Upload
linaro
View
1.112
Download
3
Tags:
Embed Size (px)
DESCRIPTION
Resource: LCA14 Name: LCA14-102: Adopting ARM Trusted Firmware Date: 03-03-2014 Speaker: Andrew Thoelke Video: https://www.youtube.com/watch?v=h98jBQrxxKg
Citation preview
1
Adopting ARM Trusted Firmware LCA14 – March 2014
Andrew Thoelke
Systems & Software, ARM
2
https://www.github.com/ARM-Software/arm-trusted-firmware
Standardized EL3 Runtime Firmware
For All 64-bit ARMv8-A systems
Reducing porting and integration work
For SoC and Trusted OS developers
Reusable, reference implementations
PSCI
SMC Calling Convention
Configuration of ARM hardware
Running on ARMv8-A FVP models
And now running on silicon
ARM Trusted Firmware for 64-bit ARMv8-A A recap
ARM Trusted FirmwareEL3
SoC/platform port
Normal World OSEL1/EL2
Trusted OSSecure-EL1
Trusted OS Dispatcher
TOS
spec
ific
p
roto
col a
nd
m
ech
anis
m
Trusted AppSecure-EL0
AppEL0
TOS driver
TOS library
TOS specific protocol via SMC
via
ioct
l
Porting interface between Trusted
Firmware and SoC/platform
Interface between Trusted Firmware and Trusted OS Dispatcher
ARM Trusted Firmware
Trusted OS supplier
SoC supplier
OS/hypervisor supplier
Trusted App supplier
Internal TOS interface
3
https://www.github.com/ARM-Software/arm-trusted-firmware
Reference boot flows
For 64-bit ARMv8-A systems
Open Source at GitHub
BSD License
Contributors welcome
Still to come…
Authenticated boot
Authenticated Firmware update
Firmware test suite
PSCI Conformance tests
ARM Trusted Firmware for 64-bit ARMv8-A A recap
EL3 Runtime Firmware - BL31SMC Interface
SMC Dispatcher
Other SMC Calls Interrupt Handler
Secure Monitor
PSCI
Power Control
Driver
EL3 Arch Context
Save/Restore
Normal World Trusted World
Interface Usage
External Interface
EL1 Execution
Secure EL1 Execution
EL2 Execution
KeyGlossaryBL - Boot Loader
EDK2 - EFI Development Kit 2
EL - Exception Level
NV - Non-Volatile
PSCI - Power State Control Interface
SMC - Secure Monitor Call
UEFI - Unified Enhanced Firmware Interface
EL3 Execution
Potential Interface
Non-secure
firmware - BL33
(EDK2, U-Boot)
Secure Boot
I/O Drivers
Boot ROM - BL1
Trusted Board
Boot 1
Trusted Boot
Firmware - BL2
Trusted Board
Boot 2
Cold/Warm
Boot Detection
NV Storage
Driver
Boot Time Arch
+ Platform Init
Temp SMC
Handler
Boot Time Arch
+ Platform Init
Test Secure EL1 Payload - BL32
PSCI
Test
Service Router
Other
Test
S-EL1 Arch
Context
Save/Restore
Interrupt
Handler
Runtime Arch +
Platform Init
Test Suite - BL33_ALT
PSCI
Tests
EL1 Arch Context
Save/Restore
EL2 Arch Context
Save/Restore
Other
Tests
Interrupt
Handler
Runtime Arch
+ Platform InitException Trapper
BL33
BL33
(Alternative)
BL32 BL2
BL1 BL31 RESET
2nd level
Boot Loader
(BL2) loads
all 3rd level
images
1st level Boot
Loader (BL1)
loads 2nd
level image
To
Hypervisor /
Linux Kernel
4
https://www.github.com/ARM-Software/arm-trusted-firmware
So ARM Trusted Firmware provides some great benefits:
Support for ARM standards like SMC Calling Convention and PSCI
Easier firmware integration by separation of SoC and Trusted OS software
Reducing the complexity of porting Monitor code to AArch64
Licensing that lets you use just the code you want with no obligation to publish what you have done
…but using this software also raises some concerns
Some are valid, and need to be addressed
Many are based on misconceptions or misunderstandings
Maybe it is time for …
Adopting ARM Trusted Firmware
5
https://www.github.com/ARM-Software/arm-trusted-firmware
Busting ARM Trusted Firmware Myths
6
https://www.github.com/ARM-Software/arm-trusted-firmware
Myth: ARM Trusted Firmware only works with UEFI
So…
I won’t use it as I am using U-Boot
I can’t afford to switch to UEFI right now
UEFI is just wrong for my product
7
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I won’t use it as I am using U-Boot
I can’t afford to switch to UEFI right now
UEFI is just wrong for my product
Reality
Trusted Firmware is designed to work with
ANY non-secure firmware/software
e.g. U-Boot, UEFI, a test suite
Tianocore EDK2 is the UEFI firmware that
ARM is testing with ARM Trusted Firmware
Myth: ARM Trusted Firmware only works with UEFI Reality: ARM Trusted Firmware works with any non-secure firmware/software
EL3 Runtime Firmware - BL31SMC Interface
SMC Dispatcher
Other SMC Calls Interrupt Handler
Secure Monitor
PSCI
Power Control
Driver
EL3 Arch Context
Save/Restore
Normal World Trusted World
Interface Usage
External Interface
EL1 Execution
Secure EL1 Execution
EL2 Execution
KeyGlossaryBL - Boot Loader
EDK2 - EFI Development Kit 2
EL - Exception Level
NV - Non-Volatile
PSCI - Power State Control Interface
SMC - Secure Monitor Call
UEFI - Unified Enhanced Firmware Interface
EL3 Execution
Potential Interface
Non-secure
firmware - BL33
(EDK2, U-Boot)
Secure Boot
I/O Drivers
Boot ROM - BL1
Trusted Board
Boot 1
Trusted Boot
Firmware - BL2
Trusted Board
Boot 2
Cold/Warm
Boot Detection
NV Storage
Driver
Boot Time Arch
+ Platform Init
Temp SMC
Handler
Boot Time Arch
+ Platform Init
Test Secure EL1 Payload - BL32
PSCI
Test
Service Router
Other
Test
S-EL1 Arch
Context
Save/Restore
Interrupt
Handler
Runtime Arch +
Platform Init
Test Suite - BL33_ALT
PSCI
Tests
EL1 Arch Context
Save/Restore
EL2 Arch Context
Save/Restore
Other
Tests
Interrupt
Handler
Runtime Arch
+ Platform InitException Trapper
BL32 BL2
BL1 BL31
To
Hypervisor /
Linux Kernel
8
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can’t use it for a product that doesn't
have a Trusted OS
It will be too big for a product that doesn't
need a Trusted OS
Myth: ARM Trusted Firmware requires a Trusted OS
9
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can’t use it for a product that doesn't
have a Trusted OS
It will be too big for a product that doesn't
need a Trusted OS
Reality
Trusted Firmware can be built without a
Trusted OS or Secure Monitor
the default is to exclude it
and needs less RAM
Trusted Firmware still provides benefits
without a Trusted OS
Myth: ARM Trusted Firmware requires a Trusted OS Reality: ARM Trusted Firmware builds without a Trusted OS by default
ARM Trusted FirmwareEL3 AArch64
SoC/platform port
Normal WorldEL1/EL2 AArch64/AArch32
PSCI core framework No Secure Monitor
PSCI Implementation
ARM Trusted Firmware
Normal World Software
Platform Software
Trusted World Software
10
https://www.github.com/ARM-Software/arm-trusted-firmware
So...
I can’t run any Trusted OS
It can't work with my Trusted OS
Myth: ARM Trusted Firmware doesn’t have a Secure Monitor
11
https://www.github.com/ARM-Software/arm-trusted-firmware
So...
I can’t run any Trusted OS
It can't work with my Trusted OS
Reality
There is an example Secure Monitor that
works with the Test Secure-EL1 Payload
Trusted Firmware provides a framework to
build a Monitor specific to each Trusted OS
We'd like to help if your requirements
are not yet supported
More examples would make this easier
Linaro SWG is planning to do this
Myth: ARM Trusted Firmware doesn’t have a Secure Monitor Reality: ARM Trusted Firmware provides an example Secure Monitor
ARM Trusted FirmwareEL3
SoC/platform port
ARM Trusted Firmware Test SuiteEL1/EL2
Test Secure-EL1 Payload (TSP)Secure-EL1
Test Secure-EL1 PayloadDispatcher (TSPD)
AR
M T
F Te
st
spec
ific
pro
toco
l an
d m
ech
anis
m
ARM Trusted Firm
ware Test
specific protocol via SMC
World-switch support library
PSCI core framework
Secure Monitor
PSCI Implementation
ARM Trusted Firmware
ARM Trusted Firmware Test Suite
SoC supplier
Internal ARM Trusted Firmware Test interface
12
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can't use my own one
I don't need to buy one
Doesn’t this undermine your partners?
Is this allowed?
Myth: ARM Trusted Firmware includes a Trusted OS
13
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can't use my own one
I don't need to buy one
Doesn’t this undermine ARM partners?
Is this allowed?
Reality
ARM is not implementing a Trusted OS
Trusted Firmware provides test code that
runs in place of a Trusted OS
Trusted OS providers do need to write a
piece of code that allows their OS to work
with ARM Trusted Firmware
Myth: ARM Trusted Firmware includes a Trusted OS Reality: ARM is not implementing a Trusted OS
ARM Trusted FirmwareEL3
SoC/platform port
ARM Trusted Firmware Test SuiteEL1/EL2
Test Secure-EL1 Payload (TSP)Secure-EL1
Test Secure-EL1 PayloadDispatcher (TSPD)
AR
M T
F Te
st
spec
ific
pro
toco
l an
d m
ech
anis
m
ARM Trusted Firm
ware Test
specific protocol via SMC
World-switch support library
PSCI core framework
Secure Monitor
PSCI Implementation
ARM Trusted Firmware
ARM Trusted Firmware Test Suite
SoC supplier
Internal ARM Trusted Firmware Test interface
14
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I have to port my Trusted OS to AArch64
I can’t run a 32-bit OS or hypervisor
It won’t work on ARMv7-A
Myth: ARM Trusted Firmware only supports AArch64
15
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I have to port my Trusted OS to AArch64
I can’t run a 32-bit OS or hypervisor
It won’t work on ARMv7-A
Reality
Initial products will use a 32-bit Trusted OS
an example Secure Monitor would help
Will support AArch32 non-secure software
but not in upstream code yet
There are no barriers to porting Trusted
Firmware to ARMv7-A
This depends on development priorities
Myth: ARM Trusted Firmware only supports AArch64 Reality: ARM Trusted Firmware is prioritising AArch64 without excluding Arch32
ARM Trusted Firmware
Normal World Software
Platform Software
Trusted World Software
ARM Trusted FirmwareEL3 AArch64
SoC/platform port
Normal WorldEL1/EL2 AArch64/AArch32
Secure-EL1 Payload (SP)Secure-EL1 AArch64/AArch32
Secure-EL1 PayloadDispatcher (SPD)
World-switch support library
PSCI core framework
Secure Monitor
PSCI Implementation Secu
re-E
L1 P
aylo
ad
spec
ific
inte
rfac
e
via Secure Monitor Call (SM
C)
16
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
It will be buggy, bloated and/or incomplete
I have to write my own firmware anyway
Myth: ARM Trusted Firmware isn't ready for products
17
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
It will be buggy, bloated and/or incomplete
I have to write my own firmware anyway
Reality
It is being use by partners TODAY
It's open source, of course
take what you want, fix what you need
Hardening and fitness for use are priorities
for the EL3 Runtime Firmware in v0.4
We are continually improving the firmware
and welcome feedback and contributions
Myth: ARM Trusted Firmware isn't ready for products
Reality: ARM Trusted Firmware is in use today and product readiness is a priority for v0.4
EL3 Runtime Firmware - BL31SMC Interface
SMC Dispatcher
Other SMC Calls Interrupt Handler
Secure Monitor
PSCI
Power Control
Driver
EL3 Arch Context
Save/Restore
Normal World Trusted World
Interface Usage
External Interface
EL1 Execution
Secure EL1 Execution
EL2 Execution
KeyGlossaryBL - Boot Loader
EDK2 - EFI Development Kit 2
EL - Exception Level
NV - Non-Volatile
PSCI - Power State Control Interface
SMC - Secure Monitor Call
UEFI - Unified Enhanced Firmware Interface
EL3 Execution
Potential Interface
Non-secure
firmware - BL33
(U-Boot, EDK2)
Secure Boot
I/O Drivers
Boot ROM - BL1
Trusted Board
Boot 1
Trusted Boot
Firmware - BL2
Trusted Board
Boot 2
Cold/Warm
Boot Detection
NV Storage
Driver
Boot Time Arch
+ Platform Init
Temp SMC
Handler
Boot Time Arch
+ Platform Init
Test Secure EL1 Payload - BL32
PSCI
Test
Service Router
Other
Test
S-EL1 Arch
Context
Save/Restore
Interrupt
Handler
Runtime Arch +
Platform Init
Test Suite - BL33_ALT
PSCI
Tests
EL1 Arch Context
Save/Restore
EL2 Arch Context
Save/Restore
Other
Tests
Interrupt
Handler
Runtime Arch
+ Platform InitException Trapper
Not Yet in v0.3
Partially in v0.3
18
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can’t use it as Trusted Boot isn’t ready
I can’t use my existing Trusted Boot
code
Myth: ARM Trusted Firmware requires using its Trusted Boot
19
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can’t use it as Trusted Boot isn’t ready
I can’t use my existing Trusted Boot
code
Reality
Partners are using Trusted Firmware
with their own Trusted Boot code
TODAY
The EL3 Runtime Firmware provides
significant benefits on its own
This component will have a stable
interface for Trusted Boot components
Myth: ARM Trusted Firmware requires using its Trusted Boot Reality: ARM Trusted Firmware can work with any Trusted Boot solution
EL3 Runtime Firmware - BL31SMC Interface
SMC Dispatcher
Other SMC Calls Interrupt Handler
Secure Monitor
PSCI
Power Control
Driver
EL3 Arch Context
Save/Restore
Normal World Trusted World
Interface Usage
External Interface
EL1 Execution
Secure EL1 Execution
EL2 Execution
KeyGlossaryBL - Boot Loader
EDK2 - EFI Development Kit 2
EL - Exception Level
NV - Non-Volatile
PSCI - Power State Control Interface
SMC - Secure Monitor Call
UEFI - Unified Enhanced Firmware Interface
EL3 Execution
Potential Interface
Non-secure
firmware - BL33
(EDK2, U-Boot)
Secure Boot
I/O Drivers
Boot ROM - BL1
Trusted Board
Boot 1
Trusted Boot
Firmware - BL2
Trusted Board
Boot 2
Cold/Warm
Boot Detection
NV Storage
Driver
Boot Time Arch
+ Platform Init
Temp SMC
Handler
Boot Time Arch
+ Platform Init
Test Secure EL1 Payload - BL32
PSCI
Test
Service Router
Other
Test
S-EL1 Arch
Context
Save/Restore
Interrupt
Handler
Runtime Arch +
Platform Init
Test Suite - BL33_ALT
PSCI
Tests
EL1 Arch Context
Save/Restore
EL2 Arch Context
Save/Restore
Other
Tests
Interrupt
Handler
Runtime Arch
+ Platform InitException Trapper
BL33
BL33
(Alternative)
BL32 BL2
BL1 BL31
To
Hypervisor /
Linux Kernel
20
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can’t use it for my Server SoC
I can’t use it for my Client SoC
It doesn’t work with a SCP/BMC
Myth: ARM Trusted Firmware is not for my kind of SoC
21
https://www.github.com/ARM-Software/arm-trusted-firmware
So…
I can’t use it for my Server SoC
I can’t use it for my Client SoC
It doesn’t work with a SCP/BMC
Reality
Trusted Firmware is focussed on ARMv8-A
Upstream examples need a platform to run
the Base FVPs came first
other examples will follow
Trusted Boot flow with a control/
management processor is different, but not
incompatible with ARM Trusted Firmware
Myth: ARM Trusted Firmware is for my kind of SoC Reality: ARM Trusted Firmware is focussed on ARMv8-A
Base Platform
Cortex-A53, A57
ARMv8
Dual Cluster
big.LITTLE
Power Management
OpenGLES
Foundation
Platform
ARMv8
AEM
22
https://www.github.com/ARM-Software/arm-trusted-firmware
ARM Trusted Firmware Reality Check
ARM Trusted Firmware Myths
Only works with UEFI
Requires a Trusted OS
No Secure Monitor
Includes a Trusted OS
Only supports AArch64
Isn’t ready
Requires ARM’s Trusted Boot code
Not for Client/Network/Server SoCs
23
https://www.github.com/ARM-Software/arm-trusted-firmware
ARM Trusted Firmware Reality Check
ARM Trusted Firmware Myths
Only works with UEFI
Requires a Trusted OS
No Secure Monitor
Includes a Trusted OS
Only supports AArch64
Isn’t ready
Requires ARM’s Trusted Boot code
Not for Client/Network/Server SoCs
ARM Trusted Firmware Reality
Works with any non-secure firmware
Trusted OS is optional
Example Monitor code included
Not a Trusted OS
AArch32 examples coming later
Is ready enough
Works with other Trusted Boot code
Designed for all ARMv8-A SoCs
24
ARM Trusted Firmware is for every ARMv8-A system
… but doesn’t yet cover every configuration
… so please get involved
…and help us fill the gaps
https://www.github.com/ARM-Software/arm-trusted-firmware
Adopt ARM Trusted Firmware
25
https://www.github.com/ARM-Software/arm-trusted-firmware
Thank you