How to enable secure booting from TrustZone and bring up TFA and OPTEE? thanks!

Hi Experts,

We plan to use Rock PI4A in our security product. Need to enable entire secure booting from TrustZone and get OPTEE up-running in secure world so we could deploy our own Trusted application on top of OPTEE.

Part of process, we need to configure and reserve secure portion of SDRAM and peripherals to make them only accessible by secure world via TZASC/TZPC hardware controller. Also we need to extend OPTEE-OS to deploy our own Pseudo-TA.

Other than that, what are process to get BL31/BL32 etc. signed and deploy verifying public key into eFUSE?

Can you please share with me some guidance how they can be done and where to get started?

Much Appreciated!
Lei Zhou