Hi,
We would like to protect trusted application heap memory against cryogenic attacks. We think a good method to achieve this is by employing the Bus Encryption Engine hardware in our i.MX6UL. For testing, I currently configure the BEE in U-Boot, to encrypt the Op-Tee TA_RAM area (0x8e100000-8f9fffff), and make it available unencryptedly at 0x10000000-0x118fffff. TA_RAM_START is set to 0x10000000 and this seems to work, but I have a few questions: 1. Does area TA_RAM_START:TA_RAM_SIZE hold all TA code, stack and heap? 2. Access privileges to 0x10000000-0x118fffff have been set to *Non-Secure User none, Non-Secure Spvr none, Secure User RD + WR, Secure Spvr RD + WR*, but much to my surprise, *Non-Secure User none, Non-Secure Spvr none, Secure User none, Secure Spvr RD + WR* worked equally well.
I can provide a memory map if useful, but I'd rather not post that at forehand.
If this works well, achieves our goal and the performance penalty is acceptable, we will roll this into an Op-Tee driver.
With kind regards,
Robert.