Storing data file into Trusty

I am trying to implement programs in TEE on Trusty that applies to Jetson AGX Xavier series. After increasing TZDRAM SIZE, I want to store some confidential data(12MB) in Trusty directly(maybe by flashing), not through TIPC protocol. Is that possible ?

Some configurations are as followings:

carveout.tzdram.size = 0x08000000; #128MB

Thanks !

hello tianchi.yu,

it’s the bootloader allocates a dedicated carveout, TZ-DRAM, to run a secure OS.
here’s commands,$ sudo ./ -k secure-os ... to update the Trusted OS. tos-trusty_t194.img.

Hi, JerryChange

Sorry, maybe my question is not clear. I knew how to update the Trusted OS image.

My question is : is that possible to store some static data file (12MB, not complied programs) in Trusty Memory directly, and they could be read during the execution of TA programs, but not through communications between local CA and TA based on TIPC protocol?


hello tianchi.yu,

you may use the EKB blob, which flashed to EKS partition. you could define the content, however, it has the size limitation to 2MB.
this blob would be encrypted by the key of KEK2 fuse. during boot time, Trusty can decrypt the EKB and backup the content into the secure world.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.