Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

TFTrusted Firmware-A , short for Trusted Firmware(TF-A, ) is an open-source project initiated by ARM to provide a reference implementation of secure world firmware for ARMv7-A and ARMv8-A architectures. Specifically, TF-A is designed to execute at the highest Exception Level (EL-3) on ARM processors, serving as the Trusted Execution Environment (TEE) firmware in systems that utilize ARM TrustZone technology.

TF-A plays a crucial role in establishing a secure foundation for ARM-based systems, particularly those leveraging TrustZone technology. It contributes to the overall security posture of devices by ensuring the integrity and confidentiality of trusted code and data during the boot process and execution of secure applications.

TF-A (ARM Trusted Firmware-A), developed by ARM, operates at the highest privilege level (EL-3) under ARMv8-A, providing APIs for switching between the secure world and non-secure world. After TF-A completes initialization, it jumps to execute U-Boot (already loaded into DRAM by x-boot).

A secure monitor which runs at EL3.

...

Boot process of Trusted Firmware-A

Under the ARMv8-A architecture, the implementation of the TF-A boot process can be divided into 5 stages, in the order of their execution:

  1. Boot Loader stage (BL1): Executed by AP Boot ROM.

  2. Execution stage 2 (BL2): Trusted Boot Firmware.

  3. Execution stage 3-1 (BL31): EL3 Runtime Firmware.

  4. Execution stage 3-2 (BL32): Secure-EL1 Payload.

  5. Execution stage 3-3 (BL33): Non-trusted Firmware.

In SP7350 software architecture, BL1 is the i-boot. BL2 is the x-boot. BL31 is the secure monitor. BL32 is the OP-TEE. BL33 is the U-Boot.

BL31 is a specific stage or component within Trusted Firmware-A (TF-A). When we talk about image of FT-A, it means BL31 image because only BL31 code of TF-A is used.

The image files of BL31 (TF-A) and BL32 (OP-TEE) and BL33 (U-Boot) are loaded by x-boot (BL2). Subsequently, x-boot (BL2) transfers control to BL31 (TF-A), and BL31 operates with EL3 privileges under the AArch64 architecture. BL31 plays a crucial role in establishing a secure execution environment for the subsequent stages of the boot process.

The functionalities implemented by BL31 include:

  • Architectural initialization

  • Platform initialization

  • Runtime services initialization

  • AArch64 BL32 (Secure EL-1 Payload, OP-TEE) image initialization

  • BL33 (Non-trusted Firmware, U-Boot) execution

It is part of the ARM architecture's TrustZone technology, contributing to the overall security of the system.

The primary responsibilities of BL31 include:

  1. Secure Environment Setup: BL31 initializes the secure world, setting up the Trusted Execution Environment before handing control to the next stage in the boot process.

  2. Secure Exception Handling: It provides secure exception handling services and manages secure interrupts.

  3. Secure Context Management: BL31 manages secure contexts, ensuring the secure world's isolation from the non-secure world.

  4. Secure Resource Management: It handles secure resource allocation and management.

  5. Trusted Services: BL31 may provide trusted services to other firmware components or the operating system running in the secure world.

x-boot loads BL31 and transfers control to EL-3. BL31 performs the following architectural initialization:

  1. Initializes the system registers it focuses on.

  2. Initializes the data structures for each CPU, providing cache access for improved speed. This initialization is performed concurrently on multiple CPUs.

Additionally, BL31 executes the following platform initialization:

  1. Initializes the console terminal.

  2. Initializes the Memory Management Unit (MMU).

  3. Initializes the Generic Interrupt Controller.

Besides as a secure monitor which is runs at EL-3. BL31 is also responsible for running OP-TEE (BL32) .Responsible for running and U-Boot (BL33). Core 0 brings up After BL31 completes initialization, including invoking OP-TEE.Core 0 , it jumps to run execute U-Boot and then run Linux.Linux wake up core .

Core 0 is responsible for all the processes while other non-boot core (1, 2, and 3) enters wait-for-event state after they completes initialization.

image-20240122-174118.pngImage Modified