1. 1
ARM Trusted Firmware
LCA14 – March 2014
Andrew Thoelke
Systems & Software, ARM
2. ARM Trusted Firmware for 64-bit ARMv8-A
A refresher
Standardized EL3 Runtime Firmware
Reducing porting and integration work
Reusable, reference implementations
Running on ARMv8-A FVPs and Juno
2
For all 64-bit ARMv8-A systems
For SoC and Trusted OS developers
PSCI
SMC Calling Convention
Configuration of ARM hardware
… and on partner’s silicon
Normal World OS
EL1/EL2
ARM Trusted Firmware
EL3
SoC/platform port
TOS library
https://www.github.com/ARM-Software/arm-trusted-firmware
Trusted App
Secure-EL0
Trusted OS
Secure-EL1
TOS specific
protocol and
mechanism
Trusted OS Dispatcher
App
EL0
TOS driver
TOS specific protocol via SMC
via ioctl
Porting interface
between Trusted
Firmware and SoC/
platform
Interface between
Trusted Firmware and
Trusted OS Dispatcher
ARM Trusted Firmware
Trusted OS supplier
SoC supplier
OS/hypervisor supplier
Trusted App supplier
Internal TOS interface
3. ARM Trusted Firmware for 64-bit ARMv8-A
A refresher
Reference boot flows
Open Source at GitHub
We just released v1.0
3
For 64-bit ARMv8-A systems
BSD License
Contributors welcome
A reason to celebrate?
Trusted World Normal World
Trusted OS Kernel
BL31
EL3 Runtime Firmware
BL2
Trusted Boot
Firmware
BL30
SCP Runtime
Firmware
System &
Power Control
SMCCC
https://www.github.com/ARM-Software/arm-trusted-firmware
BL33
Non-Trusted
Firmware
(e.g. U-Boot,
EDK2)
Key
SCP Execution
EL3 Execution
Secure-EL1 Execution
EL2 Execution
BL1
AP Boot ROM
BL32
Secure-EL1 Payload
BL0
SCP Boot
ROM
Platform Boot
Initialization
Trusted Board
Boot
Trusted Board
Boot
PSCI
World Switch
Library
S-EL1 Payload
Dispatch
SCP Application Processor (AP)
2nd level Boot
Loader (BL2)
loads all 3rd level
images
1st level Boot
Loader (BL1)
loads 2nd level
image
Loading
RESET RESET
4. 4
What’s happened since last time?
https://www.github.com/ARM-Software/arm-trusted-firmware
5. Juno
ARM Trusted Firmware on ARMv8-A silicon
5
PWR
ON
Incremental copy from
AP Trusted RAM to
SCP Trusted RAM
Trusted Boot
Firmware
Explicit API Usage
BL2
https://www.github.com/ARM-Software/arm-trusted-firmware
Juno port upstream
Complete PSCI implementation
Application processor
firmware is all open for
updating by developers
Still to come:
More secure RAM for
Trusted OS porting and
development
Authentication of firmware
images during boot
Secure-EL1 Execution
EL1/EL2 Execution
SCP Boot
ROM
SCP Runtime
Firmware
AP Boot
ROM
SCP Boot
ROM
EL3 Runtime
Firmware
Non-Trusted
Firmware
SCP Trusted ROM SCP Trusted RAM AP Trusted ROM AP Trusted RAM (on chip) Trusted RAM
(on or off chip)
Non-Trusted RAM
SCP Runtime
Firmware
Waiting
PWR
ON
Linux Kernel
External Hand-Off
API
Internal Hand-Off
API
Implicit API Usage
Key
EL3 Execution
Component loading
other Component
SCP Execution
BL0
BL0
BL1
BL30
BL30
BL31
BL33
Secure-EL1
Payload
BL32
Running
EL3 Runtime
Firmware
BL31
Waiting
Running
Running
(optional)
Running
Waiting
Trusted Boot
Firmware
BL2
Trusted/Non-Trusted Boundary
SCP/AP Boundary
via SMC
in BL1
No Execution
Detailed boot flow on Juno
6. Trusted OS and TEE
Support for 3rd party Trusted OS/TEE
Support for secure interrupts and
secure DDR RAM
OP-TEED patches merged this week
6
Supporting different Trusted OS memory
and interrupt requirements
Thank you Jens!
OP-TEE now running on ARMv8-A FVP
models – all code upstream
Normal World OS
EL1/EL2
Trusted App
Secure-EL0
OP-TEE protocol
and mechanism
TEE Client API
OP-TEE client
OS/hypervisor supplier Trusted App supplier Global Platforms spec.
https://www.github.com/ARM-Software/arm-trusted-firmware
Still wanted:
OP-TEE running on ARMv8-A silicon
Dispatchers for other OSS Trusted OSes
ARM Trusted Firmware github.com/OP-TEE
SoC supplier
Internal OP-TEE interface
ARM Trusted Firmware
EL3
SoC/platform port
OP-TEE OS
Secure-EL1
OP-TEE Dispatcher
(OPTEED)
App
EL0
OP-TEE Linux
driver
OP-TEE protocol via SMC
via ioctl
TEE Internal API
Porting interface
between Trusted
Firmware and SoC/
platform
7. Production Platforms
ARM Trusted Firmware running on partners’ ARMv8-A silicon
Alternative boot flows supported
Improved debugging of firmware errors
Easy selection of 32/64-bit execution
7
Reuse of existing secure boot loaders
Reset to RAM firmware
Stable boot flow interfaces
Crash reporting for fatal errors and
unexpected exceptions
Register width for Trusted OS
Exception Level and register width for
normal world software
Platforms with wide I/O addresses
“Follow the manual” CPU specific code
For correct hardware operation
Still to come
Performance and scalability investigation and
improvements
Even more boot flow flexibility – Enterprise
and Networking scenarios
Improving integration for SoC suppliers,
Trusted OS suppliers and OEMs
https://www.github.com/ARM-Software/arm-trusted-firmware
8. Shrinking firmware
The evolution of ARM Trusted Firmware’s memory footprint*
8
64KB ROM RAM
64 128 192 256KB
https://www.github.com/ARM-Software/arm-trusted-firmware
24
16
12
44
20
12
64
36
28
108
96
56
68
52
28
8
4
4
v0.3
v0.4
v1.0
BL1 BL2 BL3-1 BL3-2
292KB
208KB
128KB†
* Memory usage of code and data for a release build of ARM Trusted Firmware for FVP including the TSP
† In v1.0 the peak memory usage is even lower as some of the firmware images are overlayed in the same
memory during the course of booting the platform
9. Next time in ARM Trusted Firmware…
ARM is planning to have contributed
What else shows up depends on you
9
A reference implementation of Trusted Board Boot, up to the non-secure firmware
Support for PSCI v1.0 – a specification update is in progress
Tell us what’s broken
Tell us what’s missing
Send us your improvements … new contributions are always welcome
https://www.github.com/ARM-Software/arm-trusted-firmware