You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
265 lines
9.1 KiB
265 lines
9.1 KiB
Secure Partition Manager
|
|
************************
|
|
|
|
.. contents::
|
|
|
|
.. toctree::
|
|
ffa-manifest-binding
|
|
|
|
Acronyms
|
|
========
|
|
|
|
+--------+--------------------------------------+
|
|
| DTS | Device Tree Source |
|
|
+--------+--------------------------------------+
|
|
| FF-A | Firmware Framework for Arm A-profile |
|
|
+--------+--------------------------------------+
|
|
| NWd | Normal World |
|
|
+--------+--------------------------------------+
|
|
| SP | Secure Partition |
|
|
+--------+--------------------------------------+
|
|
| SPD | Secure Payload Dispatcher |
|
|
+--------+--------------------------------------+
|
|
| SPM | Secure Partition Manager |
|
|
+--------+--------------------------------------+
|
|
| SPMC | SPM Core |
|
|
+--------+--------------------------------------+
|
|
| SPMD | SPM Dispatcher |
|
|
+--------+--------------------------------------+
|
|
| SWd | Secure World |
|
|
+--------+--------------------------------------+
|
|
|
|
Foreword
|
|
========
|
|
|
|
Three implementations of a Secure Partition Manager co-exist in the TF-A
|
|
codebase:
|
|
|
|
#. S-EL2 SPMC based on the FF-A specification `[1]`_, enabling virtualization in
|
|
the secure world, managing multiple S-EL1 or S-EL0 partitions `[5]`_.
|
|
#. EL3 SPMC based on the FF-A specification, managing a single S-EL1 partition
|
|
without virtualization in the secure world `[6]`_.
|
|
#. EL3 SPM based on the MM specification, legacy implementation managing a
|
|
single S-EL0 partition `[2]`_.
|
|
|
|
These implementations differ in their respective SW architecture and only one
|
|
can be selected at build time.
|
|
|
|
Support for legacy platforms
|
|
----------------------------
|
|
|
|
The SPM is split into a dispatcher and a core component (respectively SPMD and
|
|
SPMC) residing at different exception levels. To permit the FF-A specification
|
|
adoption and a smooth migration, the SPMD supports an SPMC residing either at
|
|
S-EL1 or S-EL2:
|
|
|
|
- The SPMD is located at EL3 and mainly relays the FF-A protocol from NWd
|
|
(Hypervisor or OS kernel) to the SPMC.
|
|
- The same SPMD component is used for both S-EL1 and S-EL2 SPMC configurations.
|
|
- The SPMC exception level is a build time choice.
|
|
|
|
TF-A supports both cases:
|
|
|
|
- S-EL1 SPMC for platforms not supporting the FEAT_SEL2 architecture
|
|
extension. The SPMD relays the FF-A protocol from EL3 to S-EL1.
|
|
- S-EL2 SPMC for platforms implementing the FEAT_SEL2 architecture
|
|
extension. The SPMD relays the FF-A protocol from EL3 to S-EL2.
|
|
|
|
TF-A build options
|
|
==================
|
|
|
|
This section explains the TF-A build options involved in building with
|
|
support for an FF-A based SPM where the SPMD is located at EL3 and the
|
|
SPMC located at S-EL1, S-EL2 or EL3:
|
|
|
|
- **SPD=spmd**: this option selects the SPMD component to relay the FF-A
|
|
protocol from NWd to SWd back and forth. It is not possible to
|
|
enable another Secure Payload Dispatcher when this option is chosen.
|
|
- **SPMD_SPM_AT_SEL2**: this option adjusts the SPMC exception
|
|
level to being at S-EL2. It defaults to enabled (value 1) when
|
|
SPD=spmd is chosen.
|
|
- **SPMC_AT_EL3**: this option adjusts the SPMC exception level to being
|
|
at EL3. If neither ``SPMD_SPM_AT_SEL2`` or ``SPMC_AT_EL3`` are enabled the
|
|
SPMC exception level is set to S-EL1.
|
|
``SPMD_SPM_AT_SEL2`` is enabled. The context save/restore routine
|
|
and exhaustive list of registers is visible at `[4]`_.
|
|
- **SPMC_AT_EL3_SEL0_SP**: this option enables the support to load SEL0 SP
|
|
when SPMC at EL3 support is enabled.
|
|
- **SP_LAYOUT_FILE**: this option specifies a text description file
|
|
providing paths to SP binary images and manifests in DTS format
|
|
(see `[3]`_). It
|
|
is required when ``SPMD_SPM_AT_SEL2`` is enabled hence when multiple
|
|
secure partitions are to be loaded by BL2 on behalf of the SPMC.
|
|
|
|
+---------------+------------------+-------------+-------------------------+
|
|
| | SPMD_SPM_AT_SEL2 | SPMC_AT_EL3 | CTX_INCLUDE_EL2_REGS(*) |
|
|
+---------------+------------------+-------------+-------------------------+
|
|
| SPMC at S-EL1 | 0 | 0 | 0 |
|
|
+---------------+------------------+-------------+-------------------------+
|
|
| SPMC at S-EL2 | 1 (default when | 0 | 1 |
|
|
| | SPD=spmd) | | |
|
|
+---------------+------------------+-------------+-------------------------+
|
|
| SPMC at EL3 | 0 | 1 | 0 |
|
|
+---------------+------------------+-------------+-------------------------+
|
|
|
|
Other combinations of such build options either break the build or are not
|
|
supported.
|
|
|
|
Notes:
|
|
|
|
- Only Arm's FVP platform is supported to use with the TF-A reference software
|
|
stack.
|
|
- When ``SPMD_SPM_AT_SEL2=1``, the reference software stack assumes enablement
|
|
of FEAT_PAuth, FEAT_BTI and FEAT_MTE architecture extensions.
|
|
- ``(*) CTX_INCLUDE_EL2_REGS``, this flag is |TF-A| internal and informational
|
|
in this table. When set, it provides the generic support for saving/restoring
|
|
EL2 registers required when S-EL2 firmware is present.
|
|
- BL32 option is re-purposed to specify the SPMC image. It can specify either
|
|
the Hafnium binary path (built for the secure world) or the path to a TEE
|
|
binary implementing FF-A interfaces.
|
|
- BL33 option can specify the TFTF binary or a normal world loader
|
|
such as U-Boot or the UEFI framework payload.
|
|
|
|
Sample TF-A build command line when the SPMC is located at S-EL1
|
|
(e.g. when the FEAT_SEL2 architecture extension is not implemented):
|
|
|
|
.. code:: shell
|
|
|
|
make \
|
|
CROSS_COMPILE=aarch64-none-elf- \
|
|
SPD=spmd \
|
|
SPMD_SPM_AT_SEL2=0 \
|
|
BL32=<path-to-tee-binary> \
|
|
BL33=<path-to-bl33-binary> \
|
|
PLAT=fvp \
|
|
all fip
|
|
|
|
Sample TF-A build command line when FEAT_SEL2 architecture extension is
|
|
implemented and the SPMC is located at S-EL2:
|
|
|
|
.. code:: shell
|
|
|
|
make \
|
|
CROSS_COMPILE=aarch64-none-elf- \
|
|
PLAT=fvp \
|
|
SPD=spmd \
|
|
ARM_ARCH_MINOR=5 \
|
|
BRANCH_PROTECTION=1 \
|
|
CTX_INCLUDE_PAUTH_REGS=1 \
|
|
ENABLE_FEAT_MTE2=1 \
|
|
BL32=<path-to-hafnium-binary> \
|
|
BL33=<path-to-bl33-binary> \
|
|
SP_LAYOUT_FILE=sp_layout.json \
|
|
all fip
|
|
|
|
Sample TF-A build command line when FEAT_SEL2 architecture extension is
|
|
implemented, the SPMC is located at S-EL2, and enabling secure boot:
|
|
|
|
.. code:: shell
|
|
|
|
make \
|
|
CROSS_COMPILE=aarch64-none-elf- \
|
|
PLAT=fvp \
|
|
SPD=spmd \
|
|
ARM_ARCH_MINOR=5 \
|
|
BRANCH_PROTECTION=1 \
|
|
CTX_INCLUDE_PAUTH_REGS=1 \
|
|
ENABLE_FEAT_MTE2=1 \
|
|
BL32=<path-to-hafnium-binary> \
|
|
BL33=<path-to-bl33-binary> \
|
|
SP_LAYOUT_FILE=sp_layout.json \
|
|
MBEDTLS_DIR=<path-to-mbedtls-lib> \
|
|
TRUSTED_BOARD_BOOT=1 \
|
|
COT=dualroot \
|
|
ARM_ROTPK_LOCATION=devel_rsa \
|
|
ROT_KEY=plat/arm/board/common/rotpk/arm_rotprivk_rsa.pem \
|
|
GENERATE_COT=1 \
|
|
all fip
|
|
|
|
Sample TF-A build command line when the SPMC is located at EL3:
|
|
|
|
.. code:: shell
|
|
|
|
make \
|
|
CROSS_COMPILE=aarch64-none-elf- \
|
|
SPD=spmd \
|
|
SPMD_SPM_AT_SEL2=0 \
|
|
SPMC_AT_EL3=1 \
|
|
BL32=<path-to-tee-binary> \
|
|
BL33=<path-to-bl33-binary> \
|
|
PLAT=fvp \
|
|
all fip
|
|
|
|
Sample TF-A build command line when the SPMC is located at EL3 and SEL0 SP is
|
|
enabled:
|
|
|
|
.. code:: shell
|
|
|
|
make \
|
|
CROSS_COMPILE=aarch64-none-elf- \
|
|
SPD=spmd \
|
|
SPMD_SPM_AT_SEL2=0 \
|
|
SPMC_AT_EL3=1 \
|
|
SPMC_AT_EL3_SEL0_SP=1 \
|
|
BL32=<path-to-tee-binary> \
|
|
BL33=<path-to-bl33-binary> \
|
|
PLAT=fvp \
|
|
all fip
|
|
|
|
Boot process
|
|
============
|
|
|
|
The boot process involving SPMC is highly dependent on the SPMC implementation.
|
|
It is recommended to refer to corresponding SPMC documentation for further
|
|
details. Some aspects of boot process are described here in the greater interest
|
|
of the project.
|
|
|
|
SPMC boot
|
|
---------
|
|
|
|
When SPMC resides at a lower EL i.e., S-EL1 or S-EL2, it is loaded by BL2 as the
|
|
BL32 image. The SPMC manifest is loaded by BL2 as the ``TOS_FW_CONFIG`` image `[7]`_.
|
|
|
|
BL2 passes the SPMC manifest address to BL31 through a register. At boot time,
|
|
the SPMD in BL31 runs from the primary core, initializes the core contexts and
|
|
launches the SPMC (BL32) passing the following information through registers:
|
|
|
|
- X0 holds the ``TOS_FW_CONFIG`` physical address (or SPMC manifest blob).
|
|
- X1 holds the ``HW_CONFIG`` physical address.
|
|
- X4 holds the currently running core linear id.
|
|
|
|
|
|
References
|
|
==========
|
|
|
|
.. _[1]:
|
|
|
|
[1] `Arm Firmware Framework for Arm A-profile <https://developer.arm.com/docs/den0077/latest>`__
|
|
|
|
.. _[2]:
|
|
|
|
[2] :ref:`Secure Partition Manager using MM interface<Secure Partition Manager (MM)>`
|
|
|
|
.. _[3]:
|
|
|
|
[3] https://hafnium.readthedocs.io/en/latest/secure-partition-manager/secure-partition-manager.html#secure-partitions-layout-file
|
|
|
|
.. _[4]:
|
|
|
|
[4] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/lib/el3_runtime/aarch64/context.S#n45
|
|
|
|
.. _[5]:
|
|
|
|
[5] https://hafnium.readthedocs.io/en/latest/secure-partition-manager/index.html
|
|
|
|
.. _[6]:
|
|
|
|
[6] :ref:`EL3 Secure Partition Manager<EL3 Secure Partition Manager>`
|
|
|
|
.. _[7]:
|
|
|
|
[7] https://trustedfirmware-a.readthedocs.io/en/latest/design/firmware-design.html#dynamic-configuration-during-cold-boot
|
|
|
|
--------------
|
|
|
|
*Copyright (c) 2020-2024, Arm Limited and Contributors. All rights reserved.*
|
|
|