Page MenuHomePhabricator

Secure Enclave solution for TF-M
Open, Needs TriagePublic


Design document draft uploaded for review describing the details:

Tech forum presentation was held about the topic an 6th August.

PoC implementation with minimal features uploaded, marked as WIP:

Event Timeline

Notes, missing features for current uploaded source changes:
• No support for isolation level2 on SSE-200
• Protected Storage is an Application RoT partition, but PS also moved to Secure Enclave
• Some regression tests running on secure side of SSE-200 fail as all messages are forwarded with the same client ID to Secure Enclave
• All IPC message forwarding is a blocking call
• Only one message is put into the mailbox at a time
• Musca-B1 related documentation is not complete yet
• Generated files are not committed, manifest parser should be run before build.
• The BL0 component mentioned in the tech forum presentation is not uploaded, as it is based on the new cmake system, and not so interesting right now
• Cmake changes are rudimentary, will be rebased to new cmake system.