Trusted Firmware-A Logo
2.12.0
  • Home
  • 1. About
    • 1.1. Feature Overview
      • 1.1.1. Current features
      • 1.1.2. Experimental features
      • 1.1.3. Still to come
    • 1.2. Release Processes
      • 1.2.1. Project Release Cadence
        • 1.2.1.1. Version numbering
        • 1.2.1.2. Upcoming Releases
      • 1.2.2. Removal of Deprecated Interfaces
      • 1.2.3. Removal of Deprecated Drivers
        • 1.2.3.1. Build Options deprecated/removed
    • 1.3. LTS - Long-Term Support
      • 1.3.1. Why is LTS required?
      • 1.3.2. What does LTS mean for TF-A?
      • 1.3.3. Release details
      • 1.3.4. Maintainership
        • 1.3.4.1. A day in the life of a maintainer
      • 1.3.5. Playbook for new releases
        • 1.3.5.1. Execution Plan
        • 1.3.5.2. Initial release steps
        • 1.3.5.3. Long term release plan
        • 1.3.5.4. FAQ
    • 1.4. Project Maintenance
      • 1.4.1. Maintainers
      • 1.4.2. LTS Maintainers
      • 1.4.3. Code owners
        • 1.4.3.1. Common Code
        • 1.4.3.2. Drivers, Libraries and Framework Code
        • 1.4.3.3. Platform Ports
        • 1.4.3.4. Secure Payloads and Dispatchers
        • 1.4.3.5. Tools
        • 1.4.3.6. Threat Model
        • 1.4.3.7. Conventional Changelog Extensions
    • 1.5. Support & Contact
      • 1.5.1. Mailing Lists
      • 1.5.2. Open Tech Forum Call
      • 1.5.3. Issue Tracker
      • 1.5.4. Arm Licensees
    • 1.6. Contributor Acknowledgements
  • 2. Getting Started
    • 2.1. Prerequisites
      • 2.1.1. Getting the TF-A Source
      • 2.1.2. Requirements
        • 2.1.2.1. Toolchain
        • 2.1.2.2. OpenSSL
        • 2.1.2.3. Device Tree Compiler (DTC)
        • 2.1.2.4. Arm Development Studio (Arm-DS)
        • 2.1.2.5. Node.js
        • 2.1.2.6. Poetry
      • 2.1.3. Package Installation (Linux)
      • 2.1.4. Supporting Files
        • 2.1.4.1. Additional Steps for Contributors
    • 2.2. Building Documentation
      • 2.2.1. Prerequisites
      • 2.2.2. Building rendered documentation
        • 2.2.2.1. Other Output Formats
        • 2.2.2.2. Building rendered documentation from Poetry’s virtual environment
      • 2.2.3. Building rendered documentation from a container
    • 2.3. Performing an Initial Build
    • 2.4. Building Supporting Tools
      • 2.4.1. Building and using the FIP tool
      • 2.4.2. Building the Certificate Generation Tool
        • 2.4.2.1. Building the Firmware Encryption Tool
    • 2.5. Build Options
      • 2.5.1. Common build options
      • 2.5.2. GIC driver options
        • 2.5.2.1. GICv3 driver options
      • 2.5.3. Debugging options
      • 2.5.4. Experimental build options
        • 2.5.4.1. Common build options
        • 2.5.4.2. Firmware update options
    • 2.6. Internal Build Options
    • 2.7. Image Terminology
      • 2.7.1. Common Image Features
      • 2.7.2. Trusted Firmware Images
        • 2.7.2.1. Firmware Image Package: FIP
        • 2.7.2.2. AP Boot ROM: AP_BL1
        • 2.7.2.3. AP RAM Firmware: AP_BL2
        • 2.7.2.4. EL3 Runtime Firmware: AP_BL31
        • 2.7.2.5. Secure-EL1 Payload (SP): AP_BL32
        • 2.7.2.6. AP Normal World Firmware: AP_BL33
        • 2.7.2.7. Other AP 3rd level images: AP_BL3_XXX
        • 2.7.2.8. Realm Monitor Management Firmware: RMM
        • 2.7.2.9. SCP Boot ROM: SCP_BL1 (previously BL0)
        • 2.7.2.10. SCP RAM Firmware: SCP_BL2 (previously BL3-0)
      • 2.7.3. Firmware Update (FWU) Images
        • 2.7.3.1. AP Firmware Update Boot ROM: AP_NS_BL1U
        • 2.7.3.2. AP Firmware Update Config: AP_BL2U
        • 2.7.3.3. SCP Firmware Update Config: SCP_BL2U (previously BL2-U0)
        • 2.7.3.4. AP Firmware Updater: AP_NS_BL2U (previously BL3-U)
      • 2.7.4. Other Processor Firmware Images
        • 2.7.4.1. MCP Boot ROM: MCP_BL1
        • 2.7.4.2. MCP RAM Firmware: MCP_BL2
    • 2.8. PSCI Library Integration guide for Armv8-A AArch32 systems
      • 2.8.1. Generic call sequence for PSCI Library interface (AArch32)
      • 2.8.2. PSCI CPU context management
      • 2.8.3. PSCI Library Interface
        • 2.8.3.1. Interface : psci_setup()
        • 2.8.3.2. Interface : psci_prepare_next_non_secure_ctx()
        • 2.8.3.3. Interface : psci_register_spd_pm_hook()
        • 2.8.3.4. Interface : psci_smc_handler()
        • 2.8.3.5. Interface : psci_warmboot_entrypoint()
      • 2.8.4. EL3 Runtime Software dependencies
        • 2.8.4.1. General dependencies
        • 2.8.4.2. CPU Context management API
        • 2.8.4.3. Platform API
        • 2.8.4.4. Secure payload power management callback
        • 2.8.4.5. CPU operations
    • 2.9. EL3 Runtime Service Writer’s Guide
      • 2.9.1. Introduction
      • 2.9.2. Owning Entities, Call Types and Function IDs
      • 2.9.3. Getting started
      • 2.9.4. Registering a runtime service
      • 2.9.5. Initializing a runtime service
      • 2.9.6. Handling runtime service requests
      • 2.9.7. Services that contain multiple sub-services
      • 2.9.8. Secure-EL1 Payload Dispatcher service (SPD)
      • 2.9.9. Additional References:
  • 3. Processes & Policies
    • 3.1. Security Handling
      • 3.1.1. Security Disclosures
      • 3.1.2. Found a Security Issue?
      • 3.1.3. Attribution
      • 3.1.4. Security Advisories
    • 3.2. Platform Ports Policy
      • 3.2.1. Platform compatibility policy
      • 3.2.2. Deprecation policy
    • 3.3. Commit Style
      • 3.3.1. Adding Scopes
      • 3.3.2. Mandated Trailers
    • 3.4. Coding Style
      • 3.4.1. File Encoding
      • 3.4.2. Language
      • 3.4.3. C Language Standard
      • 3.4.4. MISRA Compliance
      • 3.4.5. Indentation
      • 3.4.6. Spacing
      • 3.4.7. Line Length
      • 3.4.8. Blank Lines
      • 3.4.9. Braces
        • 3.4.9.1. Opening Brace Placement
        • 3.4.9.2. Conditional Statement Bodies
      • 3.4.10. Naming
        • 3.4.10.1. Functions
        • 3.4.10.2. Local Variables and Parameters
        • 3.4.10.3. Preprocessor Macros
      • 3.4.11. Function Attributes
      • 3.4.12. Alignment
        • 3.4.12.1. Switch Statement Alignment
        • 3.4.12.2. Pointer Alignment
      • 3.4.13. Comments
      • 3.4.14. Headers and inclusion
        • 3.4.14.1. Header guards
        • 3.4.14.2. Include statement ordering
        • 3.4.14.3. Include statement variants
      • 3.4.15. Typedefs
        • 3.4.15.1. Avoid anonymous typedefs of structs/enums in headers
    • 3.5. Coding Guidelines
      • 3.5.1. Automatic Editor Configuration
      • 3.5.2. Automatic Compliance Checking
        • 3.5.2.1. Ignored Checkpatch Warnings
      • 3.5.3. Performance considerations
        • 3.5.3.1. Avoid printf and use logging macros
        • 3.5.3.2. Use const data where possible
      • 3.5.4. Libc functions that are banned or to be used with caution
      • 3.5.5. Error handling and robustness
        • 3.5.5.1. Using CASSERT to check for compile time data errors
        • 3.5.5.2. Using assert() to check for programming errors
        • 3.5.5.3. Handling integration errors
        • 3.5.5.4. Handling recoverable errors
        • 3.5.5.5. Handling unrecoverable errors
        • 3.5.5.6. Handling critical unresponsiveness
      • 3.5.6. Use of built-in C and libc data types
      • 3.5.7. Favor C language over assembly language
      • 3.5.8. Do not use weak functions
    • 3.6. Contributor’s Guide
      • 3.6.1. Getting Started
      • 3.6.2. Making Changes
      • 3.6.3. Submitting Changes
      • 3.6.4. Add CI Configurations
        • 3.6.4.1. Coverity Scan
        • 3.6.4.2. Test Build Configurations
      • 3.6.5. Binary Components
    • 3.7. Code Review Guidelines
      • 3.7.1. Why do we do code reviews?
      • 3.7.2. Overview of the code review process
      • 3.7.3. Good practices for all reviewers
      • 3.7.4. Guidelines for patch contributors
      • 3.7.5. Guidelines for all reviewers
      • 3.7.6. Guidelines for code owners
      • 3.7.7. Guidelines for maintainers
    • 3.8. Frequently-Asked Questions (FAQ)
      • 3.8.1. How do I update my changes?
      • 3.8.2. How long will my changes take to merge into integration?
      • 3.8.3. How long will it take for my changes to go from integration to master?
      • 3.8.4. What are these strange comments in my changes?
    • 3.9. Project Maintenance Processes
      • 3.9.1. How to become a maintainer?
        • 3.9.1.1. Qualifying Criteria
        • 3.9.1.2. Election Process
    • 3.10. Secure Development Guidelines
      • 3.10.1. Security considerations
        • 3.10.1.1. Do not leak secrets to the normal world
        • 3.10.1.2. Handling Denial of Service attacks
        • 3.10.1.3. Preventing Secure-world timing information leakage via PMU counters
      • 3.10.2. Build options
  • 4. Components
    • 4.1. Secure Payload Dispatcher (SPD)
      • 4.1.1. OP-TEE Dispatcher
      • 4.1.2. Trusted Little Kernel (TLK) Dispatcher
        • 4.1.2.1. Trusted Little Kernel (TLK)
        • 4.1.2.2. Build TLK
        • 4.1.2.3. Input parameters to TLK
      • 4.1.3. Trusty Dispatcher
        • 4.1.3.1. Boot parameters
        • 4.1.3.2. Supported platforms
      • 4.1.4. ProvenCore Dispatcher
    • 4.2. Activity Monitors
      • 4.2.1. Auxiliary counters
    • 4.3. Arm SiP Services
      • 4.3.1. Execution State Switching service
        • 4.3.1.1. ARM_SIP_SVC_EXE_STATE_SWITCH
    • 4.4. Debug FS
      • 4.4.1. Overview
      • 4.4.2. Virtual filesystem
        • 4.4.2.1. Namespace
        • 4.4.2.2. 9p interface
      • 4.4.3. SMC interface
      • 4.4.4. Security considerations
      • 4.4.5. Limitations
      • 4.4.6. Applications
    • 4.5. Exception Handling Framework
      • 4.5.1. Introduction
      • 4.5.2. The role of Exception Handling Framework
      • 4.5.3. Interrupt handling
        • 4.5.3.1. Partitioning priority levels
        • 4.5.3.2. Programming priority
      • 4.5.4. Registering handler
      • 4.5.5. Interrupt handling example
      • 4.5.6. Activating and Deactivating priorities
      • 4.5.7. Transition of priority levels
      • 4.5.8. Effect on SMC calls
      • 4.5.9. Build-time flow
      • 4.5.10. Run-time flow
      • 4.5.11. Interrupt Prioritisation Considerations
      • 4.5.12. Limitations
    • 4.6. Firmware Configuration Framework
      • 4.6.1. Introduction
      • 4.6.2. Accessing properties
      • 4.6.3. Defining properties
      • 4.6.4. Loading the property device tree
      • 4.6.5. Populating the properties
      • 4.6.6. Namespace guidance
      • 4.6.7. Properties binding information
        • 4.6.7.1. DTB binding for FCONF properties
        • 4.6.7.2. Trusted Boot Firmware Configuration bindings
    • 4.7. Firmware Update (FWU)
      • 4.7.1. PSA Firmware Update (PSA FWU)
        • 4.7.1.1. Introduction
        • 4.7.1.2. Scope
        • 4.7.1.3. Overview
      • 4.7.2. TBBR Firmware Update (TBBR FWU)
        • 4.7.2.1. Introduction
        • 4.7.2.2. Scope
        • 4.7.2.3. Overview
        • 4.7.2.4. Image Identification
        • 4.7.2.5. FWU State Machine
        • 4.7.2.6. BL1 SMC Interface
    • 4.8. Measured Boot Driver (MBD)
      • 4.8.1. Properties binding information
        • 4.8.1.1. DTB binding for Event Log properties
    • 4.9. Maximum Power Mitigation Mechanism (MPMM)
    • 4.10. Platform Interrupt Controller API
      • 4.10.1. Function: unsigned int plat_ic_get_running_priority(void); [optional]
      • 4.10.2. Function: int plat_ic_is_spi(unsigned int id); [optional]
      • 4.10.3. Function: int plat_ic_is_ppi(unsigned int id); [optional]
      • 4.10.4. Function: int plat_ic_is_sgi(unsigned int id); [optional]
      • 4.10.5. Function: unsigned int plat_ic_get_interrupt_active(unsigned int id); [optional]
      • 4.10.6. Function: void plat_ic_enable_interrupt(unsigned int id); [optional]
      • 4.10.7. Function: void plat_ic_disable_interrupt(unsigned int id); [optional]
      • 4.10.8. Function: void plat_ic_set_interrupt_priority(unsigned int id, unsigned int priority); [optional]
      • 4.10.9. Function: bool plat_ic_has_interrupt_type(unsigned int type); [optional]
      • 4.10.10. Function: void plat_ic_set_interrupt_type(unsigned int id, unsigned int type); [optional]
      • 4.10.11. Function: void plat_ic_raise_el3_sgi(int sgi_num, u_register_t target); [optional]
      • 4.10.12. Function: void plat_ic_set_spi_routing(unsigned int id, unsigned int routing_mode, u_register_t mpidr); [optional]
      • 4.10.13. Function: void plat_ic_set_interrupt_pending(unsigned int id); [optional]
      • 4.10.14. Function: void plat_ic_clear_interrupt_pending(unsigned int id); [optional]
      • 4.10.15. Function: unsigned int plat_ic_set_priority_mask(unsigned int id); [optional]
      • 4.10.16. Function: unsigned int plat_ic_deactivate_priority(unsigned int id); [optional]
      • 4.10.17. Function: unsigned int plat_ic_get_interrupt_id(unsigned int raw); [optional]
    • 4.11. Reliability, Availability, and Serviceability (RAS) Extensions
      • 4.11.1. Firmware First Handling (FFH)
        • 4.11.1.1. Introduction
        • 4.11.1.2. Overview
      • 4.11.2. Kernel First Handling (KFH)
        • 4.11.2.1. Introduction
      • 4.11.3. Error Syncronization at EL3 entry
      • 4.11.4. TF-A build options
      • 4.11.5. TF-A Tests
      • 4.11.6. RAS Framework
        • 4.11.6.1. Platform APIs
        • 4.11.6.2. Registering RAS error records
        • 4.11.6.3. Registering RAS interrupts
        • 4.11.6.4. Double-fault handling
        • 4.11.6.5. Engaging the RAS framework
        • 4.11.6.6. Interaction with Exception Handling Framework
    • 4.12. Library at ROM
      • 4.12.1. Introduction
      • 4.12.2. Index file
      • 4.12.3. Wrapper functions
      • 4.12.4. Script
      • 4.12.5. Patching of functions in library at ROM
      • 4.12.6. Memory impact
      • 4.12.7. Build library at ROM
    • 4.13. SDEI: Software Delegated Exception Interface
      • 4.13.1. Introduction
      • 4.13.2. Defining events
        • 4.13.2.1. Event flags
      • 4.13.3. Event definition example
      • 4.13.4. Configuration within Exception Handling Framework
      • 4.13.5. Determining client EL
      • 4.13.6. Explicit dispatch of events
        • 4.13.6.1. Conditions for event dispatch
      • 4.13.7. Porting requirements
      • 4.13.8. Note on writing SDEI event handlers
      • 4.13.9. Security Considerations
        • 4.13.9.1. Bound events
        • 4.13.9.2. Recurring events
        • 4.13.9.3. Dispatched events
    • 4.14. Secure Partition Manager
      • 4.14.1. FF-A manifest binding to device tree
        • 4.14.1.1. Partition Properties
        • 4.14.1.2. Memory Regions
        • 4.14.1.3. Device Regions
      • 4.14.2. Acronyms
      • 4.14.3. Foreword
        • 4.14.3.1. Support for legacy platforms
      • 4.14.4. TF-A build options
      • 4.14.5. Boot process
        • 4.14.5.1. SPMC boot
      • 4.14.6. References
    • 4.15. EL3 Secure Partition Manager
      • 4.15.1. Foreword
      • 4.15.2. Sample reference stack
      • 4.15.3. TF-A build options
      • 4.15.4. FVP model invocation
      • 4.15.5. Platform Guide
      • 4.15.6. Logical Secure Partition (LSP)
      • 4.15.7. SPMC boot
        • 4.15.7.1. Parsing SP partition manifests
        • 4.15.7.2. Passing boot data to the SP
      • 4.15.8. Supported interfaces
        • 4.15.8.1. FFA_VERSION
        • 4.15.8.2. FFA_FEATURES
        • 4.15.8.3. FFA_RXTX_MAP
        • 4.15.8.4. FFA_RXTX_UNMAP
        • 4.15.8.5. FFA_PARTITION_INFO_GET
        • 4.15.8.6. FFA_ID_GET
        • 4.15.8.7. FFA_MSG_SEND_DIRECT_REQ
        • 4.15.8.8. FFA_MSG_SEND_DIRECT_RESP
        • 4.15.8.9. FFA_SPM_ID_GET
        • 4.15.8.10. FFA_ID_GET
        • 4.15.8.11. FFA_MEM_SHARE
        • 4.15.8.12. FFA_MEM_LEND
        • 4.15.8.13. FFA_MEM_RETRIEVE_REQ
        • 4.15.8.14. FFA_MEM_RETRIEVE_RESP
        • 4.15.8.15. FFA_MEM_FRAG_RX
        • 4.15.8.16. FFA_MEM_FRAG_TX
        • 4.15.8.17. FFA_SECONDARY_EP_REGISTER
      • 4.15.9. Power management
      • 4.15.10. Secure partitions scheduling
      • 4.15.11. Partition Runtime State and Model
      • 4.15.12. Platform topology
      • 4.15.13. Interrupt handling
        • 4.15.13.1. Secure Interrupt handling
        • 4.15.13.2. Non-Secure Interrupt handling
      • 4.15.14. Test Secure Payload (TSP)
        • 4.15.14.1. TSP Tests in CI
      • 4.15.15. References
    • 4.16. Secure Partition Manager (MM)
      • 4.16.1. Foreword
      • 4.16.2. Background
      • 4.16.3. Introduction
      • 4.16.4. Description
        • 4.16.4.1. Building TF-A with Secure Partition support
        • 4.16.4.2. Describing Secure Partition resources
        • 4.16.4.3. Accessing Secure Partition services
        • 4.16.4.4. Exchanging data with the Secure Partition
      • 4.16.5. Runtime model of the Secure Partition
        • 4.16.5.1. Interface with SPM
        • 4.16.5.2. Miscellaneous interfaces
        • 4.16.5.3. Secure Partition Initialisation
        • 4.16.5.4. Runtime Event Delegation
        • 4.16.5.5. Secure Partition Memory Management
        • 4.16.5.6. Error Codes
    • 4.17. Translation (XLAT) Tables Library
      • 4.17.1. About version 1 and version 2
      • 4.17.2. Design concepts and interfaces
        • 4.17.2.1. mmap regions
        • 4.17.2.2. Translation Context
        • 4.17.2.3. Static and dynamic memory regions
      • 4.17.3. Library APIs
      • 4.17.4. Library limitations
      • 4.17.5. Implementation details
        • 4.17.5.1. Code structure
        • 4.17.5.2. From mmap regions to translation tables
        • 4.17.5.3. The memory mapping algorithm
        • 4.17.5.4. TLB maintenance operations
    • 4.18. Chain of trust bindings
      • 4.18.1. cot
      • 4.18.2. Manifests and Certificate node bindings definition
      • 4.18.3. Images and Image node bindings definition
      • 4.18.4. non-volatile counter node binding definition
      • 4.18.5. rot_keys node binding definition
      • 4.18.6. Future update to chain of trust binding
    • 4.19. Realm Management Extension (RME)
      • 4.19.1. RME support in TF-A
        • 4.19.1.1. Changes to translation tables library
        • 4.19.1.2. Changes to context management
        • 4.19.1.3. Boot flow changes
        • 4.19.1.4. Granule Protection Tables (GPT) library
        • 4.19.1.5. RMM Dispatcher (RMMD)
        • 4.19.1.6. Test Realm Payload (TRP)
      • 4.19.2. Building and running TF-A with RME
        • 4.19.2.1. Three-world execution
        • 4.19.2.2. Four-world execution
    • 4.20. RMM-EL3 Communication interface
      • 4.20.1. RMM-EL3 Interface versioning
      • 4.20.2. RMM Boot Interface
        • 4.20.2.1. Cold Boot Interface
        • 4.20.2.2. Warm Boot Interface
        • 4.20.2.3. Boot error handling and return values
        • 4.20.2.4. Boot Manifest
      • 4.20.3. RMM-EL3 Runtime Interface
        • 4.20.3.1. RMM-EL3 runtime service return codes
        • 4.20.3.2. RMM-EL3 runtime services
      • 4.20.4. RMM-EL3 world switch register save restore convention
      • 4.20.5. Types
        • 4.20.5.1. RMM-EL3 Boot Manifest structure
        • 4.20.5.2. Memory Info structure
        • 4.20.5.3. Memory Bank/Device region structure
        • 4.20.5.4. Console List structure
        • 4.20.5.5. Console Info structure
        • 4.20.5.6. SMMU List structure
        • 4.20.5.7. SMMU Info structure
        • 4.20.5.8. Root Complex List structure
        • 4.20.5.9. Root Complex Info structure
        • 4.20.5.10. Root Port Info structure
        • 4.20.5.11. BDF Mapping Info structure
        • 4.20.5.12. EL3 Token Sign Request structure
        • 4.20.5.13. EL3 Token Sign Response structure
    • 4.21. Granule Protection Tables Library
      • 4.21.1. Design Concepts and Interfaces
        • 4.21.1.1. Defining PAS regions
        • 4.21.1.2. Level 0 and Level 1 Tables
        • 4.21.1.3. Granule Transition Service
        • 4.21.1.4. Locking Scheme
      • 4.21.2. Library APIs
        • 4.21.2.1. API Constraints
        • 4.21.2.2. Sample Calculation for L0 memory size and alignment
        • 4.21.2.3. Sample calculation for bitlocks array size
        • 4.21.2.4. Sample calculation for L1 table size and alignment
    • 4.22. Vendor Specific EL3 Monitor Service Calls
      • 4.22.1. Performance Measurement Framework (PMF)
      • 4.22.2. DebugFS interface
    • 4.23. DebugFS interface
      • 4.23.1. MOUNT
        • 4.23.1.1. Description
        • 4.23.1.2. Parameters
        • 4.23.1.3. Return values
      • 4.23.2. OPEN
        • 4.23.2.1. Description
        • 4.23.2.2. Parameters
        • 4.23.2.3. Return values
      • 4.23.3. CLOSE
        • 4.23.3.1. Description
        • 4.23.3.2. Parameters
        • 4.23.3.3. Return values
      • 4.23.4. READ
        • 4.23.4.1. Description
        • 4.23.4.2. Parameters
        • 4.23.4.3. Return values
      • 4.23.5. SEEK
        • 4.23.5.1. Description
        • 4.23.5.2. Parameters
        • 4.23.5.3. Return values
      • 4.23.6. BIND
        • 4.23.6.1. Description
        • 4.23.6.2. Parameters
        • 4.23.6.3. Return values
      • 4.23.7. STAT
        • 4.23.7.1. Description
        • 4.23.7.2. Parameters
        • 4.23.7.3. Return values
      • 4.23.8. INIT
        • 4.23.8.1. Description
        • 4.23.8.2. Parameters
        • 4.23.8.3. Return values
      • 4.23.9. VERSION
        • 4.23.9.1. Description
        • 4.23.9.2. Parameters
        • 4.23.9.3. Return values
    • 4.24. Context Management Library
      • 4.24.1. Overview
      • 4.24.2. TF-A Context
      • 4.24.3. Design
      • 4.24.4. Code Structure
        • 4.24.4.1. Source Files
        • 4.24.4.2. Header Files
      • 4.24.5. Bootloader Images utilizing Context Management Library
      • 4.24.6. CPU Data Structure
      • 4.24.7. CPU Context and Memory allocation
        • 4.24.7.1. CPU Context
        • 4.24.7.2. Context Memory Allocation
        • 4.24.7.3. NS-Context Memory
        • 4.24.7.4. Secure-Context Memory
        • 4.24.7.5. Realm-Context Memory
      • 4.24.8. Context Setup/Initialization
        • 4.24.8.1. Context Setup during Cold boot
        • 4.24.8.2. Context Setup during Warmboot
      • 4.24.9. Library APIs
        • 4.24.9.1. Context Initialization for Individual Worlds
        • 4.24.9.2. Runtime Save and Restore of Registers
        • 4.24.9.3. Feature Enablement for Individual Worlds
      • 4.24.10. Per-world Context
      • 4.24.11. Root-Context (EL3-Execution-Context)
  • 5. System Design
    • 5.1. Alternative Boot Flows
      • 5.1.1. EL3 payloads alternative boot flow
        • 5.1.1.1. Booting an EL3 payload
      • 5.1.2. Preloaded BL33 alternative boot flow
    • 5.2. Authentication Framework & Chain of Trust
      • 5.2.1. Framework design
        • 5.2.1.1. Chain of Trust
        • 5.2.1.2. Image types
        • 5.2.1.3. Component responsibilities
        • 5.2.1.4. Authentication methods
      • 5.2.2. Specifying a Chain of Trust
        • 5.2.2.1. Describing the image parsing methods
        • 5.2.2.2. Describing the authentication method(s)
        • 5.2.2.3. Storing Authentication parameters
        • 5.2.2.4. Describing an image in a CoT
      • 5.2.3. Implementation example
        • 5.2.3.1. The TBBR CoT
        • 5.2.3.2. The image parser library
        • 5.2.3.3. The cryptographic library
    • 5.3. Arm CPU Specific Build Macros
      • 5.3.1. Security Vulnerability Workarounds
      • 5.3.2. CPU Errata Workarounds
      • 5.3.3. DSU Errata Workarounds
      • 5.3.4. CPU Specific optimizations
      • 5.3.5. GIC Errata Workarounds
    • 5.4. Firmware Design
      • 5.4.1. Cold boot
        • 5.4.1.1. Dynamic Configuration during cold boot
        • 5.4.1.2. BL1
        • 5.4.1.3. BL2
        • 5.4.1.4. Running BL2 at EL3 execution level
        • 5.4.1.5. AArch64 BL31
        • 5.4.1.6. Using alternative Trusted Boot Firmware in place of BL1 & BL2 (AArch64 only)
        • 5.4.1.7. AArch32 EL3 Runtime Software entrypoint interface
      • 5.4.2. EL3 runtime services framework
        • 5.4.2.1. Registration
        • 5.4.2.2. Initialization
        • 5.4.2.3. Handling an SMC
      • 5.4.3. Exception Handling Framework
      • 5.4.4. Power State Coordination Interface
      • 5.4.5. Secure-EL1 Payloads and Dispatchers
        • 5.4.5.1. Initializing a BL32 Image
      • 5.4.6. Exception handling in BL31
        • 5.4.6.1. Current EL with SP_EL0
        • 5.4.6.2. Current EL with SP_ELx
        • 5.4.6.3. Lower EL Exceptions
      • 5.4.7. Crash Reporting in BL31
      • 5.4.8. Guidelines for Reset Handlers
      • 5.4.9. Configuring secure interrupts
      • 5.4.10. CPU specific operations framework
        • 5.4.10.1. CPU PCS
        • 5.4.10.2. CPU specific Reset Handling
        • 5.4.10.3. CPU specific power down sequence
        • 5.4.10.4. CPU specific register reporting during crash
        • 5.4.10.5. CPU errata implementation
      • 5.4.11. Memory layout of BL images
        • 5.4.11.1. Linker scripts and symbols
        • 5.4.11.2. How to choose the right base addresses for each bootloader stage image
      • 5.4.12. Firmware Image Package (FIP)
        • 5.4.12.1. Firmware Image Package layout
        • 5.4.12.2. Firmware Image Package creation tool
        • 5.4.12.3. Loading from a Firmware Image Package (FIP)
      • 5.4.13. Use of coherent memory in TF-A
        • 5.4.13.1. Disabling the use of coherent memory in TF-A
        • 5.4.13.2. Coherent memory usage in PSCI implementation
        • 5.4.13.3. Bakery lock data
        • 5.4.13.4. Non Functional Impact of removing coherent memory
      • 5.4.14. Isolating code and read-only data on separate memory pages
      • 5.4.15. Publish and Subscribe Framework
        • 5.4.15.1. Publish and Subscribe Example
        • 5.4.15.2. Reclaiming the BL31 initialization code
      • 5.4.16. Performance Measurement Framework
        • 5.4.16.1. Timestamp identifier format
        • 5.4.16.2. Registering a PMF service
        • 5.4.16.3. Capturing a timestamp
        • 5.4.16.4. Retrieving a timestamp
        • 5.4.16.5. PMF code structure
      • 5.4.17. Armv8-A Architecture Extensions
        • 5.4.17.1. Build options
        • 5.4.17.2. Armv8.1-A
        • 5.4.17.3. Armv8.2-A
        • 5.4.17.4. Armv8.3-A
        • 5.4.17.5. Armv8.5-A
        • 5.4.17.6. Armv7-A
      • 5.4.18. Code Structure
    • 5.5. Interrupt Management Framework
      • 5.5.1. Concepts
        • 5.5.1.1. Interrupt types
        • 5.5.1.2. Routing model
        • 5.5.1.3. Valid routing models
        • 5.5.1.4. Mapping of interrupt type to signal
      • 5.5.2. Assumptions in Interrupt Management Framework
      • 5.5.3. Software components
      • 5.5.4. Interrupt registration
        • 5.5.4.1. EL3 runtime firmware
        • 5.5.4.2. Secure payload dispatcher
        • 5.5.4.3. Test secure payload dispatcher behavior
        • 5.5.4.4. Secure payload
        • 5.5.4.5. Test secure payload behavior
      • 5.5.5. Interrupt handling
        • 5.5.5.1. EL3 runtime firmware
        • 5.5.5.2. Secure payload dispatcher
        • 5.5.5.3. Secure payload interrupt handling
      • 5.5.6. Other considerations
        • 5.5.6.1. Implication of preempted SMC on Non-Secure Software
    • 5.6. PSCI Power Domain Tree Structure
      • 5.6.1. Requirements
      • 5.6.2. Design
        • 5.6.2.1. Describing a power domain tree
        • 5.6.2.2. Removing assumptions about MPIDRs used in a platform
        • 5.6.2.3. Traversing through and distinguishing between core and non-core power domains
        • 5.6.2.4. Populating the power domain tree
    • 5.7. CPU Reset
      • 5.7.1. General reset code flow
      • 5.7.2. Programmable CPU reset address
      • 5.7.3. Cold boot on a single CPU
      • 5.7.4. Programmable CPU reset address, Cold boot on a single CPU
      • 5.7.5. Using BL31 entrypoint as the reset address
        • 5.7.5.1. Determination of boot path
        • 5.7.5.2. Platform initialization
    • 5.8. Console Framework
      • 5.8.1. Registering a console
        • 5.8.1.1. Function : console_xxx_register
        • 5.8.1.2. Function : console_xxx_putc
        • 5.8.1.3. Function : console_xxx_getc
        • 5.8.1.4. Function : console_xxx_flush
        • 5.8.1.5. Macro : finish_console_register xxx putc=1 getc=ENABLE_CONSOLE_GETC flush=1
      • 5.8.2. Registering a console using C
      • 5.8.3. Multi Console API
        • 5.8.3.1. Function : console_register()
        • 5.8.3.2. Function : console_unregister()
        • 5.8.3.3. Function : console_set_scope()
        • 5.8.3.4. Function : console_switch_state()
        • 5.8.3.5. Function : console_putc()
        • 5.8.3.6. Function : console_getc()
        • 5.8.3.7. Function : console_flush()
        • 5.8.3.8. Function : putchar()
    • 5.9. Trusted Board Boot
      • 5.9.1. Chain of Trust
        • 5.9.1.1. Default CoT #1: TBBR
        • 5.9.1.2. Default CoT #2: Dualroot
        • 5.9.1.3. Default CoT #3: CCA
      • 5.9.2. Trusted Board Boot Sequence
      • 5.9.3. Authentication Framework
      • 5.9.4. Certificate Generation Tool
      • 5.9.5. Authenticated Encryption Framework
      • 5.9.6. Firmware Encryption Tool
    • 5.10. Building FIP images with support for Trusted Board Boot
  • 6. Porting Guide
    • 6.1. Introduction
    • 6.2. Common modifications
    • 6.3. Common mandatory modifications
      • 6.3.1. File : platform_def.h [mandatory]
      • 6.3.2. File : plat_macros.S [mandatory]
    • 6.4. Handling Reset
      • 6.4.1. Function : plat_get_my_entrypoint() [mandatory when PROGRAMMABLE_RESET_ADDRESS == 0]
      • 6.4.2. Function : plat_secondary_cold_boot_setup() [mandatory when COLD_BOOT_SINGLE_CPU == 0]
      • 6.4.3. Function : plat_is_my_cpu_primary() [mandatory when COLD_BOOT_SINGLE_CPU == 0]
      • 6.4.4. Function : platform_mem_init() [mandatory]
      • 6.4.5. Function: plat_get_rotpk_info()
      • 6.4.6. Function: plat_get_nv_ctr()
      • 6.4.7. Function: plat_set_nv_ctr()
      • 6.4.8. Function: plat_set_nv_ctr2()
    • 6.5. Dynamic Root of Trust for Measurement support (in BL31)
      • 6.5.1. Function : plat_get_addr_mmap()
      • 6.5.2. Function : plat_has_non_host_platforms()
      • 6.5.3. Function : plat_has_unmanaged_dma_peripherals()
      • 6.5.4. Function : plat_get_total_num_smmus()
      • 6.5.5. Function : plat_enumerate_smmus()
      • 6.5.6. Function : plat_drtm_get_dma_prot_features()
      • 6.5.7. Function : plat_drtm_dma_prot_get_max_table_bytes()
      • 6.5.8. Function : plat_drtm_get_tpm_features()
      • 6.5.9. Function : plat_drtm_get_min_size_normal_world_dce()
      • 6.5.10. Function : plat_drtm_get_imp_def_dlme_region_size()
      • 6.5.11. Function : plat_drtm_get_tcb_hash_table_size()
      • 6.5.12. Function : plat_drtm_get_acpi_tables_region_size()
      • 6.5.13. Function : plat_drtm_get_tcb_hash_features()
      • 6.5.14. Function : plat_drtm_get_dlme_img_auth_features()
      • 6.5.15. Function : plat_drtm_validate_ns_region()
      • 6.5.16. Function : plat_set_drtm_error()
      • 6.5.17. Function : plat_get_drtm_error()
    • 6.6. Common mandatory function modifications
      • 6.6.1. Function : plat_my_core_pos()
      • 6.6.2. Function : plat_core_pos_by_mpidr()
      • 6.6.3. Function : plat_get_mbedtls_heap() [when TRUSTED_BOARD_BOOT == 1]
      • 6.6.4. Function : plat_get_enc_key_info() [when FW_ENC_STATUS == 0 or 1]
      • 6.6.5. Function : plat_fwu_set_images_source() [when PSA_FWU_SUPPORT == 1]
      • 6.6.6. Function : plat_fwu_set_metadata_image_source() [when PSA_FWU_SUPPORT == 1]
      • 6.6.7. Function : plat_fwu_get_boot_idx() [when PSA_FWU_SUPPORT == 1]
    • 6.7. Common optional modifications
      • 6.7.1. Function : plat_set_my_stack()
      • 6.7.2. Function : plat_get_my_stack()
      • 6.7.3. Function : plat_report_exception()
      • 6.7.4. Function : plat_reset_handler()
      • 6.7.5. Function : plat_disable_acp()
      • 6.7.6. Function : plat_error_handler()
      • 6.7.7. Function : plat_panic_handler()
      • 6.7.8. Function : plat_system_reset()
      • 6.7.9. Function : plat_get_bl_image_load_info()
      • 6.7.10. Function : plat_get_next_bl_params()
      • 6.7.11. Function : plat_get_stack_protector_canary()
      • 6.7.12. Function : plat_flush_next_bl_params()
      • 6.7.13. Function : plat_log_get_prefix()
      • 6.7.14. Function : plat_get_soc_version()
      • 6.7.15. Function : plat_get_soc_revision()
      • 6.7.16. Function : plat_is_smccc_feature_available()
      • 6.7.17. Function : plat_can_cmo()
      • 6.7.18. Struct: plat_try_images_ops [optional]
        • 6.7.18.1. Function : plat_setup_try_img_ops [optional]
        • 6.7.18.2. Function : plat_try_images_ops.next_instance [optional]
    • 6.8. Modifications specific to a Boot Loader stage
    • 6.9. Boot Loader Stage 1 (BL1)
      • 6.9.1. Function : bl1_early_platform_setup() [mandatory]
      • 6.9.2. Function : bl1_plat_arch_setup() [mandatory]
      • 6.9.3. Function : bl1_platform_setup() [mandatory]
      • 6.9.4. Function : bl1_plat_sec_mem_layout() [mandatory]
      • 6.9.5. Function : bl1_plat_prepare_exit() [optional]
      • 6.9.6. Function : bl1_plat_set_ep_info() [optional]
      • 6.9.7. Function : bl1_plat_get_next_image_id() [optional]
      • 6.9.8. Function : bl1_plat_get_image_desc() [optional]
      • 6.9.9. Function : bl1_plat_handle_pre_image_load() [optional]
      • 6.9.10. Function : bl1_plat_calc_bl2_layout() [optional]
      • 6.9.11. Function : bl1_plat_handle_post_image_load() [optional]
      • 6.9.12. Function : bl1_plat_fwu_done() [optional]
      • 6.9.13. Function : bl1_plat_mem_check() [mandatory]
    • 6.10. Boot Loader Stage 2 (BL2)
      • 6.10.1. Function : bl2_early_platform_setup2() [mandatory]
      • 6.10.2. Function : bl2_plat_arch_setup() [mandatory]
      • 6.10.3. Function : bl2_platform_setup() [mandatory]
      • 6.10.4. Function : bl2_plat_handle_pre_image_load() [optional]
      • 6.10.5. Function : bl2_plat_handle_post_image_load() [optional]
      • 6.10.6. Function : bl2_plat_preload_setup [optional]
    • 6.11. Boot Loader Stage 2 (BL2) at EL3
      • 6.11.1. Function : bl2_el3_early_platform_setup() [mandatory]
      • 6.11.2. Function : bl2_el3_plat_arch_setup() [mandatory]
      • 6.11.3. Function : bl2_el3_plat_prepare_exit() [optional]
    • 6.12. FWU Boot Loader Stage 2 (BL2U)
      • 6.12.1. Function : bl2u_early_platform_setup() [mandatory]
      • 6.12.2. Function : bl2u_plat_arch_setup() [mandatory]
      • 6.12.3. Function : bl2u_platform_setup() [mandatory]
      • 6.12.4. Function : bl2u_plat_handle_scp_bl2u() [optional]
    • 6.13. Boot Loader Stage 3-1 (BL31)
      • 6.13.1. Function : bl31_early_platform_setup2() [mandatory]
      • 6.13.2. Function : bl31_plat_arch_setup() [mandatory]
      • 6.13.3. Function : bl31_platform_setup() [mandatory]
      • 6.13.4. Function : bl31_plat_runtime_setup() [optional]
      • 6.13.5. Function : bl31_plat_get_next_image_ep_info() [mandatory]
      • 6.13.6. Function : plat_rmmd_get_cca_attest_token() [mandatory when ENABLE_RME == 1]
      • 6.13.7. Function : plat_rmmd_get_cca_realm_attest_key() [mandatory when ENABLE_RME == 1]
      • 6.13.8. Function : plat_rmmd_get_el3_rmm_shared_mem() [when ENABLE_RME == 1]
      • 6.13.9. Function : plat_rmmd_load_manifest() [when ENABLE_RME == 1]
      • 6.13.10. Function : plat_rmm_mecid_key_update() [when ENABLE_RME == 1]
      • 6.13.11. Function : plat_rmmd_el3_token_sign_push_req() [mandatory when RMMD_ENABLE_EL3_TOKEN_SIGN == 1]
      • 6.13.12. Function : plat_rmmd_el3_token_sign_pull_resp() [mandatory when RMMD_ENABLE_EL3_TOKEN_SIGN == 1]
      • 6.13.13. Function : plat_rmmd_el3_token_sign_get_rak_pub() [mandatory when RMMD_ENABLE_EL3_TOKEN_SIGN == 1]
      • 6.13.14. Function : plat_rmmd_el3_ide_key_program() [mandatory when RMMD_ENABLE_IDE_KEY_PROG == 1]
      • 6.13.15. Function : plat_rmmd_el3_ide_key_set_go() [mandatory when RMMD_ENABLE_IDE_KEY_PROG == 1]
      • 6.13.16. Function : plat_rmmd_el3_ide_key_set_stop() [mandatory when RMMD_ENABLE_IDE_KEY_PROG == 1]
      • 6.13.17. Function : plat_rmmd_el3_ide_km_pull_response() [mandatory when RMMD_ENABLE_IDE_KEY_PROG == 1]
      • 6.13.18. Function : bl31_plat_enable_mmu [optional]
      • 6.13.19. Function : plat_init_apkey [optional]
      • 6.13.20. Function : plat_get_syscnt_freq2() [mandatory]
      • 6.13.21. #define : PLAT_PERCPU_BAKERY_LOCK_SIZE [optional]
      • 6.13.22. SDEI porting requirements
        • 6.13.22.1. Macros
        • 6.13.22.2. Functions
      • 6.13.23. TRNG porting requirements
        • 6.13.23.1. Values
        • 6.13.23.2. Functions
    • 6.14. Power State Coordination Interface (in BL31)
      • 6.14.1. Function : plat_psci_stat_accounting_start() [optional]
      • 6.14.2. Function : plat_psci_stat_accounting_stop() [optional]
      • 6.14.3. Function : plat_psci_stat_get_residency() [optional]
      • 6.14.4. Function : plat_get_target_pwr_state() [optional]
      • 6.14.5. Function : plat_get_power_domain_tree_desc() [mandatory]
      • 6.14.6. Function : plat_setup_psci_ops() [mandatory]
        • 6.14.6.1. plat_psci_ops.cpu_standby()
        • 6.14.6.2. plat_psci_ops.pwr_domain_on()
        • 6.14.6.3. plat_psci_ops.pwr_domain_off_early() [optional]
        • 6.14.6.4. plat_psci_ops.pwr_domain_off()
        • 6.14.6.5. plat_psci_ops.pwr_domain_validate_suspend() [optional]
        • 6.14.6.6. plat_psci_ops.pwr_domain_suspend_pwrdown_early() [optional]
        • 6.14.6.7. plat_psci_ops.pwr_domain_suspend()
        • 6.14.6.8. plat_psci_ops.pwr_domain_pwr_down()
        • 6.14.6.9. plat_psci_ops.pwr_domain_on_finish()
        • 6.14.6.10. plat_psci_ops.pwr_domain_on_finish_late() [optional]
        • 6.14.6.11. plat_psci_ops.pwr_domain_suspend_finish()
        • 6.14.6.12. plat_psci_ops.system_off()
        • 6.14.6.13. plat_psci_ops.system_reset()
        • 6.14.6.14. plat_psci_ops.validate_power_state()
        • 6.14.6.15. plat_psci_ops.validate_ns_entrypoint()
        • 6.14.6.16. plat_psci_ops.get_sys_suspend_power_state()
        • 6.14.6.17. plat_psci_ops.get_pwr_lvl_state_idx()
        • 6.14.6.18. plat_psci_ops.translate_power_state_by_mpidr()
        • 6.14.6.19. plat_psci_ops.get_node_hw_state()
        • 6.14.6.20. plat_psci_ops.system_reset2()
        • 6.14.6.21. plat_psci_ops.write_mem_protect()
        • 6.14.6.22. plat_psci_ops.read_mem_protect()
        • 6.14.6.23. plat_psci_ops.mem_protect_chk()
    • 6.15. Interrupt Management framework (in BL31)
      • 6.15.1. Function : plat_interrupt_type_to_line() [mandatory]
      • 6.15.2. Function : plat_ic_get_pending_interrupt_type() [mandatory]
      • 6.15.3. Function : plat_ic_get_pending_interrupt_id() [mandatory]
      • 6.15.4. Function : plat_ic_acknowledge_interrupt() [mandatory]
      • 6.15.5. Function : plat_ic_end_of_interrupt() [mandatory]
      • 6.15.6. Function : plat_ic_get_interrupt_type() [mandatory]
    • 6.16. Registering a console
    • 6.17. Common helper functions
      • 6.17.1. Function : elx_panic()
      • 6.17.2. Function : el3_panic()
      • 6.17.3. Function : panic()
    • 6.18. Crash Reporting mechanism (in BL31)
      • 6.18.1. Function : plat_crash_console_init [mandatory]
      • 6.18.2. Function : plat_crash_console_putc [mandatory]
      • 6.18.3. Function : plat_crash_console_flush [mandatory]
      • 6.18.4. Function : plat_setup_early_console [optional]
    • 6.19. External Abort handling and RAS Support
      • 6.19.1. Function : plat_ea_handler
      • 6.19.2. Function : plat_handle_uncontainable_ea
      • 6.19.3. Function : plat_handle_double_fault
      • 6.19.4. Function : plat_handle_el3_ea
      • 6.19.5. Function : plat_handle_rng_trap
      • 6.19.6. Function : plat_handle_impdef_trap
    • 6.20. Build flags
    • 6.21. Platform include paths
    • 6.22. C Library
    • 6.23. Storage abstraction layer
    • 6.24. Measured Boot Platform Interface
  • 7. Platform Ports
    • 7.1. Allwinner ARMv8 SoCs
      • 7.1.1. Building TF-A
        • 7.1.1.1. Platform-specific build options
      • 7.1.2. Installation
      • 7.1.3. Memory layout
        • 7.1.3.1. A64, H5 and H6 SoCs
        • 7.1.3.2. H616 SoC
      • 7.1.4. Trusted OS dispatcher
    • 7.2. AMD Versal Gen 2
      • 7.2.1. AMD Versal Gen 2 platform specific build options
      • 7.2.2. Reference DEN0028E SMC calling convention
      • 7.2.3. Allocated subranges of Function Identifier to SIP services
      • 7.2.4. IPI SMC call ranges
      • 7.2.5. PM SMC call ranges
      • 7.2.6. SMC function IDs for SiP Service queries
    • 7.3. Arm Development Platforms
      • 7.3.1. Arm Juno Development Platform
        • 7.3.1.1. Platform-specific build options
        • 7.3.1.2. Running software on Juno
        • 7.3.1.3. Preparing TF-A images
        • 7.3.1.4. Booting Firmware Update images
        • 7.3.1.5. Booting an EL3 payload
        • 7.3.1.6. Booting a preloaded kernel image
        • 7.3.1.7. Testing System Suspend
        • 7.3.1.8. Additional Resources
      • 7.3.2. Arm Fixed Virtual Platforms (FVP)
        • 7.3.2.1. Fixed Virtual Platform (FVP) Support
        • 7.3.2.2. Arm FVP Platform Specific Build Options
        • 7.3.2.3. Running on the Foundation FVP
        • 7.3.2.4. Running on the AEMv8 Base FVP
        • 7.3.2.5. Running on the Cortex-A57-A53 Base FVP
        • 7.3.2.6. Running on the Cortex-A32 Base FVP (AArch32)
        • 7.3.2.7. Booting Firmware Update images
        • 7.3.2.8. Booting an EL3 payload
        • 7.3.2.9. Booting a kernel image in BL33
      • 7.3.3. Arm Versatile Express
        • 7.3.3.1. Boot Sequence
        • 7.3.3.2. How to build
      • 7.3.4. TC Total Compute Platform
        • 7.3.4.1. Boot Sequence
      • 7.3.5. Arm FPGA Platform
        • 7.3.5.1. Platform-specific build options
        • 7.3.5.2. Building the TF-A image
        • 7.3.5.3. Running the TF-A image
      • 7.3.6. Arm Development Platform Build Options
        • 7.3.6.1. Arm Platform Build Options
        • 7.3.6.2. Arm CSS Platform-Specific Build Options
        • 7.3.6.3. Arm FVP Build Options
        • 7.3.6.4. Arm Juno Build Options
        • 7.3.6.5. Arm Neoverse RD Platform Build Options
      • 7.3.7. Morello Platform
        • 7.3.7.1. Boot Sequence
      • 7.3.8. Corstone1000 Platform
        • 7.3.8.1. Boot Sequence
      • 7.3.9. RD-1 AE (Kronos) Platform
        • 7.3.9.1. Boot Sequence
    • 7.4. Aspeed AST2700
      • 7.4.1. Boot Flow
      • 7.4.2. How to build
    • 7.5. Amlogic Meson A113D (AXG)
    • 7.6. Amlogic Meson S905 (GXBB)
    • 7.7. Amlogic Meson S905x (GXL)
    • 7.8. Amlogic Meson S905X2 (G12A)
    • 7.9. HiKey
      • 7.9.1. How to build
        • 7.9.1.1. Code Locations
        • 7.9.1.2. Build Procedure
      • 7.9.2. Setup Console
      • 7.9.3. Flash images in recovery mode
      • 7.9.4. Boot UEFI in normal mode
    • 7.10. HiKey960
      • 7.10.1. How to build
        • 7.10.1.1. Code Locations
        • 7.10.1.2. Build Procedure
      • 7.10.2. Setup Console
      • 7.10.3. Boot UEFI in recovery mode
      • 7.10.4. Boot UEFI in normal mode
    • 7.11. Intel Agilex SoCFPGA
      • 7.11.1. How to build
        • 7.11.1.1. Code Locations
        • 7.11.1.2. Build Procedure
        • 7.11.1.3. Install Procedure
      • 7.11.2. Boot trace
    • 7.12. Intel Stratix 10 SoCFPGA
      • 7.12.1. How to build
        • 7.12.1.1. Code Locations
        • 7.12.1.2. Build Procedure
        • 7.12.1.3. Install Procedure
      • 7.12.2. Boot trace
    • 7.13. Marvell
      • 7.13.1. TF-A Build Instructions for Marvell Platforms
        • 7.13.1.1. Build Instructions
        • 7.13.1.2. Special Build Flags
        • 7.13.1.3. Build output
        • 7.13.1.4. Tools and external components installation
      • 7.13.2. TF-A UART Booting Instructions for Marvell Platforms
        • 7.13.2.1. Armada37x0 UART image downloading
        • 7.13.2.2. A7K/A8K/CN913x UART image downloading
      • 7.13.3. TF-A Porting Guide for Marvell Platforms
        • 7.13.3.1. Source Code Structure
        • 7.13.3.2. Armada-70x0/Armada-80x0 Porting
      • 7.13.4. Address decoding flow and address translation units of Marvell Armada 8K SoC family
      • 7.13.5. AMB - AXI MBUS address decoding
        • 7.13.5.1. Mandatory functions
        • 7.13.5.2. Mandatory structures
        • 7.13.5.3. Examples
      • 7.13.6. Marvell CCU address decoding bindings
        • 7.13.6.1. Mandatory functions
        • 7.13.6.2. Mandatory structures
        • 7.13.6.3. Example
      • 7.13.7. Marvell IO WIN address decoding bindings
        • 7.13.7.1. Mandatory functions
        • 7.13.7.2. Mandatory structures
        • 7.13.7.3. Example
      • 7.13.8. Marvell IOB address decoding bindings
        • 7.13.8.1. Mandatory functions
        • 7.13.8.2. Mandatory structures
        • 7.13.8.3. Target ID options
        • 7.13.8.4. Example
    • 7.14. MediaTek 8183
      • 7.14.1. Boot Sequence
      • 7.14.2. How to Build
    • 7.15. MediaTek 8186
      • 7.15.1. Boot Sequence
      • 7.15.2. How to Build
    • 7.16. MediaTek 8188
      • 7.16.1. Boot Sequence
      • 7.16.2. How to Build
    • 7.17. MediaTek 8189
      • 7.17.1. Boot Sequence
      • 7.17.2. How to Build
    • 7.18. MediaTek 8192
      • 7.18.1. Boot Sequence
      • 7.18.2. How to Build
    • 7.19. MediaTek 8195
      • 7.19.1. Boot Sequence
      • 7.19.2. How to Build
    • 7.20. MediaTek 8196
      • 7.20.1. Boot Sequence
      • 7.20.2. How to Build
    • 7.21. NVIDIA Tegra
      • 7.21.1. Directory structure
      • 7.21.2. Trusted OS dispatcher
      • 7.21.3. Scatter files
      • 7.21.4. Preparing the BL31 image to run on Tegra SoCs
      • 7.21.5. Power Management
      • 7.21.6. Tegra configs
    • 7.22. NXP i.MX7 WaRP7
      • 7.22.1. Boot Flow
      • 7.22.2. Build Instructions
        • 7.22.2.1. U-Boot
        • 7.22.2.2. OP-TEE
        • 7.22.2.3. TF-A
        • 7.22.2.4. FIP
      • 7.22.3. Deploy Images
      • 7.22.4. Signing BL2
    • 7.23. NXP i.MX 8 Series
      • 7.23.1. Boot Sequence
      • 7.23.2. How to build
        • 7.23.2.1. Build Procedure
        • 7.23.2.2. Deploy TF-A Images
    • 7.24. NXP i.MX 8M Series
      • 7.24.1. Boot Sequence
      • 7.24.2. How to build
        • 7.24.2.1. Build Procedure
        • 7.24.2.2. Deploy TF-A Images
      • 7.24.3. TBBR Boot Sequence
      • 7.24.4. Measured Boot
      • 7.24.5. High Assurance Boot (HABv4)
        • 7.24.5.1. Note on DRAM Memory Mapping
        • 7.24.5.2. Reference Documentation
    • 7.25. NXP i.MX 8ULP
      • 7.25.1. Boot Sequence
      • 7.25.2. How to build
        • 7.25.2.1. Build Procedure
        • 7.25.2.2. Deploy TF-A Images
        • 7.25.2.3. Reference Documentation
    • 7.26. NXP i.MX 9 Series
      • 7.26.1. Boot Sequence
      • 7.26.2. How to build
        • 7.26.2.1. Build Procedure
        • 7.26.2.2. Deploy TF-A Images
        • 7.26.2.3. Reference Documentation
    • 7.27. NXP S32G274A
      • 7.27.1. Boot Flow
      • 7.27.2. Code Locations
      • 7.27.3. How to build
      • 7.27.4. SoC Errata Workarounds
    • 7.28. Nuvoton NPCM845X
      • 7.28.1. How to Build
    • 7.29. NXP Reference Development Platforms
      • 7.29.1. 1. NXP SoCs - Overview
        • 7.29.1.1. 1.1. Table of supported boot-modes by each platform & platform that needs FIP-DDR:
        • 7.29.1.2. 1.2. Boot Sequence
        • 7.29.1.3. 1.3. Boot Sequence with FIP-DDR
        • 7.29.1.4. 1.4. DDR Memory Layout
      • 7.29.2. 2. How to build
        • 7.29.2.1. 2.1. Code Locations
        • 7.29.2.2. 2.2. Build Procedure
      • 7.29.3. 3. Deploy ATF Images
      • 7.29.4. 4. Trusted Board Boot:
      • 7.29.5. Steps to blow fuses on NXP LS SoC:
      • 7.29.6. Second method to do the fuse provsioning:
      • 7.29.7. NXP Platforms:
        • 7.29.7.1. Bare-Minimum Preparation to run TBBR on NXP Platforms:
        • 7.29.7.2. Two options are provided for TRUSTED_BOARD_BOOT:
      • 7.29.8. Option 1: CoT using X 509 certificates
      • 7.29.9. Option 2: CoT using NXP CSF headers.
        • 7.29.9.1. Deploy ATF Images
        • 7.29.9.2. Verification to check if Secure state is achieved:
    • 7.30. Poplar
      • 7.30.1. How to build
        • 7.30.1.1. Code Locations
        • 7.30.1.2. Build Procedure
      • 7.30.2. Install Procedure
      • 7.30.3. Boot trace
    • 7.31. QEMU virt Armv8-A
      • 7.31.1. Getting non-TF images
      • 7.31.2. Booting via semi-hosting option
      • 7.31.3. Booting via flash based firmware
      • 7.31.4. Running QEMU in OpenCI
    • 7.32. QEMU SBSA Target
    • 7.33. Qualcomm Technologies, Inc.
      • 7.33.1. Boot Trace
      • 7.33.2. How to build
        • 7.33.2.1. Code Locations
        • 7.33.2.2. Build Procedure
    • 7.34. Qualcomm MSM8916
      • 7.34.1. Functionality
      • 7.34.2. Boot Flow
      • 7.34.3. Build
        • 7.34.3.1. AArch64 (BL31)
        • 7.34.3.2. AArch32 (BL32/SP_MIN)
      • 7.34.4. Build Options
      • 7.34.5. Installation
      • 7.34.6. Boot Trace
        • 7.34.6.1. AArch64 (BL31)
        • 7.34.6.2. AArch32 (BL32/SP_MIN)
    • 7.35. Raspberry Pi 3
      • 7.35.1. Design
        • 7.35.1.1. Placement of images
        • 7.35.1.2. Boot sequence
        • 7.35.1.3. Secondary cores
      • 7.35.2. Build Instructions
        • 7.35.2.1. Building the firmware for kernels that don’t support PSCI
        • 7.35.2.2. Building the firmware for kernels that support PSCI
      • 7.35.3. AArch64 kernel build instructions
      • 7.35.4. Setup SD card
    • 7.36. Raspberry Pi 4
      • 7.36.1. Build Instructions
      • 7.36.2. TF-A port design
    • 7.37. Raspberry Pi 5
      • 7.37.1. Build
      • 7.37.2. Usage
      • 7.37.3. Design
    • 7.38. Renesas R-Car
      • 7.38.1. Renesas R-Car Gen3 evaluation boards:
      • 7.38.2. Overview
      • 7.38.3. How to build
        • 7.38.3.1. Build Tested:
        • 7.38.3.2. System Tested:
        • 7.38.3.3. TF-A Build Procedure
        • 7.38.3.4. Install Procedure
      • 7.38.4. Boot trace
    • 7.39. Renesas RZ/G
      • 7.39.1. Renesas RZ/G2 reference platforms:
      • 7.39.2. Overview
      • 7.39.3. How to build
        • 7.39.3.1. Build Tested:
        • 7.39.3.2. System Tested:
        • 7.39.3.3. TF-A Build Procedure
        • 7.39.3.4. Install Procedure
      • 7.39.4. Boot trace
    • 7.40. Rockchip SoCs
      • 7.40.1. Boot Sequence
      • 7.40.2. How to build
      • 7.40.3. How to deploy
    • 7.41. Socionext UniPhier
      • 7.41.1. Boot Flow
      • 7.41.2. Basic Build
      • 7.41.3. Optional features
    • 7.42. Socionext Synquacer
      • 7.42.1. How to build
        • 7.42.1.1. Code Locations
        • 7.42.1.2. Boot Flow
        • 7.42.1.3. Build Procedure
        • 7.42.1.4. Install the System Firmware
    • 7.43. STMicroelectronics STM32 MPUs
      • 7.43.1. STM32 MPUs
        • 7.43.1.1. Design
        • 7.43.1.2. Build Instructions
        • 7.43.1.3. Populate SD-card
      • 7.43.2. STM32MP1
        • 7.43.2.1. STM32MP1 Versions
        • 7.43.2.2. Memory mapping
        • 7.43.2.3. Build Instructions
      • 7.43.3. STM32MP2
        • 7.43.3.1. STM32MP2 Versions
        • 7.43.3.2. Memory mapping
        • 7.43.3.3. Build Instructions
    • 7.44. Texas Instruments K3
      • 7.44.1. Boot Flow
      • 7.44.2. Build Instructions
      • 7.44.3. Deploy Images
    • 7.45. Xilinx Versal NET
      • 7.45.1. Xilinx Versal NET platform specific build options
      • 7.45.2. Reference DEN0028E SMC calling convention
      • 7.45.3. Allocated subranges of Function Identifier to SIP services
      • 7.45.4. IPI SMC call ranges
      • 7.45.5. PM SMC call ranges for SiP SVC version 0.1
      • 7.45.6. PM SMC call ranges for SiP SVC version 0.2
      • 7.45.7. SMC function IDs for SiP Service queries
    • 7.46. Xilinx Versal
      • 7.46.1. Xilinx Versal platform specific build options
      • 7.46.2. # PLM->TF-A Parameter Passing
      • 7.46.3. Reference DEN0028E SMC calling convention
      • 7.46.4. Allocated subranges of Function Identifier to SIP services
      • 7.46.5. IPI SMC call ranges
      • 7.46.6. PM SMC call ranges for SiP SVC version 0.1
      • 7.46.7. PM SMC call ranges for SiP SVC version 0.2
      • 7.46.8. SMC function IDs for SiP Service queries
    • 7.47. Xilinx Zynq UltraScale+ MPSoC
      • 7.47.1. ZynqMP platform specific build options
      • 7.47.2. ZynqMP Debug behavior
      • 7.47.3. DDR Address Range Usage
      • 7.47.4. Configurable Stack Size
      • 7.47.5. FSBL->TF-A Parameter Passing
      • 7.47.6. Power Domain Tree
      • 7.47.7. CUSTOM SIP service support
      • 7.47.8. Custom package makefile fragment inclusion in TF-A build
      • 7.47.9. Reference DEN0028E SMC calling convention
      • 7.47.10. Allocated subranges of Function Identifier to SIP services
      • 7.47.11. IPI SMC call ranges
      • 7.47.12. PM SMC call ranges
      • 7.47.13. SMC function IDs for SiP Service queries
      • 7.47.14. CUSTOM SIP service support
    • 7.48. Broadcom Stingray
      • 7.48.1. Description
      • 7.48.2. Boot Sequence
        • 7.48.2.1. Code Locations
      • 7.48.3. How to build
        • 7.48.3.1. Build Procedure
        • 7.48.3.2. Deploy TF-A Images
    • 7.49. Deprecated platforms
  • 8. Performance & Testing
    • 8.1. PSCI Performance Measurement
      • 8.1.1. Performance Measurement Framework
      • 8.1.2. PSCI Statistics
      • 8.1.3. Runtime Instrumentation
        • 8.1.3.1. PSCI SMC Handler Instrumentation
    • 8.2. PSCI Performance Measurements on Arm Juno Development Platform
      • 8.2.1. Method
      • 8.2.2. Results
        • 8.2.2.1. CPU_SUSPEND to deepest power level
        • 8.2.2.2. CPU_SUSPEND to power level 0
        • 8.2.2.3. CPU_OFF on all non-lead CPUs
        • 8.2.2.4. CPU_VERSION in parallel
      • 8.2.3. Annotated Historic Results
        • 8.2.3.1. CPU_SUSPEND to deepest power level on all CPUs in parallel
        • 8.2.3.2. CPU_SUSPEND to power level 0 on all CPUs in parallel
        • 8.2.3.3. CPU_SUSPEND to deepest power level on all CPUs in sequence
        • 8.2.3.4. CPU_SUSPEND to power level 0 on all CPUs in sequence
        • 8.2.3.5. CPU_OFF on all non-lead CPUs in sequence then CPU_SUSPEND on lead CPU to deepest power level
        • 8.2.3.6. PSCI_VERSION on all CPUs in parallel
    • 8.3. Runtime Instrumentation Testing - N1SDP
      • 8.3.1. Results
        • 8.3.1.1. CPU_SUSPEND to deepest power level
        • 8.3.1.2. CPU_SUSPEND to power level 0
        • 8.3.1.3. CPU_OFF on all non-lead CPUs
        • 8.3.1.4. CPU_VERSION in parallel
    • 8.4. Runtime Instrumentation Methodology
      • 8.4.1. Framework
      • 8.4.2. Metrics
    • 8.5. Test Secure Payload (TSP) and Dispatcher (TSPD)
      • 8.5.1. Building the Test Secure Payload
    • 8.6. Performance Monitoring Unit
      • 8.6.1. PMU Counters
        • 8.6.1.1. Architectural mappings
      • 8.6.2. Configuring the PMU for counting events
        • 8.6.2.1. Architectural mappings
        • 8.6.2.2. Relevant register fields
  • 9. Security Advisories
    • 9.1. Advisory TFV-1 (CVE-2016-10319)
    • 9.2. Advisory TFV-2 (CVE-2017-7564)
    • 9.3. Advisory TFV-3 (CVE-2017-7563)
    • 9.4. Advisory TFV-4 (CVE-2017-9607)
    • 9.5. Advisory TFV-5 (CVE-2017-15031)
    • 9.6. Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)
      • 9.6.1. Variant 1 (CVE-2017-5753)
      • 9.6.2. Variant 2 (CVE-2017-5715)
      • 9.6.3. Variant 3 (CVE-2017-5754)
    • 9.7. Advisory TFV-7 (CVE-2018-3639)
      • 9.7.1. Static mitigation
      • 9.7.2. Dynamic mitigation
    • 9.8. Advisory TFV-8 (CVE-2018-19440)
    • 9.9. Advisory TFV-9 (CVE-2022-23960)
      • 9.9.1. CVE-2022-23960
    • 9.10. Advisory TFV-10 (CVE-2022-47630)
      • 9.10.1. Bug 1: Insufficient certificate validation
      • 9.10.2. Bug 2: Missing bounds check in auth_nvctr()
      • 9.10.3. Exploitability Analysis
        • 9.10.3.1. Upstream TF-A Code
        • 9.10.3.2. Custom Image Parsers
    • 9.11. Advisory TFV-11 (CVE-2023-49100)
  • 10. Design Documents
    • 10.1. TF-A CMake buildsystem
      • 10.1.1. Abstract
      • 10.1.2. Introduction
      • 10.1.3. Main features
        • 10.1.3.1. Structured configuration description
        • 10.1.3.2. Target description
        • 10.1.3.3. Compiler abstraction
        • 10.1.3.4. External tools
      • 10.1.4. Workflow
      • 10.1.5. Example
    • 10.2. Interaction between Measured Boot and an fTPM (PoC)
      • 10.2.1. Components
      • 10.2.2. Building the PoC for the Arm FVP platform
      • 10.2.3. Running and using the PoC on the Armv8-A Foundation AEM FVP
      • 10.2.4. Fine-tuning the fTPM TA
    • 10.3. Measured Boot using a Discrete TPM (PoC)
      • 10.3.1. Components
      • 10.3.2. Building the PoC for the Raspberry Pi 3
      • 10.3.3. Running the PoC for the Raspberry Pi 3
      • 10.3.4. Next steps for Discrete TPM and Measured Boot development
    • 10.4. DRTM Proof of Concept
      • 10.4.1. Components
      • 10.4.2. Building the PoC for the Arm FVP platform
      • 10.4.3. Running DRTM UEFI application on the Armv8-A AEM FVP
    • 10.5. Runtime Security Engine (RSE)
      • 10.5.1. RSE communication layer
        • 10.5.1.1. Message structure
        • 10.5.1.2. Source files
        • 10.5.1.3. API for communication over MHU
      • 10.5.2. RSE provided runtime services
        • 10.5.2.1. Runtime service API
        • 10.5.2.2. Software and API layers
      • 10.5.3. RSE based Measured Boot
        • 10.5.3.1. Measured Boot API
        • 10.5.3.2. Measured Boot Metadata
        • 10.5.3.3. Signer-ID API
        • 10.5.3.4. Build time config options
        • 10.5.3.5. Measured boot flow
        • 10.5.3.6. Sample console log
      • 10.5.4. Delegated Attestation
        • 10.5.4.1. Delegated Attestation API
        • 10.5.4.2. Attestation flow
        • 10.5.4.3. Sample attestation token
      • 10.5.5. RSE based DICE Protection Environment
        • 10.5.5.1. DPE API
        • 10.5.5.2. Build time config options
        • 10.5.5.3. Example certificate chain
      • 10.5.6. RSE OTP Assets Management
        • 10.5.6.1. Non-Volatile Counter API
        • 10.5.6.2. Public Key API
        • 10.5.6.3. Get entropy API
      • 10.5.7. References
    • 10.6. PSCI OS-initiated mode
      • 10.6.1. Introduction
        • 10.6.1.1. Power state coordination
      • 10.6.2. Motivation
        • 10.6.2.1. Scalability
        • 10.6.2.2. Simplicity
        • 10.6.2.3. Current vendor implementations and workarounds
      • 10.6.3. Requirements
        • 10.6.3.1. PSCI_FEATURES
        • 10.6.3.2. PSCI_SET_SUSPEND_MODE
        • 10.6.3.3. CPU_SUSPEND
      • 10.6.4. Caveats
        • 10.6.4.1. CPU_OFF
      • 10.6.5. Implementation
        • 10.6.5.1. Current implementation of platform-coordinated mode
        • 10.6.5.2. Proposed implementation of OS-initiated mode
      • 10.6.6. Testing
        • 10.6.6.1. Testing on FVP and Google platforms
        • 10.6.6.2. Testing on STM32MP15
        • 10.6.6.3. Testing on Qualcomm SC7280
        • 10.6.6.4. Comparisons on Qualcomm SC7280
    • 10.7. Measured Boot Design
      • 10.7.1. Introduction
      • 10.7.2. Critical data
      • 10.7.3. Measurement slot
      • 10.7.4. Measured Boot Backends
      • 10.7.5. Platform Interface
    • 10.8. Discrete TPM drivers
      • 10.8.1. Driver architecture
        • 10.8.1.1. Header files
        • 10.8.1.2. Source files
      • 10.8.2. Build time config options
      • 10.8.3. Discrete TPM Initialization
      • 10.8.4. Discrete TPM PCR Extend
  • 11. Threat Model
    • 11.1. TF-A Firmware Threat Model
      • 11.1.1. Generic Threat Model
        • 11.1.1.1. Introduction
        • 11.1.1.2. Target of Evaluation
        • 11.1.1.3. Threat Analysis
      • 11.1.2. EL3 SPMC Threat Model
        • 11.1.2.1. Introduction
        • 11.1.2.2. Target of Evaluation
        • 11.1.2.3. Threat Analysis
      • 11.1.3. Threat Model for RSE - AP interface
        • 11.1.3.1. Introduction
        • 11.1.3.2. Target of Evaluation
      • 11.1.4. Threat Model for TF-A with Arm CCA support
        • 11.1.4.1. Introduction
        • 11.1.4.2. Target of Evaluation
        • 11.1.4.3. Threat Analysis
      • 11.1.5. Threat Model for TF-A with PSA FWU or TBBR FWU support
        • 11.1.5.1. Introduction
        • 11.1.5.2. Target of Evaluation
        • 11.1.5.3. Threat Assessment
        • 11.1.5.4. PSA FWU
        • 11.1.5.5. TBBR FWU - Firmware Recovery
    • 11.2. TF-A Supply Chain Threat Model
      • 11.2.1. Introduction
      • 11.2.2. TF-A Overview
        • 11.2.2.1. TF-A Repository
        • 11.2.2.2. External Dependencies
        • 11.2.2.3. Supplementary Binaries
        • 11.2.2.4. TF-A Toolchain
        • 11.2.2.5. Infrastructure
      • 11.2.3. TF-A Data Flow
      • 11.2.4. Attack Tree
      • 11.2.5. Threat Assessment and Mitigations
        • 11.2.5.1. Impact and Likelihood Ratings
        • 11.2.5.2. Threats and Mitigations
      • 11.2.6. Appendix A
      • 11.2.7. References
  • 12. Tools
    • 12.1. TF-A Memory Layout Tool
      • 12.1.1. Prerequisites
      • 12.1.2. Getting Started
      • 12.1.3. Symbol Virtual Map
      • 12.1.4. Memory Footprint
      • 12.1.5. Memory Tree
    • 12.2. Transfer List Compiler
      • 12.2.1. Getting Started
      • 12.2.2. Creating a Transfer List
      • 12.2.3. Printing the contents of a TL
      • 12.2.4. Modifying the contents of an existing TL
      • 12.2.5. Unpacking a Transfer List
      • 12.2.6. Validate a Transfer List
      • 12.2.7. YAML Config File Format
    • 12.3. TF-A CoT dt2c Tool
      • 12.3.1. Prerequisites
      • 12.3.2. Getting Started
      • 12.3.3. Convert CoT descriptors to C file
      • 12.3.4. Validate CoT descriptors
      • 12.3.5. Visualize CoT descriptors
      • 12.3.6. Validate Other DT files
  • 13. Change Log & Release Notes
    • 13.1. 2.12.0 (2024-11-19)
      • 13.1.1. ⚠ BREAKING CHANGES
      • 13.1.2. Resolved Issues
      • 13.1.3. New Features
    • 13.2. 2.11.0 (2024-05-17)
      • 13.2.1. ⚠ BREAKING CHANGES
      • 13.2.2. New Features
      • 13.2.3. Resolved Issues
    • 13.3. 2.10.0 (2023-11-21)
      • 13.3.1. ⚠ BREAKING CHANGES
      • 13.3.2. New Features
      • 13.3.3. Resolved Issues
    • 13.4. 2.9.0 (2023-05-16)
      • 13.4.1. ⚠ BREAKING CHANGES
      • 13.4.2. Resolved Issues
      • 13.4.3. New Features
    • 13.5. 2.8.0 (2022-11-15)
      • 13.5.1. ⚠ BREAKING CHANGES
      • 13.5.2. New Features
      • 13.5.3. Resolved Issues
    • 13.6. 2.7.0 (2022-05-20)
      • 13.6.1. New Features
      • 13.6.2. Resolved Issues
    • 13.7. 2.6.0 (2021-11-22)
      • 13.7.1. ⚠ BREAKING CHANGES
      • 13.7.2. New Features
      • 13.7.3. Resolved Issues
    • 13.8. 2.5.0 (2021-05-17)
      • 13.8.1. New Features
      • 13.8.2. Changed
      • 13.8.3. Resolved Issues
    • 13.9. 2.4.0 (2020-11-17)
      • 13.9.1. New Features
      • 13.9.2. Changed
      • 13.9.3. Resolved Issues
      • 13.9.4. Known Issues
    • 13.10. 2.3.0 (2020-04-20)
      • 13.10.1. New Features
      • 13.10.2. Changed
      • 13.10.3. Resolved Issues
      • 13.10.4. Known Issues
    • 13.11. 2.2.0 (2019-10-22)
      • 13.11.1. New Features
      • 13.11.2. Changed
      • 13.11.3. Resolved Issues
      • 13.11.4. Deprecations
      • 13.11.5. Known Issues
    • 13.12. 2.1.0 (2019-03-29)
      • 13.12.1. New Features
      • 13.12.2. Changed
      • 13.12.3. Resolved Issues
      • 13.12.4. Deprecations
      • 13.12.5. Known Issues
    • 13.13. 2.0.0 (2018-10-02)
      • 13.13.1. New Features
      • 13.13.2. Issues resolved since last release
      • 13.13.3. Known Issues
    • 13.14. 1.6.0 (2018-09-21)
      • 13.14.1. New Features
      • 13.14.2. Issues resolved since last release
      • 13.14.3. Known Issues
    • 13.15. 1.5.0 (2018-03-20)
      • 13.15.1. New features
      • 13.15.2. Issues resolved since last release
      • 13.15.3. Known Issues
    • 13.16. 1.4.0 (2017-07-07)
      • 13.16.1. New features
      • 13.16.2. Issues resolved since last release
      • 13.16.3. Known Issues
    • 13.17. 1.3.0 (2016-10-13)
      • 13.17.1. New features
      • 13.17.2. Issues resolved since last release
      • 13.17.3. Known issues
    • 13.18. 1.2.0 (2015-12-22)
      • 13.18.1. New features
      • 13.18.2. Issues resolved since last release
      • 13.18.3. Known issues
    • 13.19. 1.1.0 (2015-02-04)
      • 13.19.1. New features
      • 13.19.2. Issues resolved since last release
      • 13.19.3. Known issues
    • 13.20. 1.0.0 (2014-08-28)
      • 13.20.1. New features
      • 13.20.2. Issues resolved since last release
      • 13.20.3. Known issues
    • 13.21. 0.4.0 (2014-06-03)
      • 13.21.1. New features
      • 13.21.2. Issues resolved since last release
      • 13.21.3. Known issues
    • 13.22. 0.3.0 (2014-02-28)
      • 13.22.1. New features
      • 13.22.2. Issues resolved since last release
      • 13.22.3. Known issues
    • 13.23. 0.2.0 (2013-10-25)
      • 13.23.1. New features
      • 13.23.2. Issues resolved since last release
      • 13.23.3. Known issues
  • 14. Glossary
  • 15. License
    • 15.1. SPDX Identifiers
    • 15.2. Other Projects
Trusted Firmware-A
  • 9. Security Advisories
  • View page source
Previous Next

9. Security Advisories

Contents

  • 9.1. Advisory TFV-1 (CVE-2016-10319)
  • 9.2. Advisory TFV-2 (CVE-2017-7564)
  • 9.3. Advisory TFV-3 (CVE-2017-7563)
  • 9.4. Advisory TFV-4 (CVE-2017-9607)
  • 9.5. Advisory TFV-5 (CVE-2017-15031)
  • 9.6. Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)
  • 9.7. Advisory TFV-7 (CVE-2018-3639)
  • 9.8. Advisory TFV-8 (CVE-2018-19440)
  • 9.9. Advisory TFV-9 (CVE-2022-23960)
  • 9.10. Advisory TFV-10 (CVE-2022-47630)
  • 9.11. Advisory TFV-11 (CVE-2023-49100)
Previous Next