Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
ARM Trusted Firmware
From Embedded to Enterprise
Dan Handley
ENGINEERS
AND DEVICES
WORKING
TOGETHER
Agenda
● Quick recap
● Project news
● Security hardening
● AArch32 support
● Other ...
ENGINEERS AND DEVICES
WORKING TOGETHER
ARM Trusted Firmware for AArch64 ARMv8-A
● Reference EL3 Runtime
○ Standard power c...
ENGINEERS
AND DEVICES
WORKING
TOGETHER
Agenda
● Quick recap
● Project news
● Security hardening
● AArch32 support
● Other ...
ENGINEERS AND DEVICES
WORKING TOGETHER
TF inbound license model
● Before accepting code, ARM asks contributors to sign a C...
ENGINEERS AND DEVICES
WORKING TOGETHER
We've ditched the CLA!
● Move to inbound = outbound model, retaining BSD-3-clause l...
ENGINEERS AND DEVICES
WORKING TOGETHER
TF releases
● v1.2 created at start of year
● v1.3 coming very soon
Future:
● More ...
ENGINEERS
AND DEVICES
WORKING
TOGETHER
Agenda
● Quick recap
● Project news
● Security hardening
● AArch32 support
● Other ...
ENGINEERS AND DEVICES
WORKING TOGETHER
TF security incident handling
● Need to handle security vulnerabilities differently...
ENGINEERS AND DEVICES
WORKING TOGETHER
Security hardening - completed
● Process improvements
● Independent code audit
● Us...
ENGINEERS AND DEVICES
WORKING TOGETHER
Security hardening - future
● Independent white box testing
● Improved secure codin...
ENGINEERS
AND DEVICES
WORKING
TOGETHER
Agenda
● Quick recap
● Project news
● Security hardening
● AArch32 support
● Other ...
ENGINEERS AND DEVICES
WORKING TOGETHER
AArch32 TF
Challenges
● Many existing AArch32 systems
○ Hard to standardize back in...
ENGINEERS AND DEVICES
WORKING TOGETHER
Initial AArch32 TF solution
● PSCI library
○ Reference integration into AArch32 EL3...
ENGINEERS AND DEVICES
WORKING TOGETHER
AArch64 boot flow
Running
S-EL1 Execution
EL2/EL1 Execution
AP Boot
ROM
SoC AP
Firm...
ENGINEERS AND DEVICES
WORKING TOGETHER
AArch32 boot flow
Running
EL3/S-EL1 Execution
EL2/EL1 Execution
AP Boot
ROM
SoC AP
...
ENGINEERS AND DEVICES
WORKING TOGETHER
TF PSCI library
● Common in-source library for AArch64 and AArch32
○ Uses existing ...
ENGINEERS AND DEVICES
WORKING TOGETHER
New image loading code: LOAD_IMAGE_V2
● BL2 no longer has hardcoded awareness of sp...
ENGINEERS AND DEVICES
WORKING TOGETHER
AArch32 and image loading future
In progress:
● Fully enable TBBR for LOAD_IMAGE_V2...
ENGINEERS
AND DEVICES
WORKING
TOGETHER
Agenda
● Quick recap
● Project news
● Security hardening
● AArch32 support
● Other ...
ENGINEERS AND DEVICES
WORKING TOGETHER
Translation table library enhancements
Completed:
● Uncached memory type
● 4 level ...
ENGINEERS AND DEVICES
WORKING TOGETHER
RAM savings - future
● Use non-identity mappings to reduce page table size
● Use 't...
ENGINEERS AND DEVICES
WORKING TOGETHER
Speed performance
Completed:
● PSCI STATs implementation
● Performance Measurement ...
ENGINEERS AND DEVICES
WORKING TOGETHER
Other enhancements - completed
● New IP support - Cortex-A32, Cortex-A35, Cortex-A7...
ENGINEERS AND DEVICES
WORKING TOGETHER
Other enhancements - future
● Dynamic configuration support
○ Images to load/execut...
Thank You
#LAS16
For further information: www.linaro.org
LAS16 keynotes and videos on: connect.linaro.org
Upcoming SlideShare
Loading in …5
×

LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded

2,276 views

Published on

LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Speakers:
Date: September 29, 2016

★ Session Description ★
ARM Trusted Firmware has established itself as a key part of the ARMv8-A software stack. Broadening its applicability across all segments, from embedded to enterprise, is challenging. This session discusses the latest developments, including extension into the 32-bit space.

★ Resources ★
Etherpad: pad.linaro.org/p/las16-402
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-402/

★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org

Published in: Technology
  • Be the first to comment

LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded

  1. 1. ARM Trusted Firmware From Embedded to Enterprise Dan Handley
  2. 2. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Quick recap ● Project news ● Security hardening ● AArch32 support ● Other enhancements ○ Translation table library ○ RAM saving ○ Speed performance
  3. 3. ENGINEERS AND DEVICES WORKING TOGETHER ARM Trusted Firmware for AArch64 ARMv8-A ● Reference EL3 Runtime ○ Standard power control (PSCI) ○ Optional Trusted OS integration ● Trusted boot firmware ○ Optional ○ Compatible with other firmware ● Applicable to all segments ● Open Source at GitHub ○ BSD-3-clause license ○ Contributions welcome AP_BL31 EL3 Runtime Firmware EL2 Execution Secure-EL1 Execution Key EL3 Execution AP_BL33 Normal World Firmware (e.g. U-Boot, EDK2) AP_BL1 Boot ROM AP_BL2 Trusted Boot Firmware AP_BL32 Secure-EL1 Payload Trusted Board Boot Trusted Board Boot PSCI World Switch Library SMCCC Trusted OS Kernel S-EL1 Payload Dispatch Secure World Normal World 2nd level Boot Loader (BL2) loads other images 1st level Boot Loader (BL1) loads 2nd level image Loading RESET https://github.com/ARM-software/arm-trusted-firmware
  4. 4. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Quick recap ● Project news ● Security hardening ● AArch32 support ● Other enhancements ○ Translation table library ○ RAM saving ○ Speed performance
  5. 5. ENGINEERS AND DEVICES WORKING TOGETHER TF inbound license model ● Before accepting code, ARM asks contributors to sign a CLA ○ Based on Apache license ○ Includes a list of authorized contributors (for companies) ● Has some benefits: ○ Corporate legal departments like them ○ Easier to change outbound license later ○ Signing once covers all ARM-maintained OSS projects (that use the CLA) ● But some serious drawbacks: ○ Can get stuck in corporate legal departments ○ Not popular with OSS developers ○ High barrier to entry ○ High admin overhead
  6. 6. ENGINEERS AND DEVICES WORKING TOGETHER We've ditched the CLA! ● Move to inbound = outbound model, retaining BSD-3-clause license ● All contributions accepted under DCO with "Signed-off-by" in commit message ○ Developer Certificate of Origin ○ See https://github.com/ARM-software/arm-trusted-firmware/contributing.md ● Benefits: ○ Same as Linux and increasing number of other projects ○ More community friendly ○ No admin overhead ○ (Hopefully) means more contributions ● What's not to like :o)
  7. 7. ENGINEERS AND DEVICES WORKING TOGETHER TF releases ● v1.2 created at start of year ● v1.3 coming very soon Future: ● More regular release cadence ○ Requires test automation improvements ● Removal of deprecated APIs ○ Dual v1.4/v2.0 release
  8. 8. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Quick recap ● Project news ● Security hardening ● AArch32 support ● Other enhancements ○ Translation table library ○ RAM saving ○ Speed performance
  9. 9. ENGINEERS AND DEVICES WORKING TOGETHER TF security incident handling ● Need to handle security vulnerabilities differently from other bugs ● Committed to public disclosure of all vulnerabilities ○ But want to disclose to partners under NDA first ○ Security advisories to be advertised on GitHub issue tracker ● New mailing list for reporting potential vulnerabilities ○ trusted-firmware-security@arm.com ○ For other bugs, continue using the issue tracker ● None found yet! ● https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Centre
  10. 10. ENGINEERS AND DEVICES WORKING TOGETHER Security hardening - completed ● Process improvements ● Independent code audit ● Use of Coverity Online ● Improved error checking / handling ● Enable SCR.SIF bit ● NV counter support in authentication module ● (Optional) separate mappings for code and RO/XN data
  11. 11. ENGINEERS AND DEVICES WORKING TOGETHER Security hardening - future ● Independent white box testing ● Improved secure coding/design guidelines ● Reduce what is mapped in ● Constrain mappings at runtime ● Put page tables in ROM ● More use of tools ○ Static analyzers, stack protectors, fuzzers, ...
  12. 12. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Quick recap ● Project news ● Security hardening ● AArch32 support ● Other enhancements ○ Translation table library ○ RAM saving ○ Speed performance
  13. 13. ENGINEERS AND DEVICES WORKING TOGETHER AArch32 TF Challenges ● Many existing AArch32 systems ○ Hard to standardize back into this space ● No EL3 / S-EL1 separation ○ Trusted OS / Secure FW tightly bound ○ SW separation is hard ● Trusted OS already have TF features ○ World switching ○ SMC routing ○ Interrupt handling ● Full AArch32 TF may not be adopted Opportunities ● New systems still being produced ○ AArch32-only ARMv8-A and ARMv7-A ● PSCI equally applicable for AArch32 ● No reference secure world boot FW ● Current solutions either ○ Hack secure FW into normal world FW, or ○ Are specific to a Rich OS / Trusted OS, or ○ Are proprietary
  14. 14. ENGINEERS AND DEVICES WORKING TOGETHER Initial AArch32 TF solution ● PSCI library ○ Reference integration into AArch32 EL3 Runtime SW ● Full port of BL1/BL2 to AArch32 ● CPU library for Cortex-A32 ● Enhance ARM FVP port to support Cortex-A32 variant ● No explicit ARMv7-A support ○ Focus on AArch32 ARMv8-A, which gets most of the way there
  15. 15. ENGINEERS AND DEVICES WORKING TOGETHER AArch64 boot flow Running S-EL1 Execution EL2/EL1 Execution AP Boot ROM SoC AP Firmware Normal World Firmware Secure ROM Secure RAM (on chip) Secure RAM (on or off chip) Non-Secure DRAM Kernel External Hand-Off API Internal Hand-Off API Implicit API Usage PWR ON Explicit API Usage Key EL3 Execution Component loading other Component AP_BL1 AP_BL31 AP_BL33 Secure Payload AP_BL32 SoC AP Firmware AP_BL31 Waiting Running Running (optional) Running Trusted Boot Firmware AP_BL2 via SMC in AP_BL1 Optional image. Platform specific AP_BL31 may jump immediately to AP_BL33 PSCI PSCIEL3 Runtime FW
  16. 16. ENGINEERS AND DEVICES WORKING TOGETHER AArch32 boot flow Running EL3/S-EL1 Execution EL2/EL1 Execution AP Boot ROM SoC AP Firmware Normal World Firmware Secure ROM Secure RAM (on chip) Secure RAM (on or off chip) Non-Secure DRAM Kernel External Hand-Off API Internal Hand-Off API Implicit API Usage PWR ON Explicit API Usage Key Component loading other Component AP_BL1 AP_BL31 AP_BL33 Secure Payload AP_BL32 Running (optional) Running Trusted Boot Firmware AP_BL2 via SMC in AP_BL1 Optional image. Platform specific AP_BL2 may jump immediately to AP_BL32 PSCI EL3 Runtime SW
  17. 17. ENGINEERS AND DEVICES WORKING TOGETHER TF PSCI library ● Common in-source library for AArch64 and AArch32 ○ Uses existing platform porting interface ● Integration interface provided for EL3 Runtime SW ○ Implemented by generic BL31 in AArch64 ○ Must be integrated into each BL32 for AArch32 ○ SP_MIN provided to demonstrate minimal AArch32 EL3 Runtime SW with PSCI ● Pulls in other TF library code ○ Context management, CPU ops, bakery/spin locks, ... ● Requires implementations of other utility functions ○ assert, panic, memcpy, printf, cache management, ... ○ EL3 Runtime SW can use TF implementations or its own
  18. 18. ENGINEERS AND DEVICES WORKING TOGETHER New image loading code: LOAD_IMAGE_V2 ● BL2 no longer has hardcoded awareness of specific BL3x images ○ Allows more data driven approach to image loading and execution ○ Optional static descriptor mechanism provided ● No longer uses esoteric top/bottom loading behaviour ● AArch32 BL1/BL2 require LOAD_IMAGE_V2 ○ TBBR not fully enabled yet ● Also applicable for AArch64, but not by default yet ● Unlocks other image loading use-cases
  19. 19. ENGINEERS AND DEVICES WORKING TOGETHER AArch32 and image loading future In progress: ● Fully enable TBBR for LOAD_IMAGE_V2 generally and AArch32 in particular ● Use LOAD_IMAGE_V2 in ARM platforms for AArch64 (as well as AArch32) Collaborate to: ● Integrate PSCI library into AArch32 OP-TEE ● Enable OP-TEE paging using LOAD_IMAGE_V2 ○ Both AArch64 and AArch32 Future: ● ARMv7-A support ● Enable on Juno (requires SCP support)
  20. 20. ENGINEERS AND DEVICES WORKING TOGETHER Agenda ● Quick recap ● Project news ● Security hardening ● AArch32 support ● Other enhancements ○ Translation table library ○ RAM saving ○ Speed performance
  21. 21. ENGINEERS AND DEVICES WORKING TOGETHER Translation table library enhancements Completed: ● Uncached memory type ● 4 level page table support In progress: ● Support dynamic changes to translation tables ● Support allocated virtual addresses Future: ● Standardize BL image memory mappings ● More flexibility in memory types and attributes
  22. 22. ENGINEERS AND DEVICES WORKING TOGETHER RAM savings - future ● Use non-identity mappings to reduce page table size ● Use 'tiny' GCC memory model ● Put cold boot and runtime code/data in separate sections
  23. 23. ENGINEERS AND DEVICES WORKING TOGETHER Speed performance Completed: ● PSCI STATs implementation ● Performance Measurement Framework (PMF) In Progress: ● Runtime instrumentation in BL31 ● Analysis of key PSCI use-cases, especially suspend to power down ● Enable platforms that support hardware-assisted coherency Possible future: ● Use DC ZVA instruction to zero memory ● Reduce the amount of cache flushing during image load/auth
  24. 24. ENGINEERS AND DEVICES WORKING TOGETHER Other enhancements - completed ● New IP support - Cortex-A32, Cortex-A35, Cortex-A73, DMC-500 New Platforms: ● Xilinx Zynq ● Rockchip 3368, 3399 ● QEMU ● HiKey (coming soon) ● More build system flexibility (e.g. for Windows hosts) ● Ongoing test / automation improvements
  25. 25. ENGINEERS AND DEVICES WORKING TOGETHER Other enhancements - future ● Dynamic configuration support ○ Images to load/execute ○ Chain of Trust ○ Dual AArch64/AArch32 kernel support ● Position Independent Executable (PIE) support ● RAS enhancements ○ Software Delegated Exception Interface (SDEI) ○ Rework of exception handling framework ● Anything else?
  26. 26. Thank You #LAS16 For further information: www.linaro.org LAS16 keynotes and videos on: connect.linaro.org

×