features.rst 5.36 KB
Newer Older
1
2
3
4
5
Feature Overview
================

This page provides an overview of the current |TF-A| feature set. For a full
description of these features and their implementation details, please see
6
the documents that are part of the *Components* and *System Design* chapters.
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36

The :ref:`Change Log & Release Notes` provides details of changes made since the
last release.

Current features
----------------

-  Initialization of the secure world, for example exception vectors, control
   registers and interrupts for the platform.

-  Library support for CPU specific reset and power down sequences. This
   includes support for errata workarounds and the latest Arm DynamIQ CPUs.

-  Drivers to enable standard initialization of Arm System IP, for example
   Generic Interrupt Controller (GIC), Cache Coherent Interconnect (CCI),
   Cache Coherent Network (CCN), Network Interconnect (NIC) and TrustZone
   Controller (TZC).

-  A generic |SCMI| driver to interface with conforming power controllers, for
   example the Arm System Control Processor (SCP).

-  SMC (Secure Monitor Call) handling, conforming to the `SMC Calling
   Convention`_ using an EL3 runtime services framework.

-  |PSCI| library support for CPU, cluster and system power management
   use-cases.
   This library is pre-integrated with the AArch64 EL3 Runtime Software, and
   is also suitable for integration with other AArch32 EL3 Runtime Software,
   for example an AArch32 Secure OS.

37
-  A minimal AArch32 Secure Payload (*SP_MIN*) to demonstrate |PSCI| library
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
   integration with AArch32 EL3 Runtime Software.

-  Secure Monitor library code such as world switching, EL1 context management
   and interrupt routing.
   When a Secure-EL1 Payload (SP) is present, for example a Secure OS, the
   AArch64 EL3 Runtime Software must be integrated with a Secure Payload
   Dispatcher (SPD) component to customize the interaction with the SP.

-  A Test SP and SPD to demonstrate AArch64 Secure Monitor functionality and SP
   interaction with PSCI.

-  SPDs for the `OP-TEE Secure OS`_, `NVIDIA Trusted Little Kernel`_
   and `Trusty Secure OS`_.

-  A Trusted Board Boot implementation, conforming to all mandatory TBBR
   requirements. This includes image authentication, Firmware Update (or
   recovery mode), and packaging of the various firmware images into a
   Firmware Image Package (FIP).

-  Pre-integration of TBB with the Arm CryptoCell product, to take advantage of
   its hardware Root of Trust and crypto acceleration services.

-  Reliability, Availability, and Serviceability (RAS) functionality, including

   -  A Secure Partition Manager (SPM) to manage Secure Partitions in
      Secure-EL0, which can be used to implement simple management and
      security services.

   -  An |SDEI| dispatcher to route interrupt-based |SDEI| events.

   -  An Exception Handling Framework (EHF) that allows dispatching of EL3
      interrupts to their registered handlers, to facilitate firmware-first
      error handling.

-  A dynamic configuration framework that enables each of the firmware images
   to be configured at runtime if required by the platform. It also enables
   loading of a hardware configuration (for example, a kernel device tree)
   as part of the FIP, to be passed through the firmware stages.

-  Support for alternative boot flows, for example to support platforms where
   the EL3 Runtime Software is loaded using other firmware or a separate
   secure system processor, or where a non-TF-A ROM expects BL2 to be loaded
   at EL3.

-  Support for the GCC, LLVM and Arm Compiler 6 toolchains.

-  Support for combining several libraries into a "romlib" image that may be
   shared across images to reduce memory footprint. The romlib image is stored
   in ROM but is accessed through a jump-table that may be stored
   in read-write memory, allowing for the library code to be patched.

89
90
-  Support for the Secure Partition Manager Dispatcher (SPMD) component as a
   new standard service.
91
92
93
94
95
96
97
98

-  Support for ARMv8.3 pointer authentication in the normal and secure worlds.
   The use of pointer authentication in the normal world is enabled whenever
   architectural support is available, without the need for additional build
   flags. Use of pointer authentication in the secure world remains an
   experimental configuration at this time and requires the
   ``BRANCH_PROTECTION`` option to be set to non-zero.

99
100
-  Position-Independent Executable (PIE) support. Currently for BL2, BL31, and
   TSP, with further support to be added in a future release.
101
102
103
104
105
106
107
108

Still to come
-------------

-  Support for additional platforms.

-  Refinements to Position Independent Executable (PIE) support.

109
110
-  Continued support for the draft SPCI specification, to enable the use of
   secure partition management in the secure world.
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126

-  Documentation enhancements.

-  Ongoing support for new architectural features, CPUs and System IP.

-  Ongoing support for new Arm system architecture specifications.

-  Ongoing security hardening, optimization and quality improvements.

.. _SMC Calling Convention: http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf
.. _OP-TEE Secure OS: https://github.com/OP-TEE/optee_os
.. _NVIDIA Trusted Little Kernel: http://nv-tegra.nvidia.com/gitweb/?p=3rdparty/ote_partner/tlk.git;a=summary
.. _Trusty Secure OS: https://source.android.com/security/trusty

--------------

127
*Copyright (c) 2020, Arm Limited. All rights reserved.*