The STM32MP1 package is now based on v.6.1.28 of the Linux kernel and includes OP-TEE — the Open Portable Trusted Execution Environment.

OP-TEE provides a mechanism to isolate so called Trusted Applications (TA) from the rest of the system, and this isolation is enforced by the MPU hardware (ARM TrustZone technology in this case).

An example use case of a TA is managing encryption keys. The keys are stored within the TA and no other app or even the Linux kernel is able to access the sensitive data.

Additional information about the OP-TEE can be found here: https://wiki.st.com/stm32mpu/wiki/OP-TEE_overview

And more information about the Emcraft STM32MP1 Linux BSP is here: https://emcraft.com/products/1062#software

If you need help designing an embedded system with special security requirements, we can assist. Send us an This e-mail address is being protected from spambots. You need JavaScript enabled to view it to initiate a discussion.