Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Trusted Firmware-A (TF-A) is an open-source project initiated by ARM to provide a reference implementation of secure world firmware for ARMv7-A and ARMv8-A architectures. Specifically, TF-A is designed to execute at the highest Exception Level (EL3) on ARM processors, serving as the Trusted Execution Environment (TEE) firmware in systems.

Refer to official web: https://www.trustedfirmware.org/projects/tf-a/

Refer to sources: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/

Contents

Table of Contents

Boot process of Trusted Firmware-A

The implementation of the TF-A boot process can be divided into 5 stages, in the order of their execution:

  • Boot Loader stage (BL1): Executed by AP Boot ROM.

  • Execution stage 2 (BL2): Trusted Boot Firmware.

  • Execution stage 3-1 (BL31): EL3 Runtime Firmware.

  • Execution stage 3-2 (BL32): Secure-EL1 Payload.

  • Execution stage 3-3 (BL33): Non-trusted Firmware.

Boot process of SP7350

Within the SP7350 software architecture, BL1 is represented by i-boot, BL2 by x-boot, BL31 by TF-A (secure monitor), BL32 by OP-TEE, and BL33 by U-Boot. Notably, i-boot, x-boot, and TF-A operate at EL3, U-Boot at EL2, while OP-TEE and Linux run at EL1.

image-20240213-135952.pngImage Removedimage-20240213-141038.pngImage Added

BL31 is a specific stage or component within Trusted Firmware-A (TF-A). When referring to the TF-A in SP7350 software, it specifically points to the BL31 since only the code associated with BL31 in TF-A is utilized.

During the boot process, the image files of BL31 (TF-A), BL32 (OP-TEE), and BL33 (U-Boot) are loaded by the second-stage boot-loader, x-boot (BL2). Following this, x-boot (BL2) facilitates the transfer of control to BL31 (TF-A). BL31 operates as a secure monitor with Exception Level 3 (EL3) privileges, adhering to the AArch64 architecture standard.

BL31 (TF-A)

BL31 plays a crucial role in establishing a secure execution environment for the subsequent stages of the boot process. The primary responsibilities of BL31 include:

  • Secure Environment Setup: BL31 initializes the secure world, setting up the Trusted Execution Environment before handing control to the next stage in the boot process.

  • Secure Exception Handling: It provides secure exception handling services and manages secure interrupts.

  • Secure Context Management: BL31 manages secure contexts, ensuring the secure world's isolation from the non-secure world.

  • Secure Resource Management: It handles secure resource allocation and management.

  • Trusted Services: BL31 may provide trusted services to other firmware components or the operating system running in the secure world.

Source files

Source files for TF-A can be found in the "boot/trusted-firmware-a/" directory under the project's top folder. Some platform-related files are added or modified for SP7350 platform. Table below lists the files or folders:

Files or folders

Descriptions

build/

Contains output files.

lib/psci/

Contains power state coordination interface (psci) files.

plat/sp/

Contains SP7350 platform-related files.

sp7350.mk

Make file of sp7350 platform.

Platform-related header files

Platform-related header files, residing under "plat/sp/common/include" and "plat/sp/sp7350/include," contain essential definitions for UART, platform settings, DRAM configurations, register addresses, and watchdog registers. Modifying these files is crucial when adapting TF-A to specific platform requirements.

plat/sp/common/include/

Files

Descriptions

sp_uart.h

Contains definitions of bits and registers of UART.

sp_def.h

Contains definitions of platform.

plat/sp/sp7350/include/

Files

Descriptions

platform_def.h

Contains most definitions of platform, include DRAM base address, size, and etc.

sp_mmap.h

Contains definitions of address DRAM, registers, GIC base and etc..

sp_pm.h

Contains definitions of registers watchdog.