Working with trustzone

Question

Hi, I've recently been diving into the whole trustzone implementation on Zephyr and I'm having trouble understanding how to properly work with it. 
 My question is fairly simple: is there a way to develop two separate pieces of code (a secure and a non-secure) both using zephyr and have them built and merged together in a simple manner, using west for example ? There doesn't seem to be any example on Zephyr's side and the documentation is fairly vague about the procedure.

Heidi · Accepted Answer

Hi! 
 
 Yes, what you're talking about is multi-image builds . 
 
 As an example, you can take a look at how the Secure Partition Manager (SPM) sample is used when building applications for the non-secure partition of the nRF9160 SiP. The SPM sample runs as a secure app, and configures the permissions and resources of the non-secure app, and boots it. This is required to run a non-secure application. So each nRF9160 sample (the parent image) requires the Secure Partition Manager (the child image) to be programmed together with the actual application. 
 
 In this case, the SPM sample is automatically included in the build when building for the non-secure build target (nrf9160dk_nrf9160ns). 
 
 See Default configuration and Defining and enabling a child image for more information on how to include child images in your build.

Best regards, 
 Heidi

Working with trustzone

Top Replies