Hi,
I am trying to implement programs in TEE on Trusty that applies to Jetson AGX Xavier series. After increasing TZDRAM SIZE, I want to store some confidential data(12MB) in Trusty directly(maybe by flashing), not through TIPC protocol. Is that possible ?
it’s the bootloader allocates a dedicated carveout, TZ-DRAM, to run a secure OS.
here’s commands,$ sudo ./flash.sh -k secure-os ... to update the Trusted OS. tos-trusty_t194.img.
Sorry, maybe my question is not clear. I knew how to update the Trusted OS image.
My question is : is that possible to store some static data file (12MB, not complied programs) in Trusty Memory directly, and they could be read during the execution of TA programs, but not through communications between local CA and TA based on TIPC protocol?
you may use the EKB blob, which flashed to EKS partition. you could define the content, however, it has the size limitation to 2MB.
this blob would be encrypted by the key of KEK2 fuse. during boot time, Trusty can decrypt the EKB and backup the content into the secure world.