FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

What is the difference between trusted and optee boot scheme?

Go to solution
Shashikanth
Associate II

‎2023-04-12 10:42 PM

What is boot scheme lables.

I am refering to link below it is given as " defines which kind of boot is supported on the board"

What it means.

referring to link below: 

https://wiki.st.com/stm32mpu/wiki/STM32_MPU_OpenSTLinux_release_note_-_v4.1.0#Bootscheme_labels

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Erwan SZYMANSKI
ST Employee
In response to Shashikanth

‎2023-04-14 03:28 AM

Hello @Shashikanth​ ,

First, thank you for the real good explanations of @Awell.1​ that made a really great summary of the difference between "optee" and "trusted" boot. Thanks for your contribution !

@Shashikanth​ , since OSTL 4.X version, OP-TEE is mandatory for the boot of the system, and trusted boot is not adviced/supported anymore. Trusted boot is using SPMIN that is a different mechanism handled by TF-A. That is why on recent deliveries, you will have to use OPTEE !

Kind regards,

Erwan.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

View solution in original post

0 Kudos
4 REPLIES 4
Go to solution
Awell.11
Associate

‎2023-04-12 11:36 PM

Trusted and OP-TEE (Open Portable Trusted Execution Environment) are two different boot schemes used in secure systems.

Trusted boot is a security mechanism that verifies the integrity of a device's firmware and software during boot-up. It ensures that the system boots with only trusted and verified components, preventing any malicious code from executing at boot time. Trusted boot relies on a chain of trust, where each component verifies the next before allowing it to execute.

On the other hand, OP-TEE is a secure environment that runs in a separate, isolated part of the system's memory, typically referred to as the Trusted Execution Environment (TEE). OP-TEE provides a secure execution environment for sensitive operations such as cryptography and secure storage. It also enables secure interprocess communication between normal world (NW) and secure world (SW) components.

While both trusted boot and OP-TEE aim to enhance the security of a system, they operate at different levels of the system. Trusted boot focuses on ensuring that only trusted and verified components are loaded during boot-up, while OP-TEE provides a secure environment for executing sensitive operations.

0 Kudos
Go to solution
Shashikanth
Associate II

‎2023-04-12 11:46 PM

Thank you @Awell.1​ for your explanation.

Even though i am aware of these terms i wanted to understand in STM32MP BSP yocto build what is the use of these labels.

whether it affects the booting flow.

In my yocto build the variable is assigned with value as below.

BOOTSCHEME_LABELS=" optee"

But the boot flow is TF-A ->Optee->Uboot->kernel

whether setting optee alone will auto select the trusted BOOTSCHEME_LABELS.

What is the case if i set only trusted in BOOTSCHEME_LABELS.

0 Kudos
Go to solution
Erwan SZYMANSKI
ST Employee
In response to Shashikanth

‎2023-04-14 03:28 AM

Hello @Shashikanth​ ,

First, thank you for the real good explanations of @Awell.1​ that made a really great summary of the difference between "optee" and "trusted" boot. Thanks for your contribution !

@Shashikanth​ , since OSTL 4.X version, OP-TEE is mandatory for the boot of the system, and trusted boot is not adviced/supported anymore. Trusted boot is using SPMIN that is a different mechanism handled by TF-A. That is why on recent deliveries, you will have to use OPTEE !

Kind regards,

Erwan.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
0 Kudos
Go to solution
Shashikanth
Associate II
In response to Erwan SZYMANSKI

‎2023-04-14 03:34 AM

Thank you @Erwan SZYMANSKI​,

This clarifies my doubt.

0 Kudos
Top