SlideShare a Scribd company logo
1 of 11
Download to read offline
Security and Boot Architecture
• PI/MM on ARM discussions tomorrow (Tues)
– UEFI members only
• Brief Trusted Firmware update
– Where is the upstream for 96Boards TF platform code?
– Potential requirements
• GICv3 impact on secure world architecture
• Improving AArch32 secure world support
– More library support for Secure OS integration (PSCI + IP drivers)
• Common support for boot path verification
• Secure firmware interfaces
– Standard secure world -> normal world cold boot interface
– Or, more standard SMCs
– For example, to pass Secure DRAM region info
Security and Boot Architecture (2)
• Segment specific use-cases
– Trusted OS / Secure-EL1 payload on Enterprise systems?
– Boot architecture on Cortex-A class IoT systems
• Missing secure services/drivers/features
– Especially for OPTEE
• Security hardening
– Threat models, code audits, Pen testing, etc...
• Non-functional requirements
– Performance, RAM budget on IoT or many core systems
– Trace format for use-cases touching multiple components
• Anything else?
1
ARM Trusted Firmware Update
Dan Handley
Linaro Connect San-Francisco 2015
2
 Reference boot flows
 For 64-bit ARMv8-A systems
 Open Source at GitHub
 BSD License
 Contributors welcome
 BL31 runtime is compatible
with other boot firmware
 Trusted OS is optional
 Applicable to all segments
ARM Trusted Firmware for 64-bit ARMv8-A
AP_BL31
EL3 Runtime Firmware
EL2 Execution
Secure-EL1 Execution
SCP Execution
Key
EL3 Execution
AP_BL33
Normal World
Firmware
(e.g. U-Boot,
EDK2)
AP_BL1
Boot ROM
AP_BL2
Trusted Boot
Firmware
AP_BL32
Secure-EL1 Payload
SCP_BL1
Boot ROM
SCP_BL2
Runtime
Firmware
Platform Boot
Initialization
System &
Power Control
Trusted Board
Boot
Trusted Board
Boot
PSCI
World Switch
Library
SMCCC
Trusted OS Kernel
S-EL1 Payload
Dispatch
Secure World Normal World
SCP Application Processor (AP)
2nd level Boot
Loader (BL2)
loads other
images
1st level Boot
Loader (BL1)
loads 2nd level
image
Loading
RESET RESET
https://github.com/ARM-software/arm-trusted-firmware
Juno Example Boot Flow
3
 PSCI v1.0
 Platform porting interface overhaul for flexible topology and enhanced CPU_SUSPEND support
 Now upstream including compatibility support for existing platform ports
 Trusted Board Boot
 Futureproof interface supporting alternative Crypto Libs, Certificate structures and Chains ofTrust
 Mandatory features nearly complete: Firmware Update (Recovery Mode) coming soon
 System IP
 CCN-xxx driver complete (pull request pending)
 Full GICv3 support coming soon (see later)
 Firmware interoperability (entrypoint rework, programmable reset address)
 Platform ports
 NVidia has upstreamed ports forTegraT210 andT132
 Mediatek has upstreamed a port for MT8173
Feature evolution
4
GIC versions
 Features
 Up to 8 cores
 Up to 1020 interrupt IDs
 Up to 8 bits of priority
 Software Generated Interrupts
 TrustZone support
 Virtualization support
 Implemented by:
 CoreLink™ GIC-400
 Adds:
 Support for many more than 8 cores
 Message Based Interrupts
 Enhanced security model
 System register interface
 Vastly expanded interrupt ID space
 Optional support for legacy GICv2
compatible operation
 Implemented by:
 CoreLink™ GIC-500
GICv2 GICv3
5
GICv3 Security Groups
Group 0 Secure Group 1 Non-Secure Group 1
Always secure FIQ if in Non-Secure
state
FIQ if in Secure state
Always FIQ IRQ if in Secure state IRQ if in Non-Secure
state
Typically used by
EL3 firmware
Typically used by
Trusted OS
Typically used by
Rich OS or Hypervisor
6
 “Canonical” model (trap other world interrupt to EL3) is rare in practice
 MostTrusted OS always trap Group0 (S) interrupts to S-EL1
 Some (for example OPTEE) also trap Group1 (NS) interrupts to S-EL1
◦ For example, save task state, before forwarding to normal world via SMC
 OtherTrusted OS do not enable Group1 interrupts at S-EL1 (symmetric model)
 TSPD supports both models
 GICv3 S-Group1 interrupts will be useful to enable dedicated EL3 interrupts
 Avoids having to shoe-horn use-cases into GICv2 systems
 But expect S-EL1 initial handling of Group0/NS-Group1 will continue with GICv3
 Substantial design/implementation churn inTrusted OS required to switch to trap-to-EL3 model
GIC Interrupt Groups, Lines and Usage models
7
GICv3 Software Migration Strategy
Hardware and Software System compatibility
Hardware Systems
SoftwareArchitectures
GICv2
(e.g. GIC-400)
GICv3+v2
(e.g. GIC-500)
GICv3
(no legacy)
Symmetric GICv2
all ARE=0, SRE=0 ✓ ✓ X
Asymmetric GICv3 + GICv2
ARE_NS=1, ARE_S=0,
all SRE=1 except SRE_EL1(S)=0
X ✓ X
Symmetric GICv3
all ARE=1, SRE=1 X ✓ ✓
8
Hardware Systems
SoftwareArchitectures
GICv2
(e.g. GIC-400)
GICv3+v2
(e.g. GIC-500)
GICv3
(no legacy)
Symmetric GICv2
all ARE=0, SRE=0 ✓ ✓ X
Asymmetric GICv3 + GICv2
ARE_NS=1, ARE_S=0,
all SRE=1 except SRE_EL1(S)=0
X ✓? X
Symmetric GICv3
all ARE=1, SRE=1 X X X
GICv3 Software Migration Strategy
Current support in ARM Trusted Firmware
Current GIC driver
Not supported
9
Hardware Systems
SoftwareArchitectures
GICv2
(e.g. GIC-400)
GICv3+v2
(e.g. GIC-500)
GICv3
(no legacy)
Symmetric GICv2
all ARE=0, SRE=0 ✓ X X
Asymmetric GICv3 + GICv2
ARE_NS=1, ARE_S=0,
all SRE=1 except SRE_EL1(S)=0
X X X
Symmetric GICv3
all ARE=1, SRE=1 X ✓ ✓
GICv3 Software Migration Strategy
Proposed GIC driver support
New GICv2 driver
New GICv3 driverDeprecate

More Related Content

Viewers also liked

SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverLinaro
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Linaro
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEELinaro
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLinaro
 
BKK16-300 Benchmarking 102
BKK16-300 Benchmarking 102BKK16-300 Benchmarking 102
BKK16-300 Benchmarking 102Linaro
 
BKK16-211 Internet of Tiny Linux (io tl)- Status and Progress
BKK16-211 Internet of Tiny Linux (io tl)- Status and ProgressBKK16-211 Internet of Tiny Linux (io tl)- Status and Progress
BKK16-211 Internet of Tiny Linux (io tl)- Status and ProgressLinaro
 
BKK16-309A Open Platform support in UEFI
BKK16-309A Open Platform support in UEFIBKK16-309A Open Platform support in UEFI
BKK16-309A Open Platform support in UEFILinaro
 
BKK16-505 Kernel and Bootloader Consolidation and Upstreaming
BKK16-505 Kernel and Bootloader Consolidation and UpstreamingBKK16-505 Kernel and Bootloader Consolidation and Upstreaming
BKK16-505 Kernel and Bootloader Consolidation and UpstreamingLinaro
 
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...Linaro
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLinaro
 
ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!Mr. Vengineer
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1Linaro
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareLinaro
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLinaro
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsLinaro
 

Viewers also liked (15)

SFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driverSFO15-200: Linux kernel generic TEE driver
SFO15-200: Linux kernel generic TEE driver
 
Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8Lcu14 107- op-tee on ar mv8
Lcu14 107- op-tee on ar mv8
 
SFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEESFO15-503: Secure storage in OP-TEE
SFO15-503: Secure storage in OP-TEE
 
LCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platformLCU14 302- How to port OP-TEE to another platform
LCU14 302- How to port OP-TEE to another platform
 
BKK16-300 Benchmarking 102
BKK16-300 Benchmarking 102BKK16-300 Benchmarking 102
BKK16-300 Benchmarking 102
 
BKK16-211 Internet of Tiny Linux (io tl)- Status and Progress
BKK16-211 Internet of Tiny Linux (io tl)- Status and ProgressBKK16-211 Internet of Tiny Linux (io tl)- Status and Progress
BKK16-211 Internet of Tiny Linux (io tl)- Status and Progress
 
BKK16-309A Open Platform support in UEFI
BKK16-309A Open Platform support in UEFIBKK16-309A Open Platform support in UEFI
BKK16-309A Open Platform support in UEFI
 
BKK16-505 Kernel and Bootloader Consolidation and Upstreaming
BKK16-505 Kernel and Bootloader Consolidation and UpstreamingBKK16-505 Kernel and Bootloader Consolidation and Upstreaming
BKK16-505 Kernel and Bootloader Consolidation and Upstreaming
 
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...
Q2.12: Idling ARMs in a busy world: Linux Power Management for ARM Multiclust...
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted Protocol
 
ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!ARM Trusted FirmwareのBL31を単体で使う!
ARM Trusted FirmwareのBL31を単体で使う!
 
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
BKK16-201 Play Ready OPTEE Integration with Secure Video Path lhg-1
 
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted FirmwareHKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
HKG15-505: Power Management interactions with OP-TEE and Trusted Firmware
 
Lcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future EnhancementsLcu14 306 - OP-TEE Future Enhancements
Lcu14 306 - OP-TEE Future Enhancements
 
BKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T SystemsBKK16-200 Designing Security into low cost IO T Systems
BKK16-200 Designing Security into low cost IO T Systems
 

More from Linaro

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloLinaro
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaLinaro
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraLinaro
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaLinaro
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018Linaro
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018Linaro
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...Linaro
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Linaro
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Linaro
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Linaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteLinaro
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopLinaro
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineLinaro
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allLinaro
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorLinaro
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMULinaro
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MLinaro
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation Linaro
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootLinaro
 

More from Linaro (20)

Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea GalloDeep Learning Neural Network Acceleration at the Edge - Andrea Gallo
Deep Learning Neural Network Acceleration at the Edge - Andrea Gallo
 
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta VekariaArm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
Arm Architecture HPC Workshop Santa Clara 2018 - Kanta Vekaria
 
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua MoraHuawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
Huawei’s requirements for the ARM based HPC solution readiness - Joshua Mora
 
Bud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qaBud17 113: distribution ci using qemu and open qa
Bud17 113: distribution ci using qemu and open qa
 
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
OpenHPC Automation with Ansible - Renato Golin - Linaro Arm HPC Workshop 2018
 
HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018HPC network stack on ARM - Linaro HPC Workshop 2018
HPC network stack on ARM - Linaro HPC Workshop 2018
 
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
It just keeps getting better - SUSE enablement for Arm - Linaro HPC Workshop ...
 
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
Intelligent Interconnect Architecture to Enable Next Generation HPC - Linaro ...
 
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
Yutaka Ishikawa - Post-K and Arm HPC Ecosystem - Linaro Arm HPC Workshop Sant...
 
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
Andrew J Younge - Vanguard Astra - Petascale Arm Platform for U.S. DOE/ASC Su...
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening KeynoteHKG18-100K1 - George Grey: Opening Keynote
HKG18-100K1 - George Grey: Opening Keynote
 
HKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP WorkshopHKG18-318 - OpenAMP Workshop
HKG18-318 - OpenAMP Workshop
 
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainlineHKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
HKG18-501 - EAS on Common Kernel 4.14 and getting (much) closer to mainline
 
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and allHKG18-315 - Why the ecosystem is a wonderful thing, warts and all
HKG18-315 - Why the ecosystem is a wonderful thing, warts and all
 
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse HypervisorHKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
HKG18- 115 - Partitioning ARM Systems with the Jailhouse Hypervisor
 
HKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMUHKG18-TR08 - Upstreaming SVE in QEMU
HKG18-TR08 - Upstreaming SVE in QEMU
 
HKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8MHKG18-113- Secure Data Path work with i.MX8M
HKG18-113- Secure Data Path work with i.MX8M
 
HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation HKG18-120 - Devicetree Schema Documentation and Validation
HKG18-120 - Devicetree Schema Documentation and Validation
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
 

Recently uploaded

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWERMadyBayot
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxRustici Software
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Zilliz
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 

Recently uploaded (20)

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 

SFO15-101: Security requirements on ARMv8-A boot architecture

  • 1. Security and Boot Architecture • PI/MM on ARM discussions tomorrow (Tues) – UEFI members only • Brief Trusted Firmware update – Where is the upstream for 96Boards TF platform code? – Potential requirements • GICv3 impact on secure world architecture • Improving AArch32 secure world support – More library support for Secure OS integration (PSCI + IP drivers) • Common support for boot path verification • Secure firmware interfaces – Standard secure world -> normal world cold boot interface – Or, more standard SMCs – For example, to pass Secure DRAM region info
  • 2. Security and Boot Architecture (2) • Segment specific use-cases – Trusted OS / Secure-EL1 payload on Enterprise systems? – Boot architecture on Cortex-A class IoT systems • Missing secure services/drivers/features – Especially for OPTEE • Security hardening – Threat models, code audits, Pen testing, etc... • Non-functional requirements – Performance, RAM budget on IoT or many core systems – Trace format for use-cases touching multiple components • Anything else?
  • 3. 1 ARM Trusted Firmware Update Dan Handley Linaro Connect San-Francisco 2015
  • 4. 2  Reference boot flows  For 64-bit ARMv8-A systems  Open Source at GitHub  BSD License  Contributors welcome  BL31 runtime is compatible with other boot firmware  Trusted OS is optional  Applicable to all segments ARM Trusted Firmware for 64-bit ARMv8-A AP_BL31 EL3 Runtime Firmware EL2 Execution Secure-EL1 Execution SCP Execution Key EL3 Execution AP_BL33 Normal World Firmware (e.g. U-Boot, EDK2) AP_BL1 Boot ROM AP_BL2 Trusted Boot Firmware AP_BL32 Secure-EL1 Payload SCP_BL1 Boot ROM SCP_BL2 Runtime Firmware Platform Boot Initialization System & Power Control Trusted Board Boot Trusted Board Boot PSCI World Switch Library SMCCC Trusted OS Kernel S-EL1 Payload Dispatch Secure World Normal World SCP Application Processor (AP) 2nd level Boot Loader (BL2) loads other images 1st level Boot Loader (BL1) loads 2nd level image Loading RESET RESET https://github.com/ARM-software/arm-trusted-firmware Juno Example Boot Flow
  • 5. 3  PSCI v1.0  Platform porting interface overhaul for flexible topology and enhanced CPU_SUSPEND support  Now upstream including compatibility support for existing platform ports  Trusted Board Boot  Futureproof interface supporting alternative Crypto Libs, Certificate structures and Chains ofTrust  Mandatory features nearly complete: Firmware Update (Recovery Mode) coming soon  System IP  CCN-xxx driver complete (pull request pending)  Full GICv3 support coming soon (see later)  Firmware interoperability (entrypoint rework, programmable reset address)  Platform ports  NVidia has upstreamed ports forTegraT210 andT132  Mediatek has upstreamed a port for MT8173 Feature evolution
  • 6. 4 GIC versions  Features  Up to 8 cores  Up to 1020 interrupt IDs  Up to 8 bits of priority  Software Generated Interrupts  TrustZone support  Virtualization support  Implemented by:  CoreLink™ GIC-400  Adds:  Support for many more than 8 cores  Message Based Interrupts  Enhanced security model  System register interface  Vastly expanded interrupt ID space  Optional support for legacy GICv2 compatible operation  Implemented by:  CoreLink™ GIC-500 GICv2 GICv3
  • 7. 5 GICv3 Security Groups Group 0 Secure Group 1 Non-Secure Group 1 Always secure FIQ if in Non-Secure state FIQ if in Secure state Always FIQ IRQ if in Secure state IRQ if in Non-Secure state Typically used by EL3 firmware Typically used by Trusted OS Typically used by Rich OS or Hypervisor
  • 8. 6  “Canonical” model (trap other world interrupt to EL3) is rare in practice  MostTrusted OS always trap Group0 (S) interrupts to S-EL1  Some (for example OPTEE) also trap Group1 (NS) interrupts to S-EL1 ◦ For example, save task state, before forwarding to normal world via SMC  OtherTrusted OS do not enable Group1 interrupts at S-EL1 (symmetric model)  TSPD supports both models  GICv3 S-Group1 interrupts will be useful to enable dedicated EL3 interrupts  Avoids having to shoe-horn use-cases into GICv2 systems  But expect S-EL1 initial handling of Group0/NS-Group1 will continue with GICv3  Substantial design/implementation churn inTrusted OS required to switch to trap-to-EL3 model GIC Interrupt Groups, Lines and Usage models
  • 9. 7 GICv3 Software Migration Strategy Hardware and Software System compatibility Hardware Systems SoftwareArchitectures GICv2 (e.g. GIC-400) GICv3+v2 (e.g. GIC-500) GICv3 (no legacy) Symmetric GICv2 all ARE=0, SRE=0 ✓ ✓ X Asymmetric GICv3 + GICv2 ARE_NS=1, ARE_S=0, all SRE=1 except SRE_EL1(S)=0 X ✓ X Symmetric GICv3 all ARE=1, SRE=1 X ✓ ✓
  • 10. 8 Hardware Systems SoftwareArchitectures GICv2 (e.g. GIC-400) GICv3+v2 (e.g. GIC-500) GICv3 (no legacy) Symmetric GICv2 all ARE=0, SRE=0 ✓ ✓ X Asymmetric GICv3 + GICv2 ARE_NS=1, ARE_S=0, all SRE=1 except SRE_EL1(S)=0 X ✓? X Symmetric GICv3 all ARE=1, SRE=1 X X X GICv3 Software Migration Strategy Current support in ARM Trusted Firmware Current GIC driver Not supported
  • 11. 9 Hardware Systems SoftwareArchitectures GICv2 (e.g. GIC-400) GICv3+v2 (e.g. GIC-500) GICv3 (no legacy) Symmetric GICv2 all ARE=0, SRE=0 ✓ X X Asymmetric GICv3 + GICv2 ARE_NS=1, ARE_S=0, all SRE=1 except SRE_EL1(S)=0 X X X Symmetric GICv3 all ARE=1, SRE=1 X ✓ ✓ GICv3 Software Migration Strategy Proposed GIC driver support New GICv2 driver New GICv3 driverDeprecate