Trust Architecture is NXP's name for a set of security features on QorIQ/Layerscape SoC's, useful for applications such as:
Hardware block isolation
Trusted Platform Module-like functions
Manufacturing protection (prevention of overproduction/side-door manufacture)
On ARM Based Layerscape SoC's, this includes ARM's Trust Zone.
See the training presentations from FTF 2015 (101,102 and 202).
u-boot supports loading Primary Protected Applications (PPA) which run in TrustZone.
From the u-boot Kconfig:
The FSL Primary Protected Application (PPA) is a software component which is loaded during boot stage, and then remains resident in RAM and runs in the TrustZone after boot. Say y to enable it.
Loading PPA firmware is optional, but is required for applications requiring PSCI or shifts between execution levels, for example, PPA firmware needs to be loaded for EFI support in u-boot to work, as a shift from EL3 to EL2 is part of the EFI process.
Deployment and configuration of Trust Architecture functions is outside our (Traverse) field of expertise, we would appreciate any comments about its usage.
Should you need engineering/consultancy services for TrustZone features, please contact us and we will introduce you to the appropriate vendor support channels.