2. 2 https://www.github.com/ARM-Software/arm-trusted-firmware
Standardized EL3 Runtime Firmware
For All 64-bit ARMv8-A systems
Reducing porting and integration work
For SoC andTrusted OS developers
Reusable, reference implementations
PSCI
SMC Calling Convention
Configuration of ARM hardware
Running on ARMv8-A FVP models
And now running on silicon
ARM Trusted Firmware for 64-bit ARMv8-A
A recap
ARM Trusted Firmware
EL3
SoC/platform port
Normal World OS
EL1/EL2
Trusted OS
Secure-EL1
Trusted OS Dispatcher
TOSspecific
protocoland
mechanism
Trusted App
Secure-EL0
App
EL0
TOS driver
TOS library
TOSspecificprotocolviaSM
C
viaioctl
Porting interface
between Trusted
Firmware and SoC/
platform
Interface between
Trusted Firmware and
Trusted OS Dispatcher
ARM Trusted Firmware
Trusted OS supplier
SoC supplier
OS/hypervisor supplier
Trusted App supplier
Internal TOS interface
3. 3 https://www.github.com/ARM-Software/arm-trusted-firmware
Reference boot flows
For 64-bit ARMv8-A systems
Open Source at GitHub
BSD License
Contributors welcome
Still to come…
Authenticated boot
Authenticated Firmware update
Firmware test suite
PSCI Conformance tests
ARM Trusted Firmware for 64-bit ARMv8-A
A recap
EL3 Runtime Firmware - BL31
SMC Interface
SMC Dispatcher
Other SMC Calls Interrupt Handler
Secure Monitor
PSCI
Power Control
Driver
EL3 Arch Context
Save/Restore
Normal World Trusted World
Interface Usage
External Interface
EL1 Execution
Secure EL1 Execution
EL2 Execution
KeyGlossary
BL - Boot Loader
EDK2 - EFI Development Kit 2
EL - Exception Level
NV - Non-Volatile
PSCI - Power State Control Interface
SMC - Secure Monitor Call
UEFI - Unified Enhanced Firmware Interface
EL3 Execution
Potential Interface
Non-secure
firmware - BL33
(EDK2, U-Boot)
Secure Boot
I/O Drivers
Boot ROM - BL1
Trusted Board
Boot 1
Trusted Boot
Firmware - BL2
Trusted Board
Boot 2
Cold/Warm
Boot Detection
NV Storage
Driver
Boot Time Arch
+ Platform Init
Temp SMC
Handler
Boot Time Arch
+ Platform Init
Test Secure EL1 Payload - BL32
PSCI
Test
Service Router
Other
Test
S-EL1 Arch
Context
Save/Restore
Interrupt
Handler
Runtime Arch +
Platform Init
Test Suite - BL33_ALT
PSCI
Tests
EL1 Arch Context
Save/Restore
EL2 Arch Context
Save/Restore
Other
Tests
Interrupt
Handler
Runtime Arch
+ Platform InitException Trapper
BL33
BL33
(Alternative)
BL32 BL2
BL1
BL31
RESET
2nd level
Boot Loader
(BL2) loads
all 3rd level
images
1st level Boot
Loader (BL1)
loads 2nd
level image
To
Hypervisor /
Linux Kernel
4. 4 https://www.github.com/ARM-Software/arm-trusted-firmware
So ARM Trusted Firmware provides some great benefits:
Support for ARM standards like SMC Calling Convention and PSCI
Easier firmware integration by separation of SoC andTrusted OS software
Reducing the complexity of porting Monitor code to AArch64
Licensing that lets you use just the code you want with no obligation to publish what you have done
…but using this software also raises some concerns
Some are valid, and need to be addressed
Many are based on misconceptions or misunderstandings
Maybe it is time for …
Adopting ARM Trusted Firmware
7. 7 https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I won’t use it as I am using U-Boot
I can’t afford to switch to UEFI right now
UEFI is just wrong for my product
Reality
Trusted Firmware is designed to work with
ANY non-secure firmware/software
e.g. U-Boot, UEFI, a test suite
Tianocore EDK2 is the UEFI firmware that
ARM is testing with ARM Trusted Firmware
Myth: ARM Trusted Firmware only works with UEFI
Reality: ARMTrusted Firmware works with any non-secure firmware/software
EL3 Runtime Firmware - BL31
SMC Interface
SMC Dispatcher
Other SMC Calls Interrupt Handler
Secure Monitor
PSCI
Power Control
Driver
EL3 Arch Context
Save/Restore
Normal World Trusted World
Interface Usage
External Interface
EL1 Execution
Secure EL1 Execution
EL2 Execution
KeyGlossary
BL - Boot Loader
EDK2 - EFI Development Kit 2
EL - Exception Level
NV - Non-Volatile
PSCI - Power State Control Interface
SMC - Secure Monitor Call
UEFI - Unified Enhanced Firmware Interface
EL3 Execution
Potential Interface
Non-secure
firmware - BL33
(EDK2, U-Boot)
Secure Boot
I/O Drivers
Boot ROM - BL1
Trusted Board
Boot 1
Trusted Boot
Firmware - BL2
Trusted Board
Boot 2
Cold/Warm
Boot Detection
NV Storage
Driver
Boot Time Arch
+ Platform Init
Temp SMC
Handler
Boot Time Arch
+ Platform Init
Test Secure EL1 Payload - BL32
PSCI
Test
Service Router
Other
Test
S-EL1 Arch
Context
Save/Restore
Interrupt
Handler
Runtime Arch +
Platform Init
Test Suite - BL33_ALT
PSCI
Tests
EL1 Arch Context
Save/Restore
EL2 Arch Context
Save/Restore
Other
Tests
Interrupt
Handler
Runtime Arch
+ Platform InitException Trapper
BL32 BL2
BL1
BL31
To
Hypervisor /
Linux Kernel
9. 9 https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can’t use it for a product that doesn't
have aTrusted OS
It will be too big for a product that doesn't
need a Trusted OS
Reality
Trusted Firmware can be built without a
Trusted OS or Secure Monitor
the default is to exclude it
and needs less RAM
Trusted Firmware still provides benefits
without aTrusted OS
Myth: ARM Trusted Firmware requires a Trusted OS
Reality: ARMTrusted Firmware builds without a Trusted OS by default
ARM Trusted Firmware
EL3 AArch64
SoC/platform port
Normal World
EL1/EL2 AArch64/AArch32
PSCI core framework No Secure Monitor
PSCI Implementation
ARM Trusted Firmware
Normal World Software
Platform Software
Trusted World Software
11. 11 https://www.github.com/ARM-Software/arm-trusted-firmware
So...
I can’t run anyTrusted OS
It can't work with myTrusted OS
Reality
There is an example Secure Monitor that
works with theTest Secure-EL1 Payload
Trusted Firmware provides a framework to
build a Monitor specific to eachTrusted OS
We'd like to help if your requirements
are not yet supported
More examples would make this easier
Linaro SWG is planning to do this
Myth: ARM Trusted Firmware doesn’t have a Secure Monitor
Reality: ARMTrusted Firmware provides an example Secure Monitor
ARM Trusted Firmware
EL3
SoC/platform port
ARM Trusted Firmware Test Suite
EL1/EL2
Test Secure-EL1 Payload (TSP)
Secure-EL1
Test Secure-EL1 Payload
Dispatcher (TSPD)
ARMTFTest
specificprotocol
andmechanism
ARM
Trusted
Firm
wareTest
specificprotocolviaSM
C
World-switch support library
PSCI core framework
Secure Monitor
PSCI Implementation
ARM Trusted Firmware
ARM Trusted Firmware
Test Suite
SoC supplier
Internal ARM Trusted
Firmware Test interface
13. 13 https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can't use my own one
I don't need to buy one
Doesn’t this undermine ARM partners?
Is this allowed?
Reality
ARM is not implementing aTrusted OS
Trusted Firmware provides test code that
runs in place of aTrusted OS
Trusted OS providers do need to write a
piece of code that allows their OS to work
with ARM Trusted Firmware
Myth: ARM Trusted Firmware includes a Trusted OS
Reality: ARM is not implementing a Trusted OS
ARM Trusted Firmware
EL3
SoC/platform port
ARM Trusted Firmware Test Suite
EL1/EL2
Test Secure-EL1 Payload (TSP)
Secure-EL1
Test Secure-EL1 Payload
Dispatcher (TSPD)
ARMTFTest
specificprotocol
andmechanism
ARM
Trusted
Firm
wareTest
specificprotocolviaSM
C
World-switch support library
PSCI core framework
Secure Monitor
PSCI Implementation
ARM Trusted Firmware
ARM Trusted Firmware
Test Suite
SoC supplier
Internal ARM Trusted
Firmware Test interface
15. 15 https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I have to port myTrusted OS to AArch64
I can’t run a 32-bit OS or hypervisor
It won’t work on ARMv7-A
Reality
Initial products will use a 32-bitTrusted OS
an example Secure Monitor would help
Will support AArch32 non-secure software
but not in upstream code yet
There are no barriers to portingTrusted
Firmware to ARMv7-A
This depends on development priorities
Myth: ARM Trusted Firmware only supports AArch64
Reality: ARMTrusted Firmware is prioritising AArch64 without excluding Arch32
ARM Trusted Firmware
Normal World Software
Platform Software
Trusted World Software
ARM Trusted Firmware
EL3 AArch64
SoC/platform port
Normal World
EL1/EL2 AArch64/AArch32
Secure-EL1 Payload (SP)
Secure-EL1 AArch64/AArch32
Secure-EL1 Payload
Dispatcher (SPD)
World-switch support library
PSCI core framework
Secure Monitor
PSCI Implementation
Secure-EL1Payload
specificinterface
viaSecureM
onitorCall(SM
C)
17. 17 https://www.github.com/ARM-Software/arm-trusted-firmware
So…
It will be buggy, bloated and/or incomplete
I have to write my own firmware anyway
Reality
It is being use by partnersTODAY
It's open source, of course
take what you want, fix what you need
Hardening and fitness for use are priorities
for the EL3 Runtime Firmware in v0.4
We are continually improving the firmware
and welcome feedback and contributions
Myth: ARM Trusted Firmware isn't ready for products
Reality: ARMTrusted Firmware is in use today and product readiness is a priority for v0.4
EL3 Runtime Firmware - BL31
SMC Interface
SMC Dispatcher
Other SMC Calls Interrupt Handler
Secure Monitor
PSCI
Power Control
Driver
EL3 Arch Context
Save/Restore
Normal World Trusted World
Interface Usage
External Interface
EL1 Execution
Secure EL1 Execution
EL2 Execution
KeyGlossary
BL - Boot Loader
EDK2 - EFI Development Kit 2
EL - Exception Level
NV - Non-Volatile
PSCI - Power State Control Interface
SMC - Secure Monitor Call
UEFI - Unified Enhanced Firmware Interface
EL3 Execution
Potential Interface
Non-secure
firmware - BL33
(U-Boot, EDK2)
Secure Boot
I/O Drivers
Boot ROM - BL1
Trusted Board
Boot 1
Trusted Boot
Firmware - BL2
Trusted Board
Boot 2
Cold/Warm
Boot Detection
NV Storage
Driver
Boot Time Arch
+ Platform Init
Temp SMC
Handler
Boot Time Arch
+ Platform Init
Test Secure EL1 Payload - BL32
PSCI
Test
Service Router
Other
Test
S-EL1 Arch
Context
Save/Restore
Interrupt
Handler
Runtime Arch +
Platform Init
Test Suite - BL33_ALT
PSCI
Tests
EL1 Arch Context
Save/Restore
EL2 Arch Context
Save/Restore
Other
Tests
Interrupt
Handler
Runtime Arch
+ Platform InitException Trapper
Not Yet in v0.3
Partially in v0.3
21. 21 https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can’t use it for my Server SoC
I can’t use it for my Client SoC
It doesn’t work with a SCP/BMC
Reality
Trusted Firmware is focussed on ARMv8-A
Upstream examples need a platform to run
the Base FVPs came first
other examples will follow
Trusted Boot flow with a control/
management processor is different, but not
incompatible with ARM Trusted Firmware
Myth: ARM Trusted Firmware is for my kind of SoC
Reality: ARMTrusted Firmware is focussed on ARMv8-A
Base Platform
Cortex-A53,A57
ARMv8
Dual Cluster
big.LITTLE
Power Management
OpenGLES
Foundation
Platform
ARMv8
AEM
22. 22 https://www.github.com/ARM-Software/arm-trusted-firmware
ARM Trusted Firmware Reality Check
ARM Trusted Firmware Myths
Only works with UEFI
Requires aTrusted OS
No Secure Monitor
Includes a Trusted OS
Only supports AArch64
Isn’t ready
Requires ARM’sTrusted Boot code
Not for Client/Network/Server SoCs
23. 23 https://www.github.com/ARM-Software/arm-trusted-firmware
ARM Trusted Firmware Reality Check
ARM Trusted Firmware Myths
Only works with UEFI
Requires aTrusted OS
No Secure Monitor
Includes a Trusted OS
Only supports AArch64
Isn’t ready
Requires ARM’sTrusted Boot code
Not for Client/Network/Server SoCs
ARM Trusted Firmware Reality
Works with any non-secure firmware
Trusted OS is optional
Example Monitor code included
Not aTrusted OS
AArch32 examples coming later
Is ready enough
Works with other Trusted Boot code
Designed for all ARMv8-A SoCs
24. 24
ARM Trusted Firmware is for every ARMv8-A system
… but doesn’t yet cover every configuration
… so please get involved
…and help us fill the gaps
https://www.github.com/ARM-Software/arm-trusted-firmware
Adopt ARM Trusted Firmware