Hi Everyone, I have been trying to port the qca_demo (basically for a WiFi connectivity demo that uses FreeRTOS for the WiFi driver) into TrustZone. So, far I have encountered tons of problems because of the TZ scheme that partitions memory. My current setup in the FreeRTOSConfig.h is the following:
Could you please review the following FreeRTOS blog post on using TrustZone with FreeRTOS. It details how to setup your FreeRTOS configs for ports with TrustZone support.
With the current config configRUN_FREERTOS_SECURE_ONLY = 0, FreeRTOS is not configured to run on the TZ secure side. Is the wifi task calling any TZ secure side code?
Thank you very much for your response. I did read the blogpost carefully while setting this up and that’s why I decided to try to enable it without MPU and FPU to simplify things a bit. The provided example TZ apps were set up with MPU/FPU to begin with so I deactivated them. I think I got it working by now with a few more tweaks actually without calling anything on the TZ secure side. But, previously, I think I called one non-secure callable function (secure side) with this setup and I could do so from the non-secure side. Don’t the following two lines mean that we request for TZ secure support on the non-secure side?
I was wondering why the WiFi driver was actually set up with the following configuration when it was running without TZ at all. Do you have any insights on this too by any chance?
I have also been discussing with someone from NXP as I am using their board. Please look for a thread titled “Porting the qca_demo into TrustZone for board lpcxpresso55s69” on NXP forum (sorry I am still not allowed to post links here). This thread documents the problems I had when enabling the RTOS tasks and the WiFi driver.
Yes this means that FreeRTOS runs on non-secure side, so FreeRTOS tasks are allowed to interact with secure side only through Non-secure callable functions.
Yes, the configuration is mutually exclusive configENABLE_TRUSTZONE enables FreeRTOS on Non-Secure side while configRUN_FREERTOS_SECURE_ONLY means FreeRTOS runs on secure side.
From your setup it seems WiFi driver task is created on Non-Secure side. Can you make sure the driver is accessing any secure side code without using an Non-Secure callable function ?
Hi @ravibhagavandas , thanks so much for your response. I actually had to make things accessible from the non-secure side without the help of non-secure callable function. So you’re probably right. With this setup, it is currently working fine.
Hi @yuripo , thanks for your text. I got your text as well on NXP forum, but for some reason I could not log in there. There has been some issue that says that the website is under maintenance. Sorry about that. And it looks like I can’t upload anything here as well because I am a new user. Perhaps you can send me an email address that I can send the code to? Sorry and thanks again.
Actually, there is another code that has been confirmed to work by @yuripo. One has to use the same board, namely LPCXpresso55S69, with MCUXpressoIDE_11.6.0_8187 using SDK 2.12.0 to compile it. Unfortunately, I can’t upload it here (there is a limit of 4MB), so you can let me know if you need one.