lcu14 500 arm trusted firmware
DESCRIPTION
LCU14 500 ARM Trusted Firmware --------------------------------------------------- Speaker: Andrew Thoelke Date: September 19, 2014 --------------------------------------------------- ★ Resources ★ Zerista: http://lcu14.zerista.com/event/member/137787 Google Event: https://plus.google.com/u/0/events/c6cbh0rr2488ls6bkogvi4ggcic Video: https://www.youtube.com/watch?v=je0_-yYgKdc&list=UUIVqQKxCyQLJS6xvSmfndLA Etherpad: http://pad.linaro.org/p/lcu14-500 --------------------------------------------------- ★ Event Details ★ Linaro Connect USA - #LCU14 September 15-19th, 2014 Hyatt Regency San Francisco Airport --------------------------------------------------- http://www.linaro.org http://connect.linaro.orgTRANSCRIPT
1
Andrew Thoelke
Systems & Software, ARM
ARM Trusted Firmware LCA14 – March 2014
2
https://www.github.com/ARM-Software/arm-trusted-firmware
Standardized EL3 Runtime Firmware
For all 64-bit ARMv8-A systems
Reducing porting and integration work
For SoC and Trusted OS developers
Reusable, reference implementations
PSCI
SMC Calling Convention
Configuration of ARM hardware
Running on ARMv8-A FVPs and Juno
… and on partner’s silicon
ARM Trusted Firmware for 64-bit ARMv8-A A refresher
ARM Trusted FirmwareEL3
SoC/platform port
Normal World OSEL1/EL2
Trusted OSSecure-EL1
Trusted OS Dispatcher
TOS
spec
ific
p
roto
col a
nd
m
ech
anis
m
Trusted AppSecure-EL0
AppEL0
TOS driver
TOS library
TOS specific protocol via SMC
via
ioct
l
Porting interface between Trusted
Firmware and SoC/platform
Interface between Trusted Firmware and Trusted OS Dispatcher
ARM Trusted Firmware
Trusted OS supplier
SoC supplier
OS/hypervisor supplier
Trusted App supplier
Internal TOS interface
3
https://www.github.com/ARM-Software/arm-trusted-firmware
Reference boot flows
For 64-bit ARMv8-A systems
Open Source at GitHub
BSD License
Contributors welcome
We just released v1.0
A reason to celebrate?
ARM Trusted Firmware for 64-bit ARMv8-A A refresher
BL31
EL3 Runtime Firmware
EL2 Execution
Secure-EL1 Execution
SCP Execution
Key
EL3 Execution
BL33
Non-Trusted
Firmware
(e.g. U-Boot,
EDK2)
BL1AP Boot ROM
BL2Trusted Boot
Firmware
BL32
Secure-EL1 Payload
BL0SCP Boot
ROM
BL30
SCP Runtime
Firmware
Platform Boot
Initialization
System &
Power Control
Trusted Board
Boot
Trusted Board
Boot
PSCI
World Switch
Library
SMCCC
Trusted OS Kernel
S-EL1 Payload
Dispatch
Trusted World Normal World
SCP Application Processor (AP)
2nd level Boot
Loader (BL2)
loads all 3rd level
images
1st level Boot
Loader (BL1)
loads 2nd level
image
Loading
RESET RESET
4
https://www.github.com/ARM-Software/arm-trusted-firmware
What’s happened since last time?
5
https://www.github.com/ARM-Software/arm-trusted-firmware
Juno port upstream
Complete PSCI implementation
Application processor
firmware is all open for
updating by developers
Still to come:
More secure RAM for
Trusted OS porting and
development
Authentication of firmware
images during boot
Juno ARM Trusted Firmware on ARMv8-A silicon
Secure-EL1 Execution
EL1/EL2 Execution
SCP Boot
ROM
SCP Runtime
Firmware
AP Boot
ROM
SCP Boot
ROM
EL3 Runtime
Firmware
Non-Trusted
Firmware
SCP Trusted ROM SCP Trusted RAM AP Trusted ROM AP Trusted RAM (on chip) Trusted RAM
(on or off chip)Non-Trusted RAM
SCP Runtime
Firmware
Waiting
PWR
ON
Linux Kernel
External Hand-Off
API
Internal Hand-Off
API
Implicit API Usage
PWR
ON
Incremental copy from
AP Trusted RAM to
SCP Trusted RAM
Explicit API Usage
Key
EL3 Execution
Component loading
other Component
SCP Execution
BL0
BL0
BL1
BL30
BL30
BL31
BL33
Secure-EL1
PayloadBL32
Running
EL3 Runtime
FirmwareBL31
Waiting
Running
Running
(optional)
Running
Waiting
Trusted Boot
Firmware
BL2
Trusted Boot
Firmware
BL2
Trusted/Non-Trusted Boundary
SCP/AP Boundary
via SMC
in BL1
No Execution
Detailed boot flow on Juno
6
https://www.github.com/ARM-Software/arm-trusted-firmware
Support for secure interrupts and
secure DDR RAM
Supporting different Trusted OS memory
and interrupt requirements
OP-TEED patches merged this week
Thank you Jens!
OP-TEE now running on ARMv8-A FVP
models – all code upstream
Still wanted:
OP-TEE running on ARMv8-A silicon
Dispatchers for other OSS Trusted OSes
Trusted OS and TEE Support for 3rd party Trusted OS/TEE
ARM Trusted Firmware github.com/OP-TEE
SoC supplier
OS/hypervisor supplier Trusted App supplier Global Platforms spec.
Internal OP-TEE interface
ARM Trusted FirmwareEL3
SoC/platform port
Normal World OSEL1/EL2
OP-TEE OSSecure-EL1
OP-TEE Dispatcher(OPTEED)
OP
-TEE
pro
toco
l an
d m
ech
anis
m
Trusted AppSecure-EL0
AppEL0
OP-TEE Linux driver
OP-TEE client
OP-TEE protocol via SMC
via
ioct
l
TEE Client API
TEE Internal API
Porting interface between Trusted
Firmware and SoC/platform
7
https://www.github.com/ARM-Software/arm-trusted-firmware
Alternative boot flows supported
Reuse of existing secure boot loaders
Reset to RAM firmware
Stable boot flow interfaces
Improved debugging of firmware errors
Crash reporting for fatal errors and
unexpected exceptions
Easy selection of 32/64-bit execution
Register width for Trusted OS
Exception Level and register width for
normal world software
Platforms with wide I/O addresses
“Follow the manual” CPU specific code
For correct hardware operation
Still to come
Performance and scalability investigation and
improvements
Even more boot flow flexibility – Enterprise
and Networking scenarios
Improving integration for SoC suppliers,
Trusted OS suppliers and OEMs
Production Platforms ARM Trusted Firmware running on partners’ ARMv8-A silicon
8
https://www.github.com/ARM-Software/arm-trusted-firmware
Shrinking firmware The evolution of ARM Trusted Firmware’s memory footprint*
24
16
12
44
20
12
64
36
28
108
96
56
68
52
28
8
4
4
64KB 64 128 192 256KB
v0.3
v0.4
v1.0
BL1 BL2 BL3-1 BL3-2
ROM RAM
292KB
208KB
128KB†
* Memory usage of code and data for a release build of ARM Trusted Firmware for FVP including the TSP † In v1.0 the peak memory usage is even lower as some of the firmware images are overlayed in the same memory during the course of booting the platform
9
https://www.github.com/ARM-Software/arm-trusted-firmware
ARM is planning to have contributed
A reference implementation of Trusted Board Boot, up to the non-secure firmware
Support for PSCI v1.0 – a specification update is in progress
What else shows up depends on you
Tell us what’s broken
Tell us what’s missing
Send us your improvements … new contributions are always welcome
Next time in ARM Trusted Firmware…
10
https://www.github.com/ARM-Software/arm-trusted-firmware
Thank you