Trusted Firmware-A Logo
latest
  • Home
  • 1. About
    • 1.1. Feature Overview
      • 1.1.1. Current features
      • 1.1.2. Still to come
    • 1.2. Release Processes
      • 1.2.1. Project Release Cadence
        • 1.2.1.1. Upcoming Releases
      • 1.2.2. Removal of Deprecated Interfaces
      • 1.2.3. Removal of Deprecated Drivers
    • 1.3. Project Maintenance
      • 1.3.1. Maintainers
      • 1.3.2. LTS Maintainers
      • 1.3.3. Code owners
        • 1.3.3.1. Common Code
        • 1.3.3.2. Drivers, Libraries and Framework Code
        • 1.3.3.3. Platform Ports
        • 1.3.3.4. Secure Payloads and Dispatchers
        • 1.3.3.5. Tools
        • 1.3.3.6. Threat Model
        • 1.3.3.7. Conventional Changelog Extensions
    • 1.4. Support & Contact
      • 1.4.1. Mailing Lists
      • 1.4.2. Open Tech Forum Call
      • 1.4.3. Issue Tracker
      • 1.4.4. Arm Licensees
    • 1.5. Contributor Acknowledgements
  • 2. Getting Started
    • 2.1. Prerequisites
      • 2.1.1. Build Host
      • 2.1.2. Toolchain
      • 2.1.3. Software and Libraries
        • 2.1.3.1. Package Installation (Linux)
      • 2.1.4. Supporting Files
      • 2.1.5. Getting the TF-A Source
        • 2.1.5.1. Additional Steps for Contributors
    • 2.2. Building Documentation
      • 2.2.1. Prerequisites
      • 2.2.2. Building rendered documentation
        • 2.2.2.1. Other Output Formats
        • 2.2.2.2. Building rendered documentation from Poetry’s virtual environment
      • 2.2.3. Building rendered documentation from a container
    • 2.3. Performing an Initial Build
    • 2.4. Building Supporting Tools
      • 2.4.1. Building and using the FIP tool
      • 2.4.2. Building the Certificate Generation Tool
        • 2.4.2.1. Building the Firmware Encryption Tool
    • 2.5. Build Options
      • 2.5.1. Common build options
      • 2.5.2. GICv3 driver options
      • 2.5.3. Debugging options
      • 2.5.4. Firmware update options
    • 2.6. Internal Build Options
    • 2.7. Image Terminology
      • 2.7.1. Common Image Features
      • 2.7.2. Trusted Firmware Images
        • 2.7.2.1. Firmware Image Package: FIP
        • 2.7.2.2. AP Boot ROM: AP_BL1
        • 2.7.2.3. AP RAM Firmware: AP_BL2
        • 2.7.2.4. EL3 Runtime Firmware: AP_BL31
        • 2.7.2.5. Secure-EL1 Payload (SP): AP_BL32
        • 2.7.2.6. AP Normal World Firmware: AP_BL33
        • 2.7.2.7. Other AP 3rd level images: AP_BL3_XXX
        • 2.7.2.8. Realm Monitor Management Firmware: RMM
        • 2.7.2.9. SCP Boot ROM: SCP_BL1 (previously BL0)
        • 2.7.2.10. SCP RAM Firmware: SCP_BL2 (previously BL3-0)
      • 2.7.3. Firmware Update (FWU) Images
        • 2.7.3.1. AP Firmware Update Boot ROM: AP_NS_BL1U
        • 2.7.3.2. AP Firmware Update Config: AP_BL2U
        • 2.7.3.3. SCP Firmware Update Config: SCP_BL2U (previously BL2-U0)
        • 2.7.3.4. AP Firmware Updater: AP_NS_BL2U (previously BL3-U)
      • 2.7.4. Other Processor Firmware Images
        • 2.7.4.1. MCP Boot ROM: MCP_BL1
        • 2.7.4.2. MCP RAM Firmware: MCP_BL2
    • 2.8. PSCI Library Integration guide for Armv8-A AArch32 systems
      • 2.8.1. Generic call sequence for PSCI Library interface (AArch32)
      • 2.8.2. PSCI CPU context management
      • 2.8.3. PSCI Library Interface
        • 2.8.3.1. Interface : psci_setup()
        • 2.8.3.2. Interface : psci_prepare_next_non_secure_ctx()
        • 2.8.3.3. Interface : psci_register_spd_pm_hook()
        • 2.8.3.4. Interface : psci_smc_handler()
        • 2.8.3.5. Interface : psci_warmboot_entrypoint()
      • 2.8.4. EL3 Runtime Software dependencies
        • 2.8.4.1. General dependencies
        • 2.8.4.2. CPU Context management API
        • 2.8.4.3. Platform API
        • 2.8.4.4. Secure payload power management callback
        • 2.8.4.5. CPU operations
    • 2.9. EL3 Runtime Service Writer’s Guide
      • 2.9.1. Introduction
      • 2.9.2. Owning Entities, Call Types and Function IDs
      • 2.9.3. Getting started
      • 2.9.4. Registering a runtime service
      • 2.9.5. Initializing a runtime service
      • 2.9.6. Handling runtime service requests
      • 2.9.7. Services that contain multiple sub-services
      • 2.9.8. Secure-EL1 Payload Dispatcher service (SPD)
  • 3. Processes & Policies
    • 3.1. Security Handling
      • 3.1.1. Security Disclosures
      • 3.1.2. Found a Security Issue?
      • 3.1.3. Attribution
      • 3.1.4. Security Advisories
    • 3.2. Platform Ports Policy
      • 3.2.1. Platform compatibility policy
      • 3.2.2. Deprecation policy
    • 3.3. Commit Style
      • 3.3.1. Adding Scopes
      • 3.3.2. Mandated Trailers
    • 3.4. Coding Style
      • 3.4.1. File Encoding
      • 3.4.2. Language
      • 3.4.3. C Language Standard
      • 3.4.4. MISRA Compliance
      • 3.4.5. Indentation
      • 3.4.6. Spacing
      • 3.4.7. Line Length
      • 3.4.8. Blank Lines
      • 3.4.9. Braces
        • 3.4.9.1. Opening Brace Placement
        • 3.4.9.2. Conditional Statement Bodies
      • 3.4.10. Naming
        • 3.4.10.1. Functions
        • 3.4.10.2. Local Variables and Parameters
        • 3.4.10.3. Preprocessor Macros
      • 3.4.11. Function Attributes
      • 3.4.12. Alignment
        • 3.4.12.1. Switch Statement Alignment
        • 3.4.12.2. Pointer Alignment
      • 3.4.13. Comments
      • 3.4.14. Headers and inclusion
        • 3.4.14.1. Header guards
        • 3.4.14.2. Include statement ordering
        • 3.4.14.3. Include statement variants
      • 3.4.15. Typedefs
        • 3.4.15.1. Avoid anonymous typedefs of structs/enums in headers
    • 3.5. Coding Guidelines
      • 3.5.1. Automatic Editor Configuration
      • 3.5.2. Automatic Compliance Checking
        • 3.5.2.1. Ignored Checkpatch Warnings
      • 3.5.3. Performance considerations
        • 3.5.3.1. Avoid printf and use logging macros
        • 3.5.3.2. Use const data where possible
      • 3.5.4. Libc functions that are banned or to be used with caution
      • 3.5.5. Error handling and robustness
        • 3.5.5.1. Using CASSERT to check for compile time data errors
        • 3.5.5.2. Using assert() to check for programming errors
        • 3.5.5.3. Handling integration errors
        • 3.5.5.4. Handling recoverable errors
        • 3.5.5.5. Handling unrecoverable errors
        • 3.5.5.6. Handling critical unresponsiveness
      • 3.5.6. Use of built-in C and libc data types
      • 3.5.7. Favor C language over assembly language
      • 3.5.8. Do not use weak functions
    • 3.6. Contributor’s Guide
      • 3.6.1. Getting Started
      • 3.6.2. Making Changes
      • 3.6.3. Submitting Changes
      • 3.6.4. Add CI Configurations
        • 3.6.4.1. Coverity Scan
        • 3.6.4.2. Test Build Configuration (tf-l1-build-plat)
      • 3.6.5. Binary Components
    • 3.7. Code Review Guidelines
      • 3.7.1. Why do we do code reviews?
      • 3.7.2. Overview of the code review process
      • 3.7.3. Good practices for all reviewers
      • 3.7.4. Guidelines for patch contributors
      • 3.7.5. Guidelines for all reviewers
      • 3.7.6. Guidelines for code owners
      • 3.7.7. Guidelines for maintainers
    • 3.8. Frequently-Asked Questions (FAQ)
      • 3.8.1. How do I update my changes?
      • 3.8.2. How long will my changes take to merge into integration?
      • 3.8.3. How long will it take for my changes to go from integration to master?
      • 3.8.4. What are these strange comments in my changes?
    • 3.9. Project Maintenance Processes
      • 3.9.1. How to become a maintainer?
        • 3.9.1.1. Qualifying Criteria
        • 3.9.1.2. Election Process
    • 3.10. Secure Development Guidelines
      • 3.10.1. Security considerations
        • 3.10.1.1. Do not leak secrets to the normal world
        • 3.10.1.2. Handling Denial of Service attacks
        • 3.10.1.3. Preventing Secure-world timing information leakage via PMU counters
      • 3.10.2. Build options
  • 4. Components
    • 4.1. Secure Payload Dispatcher (SPD)
      • 4.1.1. OP-TEE Dispatcher
      • 4.1.2. Trusted Little Kernel (TLK) Dispatcher
        • 4.1.2.1. Trusted Little Kernel (TLK)
        • 4.1.2.2. Build TLK
        • 4.1.2.3. Input parameters to TLK
      • 4.1.3. Trusty Dispatcher
        • 4.1.3.1. Boot parameters
        • 4.1.3.2. Supported platforms
      • 4.1.4. ProvenCore Dispatcher
    • 4.2. Activity Monitors
      • 4.2.1. Auxiliary counters
    • 4.3. Arm SiP Services
      • 4.3.1. Performance Measurement Framework (PMF)
      • 4.3.2. Execution State Switching service
        • 4.3.2.1. ARM_SIP_SVC_EXE_STATE_SWITCH
      • 4.3.3. DebugFS interface
        • 4.3.3.1. MOUNT
        • 4.3.3.2. OPEN
        • 4.3.3.3. CLOSE
        • 4.3.3.4. READ
        • 4.3.3.5. SEEK
        • 4.3.3.6. BIND
        • 4.3.3.7. STAT
        • 4.3.3.8. INIT
        • 4.3.3.9. VERSION
    • 4.4. Debug FS
      • 4.4.1. Overview
      • 4.4.2. Virtual filesystem
        • 4.4.2.1. Namespace
        • 4.4.2.2. 9p interface
      • 4.4.3. SMC interface
      • 4.4.4. Security considerations
      • 4.4.5. Limitations
      • 4.4.6. Applications
    • 4.5. Exception Handling Framework
      • 4.5.1. Introduction
      • 4.5.2. The role of Exception Handling Framework
      • 4.5.3. Interrupt handling
        • 4.5.3.1. Partitioning priority levels
        • 4.5.3.2. Programming priority
      • 4.5.4. Registering handler
      • 4.5.5. Interrupt handling example
      • 4.5.6. Activating and Deactivating priorities
      • 4.5.7. Transition of priority levels
      • 4.5.8. Effect on SMC calls
      • 4.5.9. Build-time flow
      • 4.5.10. Run-time flow
      • 4.5.11. Interrupt Prioritisation Considerations
      • 4.5.12. Limitations
    • 4.6. Firmware Configuration Framework
      • 4.6.1. Introduction
      • 4.6.2. Accessing properties
      • 4.6.3. Defining properties
      • 4.6.4. Loading the property device tree
      • 4.6.5. Populating the properties
      • 4.6.6. Namespace guidance
      • 4.6.7. Properties binding information
        • 4.6.7.1. DTB binding for FCONF properties
        • 4.6.7.2. Activity Monitor Unit (AMU) Bindings
        • 4.6.7.3. Maximum Power Mitigation Mechanism (MPMM) Bindings
    • 4.7. Firmware Update (FWU)
      • 4.7.1. PSA Firmware Update (PSA FWU)
        • 4.7.1.1. Introduction
        • 4.7.1.2. Scope
        • 4.7.1.3. Overview
      • 4.7.2. TBBR Firmware Update (TBBR FWU)
        • 4.7.2.1. Introduction
        • 4.7.2.2. Scope
        • 4.7.2.3. Overview
        • 4.7.2.4. Image Identification
        • 4.7.2.5. FWU State Machine
        • 4.7.2.6. BL1 SMC Interface
    • 4.8. Measured Boot Driver (MBD)
      • 4.8.1. Properties binding information
        • 4.8.1.1. DTB binding for Event Log properties
    • 4.9. Maximum Power Mitigation Mechanism (MPMM)
    • 4.10. Platform Interrupt Controller API
      • 4.10.1. Function: unsigned int plat_ic_get_running_priority(void); [optional]
      • 4.10.2. Function: int plat_ic_is_spi(unsigned int id); [optional]
      • 4.10.3. Function: int plat_ic_is_ppi(unsigned int id); [optional]
      • 4.10.4. Function: int plat_ic_is_sgi(unsigned int id); [optional]
      • 4.10.5. Function: unsigned int plat_ic_get_interrupt_active(unsigned int id); [optional]
      • 4.10.6. Function: void plat_ic_enable_interrupt(unsigned int id); [optional]
      • 4.10.7. Function: void plat_ic_disable_interrupt(unsigned int id); [optional]
      • 4.10.8. Function: void plat_ic_set_interrupt_priority(unsigned int id, unsigned int priority); [optional]
      • 4.10.9. Function: int plat_ic_has_interrupt_type(unsigned int type); [optional]
      • 4.10.10. Function: void plat_ic_set_interrupt_type(unsigned int id, unsigned int type); [optional]
      • 4.10.11. Function: void plat_ic_raise_el3_sgi(int sgi_num, u_register_t target); [optional]
      • 4.10.12. Function: void plat_ic_set_spi_routing(unsigned int id, unsigned int routing_mode, u_register_t mpidr); [optional]
      • 4.10.13. Function: void plat_ic_set_interrupt_pending(unsigned int id); [optional]
      • 4.10.14. Function: void plat_ic_clear_interrupt_pending(unsigned int id); [optional]
      • 4.10.15. Function: unsigned int plat_ic_set_priority_mask(unsigned int id); [optional]
      • 4.10.16. Function: unsigned int plat_ic_get_interrupt_id(unsigned int raw); [optional]
    • 4.11. Reliability, Availability, and Serviceability (RAS) Extensions
      • 4.11.1. Firmware First Handling (FFH)
        • 4.11.1.1. Introduction
        • 4.11.1.2. Overview
      • 4.11.2. Kernel First Handling (KFH)
        • 4.11.2.1. Introduction
      • 4.11.3. TF-A build options
      • 4.11.4. RAS Framework
        • 4.11.4.1. Platform APIs
        • 4.11.4.2. Registering RAS error records
        • 4.11.4.3. Registering RAS interrupts
        • 4.11.4.4. Double-fault handling
        • 4.11.4.5. Engaging the RAS framework
        • 4.11.4.6. Interaction with Exception Handling Framework
    • 4.12. Library at ROM
      • 4.12.1. Introduction
      • 4.12.2. Index file
      • 4.12.3. Wrapper functions
      • 4.12.4. Script
      • 4.12.5. Patching of functions in library at ROM
      • 4.12.6. Memory impact
      • 4.12.7. Build library at ROM
    • 4.13. SDEI: Software Delegated Exception Interface
      • 4.13.1. Introduction
      • 4.13.2. Defining events
        • 4.13.2.1. Event flags
      • 4.13.3. Event definition example
      • 4.13.4. Configuration within Exception Handling Framework
      • 4.13.5. Determining client EL
      • 4.13.6. Explicit dispatch of events
        • 4.13.6.1. Conditions for event dispatch
      • 4.13.7. Porting requirements
      • 4.13.8. Note on writing SDEI event handlers
    • 4.14. Secure Partition Manager
      • 4.14.1. FF-A manifest binding to device tree
        • 4.14.1.1. Partition Properties
        • 4.14.1.2. Memory Regions
        • 4.14.1.3. Device Regions
      • 4.14.2. Acronyms
      • 4.14.3. Foreword
        • 4.14.3.1. Terminology
        • 4.14.3.2. Support for legacy platforms
      • 4.14.4. Sample reference stack
      • 4.14.5. TF-A build options
      • 4.14.6. FVP model invocation
      • 4.14.7. Boot process
        • 4.14.7.1. Loading Hafnium and secure partitions in the secure world
        • 4.14.7.2. Booting through TF-A
      • 4.14.8. Hafnium in the secure world
        • 4.14.8.1. General considerations
        • 4.14.8.2. Parsing SP partition manifests
        • 4.14.8.3. Passing boot data to the SP
        • 4.14.8.4. SP Boot order
        • 4.14.8.5. Boot phases
        • 4.14.8.6. Notifications
        • 4.14.8.7. Mandatory interfaces
        • 4.14.8.8. SPMC-SPMD direct requests/responses
        • 4.14.8.9. Memory Sharing
        • 4.14.8.10. PE MMU configuration
        • 4.14.8.11. Schedule modes and SP Call chains
        • 4.14.8.12. Partition runtime models
        • 4.14.8.13. Interrupt management
        • 4.14.8.14. Power management
      • 4.14.9. Arm architecture extensions for security hardening
      • 4.14.10. SMMUv3 support in Hafnium
        • 4.14.10.1. SMMUv3 features
        • 4.14.10.2. SMMUv3 Programming Interfaces
        • 4.14.10.3. Peripheral device manifest
        • 4.14.10.4. SMMUv3 driver limitations
      • 4.14.11. S-EL0 Partition support
      • 4.14.12. References
    • 4.15. EL3 Secure Partition Manager
      • 4.15.1. Foreword
      • 4.15.2. Sample reference stack
      • 4.15.3. TF-A build options
      • 4.15.4. FVP model invocation
      • 4.15.5. Platform Guide
      • 4.15.6. Logical Secure Partition (LSP)
      • 4.15.7. SPMC boot
        • 4.15.7.1. Parsing SP partition manifests
        • 4.15.7.2. Passing boot data to the SP
      • 4.15.8. Supported interfaces
        • 4.15.8.1. FFA_VERSION
        • 4.15.8.2. FFA_FEATURES
        • 4.15.8.3. FFA_RXTX_MAP
        • 4.15.8.4. FFA_RXTX_UNMAP
        • 4.15.8.5. FFA_PARTITION_INFO_GET
        • 4.15.8.6. FFA_ID_GET
        • 4.15.8.7. FFA_MSG_SEND_DIRECT_REQ
        • 4.15.8.8. FFA_MSG_SEND_DIRECT_RESP
        • 4.15.8.9. FFA_SPM_ID_GET
        • 4.15.8.10. FFA_ID_GET
        • 4.15.8.11. FFA_MEM_SHARE
        • 4.15.8.12. FFA_MEM_LEND
        • 4.15.8.13. FFA_MEM_RETRIEVE_REQ
        • 4.15.8.14. FFA_MEM_RETRIEVE_RESP
        • 4.15.8.15. FFA_MEM_FRAG_RX
        • 4.15.8.16. FFA_MEM_FRAG_TX
        • 4.15.8.17. FFA_SECONDARY_EP_REGISTER
      • 4.15.9. Power management
      • 4.15.10. Secure partitions scheduling
      • 4.15.11. Partition Runtime State and Model
      • 4.15.12. Platform topology
      • 4.15.13. Interrupt handling
        • 4.15.13.1. Secure Interrupt handling
        • 4.15.13.2. Non-Secure Interrupt handling
      • 4.15.14. Test Secure Payload (TSP)
        • 4.15.14.1. TSP Tests in CI
      • 4.15.15. References
    • 4.16. Secure Partition Manager (MM)
      • 4.16.1. Foreword
      • 4.16.2. Background
      • 4.16.3. Introduction
      • 4.16.4. Description
        • 4.16.4.1. Building TF-A with Secure Partition support
        • 4.16.4.2. Describing Secure Partition resources
        • 4.16.4.3. Accessing Secure Partition services
        • 4.16.4.4. Exchanging data with the Secure Partition
      • 4.16.5. Runtime model of the Secure Partition
        • 4.16.5.1. Interface with SPM
        • 4.16.5.2. Miscellaneous interfaces
        • 4.16.5.3. Secure Partition Initialisation
        • 4.16.5.4. Runtime Event Delegation
        • 4.16.5.5. Secure Partition Memory Management
        • 4.16.5.6. Error Codes
    • 4.17. Translation (XLAT) Tables Library
      • 4.17.1. About version 1, version 2 and MPU libraries
      • 4.17.2. Design concepts and interfaces
        • 4.17.2.1. mmap regions
        • 4.17.2.2. Translation Context
        • 4.17.2.3. Static and dynamic memory regions
      • 4.17.3. Library APIs
      • 4.17.4. Library limitations
      • 4.17.5. Implementation details
        • 4.17.5.1. Code structure
        • 4.17.5.2. From mmap regions to translation tables
        • 4.17.5.3. The memory mapping algorithm
        • 4.17.5.4. TLB maintenance operations
    • 4.18. Chain of trust bindings
      • 4.18.1. cot
      • 4.18.2. Manifests and Certificate node bindings definition
      • 4.18.3. Images and Image node bindings definition
      • 4.18.4. non-volatile counter node binding definition
      • 4.18.5. Future update to chain of trust binding
    • 4.19. Realm Management Extension (RME)
      • 4.19.1. RME support in TF-A
        • 4.19.1.1. Changes to translation tables library
        • 4.19.1.2. Changes to context management
        • 4.19.1.3. Boot flow changes
        • 4.19.1.4. Granule Protection Tables (GPT) library
        • 4.19.1.5. RMM Dispatcher (RMMD)
        • 4.19.1.6. Test Realm Payload (TRP)
      • 4.19.2. Building and running TF-A with RME
        • 4.19.2.1. Three-world execution
        • 4.19.2.2. Four-world execution
    • 4.20. RMM-EL3 Communication interface
      • 4.20.1. RMM-EL3 Interface versioning
      • 4.20.2. RMM Boot Interface
        • 4.20.2.1. Cold Boot Interface
        • 4.20.2.2. Warm Boot Interface
        • 4.20.2.3. Boot error handling and return values
        • 4.20.2.4. Boot Manifest
      • 4.20.3. RMM-EL3 Runtime Interface
        • 4.20.3.1. RMM-EL3 runtime service return codes
        • 4.20.3.2. RMM-EL3 runtime services
      • 4.20.4. RMM-EL3 world switch register save restore convention
      • 4.20.5. Types
        • 4.20.5.1. RMM-EL3 Boot Manifest structure
        • 4.20.5.2. NS DRAM Layout Info structure
        • 4.20.5.3. NS DRAM Bank structure
    • 4.21. Granule Protection Tables Library
      • 4.21.1. Design Concepts and Interfaces
        • 4.21.1.1. Defining PAS regions
        • 4.21.1.2. Level 0 and Level 1 Tables
        • 4.21.1.3. Granule Transition Service
      • 4.21.2. Library APIs
        • 4.21.2.1. API Constraints
        • 4.21.2.2. Sample Calculation for L0 memory size and alignment
        • 4.21.2.3. Sample calculation for L1 table size and alignment
  • 5. System Design
    • 5.1. Alternative Boot Flows
      • 5.1.1. EL3 payloads alternative boot flow
        • 5.1.1.1. Booting an EL3 payload
      • 5.1.2. Preloaded BL33 alternative boot flow
    • 5.2. Authentication Framework & Chain of Trust
      • 5.2.1. Framework design
        • 5.2.1.1. Chain of Trust
        • 5.2.1.2. Image types
        • 5.2.1.3. Component responsibilities
        • 5.2.1.4. Authentication methods
      • 5.2.2. Specifying a Chain of Trust
        • 5.2.2.1. Describing the image parsing methods
        • 5.2.2.2. Describing the authentication method(s)
        • 5.2.2.3. Storing Authentication parameters
        • 5.2.2.4. Describing an image in a CoT
      • 5.2.3. Implementation example
        • 5.2.3.1. The TBBR CoT
        • 5.2.3.2. The image parser library
        • 5.2.3.3. The cryptographic library
    • 5.3. Arm CPU Specific Build Macros
      • 5.3.1. Security Vulnerability Workarounds
      • 5.3.2. CPU Errata Workarounds
      • 5.3.3. DSU Errata Workarounds
      • 5.3.4. CPU Specific optimizations
      • 5.3.5. GIC Errata Workarounds
    • 5.4. Firmware Design
      • 5.4.1. Cold boot
        • 5.4.1.1. Dynamic Configuration during cold boot
        • 5.4.1.2. BL1
        • 5.4.1.3. BL2
        • 5.4.1.4. Running BL2 at EL3 execution level
        • 5.4.1.5. AArch64 BL31
        • 5.4.1.6. Using alternative Trusted Boot Firmware in place of BL1 & BL2 (AArch64 only)
        • 5.4.1.7. AArch32 EL3 Runtime Software entrypoint interface
      • 5.4.2. EL3 runtime services framework
        • 5.4.2.1. Registration
        • 5.4.2.2. Initialization
        • 5.4.2.3. Handling an SMC
      • 5.4.3. Exception Handling Framework
      • 5.4.4. Power State Coordination Interface
      • 5.4.5. Secure-EL1 Payloads and Dispatchers
        • 5.4.5.1. Initializing a BL32 Image
      • 5.4.6. Crash Reporting in BL31
      • 5.4.7. Guidelines for Reset Handlers
      • 5.4.8. Configuring secure interrupts
      • 5.4.9. CPU specific operations framework
        • 5.4.9.1. CPU PCS
        • 5.4.9.2. CPU specific Reset Handling
        • 5.4.9.3. CPU specific power down sequence
        • 5.4.9.4. CPU specific register reporting during crash
        • 5.4.9.5. CPU errata implementation
      • 5.4.10. Memory layout of BL images
        • 5.4.10.1. Linker scripts and symbols
        • 5.4.10.2. How to choose the right base addresses for each bootloader stage image
      • 5.4.11. Firmware Image Package (FIP)
        • 5.4.11.1. Firmware Image Package layout
        • 5.4.11.2. Firmware Image Package creation tool
        • 5.4.11.3. Loading from a Firmware Image Package (FIP)
      • 5.4.12. Use of coherent memory in TF-A
        • 5.4.12.1. Disabling the use of coherent memory in TF-A
        • 5.4.12.2. Coherent memory usage in PSCI implementation
        • 5.4.12.3. Bakery lock data
        • 5.4.12.4. Non Functional Impact of removing coherent memory
      • 5.4.13. Isolating code and read-only data on separate memory pages
      • 5.4.14. Publish and Subscribe Framework
        • 5.4.14.1. Publish and Subscribe Example
        • 5.4.14.2. Reclaiming the BL31 initialization code
      • 5.4.15. Performance Measurement Framework
        • 5.4.15.1. Timestamp identifier format
        • 5.4.15.2. Registering a PMF service
        • 5.4.15.3. Capturing a timestamp
        • 5.4.15.4. Retrieving a timestamp
        • 5.4.15.5. PMF code structure
      • 5.4.16. Armv8-A Architecture Extensions
        • 5.4.16.1. Build options
        • 5.4.16.2. Armv8.1-A
        • 5.4.16.3. Armv8.2-A
        • 5.4.16.4. Armv8.3-A
        • 5.4.16.5. Armv8.5-A
        • 5.4.16.6. Armv7-A
      • 5.4.17. Code Structure
    • 5.5. Interrupt Management Framework
      • 5.5.1. Concepts
        • 5.5.1.1. Interrupt types
        • 5.5.1.2. Routing model
        • 5.5.1.3. Valid routing models
        • 5.5.1.4. Mapping of interrupt type to signal
      • 5.5.2. Assumptions in Interrupt Management Framework
      • 5.5.3. Software components
      • 5.5.4. Interrupt registration
        • 5.5.4.1. EL3 runtime firmware
        • 5.5.4.2. Secure payload dispatcher
        • 5.5.4.3. Test secure payload dispatcher behavior
        • 5.5.4.4. Secure payload
        • 5.5.4.5. Test secure payload behavior
      • 5.5.5. Interrupt handling
        • 5.5.5.1. EL3 runtime firmware
        • 5.5.5.2. Secure payload dispatcher
        • 5.5.5.3. Secure payload interrupt handling
      • 5.5.6. Other considerations
        • 5.5.6.1. Implication of preempted SMC on Non-Secure Software
    • 5.6. PSCI Power Domain Tree Structure
      • 5.6.1. Requirements
      • 5.6.2. Design
        • 5.6.2.1. Describing a power domain tree
        • 5.6.2.2. Removing assumptions about MPIDRs used in a platform
        • 5.6.2.3. Traversing through and distinguishing between core and non-core power domains
        • 5.6.2.4. Populating the power domain tree
    • 5.7. CPU Reset
      • 5.7.1. General reset code flow
      • 5.7.2. Programmable CPU reset address
      • 5.7.3. Cold boot on a single CPU
      • 5.7.4. Programmable CPU reset address, Cold boot on a single CPU
      • 5.7.5. Using BL31 entrypoint as the reset address
        • 5.7.5.1. Determination of boot path
        • 5.7.5.2. Platform initialization
    • 5.8. Trusted Board Boot
      • 5.8.1. Chain of Trust
      • 5.8.2. Trusted Board Boot Sequence
      • 5.8.3. Authentication Framework
      • 5.8.4. Certificate Generation Tool
      • 5.8.5. Authenticated Encryption Framework
      • 5.8.6. Firmware Encryption Tool
    • 5.9. Building FIP images with support for Trusted Board Boot
  • 6. Porting Guide
    • 6.1. Introduction
    • 6.2. Common modifications
    • 6.3. Common mandatory modifications
      • 6.3.1. File : platform_def.h [mandatory]
      • 6.3.2. File : plat_macros.S [mandatory]
    • 6.4. Handling Reset
      • 6.4.1. Function : plat_get_my_entrypoint() [mandatory when PROGRAMMABLE_RESET_ADDRESS == 0]
      • 6.4.2. Function : plat_secondary_cold_boot_setup() [mandatory when COLD_BOOT_SINGLE_CPU == 0]
      • 6.4.3. Function : plat_is_my_cpu_primary() [mandatory when COLD_BOOT_SINGLE_CPU == 0]
      • 6.4.4. Function : platform_mem_init() [mandatory]
      • 6.4.5. Function: plat_get_rotpk_info()
      • 6.4.6. Function: plat_get_nv_ctr()
      • 6.4.7. Function: plat_set_nv_ctr()
      • 6.4.8. Function: plat_set_nv_ctr2()
    • 6.5. Dynamic Root of Trust for Measurement support (in BL31)
      • 6.5.1. Function : plat_get_addr_mmap()
      • 6.5.2. Function : plat_has_non_host_platforms()
      • 6.5.3. Function : plat_has_unmanaged_dma_peripherals()
      • 6.5.4. Function : plat_get_total_num_smmus()
      • 6.5.5. Function : plat_enumerate_smmus()
      • 6.5.6. Function : plat_drtm_get_dma_prot_features()
      • 6.5.7. Function : plat_drtm_dma_prot_get_max_table_bytes()
      • 6.5.8. Function : plat_drtm_get_tpm_features()
      • 6.5.9. Function : plat_drtm_get_min_size_normal_world_dce()
      • 6.5.10. Function : plat_drtm_get_imp_def_dlme_region_size()
      • 6.5.11. Function : plat_drtm_get_tcb_hash_table_size()
      • 6.5.12. Function : plat_drtm_get_tcb_hash_features()
      • 6.5.13. Function : plat_drtm_validate_ns_region()
      • 6.5.14. Function : plat_set_drtm_error()
      • 6.5.15. Function : plat_get_drtm_error()
    • 6.6. Common mandatory function modifications
      • 6.6.1. Function : plat_my_core_pos()
      • 6.6.2. Function : plat_core_pos_by_mpidr()
      • 6.6.3. Function : plat_get_mbedtls_heap() [when TRUSTED_BOARD_BOOT == 1]
      • 6.6.4. Function : plat_get_enc_key_info() [when FW_ENC_STATUS == 0 or 1]
      • 6.6.5. Function : plat_fwu_set_images_source() [when PSA_FWU_SUPPORT == 1]
      • 6.6.6. Function : plat_fwu_set_metadata_image_source() [when PSA_FWU_SUPPORT == 1]
      • 6.6.7. Function : plat_fwu_get_boot_idx() [when PSA_FWU_SUPPORT == 1]
    • 6.7. Common optional modifications
      • 6.7.1. Function : plat_set_my_stack()
      • 6.7.2. Function : plat_get_my_stack()
      • 6.7.3. Function : plat_report_exception()
      • 6.7.4. Function : plat_reset_handler()
      • 6.7.5. Function : plat_disable_acp()
      • 6.7.6. Function : plat_error_handler()
      • 6.7.7. Function : plat_panic_handler()
      • 6.7.8. Function : plat_system_reset()
      • 6.7.9. Function : plat_get_bl_image_load_info()
      • 6.7.10. Function : plat_get_next_bl_params()
      • 6.7.11. Function : plat_get_stack_protector_canary()
      • 6.7.12. Function : plat_flush_next_bl_params()
      • 6.7.13. Function : plat_log_get_prefix()
      • 6.7.14. Function : plat_get_soc_version()
      • 6.7.15. Function : plat_get_soc_revision()
      • 6.7.16. Function : plat_is_smccc_feature_available()
      • 6.7.17. Function : plat_can_cmo()
    • 6.8. Modifications specific to a Boot Loader stage
    • 6.9. Boot Loader Stage 1 (BL1)
      • 6.9.1. Function : bl1_early_platform_setup() [mandatory]
      • 6.9.2. Function : bl1_plat_arch_setup() [mandatory]
      • 6.9.3. Function : bl1_platform_setup() [mandatory]
      • 6.9.4. Function : bl1_plat_sec_mem_layout() [mandatory]
      • 6.9.5. Function : bl1_plat_prepare_exit() [optional]
      • 6.9.6. Function : bl1_plat_set_ep_info() [optional]
      • 6.9.7. Function : bl1_plat_get_next_image_id() [optional]
      • 6.9.8. Function : bl1_plat_get_image_desc() [optional]
      • 6.9.9. Function : bl1_plat_handle_pre_image_load() [optional]
      • 6.9.10. Function : bl1_plat_handle_post_image_load() [optional]
      • 6.9.11. Function : bl1_plat_fwu_done() [optional]
      • 6.9.12. Function : bl1_plat_mem_check() [mandatory]
    • 6.10. Boot Loader Stage 2 (BL2)
      • 6.10.1. Function : bl2_early_platform_setup2() [mandatory]
      • 6.10.2. Function : bl2_plat_arch_setup() [mandatory]
      • 6.10.3. Function : bl2_platform_setup() [mandatory]
      • 6.10.4. Function : bl2_plat_handle_pre_image_load() [optional]
      • 6.10.5. Function : bl2_plat_handle_post_image_load() [optional]
      • 6.10.6. Function : bl2_plat_preload_setup [optional]
      • 6.10.7. Function : plat_try_next_boot_source() [optional]
    • 6.11. Boot Loader Stage 2 (BL2) at EL3
      • 6.11.1. Function : bl2_el3_early_platform_setup() [mandatory]
      • 6.11.2. Function : bl2_el3_plat_arch_setup() [mandatory]
      • 6.11.3. Function : bl2_el3_plat_prepare_exit() [optional]
    • 6.12. FWU Boot Loader Stage 2 (BL2U)
      • 6.12.1. Function : bl2u_early_platform_setup() [mandatory]
      • 6.12.2. Function : bl2u_plat_arch_setup() [mandatory]
      • 6.12.3. Function : bl2u_platform_setup() [mandatory]
      • 6.12.4. Function : bl2u_plat_handle_scp_bl2u() [optional]
    • 6.13. Boot Loader Stage 3-1 (BL31)
      • 6.13.1. Function : bl31_early_platform_setup2() [mandatory]
      • 6.13.2. Function : bl31_plat_arch_setup() [mandatory]
      • 6.13.3. Function : bl31_platform_setup() [mandatory]
      • 6.13.4. Function : bl31_plat_runtime_setup() [optional]
      • 6.13.5. Function : bl31_plat_get_next_image_ep_info() [mandatory]
      • 6.13.6. Function : plat_rmmd_get_cca_attest_token() [mandatory when ENABLE_RME == 1]
      • 6.13.7. Function : plat_rmmd_get_cca_realm_attest_key() [mandatory when ENABLE_RME == 1]
      • 6.13.8. Function : plat_rmmd_get_el3_rmm_shared_mem() [when ENABLE_RME == 1]
      • 6.13.9. Function : plat_rmmd_load_manifest() [when ENABLE_RME == 1]
      • 6.13.10. Function : bl31_plat_enable_mmu [optional]
      • 6.13.11. Function : plat_init_apkey [optional]
      • 6.13.12. Function : plat_get_syscnt_freq2() [mandatory]
      • 6.13.13. #define : PLAT_PERCPU_BAKERY_LOCK_SIZE [optional]
      • 6.13.14. SDEI porting requirements
        • 6.13.14.1. Macros
        • 6.13.14.2. Functions
      • 6.13.15. TRNG porting requirements
        • 6.13.15.1. Values
        • 6.13.15.2. Functions
    • 6.14. Power State Coordination Interface (in BL31)
      • 6.14.1. Function : plat_psci_stat_accounting_start() [optional]
      • 6.14.2. Function : plat_psci_stat_accounting_stop() [optional]
      • 6.14.3. Function : plat_psci_stat_get_residency() [optional]
      • 6.14.4. Function : plat_get_target_pwr_state() [optional]
      • 6.14.5. Function : plat_get_power_domain_tree_desc() [mandatory]
      • 6.14.6. Function : plat_setup_psci_ops() [mandatory]
        • 6.14.6.1. plat_psci_ops.cpu_standby()
        • 6.14.6.2. plat_psci_ops.pwr_domain_on()
        • 6.14.6.3. plat_psci_ops.pwr_domain_off_early() [optional]
        • 6.14.6.4. plat_psci_ops.pwr_domain_off()
        • 6.14.6.5. plat_psci_ops.pwr_domain_validate_suspend() [optional]
        • 6.14.6.6. plat_psci_ops.pwr_domain_suspend_pwrdown_early() [optional]
        • 6.14.6.7. plat_psci_ops.pwr_domain_suspend()
        • 6.14.6.8. plat_psci_ops.pwr_domain_pwr_down_wfi()
        • 6.14.6.9. plat_psci_ops.pwr_domain_on_finish()
        • 6.14.6.10. plat_psci_ops.pwr_domain_on_finish_late() [optional]
        • 6.14.6.11. plat_psci_ops.pwr_domain_suspend_finish()
        • 6.14.6.12. plat_psci_ops.system_off()
        • 6.14.6.13. plat_psci_ops.system_reset()
        • 6.14.6.14. plat_psci_ops.validate_power_state()
        • 6.14.6.15. plat_psci_ops.validate_ns_entrypoint()
        • 6.14.6.16. plat_psci_ops.get_sys_suspend_power_state()
        • 6.14.6.17. plat_psci_ops.get_pwr_lvl_state_idx()
        • 6.14.6.18. plat_psci_ops.translate_power_state_by_mpidr()
        • 6.14.6.19. plat_psci_ops.get_node_hw_state()
        • 6.14.6.20. plat_psci_ops.system_reset2()
        • 6.14.6.21. plat_psci_ops.write_mem_protect()
        • 6.14.6.22. plat_psci_ops.read_mem_protect()
        • 6.14.6.23. plat_psci_ops.mem_protect_chk()
    • 6.15. Interrupt Management framework (in BL31)
      • 6.15.1. Function : plat_interrupt_type_to_line() [mandatory]
      • 6.15.2. Function : plat_ic_get_pending_interrupt_type() [mandatory]
      • 6.15.3. Function : plat_ic_get_pending_interrupt_id() [mandatory]
      • 6.15.4. Function : plat_ic_acknowledge_interrupt() [mandatory]
      • 6.15.5. Function : plat_ic_end_of_interrupt() [mandatory]
      • 6.15.6. Function : plat_ic_get_interrupt_type() [mandatory]
    • 6.16. Common helper functions
      • 6.16.1. Function : elx_panic()
      • 6.16.2. Function : el3_panic()
      • 6.16.3. Function : panic()
    • 6.17. Crash Reporting mechanism (in BL31)
      • 6.17.1. Function : plat_crash_console_init [mandatory]
      • 6.17.2. Function : plat_crash_console_putc [mandatory]
      • 6.17.3. Function : plat_crash_console_flush [mandatory]
    • 6.18. External Abort handling and RAS Support
      • 6.18.1. Function : plat_ea_handler
      • 6.18.2. Function : plat_handle_uncontainable_ea
      • 6.18.3. Function : plat_handle_double_fault
      • 6.18.4. Function : plat_handle_el3_ea
      • 6.18.5. Function : plat_handle_rng_trap
      • 6.18.6. Function : plat_handle_impdef_trap
    • 6.19. Build flags
    • 6.20. Platform include paths
    • 6.21. C Library
    • 6.22. Storage abstraction layer
    • 6.23. Measured Boot Platform Interface
  • 7. Platform Ports
    • 7.1. Allwinner ARMv8 SoCs
      • 7.1.1. Building TF-A
        • 7.1.1.1. Platform-specific build options
      • 7.1.2. Installation
      • 7.1.3. Memory layout
        • 7.1.3.1. A64, H5 and H6 SoCs
        • 7.1.3.2. H616 SoC
      • 7.1.4. Trusted OS dispatcher
    • 7.2. Arm Development Platforms
      • 7.2.1. Arm Juno Development Platform
        • 7.2.1.1. Platform-specific build options
        • 7.2.1.2. Running software on Juno
        • 7.2.1.3. Preparing TF-A images
        • 7.2.1.4. Booting Firmware Update images
        • 7.2.1.5. Booting an EL3 payload
        • 7.2.1.6. Booting a preloaded kernel image
        • 7.2.1.7. Testing System Suspend
        • 7.2.1.8. Additional Resources
      • 7.2.2. Arm Fixed Virtual Platforms (FVP)
        • 7.2.2.1. Fixed Virtual Platform (FVP) Support
        • 7.2.2.2. Arm FVP Platform Specific Build Options
        • 7.2.2.3. Booting Firmware Update images
        • 7.2.2.4. Booting an EL3 payload
        • 7.2.2.5. Booting a preloaded kernel image (Base FVP)
      • 7.2.3. ARM V8-R64 Fixed Virtual Platform (FVP)
        • 7.2.3.1. Boot Sequence
      • 7.2.4. Arm Versatile Express
        • 7.2.4.1. Boot Sequence
        • 7.2.4.2. How to build
      • 7.2.5. TC Total Compute Platform
        • 7.2.5.1. Boot Sequence
      • 7.2.6. Arm FPGA Platform
        • 7.2.6.1. Platform-specific build options
        • 7.2.6.2. Building the TF-A image
        • 7.2.6.3. Running the TF-A image
      • 7.2.7. Arm Development Platform Build Options
        • 7.2.7.1. Arm Platform Build Options
        • 7.2.7.2. Arm CSS Platform-Specific Build Options
        • 7.2.7.3. Arm FVP Build Options
        • 7.2.7.4. Arm Juno Build Options
      • 7.2.8. Morello Platform
        • 7.2.8.1. Boot Sequence
      • 7.2.9. Corstone1000 Platform
        • 7.2.9.1. Boot Sequence
    • 7.3. Aspeed AST2700
      • 7.3.1. Boot Flow
      • 7.3.2. How to build
    • 7.4. Amlogic Meson A113D (AXG)
    • 7.5. Amlogic Meson S905 (GXBB)
    • 7.6. Amlogic Meson S905x (GXL)
    • 7.7. Amlogic Meson S905X2 (G12A)
    • 7.8. HiKey
      • 7.8.1. How to build
        • 7.8.1.1. Code Locations
        • 7.8.1.2. Build Procedure
      • 7.8.2. Setup Console
      • 7.8.3. Flash images in recovery mode
      • 7.8.4. Boot UEFI in normal mode
    • 7.9. HiKey960
      • 7.9.1. How to build
        • 7.9.1.1. Code Locations
        • 7.9.1.2. Build Procedure
      • 7.9.2. Setup Console
      • 7.9.3. Boot UEFI in recovery mode
      • 7.9.4. Boot UEFI in normal mode
    • 7.10. Intel Agilex SoCFPGA
      • 7.10.1. How to build
        • 7.10.1.1. Code Locations
        • 7.10.1.2. Build Procedure
        • 7.10.1.3. Install Procedure
      • 7.10.2. Boot trace
    • 7.11. Intel Stratix 10 SoCFPGA
      • 7.11.1. How to build
        • 7.11.1.1. Code Locations
        • 7.11.1.2. Build Procedure
        • 7.11.1.3. Install Procedure
      • 7.11.2. Boot trace
    • 7.12. Marvell
      • 7.12.1. TF-A Build Instructions for Marvell Platforms
        • 7.12.1.1. Build Instructions
        • 7.12.1.2. Special Build Flags
        • 7.12.1.3. Build output
        • 7.12.1.4. Tools and external components installation
      • 7.12.2. TF-A UART Booting Instructions for Marvell Platforms
        • 7.12.2.1. Armada37x0 UART image downloading
        • 7.12.2.2. A7K/A8K/CN913x UART image downloading
      • 7.12.3. TF-A Porting Guide for Marvell Platforms
        • 7.12.3.1. Source Code Structure
        • 7.12.3.2. Armada-70x0/Armada-80x0 Porting
      • 7.12.4. Address decoding flow and address translation units of Marvell Armada 8K SoC family
      • 7.12.5. AMB - AXI MBUS address decoding
        • 7.12.5.1. Mandatory functions
        • 7.12.5.2. Mandatory structures
        • 7.12.5.3. Examples
      • 7.12.6. Marvell CCU address decoding bindings
        • 7.12.6.1. Mandatory functions
        • 7.12.6.2. Mandatory structures
        • 7.12.6.3. Example
      • 7.12.7. Marvell IO WIN address decoding bindings
        • 7.12.7.1. Mandatory functions
        • 7.12.7.2. Mandatory structures
        • 7.12.7.3. Example
      • 7.12.8. Marvell IOB address decoding bindings
        • 7.12.8.1. Mandatory functions
        • 7.12.8.2. Mandatory structures
        • 7.12.8.3. Target ID options
        • 7.12.8.4. Example
    • 7.13. MediaTek 8183
      • 7.13.1. Boot Sequence
      • 7.13.2. How to Build
    • 7.14. MediaTek 8186
      • 7.14.1. Boot Sequence
      • 7.14.2. How to Build
    • 7.15. MediaTek 8188
      • 7.15.1. Boot Sequence
    • 7.16. MediaTek 8192
      • 7.16.1. Boot Sequence
      • 7.16.2. How to Build
    • 7.17. MediaTek 8195
      • 7.17.1. Boot Sequence
      • 7.17.2. How to Build
    • 7.18. NVIDIA Tegra
      • 7.18.1. Directory structure
      • 7.18.2. Trusted OS dispatcher
      • 7.18.3. Scatter files
      • 7.18.4. Preparing the BL31 image to run on Tegra SoCs
      • 7.18.5. Power Management
      • 7.18.6. Tegra configs
    • 7.19. NXP i.MX7 WaRP7
      • 7.19.1. Boot Flow
      • 7.19.2. Build Instructions
        • 7.19.2.1. U-Boot
        • 7.19.2.2. OP-TEE
        • 7.19.2.3. TF-A
        • 7.19.2.4. FIP
      • 7.19.3. Deploy Images
      • 7.19.4. Signing BL2
    • 7.20. NXP i.MX 8 Series
      • 7.20.1. Boot Sequence
      • 7.20.2. How to build
        • 7.20.2.1. Build Procedure
        • 7.20.2.2. Deploy TF-A Images
    • 7.21. NXP i.MX 8M Series
      • 7.21.1. Boot Sequence
      • 7.21.2. How to build
        • 7.21.2.1. Build Procedure
        • 7.21.2.2. Deploy TF-A Images
      • 7.21.3. TBBR Boot Sequence
      • 7.21.4. Measured Boot
      • 7.21.5. High Assurance Boot (HABv4)
        • 7.21.5.1. Note on DRAM Memory Mapping
        • 7.21.5.2. Reference Documentation
    • 7.22. NXP i.MX 9 Series
      • 7.22.1. Boot Sequence
      • 7.22.2. How to build
        • 7.22.2.1. Build Procedure
        • 7.22.2.2. Deploy TF-A Images
        • 7.22.2.3. Reference Documentation
    • 7.23. Nuvoton NPCM845X
      • 7.23.1. How to Build
    • 7.24. NXP Reference Development Platforms
      • 7.24.1. 1. NXP SoCs - Overview
        • 7.24.1.1. 1.1. Table of supported boot-modes by each platform & platform that needs FIP-DDR:
        • 7.24.1.2. 1.2. Boot Sequence
        • 7.24.1.3. 1.3. Boot Sequence with FIP-DDR
        • 7.24.1.4. 1.4. DDR Memory Layout
      • 7.24.2. 2. How to build
        • 7.24.2.1. 2.1. Code Locations
        • 7.24.2.2. 2.2. Build Procedure
      • 7.24.3. 3. Deploy ATF Images
      • 7.24.4. 4. Trusted Board Boot:
      • 7.24.5. Steps to blow fuses on NXP LS SoC:
      • 7.24.6. Second method to do the fuse provsioning:
      • 7.24.7. NXP Platforms:
        • 7.24.7.1. Bare-Minimum Preparation to run TBBR on NXP Platforms:
        • 7.24.7.2. Two options are provided for TRUSTED_BOARD_BOOT:
      • 7.24.8. Option 1: CoT using X 509 certificates
      • 7.24.9. Option 2: CoT using NXP CSF headers.
        • 7.24.9.1. Deploy ATF Images
        • 7.24.9.2. Verification to check if Secure state is achieved:
    • 7.25. Poplar
      • 7.25.1. How to build
        • 7.25.1.1. Code Locations
        • 7.25.1.2. Build Procedure
      • 7.25.2. Install Procedure
      • 7.25.3. Boot trace
    • 7.26. QEMU virt Armv8-A
      • 7.26.1. Getting non-TF images
      • 7.26.2. Booting via semi-hosting option
      • 7.26.3. Booting via flash based firmware
      • 7.26.4. Running QEMU in OpenCI
    • 7.27. QEMU SBSA Target
    • 7.28. Qualcomm Technologies, Inc.
      • 7.28.1. Boot Trace
      • 7.28.2. How to build
        • 7.28.2.1. Code Locations
        • 7.28.2.2. Build Procedure
    • 7.29. Qualcomm MSM8916
      • 7.29.1. Functionality
      • 7.29.2. Boot Flow
      • 7.29.3. Build
        • 7.29.3.1. AArch64 (BL31)
        • 7.29.3.2. AArch32 (BL32/SP_MIN)
      • 7.29.4. Build Options
      • 7.29.5. Installation
      • 7.29.6. Boot Trace
        • 7.29.6.1. AArch64 (BL31)
        • 7.29.6.2. AArch32 (BL32/SP_MIN)
    • 7.30. Raspberry Pi 3
      • 7.30.1. Design
        • 7.30.1.1. Placement of images
        • 7.30.1.2. Boot sequence
        • 7.30.1.3. Secondary cores
      • 7.30.2. Build Instructions
        • 7.30.2.1. Building the firmware for kernels that don’t support PSCI
        • 7.30.2.2. Building the firmware for kernels that support PSCI
      • 7.30.3. AArch64 kernel build instructions
      • 7.30.4. Setup SD card
    • 7.31. Raspberry Pi 4
      • 7.31.1. Build Instructions
      • 7.31.2. TF-A port design
    • 7.32. Renesas R-Car
      • 7.32.1. Renesas R-Car Gen3 evaluation boards:
      • 7.32.2. Overview
      • 7.32.3. How to build
        • 7.32.3.1. Build Tested:
        • 7.32.3.2. System Tested:
        • 7.32.3.3. TF-A Build Procedure
        • 7.32.3.4. Install Procedure
      • 7.32.4. Boot trace
    • 7.33. Renesas RZ/G
      • 7.33.1. Renesas RZ/G2 reference platforms:
      • 7.33.2. Overview
      • 7.33.3. How to build
        • 7.33.3.1. Build Tested:
        • 7.33.3.2. System Tested:
        • 7.33.3.3. TF-A Build Procedure
        • 7.33.3.4. Install Procedure
      • 7.33.4. Boot trace
    • 7.34. Rockchip SoCs
      • 7.34.1. Boot Sequence
      • 7.34.2. How to build
      • 7.34.3. How to deploy
    • 7.35. Socionext UniPhier
      • 7.35.1. Boot Flow
      • 7.35.2. Basic Build
      • 7.35.3. Optional features
    • 7.36. Socionext Synquacer
      • 7.36.1. How to build
        • 7.36.1.1. Code Locations
        • 7.36.1.2. Boot Flow
        • 7.36.1.3. Build Procedure
        • 7.36.1.4. Install the System Firmware
    • 7.37. STMicroelectronics STM32 MPUs
      • 7.37.1. STM32 MPUs
        • 7.37.1.1. Design
        • 7.37.1.2. Build Instructions
        • 7.37.1.3. Populate SD-card
      • 7.37.2. STM32MP1
        • 7.37.2.1. STM32MP1 Versions
        • 7.37.2.2. Memory mapping
        • 7.37.2.3. Build Instructions
      • 7.37.3. STM32MP2
        • 7.37.3.1. STM32MP2 Versions
        • 7.37.3.2. Memory mapping
        • 7.37.3.3. Build Instructions
    • 7.38. Texas Instruments K3
      • 7.38.1. Boot Flow
      • 7.38.2. Build Instructions
      • 7.38.3. Deploy Images
    • 7.39. Xilinx Versal NET
      • 7.39.1. Xilinx Versal NET platform specific build options
    • 7.40. Xilinx Versal
      • 7.40.1. Xilinx Versal platform specific build options
      • 7.40.2. # PLM->TF-A Parameter Passing
    • 7.41. Xilinx Zynq UltraScale+ MPSoC
      • 7.41.1. ZynqMP platform specific build options
      • 7.41.2. ZynqMP Debug behavior
      • 7.41.3. DDR Address Range Usage
      • 7.41.4. Configurable Stack Size
      • 7.41.5. FSBL->TF-A Parameter Passing
      • 7.41.6. Power Domain Tree
      • 7.41.7. CUSTOM SIP service support
      • 7.41.8. Custom package makefile fragment inclusion in TF-A build
    • 7.42. Broadcom Stingray
      • 7.42.1. Description
      • 7.42.2. Boot Sequence
        • 7.42.2.1. Code Locations
      • 7.42.3. How to build
        • 7.42.3.1. Build Procedure
        • 7.42.3.2. Deploy TF-A Images
    • 7.43. Deprecated platforms
  • 8. Performance & Testing
    • 8.1. PSCI Performance Measurement
      • 8.1.1. Performance Measurement Framework
      • 8.1.2. PSCI Statistics
      • 8.1.3. Runtime Instrumentation
        • 8.1.3.1. PSCI SMC Handler Instrumentation
    • 8.2. PSCI Performance Measurements on Arm Juno Development Platform
      • 8.2.1. Method
      • 8.2.2. Procedure
      • 8.2.3. Results
        • 8.2.3.1. CPU_SUSPEND to deepest power level
        • 8.2.3.2. CPU_SUSPEND to power level 0
        • 8.2.3.3. CPU_OFF on all non-lead CPUs
        • 8.2.3.4. CPU_VERSION in parallel
      • 8.2.4. Annotated Historic Results
        • 8.2.4.1. CPU_SUSPEND to deepest power level on all CPUs in parallel
        • 8.2.4.2. CPU_SUSPEND to power level 0 on all CPUs in parallel
        • 8.2.4.3. CPU_SUSPEND to deepest power level on all CPUs in sequence
        • 8.2.4.4. CPU_SUSPEND to power level 0 on all CPUs in sequence
        • 8.2.4.5. CPU_OFF on all non-lead CPUs in sequence then CPU_SUSPEND on lead CPU to deepest power level
        • 8.2.4.6. PSCI_VERSION on all CPUs in parallel
    • 8.3. Runtime Instrumentation Testing - N1SDP
      • 8.3.1. Procedure
      • 8.3.2. Results
        • 8.3.2.1. CPU_SUSPEND to deepest power level
        • 8.3.2.2. CPU_SUSPEND to power level 0
        • 8.3.2.3. CPU_OFF on all non-lead CPUs
        • 8.3.2.4. CPU_VERSION in parallel
    • 8.4. Runtime Instrumentation Methodology
      • 8.4.1. Framework
      • 8.4.2. Metrics
    • 8.5. Test Secure Payload (TSP) and Dispatcher (TSPD)
      • 8.5.1. Building the Test Secure Payload
    • 8.6. Performance Monitoring Unit
      • 8.6.1. PMU Counters
        • 8.6.1.1. Architectural mappings
      • 8.6.2. Configuring the PMU for counting events
        • 8.6.2.1. Architectural mappings
        • 8.6.2.2. Relevant register fields
  • 9. Security Advisories
    • 9.1. Advisory TFV-1 (CVE-2016-10319)
    • 9.2. Advisory TFV-2 (CVE-2017-7564)
    • 9.3. Advisory TFV-3 (CVE-2017-7563)
    • 9.4. Advisory TFV-4 (CVE-2017-9607)
    • 9.5. Advisory TFV-5 (CVE-2017-15031)
    • 9.6. Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)
      • 9.6.1. Variant 1 (CVE-2017-5753)
      • 9.6.2. Variant 2 (CVE-2017-5715)
      • 9.6.3. Variant 3 (CVE-2017-5754)
    • 9.7. Advisory TFV-7 (CVE-2018-3639)
      • 9.7.1. Static mitigation
      • 9.7.2. Dynamic mitigation
    • 9.8. Advisory TFV-8 (CVE-2018-19440)
    • 9.9. Advisory TFV-9 (CVE-2022-23960)
      • 9.9.1. CVE-2022-23960
    • 9.10. Advisory TFV-10 (CVE-2022-47630)
      • 9.10.1. Bug 1: Insufficient certificate validation
      • 9.10.2. Bug 2: Missing bounds check in auth_nvctr()
      • 9.10.3. Exploitability Analysis
        • 9.10.3.1. Upstream TF-A Code
        • 9.10.3.2. Custom Image Parsers
  • 10. Design Documents
    • 10.1. TF-A CMake buildsystem
      • 10.1.1. Abstract
      • 10.1.2. Introduction
      • 10.1.3. Main features
        • 10.1.3.1. Structured configuration description
        • 10.1.3.2. Target description
        • 10.1.3.3. Compiler abstraction
        • 10.1.3.4. External tools
      • 10.1.4. Workflow
      • 10.1.5. Example
    • 10.2. Enhance Context Management library for EL3 firmware
      • 10.2.1. Introduction
      • 10.2.2. Design Principles
      • 10.2.3. Context Allocation and Initialization
      • 10.2.4. Introducing Root Context
      • 10.2.5. Conclusion
    • 10.3. Interaction between Measured Boot and an fTPM (PoC)
      • 10.3.1. Components
      • 10.3.2. Building the PoC for the Arm FVP platform
      • 10.3.3. Running and using the PoC on the Armv8-A Foundation AEM FVP
      • 10.3.4. Fine-tuning the fTPM TA
    • 10.4. DRTM Proof of Concept
      • 10.4.1. Components
      • 10.4.2. Building the PoC for the Arm FVP platform
      • 10.4.3. Running DRTM UEFI application on the Armv8-A AEM FVP
    • 10.5. Runtime Security Subsystem (RSS)
      • 10.5.1. RSS communication layer
        • 10.5.1.1. Message structure
        • 10.5.1.2. Source files
        • 10.5.1.3. API for communication over MHU
      • 10.5.2. RSS provided runtime services
        • 10.5.2.1. Runtime service API
        • 10.5.2.2. Software and API layers
      • 10.5.3. RSS based Measured Boot
        • 10.5.3.1. Measured Boot API
        • 10.5.3.2. Measured Boot Metadata
        • 10.5.3.3. Signer-ID API
        • 10.5.3.4. Build time config options
        • 10.5.3.5. Measured boot flow
        • 10.5.3.6. Sample console log
      • 10.5.4. Delegated Attestation
        • 10.5.4.1. Delegated Attestation API
        • 10.5.4.2. Attestation flow
        • 10.5.4.3. Sample attestation token
      • 10.5.5. RSS OTP Assets Management
        • 10.5.5.1. Non-Volatile Counter API
        • 10.5.5.2. Public Key API
      • 10.5.6. References
    • 10.6. PSCI OS-initiated mode
      • 10.6.1. Introduction
        • 10.6.1.1. Power state coordination
      • 10.6.2. Motivation
        • 10.6.2.1. Scalability
        • 10.6.2.2. Simplicity
        • 10.6.2.3. Current vendor implementations and workarounds
      • 10.6.3. Requirements
        • 10.6.3.1. PSCI_FEATURES
        • 10.6.3.2. PSCI_SET_SUSPEND_MODE
        • 10.6.3.3. CPU_SUSPEND
      • 10.6.4. Caveats
        • 10.6.4.1. CPU_OFF
      • 10.6.5. Implementation
        • 10.6.5.1. Current implementation of platform-coordinated mode
        • 10.6.5.2. Proposed implementation of OS-initiated mode
      • 10.6.6. Testing
        • 10.6.6.1. Testing on FVP and Google platforms
        • 10.6.6.2. Testing on STM32MP15
        • 10.6.6.3. Testing on Qualcomm SC7280
        • 10.6.6.4. Comparisons on Qualcomm SC7280
    • 10.7. Measured Boot Design
      • 10.7.1. Introduction
      • 10.7.2. Critical data
      • 10.7.3. Measurement slot
      • 10.7.4. Measured Boot Backends
      • 10.7.5. Platform Interface
  • 11. Threat Model
    • 11.1. Generic Threat Model
      • 11.1.1. Introduction
      • 11.1.2. Target of Evaluation
        • 11.1.2.1. Data Flow Diagram
      • 11.1.3. Threat Analysis
        • 11.1.3.1. Assets
        • 11.1.3.2. Threat Agents
        • 11.1.3.3. Threat Types
        • 11.1.3.4. Threat Risk Ratings
        • 11.1.3.5. Threat Assessment
    • 11.2. SPMC Threat Model
      • 11.2.1. Introduction
      • 11.2.2. Target of Evaluation
        • 11.2.2.1. Data Flow Diagram
      • 11.2.3. Threat Analysis
        • 11.2.3.1. Trust boundaries
        • 11.2.3.2. Assets
        • 11.2.3.3. Threat Agents
        • 11.2.3.4. Threat types
        • 11.2.3.5. Threat Assessment
    • 11.3. EL3 SPMC Threat Model
      • 11.3.1. Introduction
      • 11.3.2. Target of Evaluation
        • 11.3.2.1. Data Flow Diagram
      • 11.3.3. Threat Analysis
        • 11.3.3.1. Trust boundaries
        • 11.3.3.2. Assets
        • 11.3.3.3. Threat Agents
        • 11.3.3.4. Threat types
        • 11.3.3.5. Threat Assessment
    • 11.4. fvp_r-Platform Threat Model
      • 11.4.1. Introduction
      • 11.4.2. Target of Evaluation
        • 11.4.2.1. BL1 Only
        • 11.4.2.2. EL3 is Unsupported and All Secure
        • 11.4.2.3. MPU instead of MMU
        • 11.4.2.4. No AArch32 Support
        • 11.4.2.5. Threat Assessment
    • 11.5. Threat Model for RSS - AP interface
      • 11.5.1. Introduction
      • 11.5.2. Target of Evaluation
        • 11.5.2.1. Data Flow Diagram
        • 11.5.2.2. Threat Assessment
  • 12. Tools
    • 12.1. TF-A Memory Layout Tool
      • 12.1.1. Prerequisites
      • 12.1.2. Getting Started
      • 12.1.3. Symbol Virtual Map
      • 12.1.4. Memory Footprint
      • 12.1.5. Memory Tree
  • 13. Change Log & Release Notes
    • 13.1. 2.9.0 (2023-05-16)
      • 13.1.1. ⚠ BREAKING CHANGES
      • 13.1.2. Resolved Issues
      • 13.1.3. New Features
    • 13.2. 2.8.0 (2022-11-15)
      • 13.2.1. ⚠ BREAKING CHANGES
      • 13.2.2. New Features
      • 13.2.3. Resolved Issues
    • 13.3. 2.7.0 (2022-05-20)
      • 13.3.1. New Features
      • 13.3.2. Resolved Issues
    • 13.4. 2.6.0 (2021-11-22)
      • 13.4.1. ⚠ BREAKING CHANGES
      • 13.4.2. New Features
      • 13.4.3. Resolved Issues
    • 13.5. 2.5.0 (2021-05-17)
      • 13.5.1. New Features
      • 13.5.2. Changed
      • 13.5.3. Resolved Issues
    • 13.6. 2.4.0 (2020-11-17)
      • 13.6.1. New Features
      • 13.6.2. Changed
      • 13.6.3. Resolved Issues
      • 13.6.4. Known Issues
    • 13.7. 2.3.0 (2020-04-20)
      • 13.7.1. New Features
      • 13.7.2. Changed
      • 13.7.3. Resolved Issues
      • 13.7.4. Known Issues
    • 13.8. 2.2.0 (2019-10-22)
      • 13.8.1. New Features
      • 13.8.2. Changed
      • 13.8.3. Resolved Issues
      • 13.8.4. Deprecations
      • 13.8.5. Known Issues
    • 13.9. 2.1.0 (2019-03-29)
      • 13.9.1. New Features
      • 13.9.2. Changed
      • 13.9.3. Resolved Issues
      • 13.9.4. Deprecations
      • 13.9.5. Known Issues
    • 13.10. 2.0.0 (2018-10-02)
      • 13.10.1. New Features
      • 13.10.2. Issues resolved since last release
      • 13.10.3. Known Issues
    • 13.11. 1.6.0 (2018-09-21)
      • 13.11.1. New Features
      • 13.11.2. Issues resolved since last release
      • 13.11.3. Known Issues
    • 13.12. 1.5.0 (2018-03-20)
      • 13.12.1. New features
      • 13.12.2. Issues resolved since last release
      • 13.12.3. Known Issues
    • 13.13. 1.4.0 (2017-07-07)
      • 13.13.1. New features
      • 13.13.2. Issues resolved since last release
      • 13.13.3. Known Issues
    • 13.14. 1.3.0 (2016-10-13)
      • 13.14.1. New features
      • 13.14.2. Issues resolved since last release
      • 13.14.3. Known issues
    • 13.15. 1.2.0 (2015-12-22)
      • 13.15.1. New features
      • 13.15.2. Issues resolved since last release
      • 13.15.3. Known issues
    • 13.16. 1.1.0 (2015-02-04)
      • 13.16.1. New features
      • 13.16.2. Issues resolved since last release
      • 13.16.3. Known issues
    • 13.17. 1.0.0 (2014-08-28)
      • 13.17.1. New features
      • 13.17.2. Issues resolved since last release
      • 13.17.3. Known issues
    • 13.18. 0.4.0 (2014-06-03)
      • 13.18.1. New features
      • 13.18.2. Issues resolved since last release
      • 13.18.3. Known issues
    • 13.19. 0.3.0 (2014-02-28)
      • 13.19.1. New features
      • 13.19.2. Issues resolved since last release
      • 13.19.3. Known issues
    • 13.20. 0.2.0 (2013-10-25)
      • 13.20.1. New features
      • 13.20.2. Issues resolved since last release
      • 13.20.3. Known issues
  • 14. Glossary
  • 15. License
    • 15.1. SPDX Identifiers
    • 15.2. Other Projects
Trusted Firmware-A
  • 8. Performance & Testing
  • View page source
Previous Next

8. Performance & Testing

Contents

  • 8.1. PSCI Performance Measurement
  • 8.2. PSCI Performance Measurements on Arm Juno Development Platform
  • 8.3. Runtime Instrumentation Testing - N1SDP
  • 8.4. Runtime Instrumentation Methodology
  • 8.5. Test Secure Payload (TSP) and Dispatcher (TSPD)
  • 8.6. Performance Monitoring Unit

Copyright (c) 2019-2023, Arm Limited. All rights reserved.

Previous Next

Revision 84de50c7.

Read the Docs v: latest
Versions
latest
stable
v2.9
v2.8
v2.7
v2.6
v2.5
v2.4
v2.3
v2.2
lts-v2.8.8
lts-v2.8.7
lts-v2.8.6
lts-v2.8.5
lts-v2.8.4
lts-v2.8.3
lts-v2.8.2
lts-v2.8.1
lts-v2.8.0
lts-v2.8
Downloads
pdf
On Read the Docs
Project Home
Builds