Wifi with trustzone

Hello,
I am using an LPC55s69 from NXP in combination with a mikro10 click wifi board. I try to develop a seucre application that can be called from unsecure, does some calculation, returns the result and publishes it over MQTT. Now I am deseratly trying to set up the wifi following the aws example on mcuxpresso. But this builds as a secure only application end keeps failing when i try to port it to a trustzone application. The best case would be to seperate the calculation as the only secure application even without trustzone and a non secure application running the wifi with freertos but I guess i have to setup the wifi on secure side as well as the calculation. If anybody had a somehow same issue and could give me some advice or guidance on how to setup properly i would be really thankful.

Best regards,
Lukas

Have you looked through this page? https://www.freertos.org/2020/04/using-freertos-on-armv8-m-microcontrollers.html

Is this an example provided by AWS or NXP? If AWS, can you link to it?

I’m confused by that sentence. It would be unusual for something to build as secure only, and if it is secure only then I would assume it was using trustzone already. Can you elaborate?

Yes, that sounds like the way TrustZone should be used, assuming it is the calculation you want to secure. If it is the calculation you want to secure then having the Wi-Fi on the secure side to would make it less secure as you are moving some of the attack surface inside the secure execution.

Hello,
yeah i had a look at the first link you posted an configured the project appropriately. The example i took is from mcuxpresso so i guess its from NXP. I used it because it is the only one using the wifi board i got. The secure only means the 4th property of freertos config where you can set 1 if freetros runs in secure only.

Yeah that exactly the way i wanted to use it. The problem with wifi and trustzone is that i have to setup the wifi board with pins and stuff and this can only be done in the secure application at least it seems like this to me. But i guess there should be a solution to have freertos running on only unsecure side while the calculation is stored in secure side.

Best regards,
Lukas

The secure only means the 4th property of freertos config where you can set 1 if freetros runs in secure only.

If you are talking about configRUN_FREERTOS_SECURE_ONLY, that configuration means that your complete application runs on the secure side. From your description though, it seems that you want to only run some calculation on the secure side and rest of the application on the non-secure side. If so, then configRUN_FREERTOS_SECURE_ONLY must be set to zero or left undefined.

The problem with wifi and trustzone is that i have to setup the wifi board with pins and stuff and this can only be done in the secure application at least it seems like this to me.

It should be possible to configure the pins for non-secure access. Please refer to the documentation for LPC55S69.

Thanks.