Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

HKG15-502: ARM Trusted Firmware Evolution

HKG15-502: ARM Trusted Firmware Evolution
---------------------------------------------------
Speaker: Andrew Thoelke
Date: February 13, 2015
---------------------------------------------------
★ Session Summary ★
An update on ARM Trusted Firmware and PSCI.
Version 1.1 of ARM Trusted Firmware delivers an initial implementation of Trusted Board Boot and completes support for PSCI. At least, it does so for v0.2 of the PSCI specification – but there is a new version of PSCI. This session provides details on the new version of the standard and the latest ARM Trusted Firmware release.
--------------------------------------------------
★ Resources ★
Pathable: https://hkg15.pathable.com/meetings/250856
Video: http://people.linaro.org/linaro-connect/hkg15/Videos/02-13-Friday/170106%20HKG15%20502%20ARM%20Trusted%20Firmware%20Evolution.mp4
Etherpad: http://pad.linaro.org/p
---------------------------------------------------
★ Event Details ★
Linaro Connect Hong Kong 2015 - #HKG15
February 9-13th, 2015
Regal Airport Hotel Hong Kong Airport
---------------------------------------------------
http://www.linaro.org
http://connect.linaro.org

HKG15-502: ARM Trusted Firmware Evolution

  1. 1. 1 AndrewThoelke Systems & Software,ARM ARM Trusted Firmware Evolution HKG15 – February 2015
  2. 2. 2  Standardized EL3 Runtime Firmware  For all 64-bit ARMv8-A systems  Reducing porting and integration work  For SoC andTrusted OS developers  Reusable, reference implementations  Power State Coordination Interface (PSCI)  SMC Calling Convention  Configuration of ARM hardware  Running on ARMv8-A FVPs and Juno  … and nearly all new ARMv8-A platforms ARM Trusted Firmware for 64-bit ARMv8-A A refresher ARM Trusted Firmware EL3 SoC/platform port Normal World OS EL1/EL2 Trusted OS Secure-EL1 Trusted OS Dispatcher TOSspecific protocoland mechanism Trusted App Secure-EL0 App EL0 TOS driver TOS library TOSspecificprotocolviaSM C viaioctl Porting interface between Trusted Firmware and SoC/ platform Interface between Trusted Firmware and Trusted OS Dispatcher ARM Trusted Firmware Trusted OS supplier SoC supplier OS/hypervisor supplier Trusted App supplier Internal TOS interface
  3. 3. 3  Reference boot flows  For 64-bit ARMv8-A systems  Open Source at GitHub  BSD License  Contributors welcome  We have just released v1.1  Adds authentication toTrusted Board Boot  Many partners porting ARM Trusted Firmware for 64-bit ARMv8-A A refresher BL31 EL3 Runtime Firmware EL2 Execution Secure-EL1 Execution SCP Execution Key EL3 Execution BL33 Non-Trusted Firmware (e.g. U-Boot, EDK2) BL1 AP Boot ROM BL2 Trusted Boot Firmware BL32 Secure-EL1 Payload BL0 SCP Boot ROM BL30 SCP Runtime Firmware Platform Boot Initialization System & Power Control Trusted Board Boot Trusted Board Boot PSCI World Switch Library SMCCC Trusted OS Kernel S-EL1 Payload Dispatch Trusted World Normal World SCP Application Processor (AP) 2nd level Boot Loader (BL2) loads all 3rd level images 1st level Boot Loader (BL1) loads 2nd level image Loading RESET RESET https://github.com/ARM-software/arm-trusted-firmware
  4. 4. 4 Feb 13 Conception ARM has idea of providing reference EL3 software Jun 13 Initiation ARM project scope and proposal Jul 13 Communication Discussions with partners at LCE13 Sep 13 Implementation Initial binaries in Linaro AArch64 release Oct 13 Introduction Source code at GitHub and LCU13 announcement Mar 14 Clarification Mythbusting misconceptions at LCA14 May 14 Adoption Early adopters port to silicon Sep 14 Celebration Juno port OP-TEE support at LCU14 Feb 15 Evolution Complete PSCI 0.2 Start PSCI 1.0 andTrusted Board Boot Porting to 96Boards at HKG15 The story so far…
  5. 5. 5 Introducing TBBR and PSCI 1.0
  6. 6. 6  Prototype for FVP and Juno  Image authentication from Root ofTrust  Keys in chain of trust managed using X.509v3 certificates  Optionally included in BL1 and BL2  Uses PolarSSL (mbedTLS) for cryptography and X.509  Still to come:  Firmware recovery, optional features  Flexibility for alternative cryptography implementation and chains of trust  Optimisation Trusted Board Boot Reference implementation of the ARM TBBR specification Secure-EL1 Execution EL1/EL2 Execution SCP Boot ROM SCP Runtime Firmware AP Boot ROM SCP Boot ROM EL3 Runtime Firmware Non-Trusted Firmware SCP Trusted ROM SCP Trusted RAM AP Trusted ROM AP Trusted RAM (on chip) Trusted RAM (on or off chip) Non-Trusted RAM SCP Runtime Firmware Waiting PWR ON Linux Kernel External Hand-Off API Internal Hand-Off API Implicit API Usage PWR ON Incremental copy from AP Trusted RAM to SCP Trusted RAM Explicit API Usage Key EL3 Execution Loading and Authentication SCP Execution BL0 BL0 BL1 BL30 BL30 BL31 BL33 Secure-EL1 Payload BL32 Running EL3 Runtime Firmware BL31 Waiting Running Running (optional) Running Waiting Trusted Boot Firmware BL2 Trusted Boot Firmware BL2 Trusted/Non-Trusted Boundary SCP/AP Boundary via SMC in BL1 No Execution Detailed boot flow on Juno TBBR Chain of Trust
  7. 7. 7 Power State Coordination Interface PSCI 1.0 Released February 2015  It’s on ARM Infocenter  No click through   Culmination of lots of work involving OS vendors and silicon vendors  Aligned with DeviceTree and ACPI  Simple migration path from PSCI 0.2 – lots of new optional features  Trusted Firmware will be implementing these through 2015  Feedback is always welcome  As with all ARM specifications you can e-mail us direct on errata@arm.com http://infocenter.arm.com/help/topic/com.arm.doc.den0022c/DEN0022C_Power_State_Coordination_Interface.pdf
  8. 8. 8 Core changes:  Removed assumptions on power domain layout to allow better match to hardware  Improved ability for implementation to describe features to the OS Improved diagnostics:  Can optionally provide physical power state from power controller  Can optionally provide statistics on power state usage and residency More options for Idle management:  New OS Initiated mode allows precise control from the OS  You can trade off OS vs firmware complexity depending on your application Improved support for suspend to RAM, and for debug What’s new in PSCI 1.0 Better match to HW - Richer set of options
  9. 9. 9  ARM Trusted Firmware has been rapidly adopted for ARMv8-A based platforms  It will be running in many products this year  It’s about to get easier to start experimenting with secure software on ARMv8-A  We would like upstream platform support for all 96Boards devices  OP-TEE works ‘out of the box’  We are always keen to hear your feedback  Tell us what’s broken  Tell us what’s missing  Send us your improvements … new contributions are always welcome What happens next depends on you
  10. 10. 10 Thank you

×