Trusted Firmware-A (TF-A) is an open-source project initiated by ARM to provide a reference implementation of secure world firmware for ARMv7-A and ARMv8-A architectures. Specifically, TF-A is designed to execute at the highest Exception Level (EL-3) on ARM processors, serving as the Trusted Execution Environment (TEE) firmware in systems.
Boot process of Trusted Firmware-A
Under the ARMv8-A architecture, the implementation of the TF-A boot process can be divided into 5 stages, in the order of their execution:
Boot Loader stage (BL1): Executed by AP Boot ROM.
Execution stage 2 (BL2): Trusted Boot Firmware.
Execution stage 3-1 (BL31): EL3 Runtime Firmware.
Execution stage 3-2 (BL32): Secure-EL1 Payload.
Execution stage 3-3 (BL33): Non-trusted Firmware.
In SP7350 software architecture, BL1 is the i-boot. BL2 is the x-boot. BL31 is the secure monitor. BL32 is the OP-TEE. BL33 is the U-Boot.
BL31 is a specific stage or component within Trusted Firmware-A (TF-A). When we talk about image of FT-A, it means BL31 image because only BL31 code of TF-A is used.
The image files of BL31 (TF-A) and BL32 (OP-TEE) and BL33 (U-Boot) are loaded by x-boot (BL2). Subsequently, x-boot (BL2) transfers control to BL31 (TF-A), and BL31 operates with EL3 privileges under the AArch64 architecture. BL31 plays a crucial role in establishing a secure execution environment for the subsequent stages of the boot process.
The functionalities implemented by BL31 include:
Architectural initialization
Platform initialization
Runtime services initialization
AArch64 BL32 (Secure EL-1 Payload, OP-TEE) image initialization
BL33 (Non-trusted Firmware, U-Boot) execution
It is part of the ARM architecture's TrustZone technology, contributing to the overall security of the system.
The primary responsibilities of BL31 include:
Secure Environment Setup: BL31 initializes the secure world, setting up the Trusted Execution Environment before handing control to the next stage in the boot process.
Secure Exception Handling: It provides secure exception handling services and manages secure interrupts.
Secure Context Management: BL31 manages secure contexts, ensuring the secure world's isolation from the non-secure world.
Secure Resource Management: It handles secure resource allocation and management.
Trusted Services: BL31 may provide trusted services to other firmware components or the operating system running in the secure world.
x-boot loads BL31 and transfers control to EL-3. BL31 performs the following architectural initialization:
Initializes the system registers it focuses on.
Initializes the data structures for each CPU, providing cache access for improved speed. This initialization is performed concurrently on multiple CPUs.
Additionally, BL31 executes the following platform initialization:
Initializes the console terminal.
Initializes the Memory Management Unit (MMU).
Initializes the Generic Interrupt Controller.
Besides as a secure monitor which is runs at EL-3. BL31 is also responsible for running OP-TEE (BL32) and U-Boot (BL33). After BL31 completes initialization, including invoking OP-TEE, it jumps to execute U-Boot.
Core 0 is responsible for all the processes while other non-boot core (1, 2, and 3) enters wait-for-event state after they completes initialization.
