Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

Trusted Firmware-A (TF-A) is an open-source project initiated by ARM to provide a reference implementation of secure world firmware for ARMv7-A and ARMv8-A architectures. Specifically, TF-A is designed to execute at the highest Exception Level (EL3) on ARM processors, serving as the Trusted Execution Environment (TEE) firmware in systems.

Contents

Boot process of Trusted Firmware-A

Under the ARMv8-A architecture, the implementation of the TF-A boot process can be divided into 5 stages, in the order of their execution:

  • Boot Loader stage (BL1): Executed by AP Boot ROM.

  • Execution stage 2 (BL2): Trusted Boot Firmware.

  • Execution stage 3-1 (BL31): EL3 Runtime Firmware.

  • Execution stage 3-2 (BL32): Secure-EL1 Payload.

  • Execution stage 3-3 (BL33): Non-trusted Firmware.

Boot process of SP7350

In SP7350 software architecture, BL1 is the i-boot. BL2 is the x-boot. BL31 is the TF-A (secure monitor). BL32 is the OP-TEE. BL33 is the U-Boot.

image-20240202-165909.png

BL31 is a specific stage or component within Trusted Firmware-A (TF-A). When we talk about image of FT-A, we means BL31 image because only BL31 code of TF-A is used.

The image files of BL31 (TF-A) and BL32 (OP-TEE) and BL33 (U-Boot) are loaded by x-boot (BL2). Subsequently, x-boot (BL2) transfers control to BL31 (TF-A), and BL31 operates with EL3 privileges under the AArch64 architecture.

BL31 (TF-A)

BL31 plays a crucial role in establishing a secure execution environment for the subsequent stages of the boot process. The functionalities implemented by BL31 include:

  • Architectural initialization

  • Platform initialization

  • Runtime services initialization

  • AArch64 BL32 (Secure-EL1 Payload) image initialization

  • BL33 (Non-trusted Firmware) execution

The primary responsibilities of BL31 include:

  • Secure Environment Setup: BL31 initializes the secure world, setting up the Trusted Execution Environment before handing control to the next stage in the boot process.

  • Secure Exception Handling: It provides secure exception handling services and manages secure interrupts.

  • Secure Context Management: BL31 manages secure contexts, ensuring the secure world's isolation from the non-secure world.

  • Secure Resource Management: It handles secure resource allocation and management.

  • Trusted Services: BL31 may provide trusted services to other firmware components or the operating system running in the secure world.

Platform-related source files

The source files for TF-A are located in the "boot/trusted-firmware-a/" directory under the project's top folder. Some platform-related source files are added or modified for operation. Table below lists platform-related files or folders:

Files or folders

Descriptions

bl31/

Contains BL21 codes.

build/

Contains output files.

common/

Contains codes.

include/

Contains header files.

lib/psci/

Contains power state coordination interface (psci) files.

plat/sp/

Contains SP7350 platform-related files.

sp7350.mk

Make file of sp7350 platform.

  • No labels