Page Comparison

...

• Boot Loader stage (BL1): Executed by AP Boot ROM.

• Execution stage 2 (BL2): Trusted Boot Firmware.

• Execution stage 3-1 (BL31): EL3 Runtime Firmware.

• Execution stage 3-2 (BL32): Secure-EL1 Payload.

• Execution stage 3-3 (BL33): Non-trusted Firmware.

Boot process of SP7350

Within In the SP7350 software architecture, BL1 is represented by i-boot, BL2 by x-boot, BL31 by TF-A (secure monitor), BL32 by OP-TEE, and BL33 by U-Boot. In the figure below, the blue arrows indicate the boot sequence. Notably, i-boot, x-boot, and TF-A operate at EL3, U-Boot at EL2, while OP-TEE and Linux run at EL1.

...

During the boot process, the image files of BL31 (TF-A), BL32 (OP-TEE), and BL33 (U-Boot) are loaded by the second-stage boot-loader, x-boot (BL2). Following this, x-boot (BL2) facilitates the transfer of control to BL31 (TF-A). BL31 operates as a secure monitor with Exception Level 3 (EL3) privileges, adhering to the AArch64 architecture standard.

BL31: (TF-A)

BL31 plays a crucial role in establishing a secure execution environment for the subsequent stages of the boot process. The primary responsibilities of BL31 include:

...

Secure Environment Setup: BL31 initializes the secure world, setting up the Trusted Execution Environment before handing control to the next stage in the boot process.

...

Secure Exception Handling: It provides secure exception handling services and manages secure interrupts.

...

Secure Context Management: BL31 manages secure contexts, ensuring the secure world's isolation from the non-secure world.

...

Secure Resource Management: It handles secure resource allocation and management.

...

As the final security barrier at EL3, BL31 operates differently from BL1 and BL2, as it is not a one-time execution. As implied by its runtime designation, it continuously provides securely designed services to the non-secure world through SMCs (Secure Monitor Calls). It is responsible for locating BL32, performing signature verification, and executing BL32.

BL31 resides in DRAM and operates in EL3 mode. In addition to architecture and platform initialization, it performs the following tasks:

• Initialization of PSCI services to enable CPU power management operations.

• Initialization of the BL32 image for execution in Secure EL1 mode.

• Initialization of Non-Secure EL2 or EL1, followed by a jump to execute BL33.

• Facilitation of secure/non-secure world transitions.

• Distribution of secure service requests.

Power state coordination interface (PSCI)

It is a standard interface defined by ARM that facilitates power management operations in a system. PSCI specifies the interface protocol for the Linux kernel to call power management-related services provided by BL31. It includes the interfaces necessary to implement the following functionalities:

• CPU idle management

• Hot-plug, which involves dynamically adding or removing CPUs from the system

• Secondary CPU startup

• System shutdown and reset operations

PSCI is invoked by the Linux kernel to access secure services provided by BL31. By leveraging PSCI, the Linux kernel can interact with BL31 to perform operations such as CPU power state transitions (e.g., turning CPUs on or off), dynamic voltage and frequency scaling (DVFS), and other power management tasks in a secure and coordinated manner. This collaboration between the Linux kernel and the secure monitor (BL31) ensures efficient and reliable CPU power management while maintaining system security.

Source files

Source files for TF-A can be found in the "boot/trusted-firmware-a/" directory under the project's top folder. Some platform-related . Refer to table below for main sub-directories and descriptions.

Some files are added or modified for SP7350 platform. Table below lists the files or folders:

...