Occasional ContributorHi,
Is Arm Trust Zone supported on HPS? If so is the implementation of TEE supported on Agilex 5? I've checked TF-A sources and it seems that BL2 on this platform loads only BL31 and BL33. How about BL32?
Is there an OP-TEE support? If not, are there any plans to provide it in the nearest feature?
Occasional ContributorHi rdrr,
Just to consolidate the responses in this thread.
Agilex 5 HPS supports Arm TrustZone at the hardware level. The current released TF-A platform flow loads BL31 (EL3 runtime) and BL33 (non-secure OS). BL32 is not enabled by default in the reference software.
While there is no publicly released OP-TEE design example today, the platform hardware and TF-A architecture are capable of supporting a TEE. OP-TEE enablement is an area of active internal work.
Potential use cases under evaluation include secure key access and secure services. A design example is being considered for a second-half-2026 timeframe, subject to roadmap prioritization.
Feedback on concrete use cases such as RPMB-backed secure storage is welcome and helps guide direction.
JL
Occasional ContributorMay I know, what kind of use-cases you are intending to use the OP-TEE OS BL32 for? This will give us some inputs/feedbacks on our roadmap. Thanks
Occasional ContributorHi, thanks. OP-TEE Secure Storage through RPMB would be useful :)
ModeratorDear Customer,
Glad that your doubts has been clarify. If there are no further inquiries during this period, I will step back and allow the community to assist with any future follow-up questions.
Thank you for engaging with us!
Best regards,
Altera Technical Support
New ContributorHi rdrr,
We don't have a ready-to-go OPTEE design example for Agilex 5 right now, but it is on our roadmap. Depending on your timeline, this may be a project we can develop with your input.
Our hardware and AFT can support OPTEE, but today you would need to make the ATF changes required yourself.
New Contributorhi rdrr rdrr,
I'm aware that the Devs at Altera are looking at OP-TEE closely, with some internal progress already achieved. The release timelines are likely late this year, but reach out to us if you want to shape it to match your requirements.
Secure key access for TAs, is one of the use-cases being targeted.
thanks!
