Milestone 1 (Approved)
Checklist
| Number | Deliverable | Link | Notes |
|---|---|---|---|
| 0a. | License | 🔗 | See below |
| 0b. | Documentation | 🔗 | See below |
| 0c. | Testing Guide | 🔗 | See below |
| 1. | We will select at least two hardware alternatives (from different providers) that will be used in our proof-of-concept implementation. | See below | |
| 2. | Basic framework and minimal implementations for each selected board to demonstrate feasibility. | See below | |
| 3. | Working examples (hello world alike) and basic configuration to demonstrate Secure Boot and TrustZone. | See below | |
| 4. | Detailed description of the development and testing process. | See below | |
| 5. | Corresponding unit and integration tests | See below |
Overview
Reference boards selection and initial prototyping. As an example, we initially considered the following models:
- Model A: MCIMX6UL-EVKB: i.MX6UltraLite Evaluation Kit by NXP
- Model B: USB Armory Mk-II
- Model C: Colibri iMX6ULL by Toradex
- Model D: Advantech WISE-710
Define applicable toolchains ( Rust, C/C++, etc.)
Development process: Define CI and Testing strategy
Demonstrate feasibility for the selected hardware
License
The repositories referenced in this milestone have all been published under either Apache 2.0 and GNU GPL2.
| Repository | License | Link |
|---|---|---|
| Zondax/web-docs-tee | Apache 2.0 | 📄 License |
| Zondax/tee-substrate-service | Apache 2.0 | 📄 License |
| Zondax/hello-rustee | Apache 2.0 | 📄 License |
| Zondax/buildroot-zondax | GNU GPL2 | 📄 License |
In the sections below we listed each part of this Milestone and the links to their respective test.
Item 1
| Number | Deliverable | Link | Notes |
|---|---|---|---|
| 1. | We will select at least two hardware alternatives (from different providers) that will be used in our proof-of-concept implementation. |
We selected the following boards:
| Number | Deliverable | Vendor | Link |
|---|---|---|---|
| 1. | STM32MP157F-DK2 | ST | 📄 Product Page |
| 2. | 8MMINILPD4-EVKB | NXP | 📄 Product Page |
The criterias we used for the selection is described in this section.
Item 2
| Number | Deliverable | Link | Notes |
|---|---|---|---|
| 2. | Basic framework and minimal implementations for each selected board to demonstrate feasibility. |
As part of the implementation we used Buildroot to develop a custom linux distribution for each board containing essential dependencies that our trusted application needs. This also reduces the number of possible vector attacks, as the number of tools and services, our distribution contains are minimal. Refer to this section for further information about setting-up the basic framework to build our custom linux-distribution and how to run it on each supported device.
In this section you can find further instructions on how to test the basic optee framework that comes as part of our custom linux distribution.
Buildroot is a framework to create custom linux distributions.
Item 3
| Number | Deliverable | Link | Notes |
|---|---|---|---|
| 3. | Working examples (hello world alike) and basic configuration to demonstrate Secure Boot and TrustZone. |
In order to test our setup. We built hello world application which comes pre-installed in the images. In this section we explain how to verify our custom distribution and ensure Optee framework works.
Item 4
| Number | Deliverable | Link | Notes |
|---|---|---|---|
| 4. | Detailed description of the development and testing process. |
There are two tests we need to run to validate our linux-distribution and the optee framework that runs on the supported boards. refer to Optee tests and Hello world demo application sections for the steps to follow to run this validation.
Item 5
| Number | Deliverable | Link | Notes | |
|---|---|---|---|---|
| 5. | Corresponding unit and integration tests |
