Is there support for the TPM? Have not found it in the boot init sequence nor the DTS.
Does not have to be dedicated TPM chip TrustZone implementation would be sufficient?
Would that you the OP-TEE or the QSEECOM?
Dear customer,
Are you inquiring about the Trusted Execution Environment (TEE) on the Qualcomm platform?
The 6490 chipset inherently supports this functionality, eliminating the need for an additional chip.
You may refer to this document for further information:
Yes I’m asking about the TEE. Mainly if the Trusted part Trusted OS, if it’s locked down or can be build from source? The question is connected to the trusted services - trustlets - that usually require to be signed in order to be loaded.
I assume also from the Trusted side it’s possible to control the QFPROM fuses.
Dear customer,we are currently syncing this issue internally.
Dear customer
Could you please provide a detailed description of your specific requirements from a functional perspective?
Are you looking to store data? If so,could you please share what type of data it is?
Sure, first application is definitely full disc encryption using LUKS, so in ideal case the TZ would generate and store the key. It would be of course exposed to normal boot during the boot (first to create such device, just once, then on each boot to decrypt the device). Linux stores it in memory which compromises the key but that’s acceptable as the device could be secured by using “Secure boot”.
That’s the second usage as TPM to store hashes of each step to deliver Measured Boot chain.
Once booted the third case would be to have some keystore trustlet that would securely store keys e.g. OTA update key to decrypt the payload so it can’t be easily dumped off the rootfs.
Last case would be pretty similar just as backend that supports gnupg for the private keys and ssh same for private keys. So plugin/extension of the trusted keymanager.
Plus some utility to verify that the platform is secure, so read the QFPROM fuses. In ideal case integrate it with existing tools such as sbctl
So to answer your question yes store data both symmetric and asymmetric keys + hashes (for TPM).
Dear customer,
The 6490 platform supports this functionality; however, it has not been tested on the RubikPi, and our development team is unable to provide further assistance.
You may refer to the following information for guidance:
Documentation:
Qualcomm_Trusted_Execution_Environment_5_0_Reference_Manual.pdf
Documentation Link: