[TF-M] Re: How is Secure Enclave configured?

Hi Sunguk,

1. TF-M itself doesn't operate as an secure enclave.
2. To operate as an secure enclave, we must adapt secure enclave IP or RSS.

Yep, TF-M is portable firmware and the precise security guarantees depend on the HW used and how the HW features are used to implement the TF-M HAL.

3. RSS is a collection of IPs (LCM, KMU, CryptoCell...).
4. With HW support listed above, keys and crypto operations can be isolated from SW(CPU).

It is made up of those IPs, integrated together into a subsystem that can then be integrated into a SoC. The crypto operations running on RSS are isolated from the application processor in the SoC, and the RSS key management IPs (LCM, KMU, crypto accelerator) mean that keys provisioned in RSS can be used by the accelerator, with HW protections against side-channel attacks, and without even SW running on the RSS CPU reading them.

5. Should we have separate dedicated memory and ROM for RSS core? or is there any IP to provide a dedicated region? or it doesn't necessary?

Yes, RSS needs its own ROM, to provide the immutable root of trust for secure boot, and its own SRAM, so it has isolated memory for runtime data and loaded code. RSS can also be configured with the Secure I-cache (SIC) IP, which allows it to decrypt, authenticate & execute code from memory outside RSS, which can reduce how much SRAM is needed inside the RSS for loaded code.

Kind regards, Jamie

-----Original Message----- From: Sunguk Bin via TF-M tf-m@lists.trustedfirmware.org Sent: Wednesday, October 25, 2023 11:48 AM To: tf-m@lists.trustedfirmware.org Subject: [TF-M] Re: How is Secure Enclave configured?

Jamie, Thanks for your feedback.

I'd like to summarize like below and ask some questions. If there is anything that I misunderstood, please let me know.

1. TF-M itself doesn't operate as an secure enclave. 2. To operate as an secure enclave, we must adapt secure enclave IP or RSS. 3. RSS is a collection of IPs (LCM, KMU, CryptoCell...). 4. With HW support listed above, keys and crypto operations can be isolated from SW(CPU). 5. Should we have separate dedicated memory and ROM for RSS core? or is there any IP to provide a dedicated region? or it doesn't necessary?

Kind Regards, Sunguk -- TF-M mailing list -- tf-m@lists.trustedfirmware.org To unsubscribe send an email to tf-m-leave@lists.trustedfirmware.org