are all the resources I have to go on):

  1. Boot into Secure World, load minimal OS and boot into Normal World a full host Linux OS
  2. Secure Monitor program that can be called to switch between the Secure World OS and Normal World OS
  3. Partitioning memory and peripherals between Normal World and Secure World

Some of the questions I have are: How do I know I am in the Secure World? Is there some way to put a terminal into the Secure World so I an have some kind of UI? Does that mean the graphics driver somehow need to be multiplexed between the Secure World and Normal World?

I am a bit overwhelmed since I am starting a bit from scratch here, so I am not sure I even know what I don’t know. So any help would be great! Especially regards to what Secure World OS can be loaded and how Secure World can interface with Normal World kernel structures to control for example network I/O.

Trust Zone is part of the ARM CPU design. So far as within the CPU goes, here’s a link which may be of use:

The general ARM Cortex-A15 info is found here:

So far as actually working with TrustZone goes, I’m going to guess (“I lack expertise”) that some of the work needs to be done in the boot loader itself, at least for setting up the environment. The gist of working with TrustZone seems to be that certain parts of the environment must be set up ahead of time, and then TrustZone locks in and guarantees those settings when later using that environment (it wouldn’t be very “trusty” to call it trusted and then allow changes). The kernel itself would be involved, so you may want to look through kernel config options related to this…for example, I see “CONFIG_TRUSTED_LITTLE_KERNEL”, but I don’t know if this is really what you need or not (research required on this).