Trusted Firmware-A Logo
v2.2
  • Home
  • About
    • 1. Feature Overview
      • 1.1. Current features
      • 1.2. Still to come
    • 2. Release Processes
      • 2.1. Project Release Cadence
        • 2.1.1. Upcoming Releases
      • 2.2. Removal of Deprecated Interfaces
    • 3. Maintainers
      • 3.1. Main maintainers
      • 3.2. Allwinner ARMv8 platform port
      • 3.3. Amlogic Meson S905 (GXBB) platform port
      • 3.4. Amlogic Meson S905x (GXL) platform port
      • 3.5. Amlogic Meson S905X2 (G12A) platform port
      • 3.6. Armv7-A architecture port
      • 3.7. Arm System Guidance for Infrastructure / Mobile FVP platforms
      • 3.8. Console API framework
      • 3.9. coreboot support libraries
      • 3.10. eMMC/UFS drivers
      • 3.11. HiSilicon HiKey and HiKey960 platform ports
      • 3.12. HiSilicon Poplar platform port
      • 3.13. Intel SocFPGA platform ports
      • 3.14. MediaTek platform ports
      • 3.15. Marvell platform ports and SoC drivers
      • 3.16. NVidia platform ports
      • 3.17. NXP QorIQ Layerscape platform ports
      • 3.18. NXP i.MX 7 WaRP7 platform port and SoC drivers
      • 3.19. NXP i.MX 8 platform port
      • 3.20. NXP i.MX8M platform port
      • 3.21. OP-TEE dispatcher
      • 3.22. QEMU platform port
      • 3.23. Raspberry Pi 3 platform port
      • 3.24. Renesas rcar-gen3 platform port
      • 3.25. RockChip platform port
      • 3.26. STM32MP1 platform port
      • 3.27. Synquacer platform port
      • 3.28. Texas Instruments platform port
      • 3.29. TLK/Trusty secure payloads
      • 3.30. UniPhier platform port
      • 3.31. Xilinx platform port
    • 4. Support & Contact
      • 4.1. Mailing Lists
      • 4.2. Issue Tracker
      • 4.3. Arm Licensees
    • 5. Contributor Acknowledgements
  • Getting Started
    • 1. User Guide
      • 1.1. Host machine requirements
      • 1.2. Tools
      • 1.3. Getting the TF-A source code
        • 1.3.1. Checking source code style
      • 1.4. Building TF-A
        • 1.4.1. Summary of build options
        • 1.4.2. Debugging options
        • 1.4.3. Building the Test Secure Payload
        • 1.4.4. Building and using the FIP tool
        • 1.4.5. Building FIP images with support for Trusted Board Boot
        • 1.4.6. Building the Certificate Generation Tool
      • 1.5. Building a FIP for Juno and FVP
      • 1.6. Booting Firmware Update images
        • 1.6.1. Juno
        • 1.6.2. FVP
      • 1.7. EL3 payloads alternative boot flow
        • 1.7.1. Booting an EL3 payload
      • 1.8. Preloaded BL33 alternative boot flow
        • 1.8.1. Boot of a preloaded kernel image on Base FVP
        • 1.8.2. Boot of a preloaded kernel image on Juno
      • 1.9. Running the software on FVP
        • 1.9.1. Obtaining the Flattened Device Trees
        • 1.9.2. Running on the Foundation FVP with reset to BL1 entrypoint
        • 1.9.3. Running on the AEMv8 Base FVP with reset to BL1 entrypoint
        • 1.9.4. Running on the AEMv8 Base FVP (AArch32) with reset to BL1 entrypoint
        • 1.9.5. Running on the Cortex-A57-A53 Base FVP with reset to BL1 entrypoint
        • 1.9.6. Running on the Cortex-A32 Base FVP (AArch32) with reset to BL1 entrypoint
        • 1.9.7. Running on the AEMv8 Base FVP with reset to BL31 entrypoint
        • 1.9.8. Running on the AEMv8 Base FVP (AArch32) with reset to SP_MIN entrypoint
        • 1.9.9. Running on the Cortex-A57-A53 Base FVP with reset to BL31 entrypoint
        • 1.9.10. Running on the Cortex-A32 Base FVP (AArch32) with reset to SP_MIN entrypoint
      • 1.10. Running the software on Juno
        • 1.10.1. Preparing TF-A images
        • 1.10.2. Other Juno software information
        • 1.10.3. Testing SYSTEM SUSPEND on Juno
    • 2. Building Documentation
      • 2.1. Prerequisites
      • 2.2. Building rendered documentation
    • 3. Image Terminology
      • 3.1. General Notes
      • 3.2. Trusted Firmware Images
        • 3.2.1. AP Boot ROM: AP_BL1
        • 3.2.2. AP RAM Firmware: AP_BL2
        • 3.2.3. EL3 Runtime Firmware: AP_BL31
        • 3.2.4. Secure-EL1 Payload (SP): AP_BL32
        • 3.2.5. AP Normal World Firmware: AP_BL33
        • 3.2.6. Other AP 3rd level images: AP_BL3_XXX
        • 3.2.7. SCP Boot ROM: SCP_BL1 (previously BL0)
        • 3.2.8. SCP RAM Firmware: SCP_BL2 (previously BL3-0)
      • 3.3. Firmware Update (FWU) Images
        • 3.3.1. AP Firmware Update Boot ROM: AP_NS_BL1U
        • 3.3.2. AP Firmware Update Config: AP_BL2U
        • 3.3.3. SCP Firmware Update Config: SCP_BL2U (previously BL2-U0)
        • 3.3.4. AP Firmware Updater: AP_NS_BL2U (previously BL3-U)
      • 3.4. Other Processor Firmware Images
        • 3.4.1. MCP Boot ROM: MCP_BL1
        • 3.4.2. MCP RAM Firmware: MCP_BL2
    • 4. Porting Guide
      • 4.1. Introduction
      • 4.2. Common modifications
      • 4.3. Common mandatory modifications
        • 4.3.1. File : platform_def.h [mandatory]
        • 4.3.2. File : plat_macros.S [mandatory]
      • 4.4. Handling Reset
        • 4.4.1. Function : plat_get_my_entrypoint() [mandatory when PROGRAMMABLE_RESET_ADDRESS == 0]
        • 4.4.2. Function : plat_secondary_cold_boot_setup() [mandatory when COLD_BOOT_SINGLE_CPU == 0]
        • 4.4.3. Function : plat_is_my_cpu_primary() [mandatory when COLD_BOOT_SINGLE_CPU == 0]
        • 4.4.4. Function : platform_mem_init() [mandatory]
        • 4.4.5. Function: plat_get_rotpk_info()
        • 4.4.6. Function: plat_get_nv_ctr()
        • 4.4.7. Function: plat_set_nv_ctr()
        • 4.4.8. Function: plat_set_nv_ctr2()
      • 4.5. Common mandatory function modifications
        • 4.5.1. Function : plat_my_core_pos()
        • 4.5.2. Function : plat_core_pos_by_mpidr()
        • 4.5.3. Function : plat_get_mbedtls_heap() [when TRUSTED_BOARD_BOOT == 1]
      • 4.6. Common optional modifications
        • 4.6.1. Function : plat_set_my_stack()
        • 4.6.2. Function : plat_get_my_stack()
        • 4.6.3. Function : plat_report_exception()
        • 4.6.4. Function : plat_reset_handler()
        • 4.6.5. Function : plat_disable_acp()
        • 4.6.6. Function : plat_error_handler()
        • 4.6.7. Function : plat_panic_handler()
        • 4.6.8. Function : plat_get_bl_image_load_info()
        • 4.6.9. Function : plat_get_next_bl_params()
        • 4.6.10. Function : plat_get_stack_protector_canary()
        • 4.6.11. Function : plat_flush_next_bl_params()
        • 4.6.12. Function : plat_log_get_prefix()
      • 4.7. Modifications specific to a Boot Loader stage
      • 4.8. Boot Loader Stage 1 (BL1)
        • 4.8.1. Function : bl1_early_platform_setup() [mandatory]
        • 4.8.2. Function : bl1_plat_arch_setup() [mandatory]
        • 4.8.3. Function : bl1_platform_setup() [mandatory]
        • 4.8.4. Function : bl1_plat_sec_mem_layout() [mandatory]
        • 4.8.5. Function : bl1_plat_prepare_exit() [optional]
        • 4.8.6. Function : bl1_plat_set_ep_info() [optional]
        • 4.8.7. Function : bl1_plat_get_next_image_id() [optional]
        • 4.8.8. Function : bl1_plat_get_image_desc() [optional]
        • 4.8.9. Function : bl1_plat_handle_pre_image_load() [optional]
        • 4.8.10. Function : bl1_plat_handle_post_image_load() [optional]
        • 4.8.11. Function : bl1_plat_fwu_done() [optional]
        • 4.8.12. Function : bl1_plat_mem_check() [mandatory]
      • 4.9. Boot Loader Stage 2 (BL2)
        • 4.9.1. Function : bl2_early_platform_setup2() [mandatory]
        • 4.9.2. Function : bl2_plat_arch_setup() [mandatory]
        • 4.9.3. Function : bl2_platform_setup() [mandatory]
        • 4.9.4. Function : bl2_plat_handle_pre_image_load() [optional]
        • 4.9.5. Function : bl2_plat_handle_post_image_load() [optional]
        • 4.9.6. Function : bl2_plat_preload_setup [optional]
        • 4.9.7. Function : plat_try_next_boot_source() [optional]
      • 4.10. Boot Loader Stage 2 (BL2) at EL3
        • 4.10.1. Function : bl2_el3_early_platform_setup() [mandatory]
        • 4.10.2. Function : bl2_el3_plat_arch_setup() [mandatory]
        • 4.10.3. Function : bl2_el3_plat_prepare_exit() [optional]
      • 4.11. FWU Boot Loader Stage 2 (BL2U)
        • 4.11.1. Function : bl2u_early_platform_setup() [mandatory]
        • 4.11.2. Function : bl2u_plat_arch_setup() [mandatory]
        • 4.11.3. Function : bl2u_platform_setup() [mandatory]
        • 4.11.4. Function : bl2u_plat_handle_scp_bl2u() [optional]
      • 4.12. Boot Loader Stage 3-1 (BL31)
        • 4.12.1. Function : bl31_early_platform_setup2() [mandatory]
        • 4.12.2. Function : bl31_plat_arch_setup() [mandatory]
        • 4.12.3. Function : bl31_platform_setup() [mandatory]
        • 4.12.4. Function : bl31_plat_runtime_setup() [optional]
        • 4.12.5. Function : bl31_plat_get_next_image_ep_info() [mandatory]
        • 4.12.6. Function : bl31_plat_enable_mmu [optional]
        • 4.12.7. Function : plat_init_apkey [optional]
        • 4.12.8. Function : plat_get_syscnt_freq2() [mandatory]
        • 4.12.9. #define : PLAT_PERCPU_BAKERY_LOCK_SIZE [optional]
        • 4.12.10. SDEI porting requirements
      • 4.13. Power State Coordination Interface (in BL31)
        • 4.13.1. Function : plat_psci_stat_accounting_start() [optional]
        • 4.13.2. Function : plat_psci_stat_accounting_stop() [optional]
        • 4.13.3. Function : plat_psci_stat_get_residency() [optional]
        • 4.13.4. Function : plat_get_target_pwr_state() [optional]
        • 4.13.5. Function : plat_get_power_domain_tree_desc() [mandatory]
        • 4.13.6. Function : plat_setup_psci_ops() [mandatory]
      • 4.14. Interrupt Management framework (in BL31)
        • 4.14.1. Function : plat_interrupt_type_to_line() [mandatory]
        • 4.14.2. Function : plat_ic_get_pending_interrupt_type() [mandatory]
        • 4.14.3. Function : plat_ic_get_pending_interrupt_id() [mandatory]
        • 4.14.4. Function : plat_ic_acknowledge_interrupt() [mandatory]
        • 4.14.5. Function : plat_ic_end_of_interrupt() [mandatory]
        • 4.14.6. Function : plat_ic_get_interrupt_type() [mandatory]
      • 4.15. Crash Reporting mechanism (in BL31)
        • 4.15.1. Function : plat_crash_console_init [mandatory]
        • 4.15.2. Function : plat_crash_console_putc [mandatory]
        • 4.15.3. Function : plat_crash_console_flush [mandatory]
      • 4.16. External Abort handling and RAS Support
        • 4.16.1. Function : plat_ea_handler
        • 4.16.2. Function : plat_handle_uncontainable_ea
        • 4.16.3. Function : plat_handle_double_fault
        • 4.16.4. Function : plat_handle_el3_ea
      • 4.17. Build flags
      • 4.18. C Library
      • 4.19. Storage abstraction layer
    • 5. PSCI Library Integration guide for Armv8-A AArch32 systems
      • 5.1. Generic call sequence for PSCI Library interface (AArch32)
      • 5.2. PSCI CPU context management
      • 5.3. PSCI Library Interface
        • 5.3.1. Interface : psci_setup()
        • 5.3.2. Interface : psci_prepare_next_non_secure_ctx()
        • 5.3.3. Interface : psci_register_spd_pm_hook()
        • 5.3.4. Interface : psci_smc_handler()
        • 5.3.5. Interface : psci_warmboot_entrypoint()
      • 5.4. EL3 Runtime Software dependencies
        • 5.4.1. General dependencies
        • 5.4.2. CPU Context management API
        • 5.4.3. Platform API
        • 5.4.4. Secure payload power management callback
        • 5.4.5. CPU operations
    • 6. EL3 Runtime Service Writer’s Guide
      • 6.1. Introduction
      • 6.2. Owning Entities, Call Types and Function IDs
      • 6.3. Getting started
      • 6.4. Registering a runtime service
      • 6.5. Initializing a runtime service
      • 6.6. Handling runtime service requests
      • 6.7. Services that contain multiple sub-services
      • 6.8. Secure-EL1 Payload Dispatcher service (SPD)
  • Processes & Policies
    • 1. Security Handling
      • 1.1. Security Disclosures
      • 1.2. Found a Security Issue?
      • 1.3. Attribution
      • 1.4. Security Advisories
    • 2. Platform Compatibility Policy
      • 2.1. Introduction
      • 2.2. Platform compatibility policy
    • 3. Coding Style & Guidelines
      • 3.1. Checkpatch overrides
      • 3.2. Headers and inclusion
        • 3.2.1. Header guards
        • 3.2.2. Include statement ordering
        • 3.2.3. Include statement variants
        • 3.2.4. Platform include paths
      • 3.3. Types and typedefs
        • 3.3.1. Use of built-in C and libc data types
        • 3.3.2. Avoid anonymous typedefs of structs/enums in headers
      • 3.4. Libc functions that are banned or to be used with caution
      • 3.5. Error handling and robustness
        • 3.5.1. Using CASSERT to check for compile time data errors
        • 3.5.2. Using assert() to check for programming errors
        • 3.5.3. Handling integration errors
        • 3.5.4. Handling recoverable errors
        • 3.5.5. Handling unrecoverable errors
        • 3.5.6. Handling critical unresponsiveness
      • 3.6. Security considerations
        • 3.6.1. Do not leak secrets to the normal world
        • 3.6.2. Handling Denial of Service attacks
      • 3.7. Performance considerations
        • 3.7.1. Avoid printf and use logging macros
        • 3.7.2. Use const data where possible
      • 3.8. Library and driver code
    • 4. Contributor’s Guide
      • 4.1. Getting Started
      • 4.2. Making Changes
      • 4.3. Submitting Changes
      • 4.4. Binary Components
    • 5. Frequently-Asked Questions (FAQ)
      • 5.1. How do I update my changes?
      • 5.2. How long will my changes take to merge into integration?
      • 5.3. How long will it take for my changes to go from integration to master?
      • 5.4. What are these strange comments in my changes?
    • 6. Security hardening
      • 6.1. Build options
  • Components
    • 1. Secure Payload Dispatcher (SPD)
      • 1.1. OP-TEE Dispatcher
      • 1.2. Trusted Little Kernel (TLK) Dispatcher
        • 1.2.1. Trusted Little Kernel (TLK)
        • 1.2.2. Build TLK
        • 1.2.3. Input parameters to TLK
      • 1.3. Trusty Dispatcher
        • 1.3.1. Boot parameters
        • 1.3.2. Supported platforms
    • 2. Arm SiP Services
      • 2.1. Performance Measurement Framework (PMF)
      • 2.2. Execution State Switching service
        • 2.2.1. ARM_SIP_SVC_EXE_STATE_SWITCH
    • 3. Exception Handling Framework
      • 3.1. Introduction
      • 3.2. The role of Exception Handling Framework
      • 3.3. Interrupt handling
        • 3.3.1. Partitioning priority levels
        • 3.3.2. Programming priority
      • 3.4. Registering handler
      • 3.5. Interrupt handling example
      • 3.6. Activating and Deactivating priorities
      • 3.7. Transition of priority levels
      • 3.8. Effect on SMC calls
      • 3.9. Build-time flow
      • 3.10. Run-time flow
      • 3.11. Interrupt Prioritisation Considerations
      • 3.12. Limitations
    • 4. Firmware Update (FWU)
      • 4.1. Introduction
        • 4.1.1. Scope
      • 4.2. FWU Overview
      • 4.3. Image Identification
      • 4.4. FWU State Machine
      • 4.5. BL1 SMC Interface
        • 4.5.1. BL1_SMC_CALL_COUNT
        • 4.5.2. BL1_SMC_UID
        • 4.5.3. BL1_SMC_VERSION
        • 4.5.4. BL1_SMC_RUN_IMAGE
        • 4.5.5. FWU_SMC_IMAGE_COPY
        • 4.5.6. FWU_SMC_IMAGE_AUTH
        • 4.5.7. FWU_SMC_IMAGE_EXECUTE
        • 4.5.8. FWU_SMC_IMAGE_RESUME
        • 4.5.9. FWU_SMC_SEC_IMAGE_DONE
        • 4.5.10. FWU_SMC_UPDATE_DONE
        • 4.5.11. FWU_SMC_IMAGE_RESET
    • 5. Platform Interrupt Controller API
      • 5.1. Function: unsigned int plat_ic_get_running_priority(void); [optional]
      • 5.2. Function: int plat_ic_is_spi(unsigned int id); [optional]
      • 5.3. Function: int plat_ic_is_ppi(unsigned int id); [optional]
      • 5.4. Function: int plat_ic_is_sgi(unsigned int id); [optional]
      • 5.5. Function: unsigned int plat_ic_get_interrupt_active(unsigned int id); [optional]
      • 5.6. Function: void plat_ic_enable_interrupt(unsigned int id); [optional]
      • 5.7. Function: void plat_ic_disable_interrupt(unsigned int id); [optional]
      • 5.8. Function: void plat_ic_set_interrupt_priority(unsigned int id, unsigned int priority); [optional]
      • 5.9. Function: int plat_ic_has_interrupt_type(unsigned int type); [optional]
      • 5.10. Function: void plat_ic_set_interrupt_type(unsigned int id, unsigned int type); [optional]
      • 5.11. Function: void plat_ic_raise_el3_sgi(int sgi_num, u_register_t target); [optional]
      • 5.12. Function: void plat_ic_set_spi_routing(unsigned int id, unsigned int routing_mode, u_register_t mpidr); [optional]
      • 5.13. Function: void plat_ic_set_interrupt_pending(unsigned int id); [optional]
      • 5.14. Function: void plat_ic_clear_interrupt_pending(unsigned int id); [optional]
      • 5.15. Function: unsigned int plat_ic_set_priority_mask(unsigned int id); [optional]
      • 5.16. Function: unsigned int plat_ic_get_interrupt_id(unsigned int raw); [optional]
    • 6. Reliability, Availability, and Serviceability (RAS) Extensions
      • 6.1. Overview
      • 6.2. Platform APIs
      • 6.3. Registering RAS error records
        • 6.3.1. Standard Error Record helpers
      • 6.4. Registering RAS interrupts
      • 6.5. Double-fault handling
      • 6.6. Engaging the RAS framework
      • 6.7. Interaction with Exception Handling Framework
    • 7. Library at ROM
      • 7.1. Introduction
      • 7.2. Index file
      • 7.3. Wrapper functions
      • 7.4. Script
      • 7.5. Patching of functions in library at ROM
      • 7.6. Build library at ROM
    • 8. SDEI: Software Delegated Exception Interface
      • 8.1. Introduction
      • 8.2. Defining events
        • 8.2.1. Event flags
      • 8.3. Event definition example
      • 8.4. Configuration within Exception Handling Framework
      • 8.5. Determining client EL
      • 8.6. Explicit dispatch of events
        • 8.6.1. Conditions for event dispatch
      • 8.7. Porting requirements
      • 8.8. Note on writing SDEI event handlers
    • 9. Secure Partition Manager
      • 9.1. Background
      • 9.2. Introduction
      • 9.3. Description
        • 9.3.1. Building TF-A with Secure Partition support
        • 9.3.2. Describing Secure Partition resources
        • 9.3.3. Accessing Secure Partition services
        • 9.3.4. Exchanging data with the Secure Partition
      • 9.4. Runtime model of the Secure Partition
        • 9.4.1. Interface with SPM
        • 9.4.2. Miscellaneous interfaces
        • 9.4.3. Secure Partition Initialisation
        • 9.4.4. Runtime Event Delegation
        • 9.4.5. Secure Partition Memory Management
        • 9.4.6. Error Codes
    • 10. Translation (XLAT) Tables Library
      • 10.1. About version 1 and version 2
      • 10.2. Design concepts and interfaces
        • 10.2.1. mmap regions
        • 10.2.2. Translation Context
        • 10.2.3. Static and dynamic memory regions
      • 10.3. Library APIs
      • 10.4. Library limitations
      • 10.5. Implementation details
        • 10.5.1. Code structure
        • 10.5.2. From mmap regions to translation tables
        • 10.5.3. The memory mapping algorithm
        • 10.5.4. TLB maintenance operations
  • System Design
    • 1. Authentication Framework & Chain of Trust
      • 1.1. Framework design
        • 1.1.1. Chain of Trust
        • 1.1.2. Image types
        • 1.1.3. Component responsibilities
        • 1.1.4. Authentication methods
      • 1.2. Specifying a Chain of Trust
        • 1.2.1. Describing the image parsing methods
        • 1.2.2. Describing the authentication method(s)
        • 1.2.3. Storing Authentication parameters
        • 1.2.4. Describing an image in a CoT
      • 1.3. Implementation example
        • 1.3.1. The TBBR CoT
        • 1.3.2. The image parser library
        • 1.3.3. The cryptographic library
    • 2. Arm CPU Specific Build Macros
      • 2.1. Security Vulnerability Workarounds
      • 2.2. CPU Errata Workarounds
      • 2.3. DSU Errata Workarounds
      • 2.4. CPU Specific optimizations
    • 3. Firmware Design
      • 3.1. Cold boot
        • 3.1.1. Dynamic Configuration during cold boot
        • 3.1.2. BL1
        • 3.1.3. BL2
        • 3.1.4. Running BL2 at EL3 execution level
        • 3.1.5. AArch64 BL31
        • 3.1.6. Using alternative Trusted Boot Firmware in place of BL1 & BL2 (AArch64 only)
        • 3.1.7. AArch32 EL3 Runtime Software entrypoint interface
      • 3.2. EL3 runtime services framework
        • 3.2.1. Registration
        • 3.2.2. Initialization
        • 3.2.3. Handling an SMC
      • 3.3. Exception Handling Framework
      • 3.4. Power State Coordination Interface
      • 3.5. Secure-EL1 Payloads and Dispatchers
        • 3.5.1. Initializing a BL32 Image
      • 3.6. Crash Reporting in BL31
      • 3.7. Guidelines for Reset Handlers
      • 3.8. Configuring secure interrupts
      • 3.9. CPU specific operations framework
        • 3.9.1. CPU specific Reset Handling
        • 3.9.2. CPU specific power down sequence
        • 3.9.3. CPU specific register reporting during crash
        • 3.9.4. CPU errata status reporting
      • 3.10. Memory layout of BL images
        • 3.10.1. Linker scripts and symbols
        • 3.10.2. How to choose the right base addresses for each bootloader stage image
      • 3.11. Library at ROM
      • 3.12. Firmware Image Package (FIP)
        • 3.12.1. Firmware Image Package layout
        • 3.12.2. Firmware Image Package creation tool
        • 3.12.3. Loading from a Firmware Image Package (FIP)
      • 3.13. Use of coherent memory in TF-A
        • 3.13.1. Disabling the use of coherent memory in TF-A
        • 3.13.2. Coherent memory usage in PSCI implementation
        • 3.13.3. Bakery lock data
        • 3.13.4. Non Functional Impact of removing coherent memory
      • 3.14. Isolating code and read-only data on separate memory pages
      • 3.15. Publish and Subscribe Framework
        • 3.15.1. Publish and Subscribe Example
        • 3.15.2. Reclaiming the BL31 initialization code
      • 3.16. Performance Measurement Framework
        • 3.16.1. Timestamp identifier format
        • 3.16.2. Registering a PMF service
        • 3.16.3. Capturing a timestamp
        • 3.16.4. Retrieving a timestamp
        • 3.16.5. PMF code structure
      • 3.17. Armv8-A Architecture Extensions
        • 3.17.1. Armv8.1-A
        • 3.17.2. Armv8.2-A
        • 3.17.3. Armv8.3-A
        • 3.17.4. Armv8.5-A
        • 3.17.5. Armv7-A
      • 3.18. Code Structure
    • 4. Interrupt Management Framework
      • 4.1. Concepts
        • 4.1.1. Interrupt types
        • 4.1.2. Routing model
        • 4.1.3. Valid routing models
        • 4.1.4. Mapping of interrupt type to signal
      • 4.2. Assumptions in Interrupt Management Framework
      • 4.3. Software components
      • 4.4. Interrupt registration
        • 4.4.1. EL3 runtime firmware
        • 4.4.2. Secure payload dispatcher
        • 4.4.3. Test secure payload dispatcher behavior
        • 4.4.4. Secure payload
        • 4.4.5. Test secure payload behavior
      • 4.5. Interrupt handling
        • 4.5.1. EL3 runtime firmware
        • 4.5.2. Secure payload dispatcher
        • 4.5.3. Secure payload
      • 4.6. Other considerations
        • 4.6.1. Implication of preempted SMC on Non-Secure Software
    • 5. PSCI Power Domain Tree Structure
      • 5.1. Requirements
      • 5.2. Design
        • 5.2.1. Describing a power domain tree
        • 5.2.2. Removing assumptions about MPIDRs used in a platform
        • 5.2.3. Traversing through and distinguishing between core and non-core power domains
        • 5.2.4. Populating the power domain tree
    • 6. CPU Reset
      • 6.1. General reset code flow
      • 6.2. Programmable CPU reset address
      • 6.3. Cold boot on a single CPU
      • 6.4. Programmable CPU reset address, Cold boot on a single CPU
      • 6.5. Using BL31 entrypoint as the reset address
        • 6.5.1. Determination of boot path
        • 6.5.2. Platform initialization
    • 7. Trusted Board Boot
      • 7.1. Chain of Trust
      • 7.2. Trusted Board Boot Sequence
      • 7.3. Authentication Framework
      • 7.4. Certificate Generation Tool
  • Platform Ports
    • 1. Allwinner ARMv8 SoCs
      • 1.1. Trusted OS dispatcher
    • 2. Amlogic Meson S905 (GXBB)
    • 3. Amlogic Meson S905x (GXL)
    • 4. Amlogic Meson S905X2 (G12A)
    • 5. Arm Versatile Express
      • 5.1. Boot Sequence
      • 5.2. How to build
        • 5.2.1. Code Locations
        • 5.2.2. Build Procedure
        • 5.2.3. Run Procedure
    • 6. HiKey
      • 6.1. How to build
        • 6.1.1. Code Locations
        • 6.1.2. Build Procedure
      • 6.2. Setup Console
      • 6.3. Flash images in recovery mode
      • 6.4. Boot UEFI in normal mode
    • 7. HiKey960
      • 7.1. How to build
        • 7.1.1. Code Locations
        • 7.1.2. Build Procedure
      • 7.2. Setup Console
      • 7.3. Boot UEFI in recovery mode
      • 7.4. Boot UEFI in normal mode
    • 8. Intel Agilex SoCFPGA
      • 8.1. How to build
        • 8.1.1. Code Locations
        • 8.1.2. Build Procedure
        • 8.1.3. Install Procedure
      • 8.2. Boot trace
    • 9. Intel Stratix 10 SoCFPGA
      • 9.1. How to build
        • 9.1.1. Code Locations
        • 9.1.2. Build Procedure
        • 9.1.3. Install Procedure
      • 9.2. Boot trace
    • 10. Marvell
      • 10.1. TF-A Build Instructions for Marvell Platforms
        • 10.1.1. Build Instructions
        • 10.1.2. Special Build Flags
        • 10.1.3. Build output
        • 10.1.4. Tools and external components installation
      • 10.2. TF-A Porting Guide for Marvell Platforms
        • 10.2.1. Source Code Structure
        • 10.2.2. Armada-70x0/Armada-80x0 Porting
      • 10.3. Address decoding flow and address translation units of Marvell Armada 8K SoC family
      • 10.4. AMB - AXI MBUS address decoding
        • 10.4.1. Mandatory functions
        • 10.4.2. Mandatory structures
        • 10.4.3. Examples
      • 10.5. Marvell CCU address decoding bindings
        • 10.5.1. Mandatory functions
        • 10.5.2. Mandatory structures
        • 10.5.3. Example
      • 10.6. Marvell IO WIN address decoding bindings
        • 10.6.1. Mandatory functions
        • 10.6.2. Mandatory structures
        • 10.6.3. Example
      • 10.7. Marvell IOB address decoding bindings
        • 10.7.1. Mandatory functions
        • 10.7.2. Mandatory structures
        • 10.7.3. Target ID options
        • 10.7.4. Example
    • 11. MediaTek 8183
      • 11.1. Boot Sequence
      • 11.2. How to Build
    • 12. NVIDIA Tegra
      • 12.1. Directory structure
      • 12.2. Trusted OS dispatcher
      • 12.3. Scatter files
      • 12.4. Preparing the BL31 image to run on Tegra SoCs
      • 12.5. Power Management
      • 12.6. Tegra configs
    • 13. NXP i.MX7 WaRP7
      • 13.1. Boot Flow
      • 13.2. Build Instructions
        • 13.2.1. U-Boot
        • 13.2.2. OP-TEE
        • 13.2.3. TF-A
        • 13.2.4. FIP
      • 13.3. Deploy Images
      • 13.4. Signing BL2
    • 14. NXP i.MX 8 Series
      • 14.1. Boot Sequence
      • 14.2. How to build
        • 14.2.1. Build Procedure
        • 14.2.2. Deploy TF-A Images
    • 15. NXP i.MX 8M Series
      • 15.1. Boot Sequence
      • 15.2. How to build
        • 15.2.1. Build Procedure
        • 15.2.2. Deploy TF-A Images
    • 16. NXP QorIQ® LS1043A
      • 16.1. LS1043ARDB Specification:
      • 16.2. Boot Sequence
      • 16.3. How to build
        • 16.3.1. Build Procedure
        • 16.3.2. Deploy TF-A Images
    • 17. Poplar
      • 17.1. How to build
        • 17.1.1. Code Locations
        • 17.1.2. Build Procedure
      • 17.2. Install Procedure
      • 17.3. Boot trace
    • 18. QEMU virt Armv8-A
    • 19. QEMU SBSA Target
    • 20. Raspberry Pi 3
      • 20.1. Design
        • 20.1.1. Placement of images
        • 20.1.2. Boot sequence
        • 20.1.3. Secondary cores
      • 20.2. Build Instructions
        • 20.2.1. Building the firmware for kernels that don’t support PSCI
        • 20.2.2. Building the firmware for kernels that support PSCI
      • 20.3. AArch64 kernel build instructions
      • 20.4. Setup SD card
    • 21. Raspberry Pi 4
      • 21.1. Build Instructions
      • 21.2. TF-A port design
    • 22. Renesas R-Car
      • 22.1. Renesas R-Car Gen3 evaluation boards:
      • 22.2. Overview
      • 22.3. How to build
        • 22.3.1. Build Tested:
        • 22.3.2. System Tested:
        • 22.3.3. TF-A Build Procedure
        • 22.3.4. Install Procedure
      • 22.4. Boot trace
    • 23. Rockchip SoCs
      • 23.1. Boot Sequence
      • 23.2. How to build
      • 23.3. How to deploy
    • 24. Socionext UniPhier
      • 24.1. Boot Flow
      • 24.2. Basic Build
      • 24.3. Optional features
    • 25. Socionext Synquacer
      • 25.1. How to build
        • 25.1.1. Code Locations
        • 25.1.2. Boot Flow
        • 25.1.3. Build Procedure
        • 25.1.4. Install the System Firmware
    • 26. STMicroelectronics STM32MP1
      • 26.1. Design
        • 26.1.1. Memory mapping
        • 26.1.2. Boot sequence
      • 26.2. Build Instructions
      • 26.3. Populate SD-card
    • 27. Texas Instruments K3
      • 27.1. Boot Flow
      • 27.2. Build Instructions
      • 27.3. Deploy Images
    • 28. Xilinx Versal
      • 28.1. Xilinx Versal platform specific build options
    • 29. Xilinx Zynq UltraScale+ MPSoC
      • 29.1. ZynqMP platform specific build options
      • 29.2. FSBL->TF-A Parameter Passing
      • 29.3. Power Domain Tree
    • Fixed Virtual Platform (FVP) Support
  • Performance & Testing
    • 1. PSCI Performance Measurements on Arm Juno Development Platform
      • 1.1. Method
      • 1.2. Results and Commentary
        • 1.2.1. CPU_SUSPEND to deepest power level on all CPUs in parallel
        • 1.2.2. CPU_SUSPEND to power level 0 on all CPUs in parallel
        • 1.2.3. CPU_SUSPEND to deepest power level on all CPUs in sequence
        • 1.2.4. CPU_SUSPEND to power level 0 on all CPUs in sequence
        • 1.2.5. CPU_OFF on all non-lead CPUs in sequence then CPU_SUSPEND on lead CPU to deepest power level
        • 1.2.6. PSCI_VERSION on all CPUs in parallel
  • Security Advisories
    • 1. Advisory TFV-1 (CVE-2016-10319)
    • 2. Advisory TFV-2 (CVE-2017-7564)
    • 3. Advisory TFV-3 (CVE-2017-7563)
    • 4. Advisory TFV-4 (CVE-2017-9607)
    • 5. Advisory TFV-5 (CVE-2017-15031)
    • 6. Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)
      • 6.1. Variant 1 (CVE-2017-5753)
      • 6.2. Variant 2 (CVE-2017-5715)
      • 6.3. Variant 3 (CVE-2017-5754)
    • 7. Advisory TFV-7 (CVE-2018-3639)
      • 7.1. Static mitigation
      • 7.2. Dynamic mitigation
    • 8. Advisory TFV-8 (CVE-2018-19440)
  • Change Log & Release Notes
    • Version 2.2
      • New Features
      • Changed
      • Resolved Issues
      • Deprecations
      • Known Issues
    • Version 2.1
      • New Features
      • Changed
      • Resolved Issues
      • Deprecations
      • Known Issues
    • Version 2.0
      • New Features
      • Issues resolved since last release
      • Known Issues
    • Version 1.6
      • New Features
      • Issues resolved since last release
      • Known Issues
    • Version 1.5
      • New features
      • Issues resolved since last release
      • Known Issues
    • Version 1.4
      • New features
      • Issues resolved since last release
      • Known Issues
    • Version 1.3
      • New features
      • Issues resolved since last release
      • Known issues
    • Version 1.2
      • New features
      • Issues resolved since last release
      • Known issues
    • Version 1.1
      • New features
      • Issues resolved since last release
      • Known issues
    • Version 1.0
      • New features
      • Issues resolved since last release
      • Known issues
    • Version 0.4
      • New features
      • Issues resolved since last release
      • Known issues
    • Version 0.3
      • New features
      • Issues resolved since last release
      • Known issues
    • Version 0.2
      • New features
      • Issues resolved since last release
      • Known issues
  • Glossary
  • License
    • SPDX Identifiers
    • Other Projects
Trusted Firmware-A
  • Docs »
  • System Design
  • View page source
Next Previous

System Design¶

Contents

  • 1. Authentication Framework & Chain of Trust
  • 2. Arm CPU Specific Build Macros
  • 3. Firmware Design
  • 4. Interrupt Management Framework
  • 5. PSCI Power Domain Tree Structure
  • 6. CPU Reset
  • 7. Trusted Board Boot
Next Previous

Revision a04808c1.

Read the Docs v: v2.2
Versions
latest
stable
v2.2
Downloads
On Read the Docs
Project Home
Builds
Free document hosting provided by Read the Docs.