lcu14 500 arm trusted firmware

1

Andrew Thoelke

Systems & Software, ARM

ARM Trusted Firmware LCA14 – March 2014

2

https://www.github.com/ARM-Software/arm-trusted-firmware

Standardized EL3 Runtime Firmware

For all 64-bit ARMv8-A systems

Reducing porting and integration work

For SoC and Trusted OS developers

Reusable, reference implementations

PSCI

SMC Calling Convention

Configuration of ARM hardware

Running on ARMv8-A FVPs and Juno

… and on partner’s silicon

ARM Trusted Firmware for 64-bit ARMv8-A A refresher

ARM Trusted FirmwareEL3

SoC/platform port

Normal World OSEL1/EL2

Trusted OSSecure-EL1

Trusted OS Dispatcher

TOS

spec

ific

p

roto

col a

nd

m

ech

anis

m

Trusted AppSecure-EL0

AppEL0

TOS driver

TOS library

TOS specific protocol via SMC

via

ioct

l

Porting interface between Trusted

Firmware and SoC/platform

Interface between Trusted Firmware and Trusted OS Dispatcher

ARM Trusted Firmware

Trusted OS supplier

SoC supplier

OS/hypervisor supplier

Trusted App supplier

Internal TOS interface








3


Reference boot flows

For 64-bit ARMv8-A systems

Open Source at GitHub

BSD License

Contributors welcome

We just released v1.0

A reason to celebrate?

ARM Trusted Firmware for 64-bit ARMv8-A A refresher

BL31

EL3 Runtime Firmware

EL2 Execution

Secure-EL1 Execution

SCP Execution

Key

EL3 Execution

BL33

Non-Trusted

Firmware

(e.g. U-Boot,

EDK2)

BL1AP Boot ROM

BL2Trusted Boot

Firmware

BL32

Secure-EL1 Payload

BL0SCP Boot

ROM

BL30

SCP Runtime

Firmware

Platform Boot

Initialization

System &

Power Control

Trusted Board

Boot

Trusted Board

Boot

PSCI

World Switch

Library

SMCCC

Trusted OS Kernel

S-EL1 Payload

Dispatch

Trusted World Normal World

SCP Application Processor (AP)

2nd level Boot

Loader (BL2)

loads all 3rd level

images

1st level Boot

Loader (BL1)

loads 2nd level

image

Loading

RESET RESET








4


What’s happened since last time?








5


Juno port upstream

Complete PSCI implementation

Application processor

firmware is all open for

updating by developers

Still to come:

More secure RAM for

Trusted OS porting and

development

Authentication of firmware

images during boot

Juno ARM Trusted Firmware on ARMv8-A silicon

Secure-EL1 Execution

EL1/EL2 Execution

SCP Boot

ROM

SCP Runtime

Firmware

AP Boot

ROM

SCP Boot

ROM

EL3 Runtime

Firmware

Non-Trusted

Firmware

SCP Trusted ROM SCP Trusted RAM AP Trusted ROM AP Trusted RAM (on chip) Trusted RAM

(on or off chip)Non-Trusted RAM

SCP Runtime

Firmware

Waiting

PWR

ON

Linux Kernel

External Hand-Off

API

Internal Hand-Off

API

Implicit API Usage

PWR

ON

Incremental copy from

AP Trusted RAM to

SCP Trusted RAM

Explicit API Usage

Key

EL3 Execution

Component loading

other Component

SCP Execution

BL0

BL0

BL1

BL30

BL30

BL31

BL33

Secure-EL1

PayloadBL32

Running

EL3 Runtime

FirmwareBL31

Waiting

Running

Running

(optional)

Running

Waiting

Trusted Boot

Firmware

BL2

Trusted Boot

Firmware

BL2

Trusted/Non-Trusted Boundary

SCP/AP Boundary

via SMC

in BL1

No Execution

Detailed boot flow on Juno








6


Support for secure interrupts and

secure DDR RAM

Supporting different Trusted OS memory

and interrupt requirements

OP-TEED patches merged this week

Thank you Jens!

OP-TEE now running on ARMv8-A FVP

models – all code upstream

Still wanted:

OP-TEE running on ARMv8-A silicon

Dispatchers for other OSS Trusted OSes

Trusted OS and TEE Support for 3rd party Trusted OS/TEE

ARM Trusted Firmware github.com/OP-TEE

SoC supplier

OS/hypervisor supplier Trusted App supplier Global Platforms spec.

Internal OP-TEE interface

ARM Trusted FirmwareEL3

SoC/platform port

Normal World OSEL1/EL2

OP-TEE OSSecure-EL1

OP-TEE Dispatcher(OPTEED)

OP

-TEE

pro

toco

l an

d m

ech

anis

m

Trusted AppSecure-EL0

AppEL0

OP-TEE Linux driver

OP-TEE client

OP-TEE protocol via SMC

via

ioct

l

TEE Client API

TEE Internal API

Porting interface between Trusted

Firmware and SoC/platform








7


Alternative boot flows supported

Reuse of existing secure boot loaders

Reset to RAM firmware

Stable boot flow interfaces

Improved debugging of firmware errors

Crash reporting for fatal errors and

unexpected exceptions

Easy selection of 32/64-bit execution

Register width for Trusted OS

Exception Level and register width for

normal world software

Platforms with wide I/O addresses

“Follow the manual” CPU specific code

For correct hardware operation

Still to come

Performance and scalability investigation and

improvements

Even more boot flow flexibility – Enterprise

and Networking scenarios

Improving integration for SoC suppliers,

Trusted OS suppliers and OEMs

Production Platforms ARM Trusted Firmware running on partners’ ARMv8-A silicon








8


Shrinking firmware The evolution of ARM Trusted Firmware’s memory footprint*

24

16

12

44

20

12

64

36

28

108

96

56

68

52

28

8

4

4

64KB 64 128 192 256KB

v0.3

v0.4

v1.0

BL1 BL2 BL3-1 BL3-2

ROM RAM

292KB

208KB

128KB†

* Memory usage of code and data for a release build of ARM Trusted Firmware for FVP including the TSP † In v1.0 the peak memory usage is even lower as some of the firmware images are overlayed in the same memory during the course of booting the platform








9


ARM is planning to have contributed

A reference implementation of Trusted Board Boot, up to the non-secure firmware

Support for PSCI v1.0 – a specification update is in progress

What else shows up depends on you

Tell us what’s broken

Tell us what’s missing

Send us your improvements … new contributions are always welcome

Next time in ARM Trusted Firmware…








10


Thank you






