Trust Architecture

Trust Architecture is NXP's name for a set of security features on QorIQ/Layerscape SoC's, useful for applications such as:

On ARM Based Layerscape SoC's, this includes ARM's Trust Zone.

Useful documentation

See the training presentations from FTF 2015 (101,102 and 202).

Software impacts

u-boot supports loading Primary Protected Applications (PPA) which run in TrustZone.

From the u-boot Kconfig:

 The FSL Primary Protected Application (PPA) is a software component
      which is loaded during boot stage, and then remains resident in RAM
      and runs in the TrustZone after boot.
      Say y to enable it.

Loading PPA firmware is optional, but is required for applications requiring PSCI or shifts between execution levels, for example, PPA firmware needs to be loaded for EFI support in u-boot to work, as a shift from EL3 to EL2 is part of the EFI process.

Source code for NXP's PPA can be found in the ppa-generic repository, as well as binaries.

Deployment considerations

Deployment and configuration of Trust Architecture functions is outside our (Traverse) field of expertise, we would appreciate any comments about its usage.

Should you need engineering/consultancy services for TrustZone features, please contact us and we will introduce you to the appropriate vendor support channels.