05799ae0c8
This patch adds the authentication framework that will be used as
the base to implement Trusted Board Boot in the Trusted Firmware.
The framework comprises the following modules:
- Image Parser Module (IPM)
This module is responsible for interpreting images, check
their integrity and extract authentication information from
them during Trusted Board Boot.
The module currently supports three types of images i.e.
raw binaries, X509v3 certificates and any type specific to
a platform. An image parser library must be registered for
each image type (the only exception is the raw image parser,
which is included in the main module by default).
Each parser library (if used) must export a structure in a
specific linker section which contains function pointers to:
1. Initialize the library
2. Check the integrity of the image type supported by
the library
3. Extract authentication information from the image
- Cryptographic Module (CM)
This module is responsible for verifying digital signatures
and hashes. It relies on an external cryptographic library
to perform the cryptographic operations.
To register a cryptographic library, the library must use the
REGISTER_CRYPTO_LIB macro, passing function pointers to:
1. Initialize the library
2. Verify a digital signature
3. Verify a hash
Failing to register a cryptographic library will generate
a build time error.
- Authentication Module (AM)
This module provides methods to authenticate an image, like
hash comparison or digital signatures. It uses the image parser
module to extract authentication parameters, the crypto module
to perform cryptographic operations and the Chain of Trust to
authenticate the images.
The Chain of Trust (CoT) is a data structure that defines the
dependencies between images and the authentication methods
that must be followed to authenticate an image.
The Chain of Trust, when added, must provide a header file named
cot_def.h with the following definitions:
- COT_MAX_VERIFIED_PARAMS
Integer value indicating the maximum number of authentication
parameters an image can present. This value will be used by the
authentication module to allocate the memory required to load
the parameters in the image descriptor.
Change-Id: Ied11bd5cd410e1df8767a1df23bb720ce7e58178
|
||
|---|---|---|
| bl1 | ||
| bl2 | ||
| bl31 | ||
| bl32/tsp | ||
| common | ||
| docs | ||
| drivers | ||
| fdts | ||
| include | ||
| lib | ||
| plat | ||
| services | ||
| tools | ||
| .gitignore | ||
| acknowledgements.md | ||
| contributing.md | ||
| license.md | ||
| Makefile | ||
| readme.md | ||
ARM Trusted Firmware - version 1.1
ARM Trusted Firmware provides a reference implementation of secure world software for ARMv8-A, including Exception Level 3 (EL3) software. This release provides complete support for version 0.2 of the PSCI specification, initial support for the new version 1.0 of that specification, and prototype support for the Trusted Board Boot Requirements specification.
The intent is to provide a reference implementation of various ARM interface standards, such as the Power State Coordination Interface (PSCI), Trusted Board Boot Requirements (TBBR) and [Secure Monitor] TEE-SMC code. As far as possible the code is designed for reuse or porting to other ARMv8-A model and hardware platforms.
ARM will continue development in collaboration with interested parties to provide a full reference implementation of PSCI, TBBR and Secure Monitor code to the benefit of all developers working with ARMv8-A TrustZone technology.
License
The software is provided under a BSD 3-Clause license. Certain source files are derived from FreeBSD code: the original license is included in these source files.
This Release
This release is a limited functionality implementation of the Trusted Firmware. It provides a suitable starting point for productization. Future versions will contain new features, optimizations and quality improvements.
Functionality
-
Prototype implementation of a subset of the Trusted Board Boot Requirements Platform Design Document (PDD). This includes packaging the various firmware images into a Firmware Image Package (FIP) to be loaded from non-volatile storage, and a prototype of authenticated boot using key certificates stored in the FIP.
-
Initializes the secure world (for example, exception vectors, control registers, GIC and interrupts for the platform), before transitioning into the normal world.
-
Supports both GICv2 and GICv3 initialization for use by normal world software.
-
Starts the normal world at the Exception Level and Register Width specified by the platform port. Typically this is AArch64 EL2 if available.
-
Handles SMCs (Secure Monitor Calls) conforming to the [SMC Calling Convention PDD] SMCCC using an EL3 runtime services framework.
-
Handles SMCs relating to the [Power State Coordination Interface PDD] PSCI for the Secondary CPU Boot, CPU Hotplug, CPU Idle and System Shutdown/Reset use-cases.
-
A Test Secure-EL1 Payload and Dispatcher to demonstrate Secure Monitor functionality such as world switching, EL1 context management and interrupt routing. This also demonstrates Secure-EL1 interaction with PSCI. Some of this functionality is provided in library form for re-use by other Secure-EL1 Payload Dispatchers.
-
Support for alternative Trusted Boot Firmware. Some platforms have their own Trusted Boot implementation and only require the Secure Monitor functionality provided by ARM Trusted Firmware.
-
Isolation of memory accessible by the secure world from the normal world through programming of a TrustZone controller.
-
Support for CPU specific reset sequences, power down sequences and register dumping during crash reporting. The CPU specific reset sequences include support for errata workarounds.
For a full description of functionality and implementation details, please see the Firmware Design and supporting documentation. The Change Log provides details of changes made since the last release.
Platforms
This release of the Trusted Firmware has been tested on Revision B of the [Juno ARM Development Platform] Juno with Version r0p0-00rel7 of the [ARM SCP Firmware] SCP download.
The Trusted Firmware has also been tested on the 64-bit Linux versions of the following ARM FVPs:
Foundation_Platform(Version 9.1, Build 9.1.33)FVP_Base_AEMv8A-AEMv8A(Version 6.2, Build 0.8.6202)FVP_Base_Cortex-A57x4-A53x4(Version 6.2, Build 0.8.6202)FVP_Base_Cortex-A57x1-A53x1(Version 6.2, Build 0.8.6202)FVP_Base_Cortex-A57x2-A53x4(Version 6.2, Build 0.8.6202)
The Foundation FVP can be downloaded free of charge. The Base FVPs can be licensed from ARM: see [www.arm.com/fvp] FVP.
Still to Come
-
Complete and more flexible Trusted Board Boot implementation.
-
Complete implementation of the PSCI v1.0 specification.
-
Support for alternative types of Secure-EL1 Payloads.
-
Extending the GICv3 support to the secure world.
-
Support for new System IP devices.
For a full list of detailed issues in the current code, please see the Change Log and the GitHub issue tracker.
Getting Started
Get the Trusted Firmware source code from GitHub.
See the User Guide for instructions on how to install, build and use the Trusted Firmware with the ARM FVPs.
See the Firmware Design for information on how the ARM Trusted Firmware works.
See the Porting Guide as well for information about how to use this software on another ARMv8-A platform.
See the Contributing Guidelines for information on how to contribute to this project and the Acknowledgments file for a list of contributors to the project.
Feedback and support
ARM welcomes any feedback on the Trusted Firmware. Please send feedback using the GitHub issue tracker.
ARM licensees may contact ARM directly via their partner managers.
Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.