Dear All,

 

Following the tech forum presentation (back in 6^th August) I uploaded the draft design document for the Secure Enclave topic:

https://review.trustedfirmware.org/c/TF-M/trusted-firmware-m/+/5653

 

I also updated the first implementation of the proposed solution for the Musca-B1 board with minimal features, marked as WIP:

https://review.trustedfirmware.org/q/topic:%22Secure+Enclave%22+(status:open%20OR%20status:merged)

Limitations, missing features, notes:

• No support for isolation level2 on SSE-200
• Protected Storage is an Application RoT partition, but PS also moved to Secure Enclave
• Some regression tests running on secure side of SSE-200 fail as all messages are forwarded with the same client ID to Secure Enclave
• All IPC message forwarding is a blocking call
• Only one message is put into the mailbox at a time
• Musca-B1 related documentation is not complete yet
• Generated files are not committed, manifest parser should be run before build.
• The BL0 component mentioned in the tech forum presentation is not uploaded, as it is based on the new cmake system, and not so interesting right now
• Cmake changes are rudimentary, will be rebased to new cmake system.

 

Any feedback very welcomed!

 

Best regards,

Márk Horváth

Senior Software Engineer

Mark.Horvath@arm.com

Arm Hungary Kft., Corvin Offices II, Crystal Tower, Budapest, Futó u. 45. H-1082 Hungary

www.arm.com