Run a Trusted OS on Tegra X2

Hi all,
We’re trying to instantiate a Trusted Execution Environment (TEE) on an Nvidia TX-2 system, and came up with the following questions.

1.   Is it correct that we need to use Cboot to launch the Trusted OS and U-Boot to launch the Rich OS such as Ubuntu Linux?
   

2.   If so, what should we do when we encountered EEPROM read errors and I2C write failure messages while running Cboot? — FYI, we were trying to boot TX-2 using its factory default configuration. NOTHING was changed.
   

As we understand, the Trusted OS was launched through a Trusted Booting process running in the Secure Mode supported by ARM TrustZone. Were those memory and I/O access failures due to misconfiguration of memory and I/O maps for the Secure Mode? If so, how can we fix them?

3.   Shall we use the Tegraboot included in the L4T package along with the Cboot to launch the Trusted OS? If not, what is the correct version of Tegraboot we should use?
   

We asked this question because, as we know, the Trusted Booting process shall be run in the Secure Mode supported by ARM TrustZone. Can the Tegraboot in L4T be run in the Secure Mode?

4.   The Trusted OS module included in the current release is a stub. What will be the Trusted OS(es) that can be run on TX-2? When will it/they be available?
   

5.   As we know, we need to use the BCT to specify the memory and I/O maps for the Trusted OS and the Rich OS. Is there a tool or a way to create a customized BCT?
   

tom.icw,
For general TX2 boot flow, you could look into ‘TX2 Boot Flow’ from Development Guide. Our tutorial video also cover Secure Boot Flow,

"EEPROM read errors and I2C write failure messages while running Cboot?
=> We are working to release CBoot source code so you can debug the issue yourself. Stay tuned.

"As we understand, the Trusted OS was launched through a Trusted Booting process running in the Secure Mode supported by ARM TrustZone. Were those memory and I/O access failures due to misconfiguration of memory and I/O maps for the Secure Mode?
=> As the booting document indicates, ATF/Secure monitor is supported in current TX2 and based on ARM Trusted Firmware,

And your IO/memory access issue should not be related to that. Again, let’s wait for CBoot source code to uncover the issue.

Trusted OS resides as part of EMMC partition so there is no need to modify BCT. At this point, the release of Secure OS is still not firm. We will have to get back on this later. What is your brief TEE usage description?

Hope this helps. Thanks.

"EEPROM read errors and I2C write failure messages while running Cboot
=> is this issue observed with JetPack 3.1 flashing image? What exactly the message log is?

Thanks for your response, we got the output message from the booting process which can be visible since the launch of TegraBoot, captured by UART, not from image flashing. The message looks like the following(Appears at the end of the snippet)

64NOTICE:  BL31: v1.2(release):cc5fd7c
NOTICE:  BL31: Built : 00:37:02, Jul 20 2017
NOTICE:  Trusty image missing.
ERROR:   Error initializing runtime service trusty_fast
[0000.927] RamCode = 0
[0000.948] LPDDR4 Training: Read DT: Number of tables = 10
[0000.953] EMC Training (SRC-freq: 204000; DST-freq: 40800)
[0000.958] EMC Training Skipped
[0000.961] EMC Training (SRC-freq: 204000; DST-freq: 68000)
[0000.966] EMC Training Skipped
[0000.969] EMC Training (SRC-freq: 204000; DST-freq: 102000)
[0000.974] EMC Training Skipped
[0000.977] EMC Training (SRC-freq: 204000; DST-freq: 204000)
[0000.982] EMC Training Skipped
[0000.985] EMC Training (SRC-freq: 204000; DST-freq: 408000)
[0000.991] EMC Training Successful
[0000.994] EMC Training (SRC-freq: 204000; DST-freq: 665600)
[0001.000] EMC Training Successful
[0001.003] EMC Training (SRC-freq: 204000; DST-freq: 800000)
[0001.015] EMC Training Successful
[0001.018] EMC Training (SRC-freq: 204000; DST-freq: 1065600)
[0001.041] EMC Training Successful
[0001.044] EMC Training (SRC-freq: 204000; DST-freq: 1331200)
[0001.065] EMC Training Successful
[0001.068] EMC Training (SRC-freq: 204000; DST-freq: 1600000)
[0001.088] EMC Training Successful
[0001.091] Switching to 800000 KHz Success
[0001.101] RamCode = 0
[0001.105] DT Write: emc-table@40800 succeeded
[0001.111] DT Write: emc-table@68000 succeeded
[0001.117] DT Write: emc-table@102000 succeeded
[0001.123] DT Write: emc-table@204000 succeeded
[0001.129] DT Write: emc-table@408000 succeeded
[0001.135] DT Write: emc-table@665600 succeeded
[0001.141] DT Write: emc-table@800000 succeeded
[0001.147] DT Write: emc-table@1065600 succeeded
[0001.153] DT Write: emc-table@1331200 succeeded
[0001.160] DT Write: emc-table@1600000 succeeded
[0001.164] LPDDR4 Training: Write DT: Number of tables = 10
[0001.199] 
[0001.200] Debug Init done
[0001.202] Marked DTB cacheable
[0001.205] Bootloader DTB loaded at 0x83000000
[0001.210] Marked DTB cacheable
[0001.213] Kernel DTB loaded at 0x83100000
[0001.217] DeviceTree Init done
[0001.236] Pinmux applied successfully
[0001.242] gicd_base: 0x50041000
[0001.247] gicc_base: 0x50042000
[0001.250] Interrupts Init done
[0001.255] Using base:0x60005008 & irq:33 for tick-timer
[0001.260] Using base:0x60005000 for delay-timer
[0001.265] platform_init_timer: DONE
[0001.268] Timer(tick) Init done
[0001.273] osc freq = 38400 khz
[0001.279] 
[0001.280] welcome to cboot
[0001.282] 
[0001.284] Cboot Version: 00.00.2014.50-t210-fadd1be5
[0001.288] calling constructors
[0001.291] initializing heap
[0001.294] initializing threads
[0001.297] initializing timers
[0001.300] creating bootstrap completion thread
[0001.304] top of bootstrap2()
[0001.307] CPU: ARM Cortex A57
[0001.310] CPU: MIDR: 0x411FD071, MPIDR: 0x80000000
[0001.315] initializing platform
[0001.361] config for ddr50 mode completed
[0001.365] sdmmc bdev is already initialized
[0001.369] Enable APE clock
[0001.372] Un-powergate APE partition
[0001.375] of_register: registering tegra_udc to of_hal
[0001.381] of_register: registering inv20628-driver to of_hal
[0001.386] of_register: registering ads1015-driver to of_hal
[0001.392] of_register: registering lp8557-bl-driver to of_hal
[0001.397] of_register: registering bq2419x_charger to of_hal
[0001.403] of_register: registering cpc to of_hal
[0001.408] of_register: registering bq27441_fuel_gauge to of_hal
[0001.427] gpio framework initialized
[0001.431] of_register: registering tca9539_gpio to of_hal
[0001.436] of_register: registering tca9539_gpio to of_hal
[0001.441] of_register: registering i2c_bus_driver to of_hal
[0001.447] of_register: registering i2c_bus_driver to of_hal
[0001.452] of_register: registering i2c_bus_driver to of_hal
[0001.458] pmic framework initialized
[0001.461] of_register: registering max77620_pmic to of_hal
[0001.467] regulator framework initialized
[0001.471] of_register: registering tegra_xhci to of_hal
[0001.476] initializing target
[0001.485] gpio_driver_register: register 'tegra_gpio_driver' driver
[0001.497] fixed regulator driver initialized
[0001.568] initializing OF layer
[0001.571] NCK carveout not present
[0001.574] Skipping dts_overrides
[0001.578] of_children_init: Ops found for compatible string nvidia,tegra210-xhci
[0001.587] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0001.617] I2C Bus Init done
[0001.620] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0001.635] I2C Bus Init done
[0001.638] of_children_init: Ops found for compatible string ti,tca9539
[0001.652] tca9539_init: i2c bus: 2, slave addr: 0xe8
[0001.657] gpio_driver_register: register 'tca9539_gpio_driver' driver
[0001.664] of_children_init: Ops found for compatible string ti,tca9539
[0001.678] tca9539_init: i2c bus: 2, slave addr: 0xee
[0001.683] gpio_driver_register: register 'tca9539_gpio_driver' driver
[0001.690] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0001.705] I2C Bus Init done
[0001.708] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0001.723] I2C Bus Init done
[0001.725] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0001.740] I2C Bus Init done
[0001.743] of_children_init: Ops found for compatible string maxim,max77620
[0001.758] max77620_init using irq 118
[0001.763] register 'maxim,max77620' pmic
[0001.768] gpio_driver_register: register 'max77620-gpio' driver
[0001.774] of_children_init: Ops found for compatible string nvidia,tegra210-i2c
[0001.789] I2C Bus Init done
[0001.794] NCK carveout not present
[0001.797] shim_invoke: No NCT, Calling dts updates
[0001.818] Find /i2c@7000c000's alias i2c0
[0001.822] get eeprom at 1-a2, size 256, type 0
[0001.827] get eeprom at 1-ae, size 256, type 0
[0001.842] Find /i2c@7000c400's alias i2c1
[0001.846] get eeprom at 2-a0, size 256, type 0
[0001.861] Find /i2c@7000c500's alias i2c2
[0001.865] get eeprom at 3-a0, size 256, type 0
[0001.869] get eeprom at 3-ae, size 256, type 0
[0001.881] Find /host1x/i2c@546c0000's alias i2c6
[0001.886] get eeprom at 7-a8, size 256, type 0
[0001.890] pm_ids_update: Updating 1,a2, size 256, type 0
[0001.895] I2C slave not started
[0001.898] I2C write failed
[0001.901] Writing offset failed
[0001.904] eeprom_init: EEPROM read failed
[0001.908] pm_ids_update: eeprom init failed
[0001.912] pm_ids_update: Updating 1,ae, size 256, type 0
[0001.917] I2C slave not started
[0001.920] I2C write failed
[0001.923] Writing offset failed
[0001.926] eeprom_init: EEPROM read failed
[0001.930] pm_ids_update: eeprom init failed
[0001.934] pm_ids_update: Updating 2,a0, size 256, type 0
[0001.939] I2C slave not started
[0001.942] I2C write failed
[0001.945] Writing offset failed
[0001.948] eeprom_init: EEPROM read failed
[0001.952] pm_ids_update: eeprom init failed

Strangely, they seems to work after the U-Boot is launched, but failed in CBoot. We have gone through the documentation you mentioned in your replies, as well as the video, and we haven’t configured anything by ourselves. Besides, we cannot figure out the reason why there is an TOS image comes with Jetpack even if you said TOS is still under development, is it a dummy image reserved for the future use(The documentation of ARM Trusted Firmware mentions Trusted Little Kernel, which doesn’t support Tegra X2 )? We’ll PM you about our usage of TEE due to its confidentiality

tom.icw,
The ‘error’ message can be ignored as it simply indicates there is no secure OS (Trusty) component being built into the OS image. The confusion might come from TOS interface code is initialized by ATF/secure monitor during early ARM boot up for trusted world. Secure OS (Trusty) support schedule is the one I referred to.