Trusted Firmware-A Logo
  • Home
  • About
    • 1. Feature Overview
      • 1.1. Current features
      • 1.2. Still to come
    • 2. Release Processes
      • 2.1. Project Release Cadence
        • 2.1.1. Upcoming Releases
      • 2.2. Removal of Deprecated Interfaces
    • 3. Project Maintenance
      • 3.1. Maintainers
      • 3.2. Code owners
        • 3.2.1. Common Code
        • 3.2.2. Drivers, Libraries and Framework Code
        • 3.2.3. Platform Ports
        • 3.2.4. Secure Payloads and Dispatchers
        • 3.2.5. Tools
        • 3.2.6. Threat Model
        • 3.2.7. Conventional Changelog Extensions
    • 4. Support & Contact
      • 4.1. Mailing Lists
      • 4.2. Open Tech Forum Call
      • 4.3. Issue Tracker
      • 4.4. Arm Licensees
    • 5. Contributor Acknowledgements
  • Getting Started
    • 1. Prerequisites
      • 1.1. Build Host
      • 1.2. Toolchain
      • 1.3. Software and Libraries
        • 1.3.1. Package Installation (Linux)
      • 1.4. Supporting Files
      • 1.5. Getting the TF-A Source
        • 1.5.1. Additional Steps for Contributors
    • 2. Building Documentation
      • 2.1. Prerequisites
      • 2.2. Building rendered documentation
      • 2.3. Building rendered documentation from a container
    • 3. Building Supporting Tools
      • 3.1. Building and using the FIP tool
      • 3.2. Building the Certificate Generation Tool
        • 3.2.1. Building the Firmware Encryption Tool
    • 4. Performing an Initial Build
    • 5. Build Options
      • 5.1. Common build options
      • 5.2. GICv3 driver options
      • 5.3. Debugging options
      • 5.4. Firmware update options
    • 6. Image Terminology
      • 6.1. General Notes
      • 6.2. Trusted Firmware Images
        • 6.2.1. AP Boot ROM: AP_BL1
        • 6.2.2. AP RAM Firmware: AP_BL2
        • 6.2.3. EL3 Runtime Firmware: AP_BL31
        • 6.2.4. Secure-EL1 Payload (SP): AP_BL32
        • 6.2.5. AP Normal World Firmware: AP_BL33
        • 6.2.6. Other AP 3rd level images: AP_BL3_XXX
        • 6.2.7. Realm Monitor Management Firmware: RMM
        • 6.2.8. SCP Boot ROM: SCP_BL1 (previously BL0)
        • 6.2.9. SCP RAM Firmware: SCP_BL2 (previously BL3-0)
      • 6.3. Firmware Update (FWU) Images
        • 6.3.1. AP Firmware Update Boot ROM: AP_NS_BL1U
        • 6.3.2. AP Firmware Update Config: AP_BL2U
        • 6.3.3. SCP Firmware Update Config: SCP_BL2U (previously BL2-U0)
        • 6.3.4. AP Firmware Updater: AP_NS_BL2U (previously BL3-U)
      • 6.4. Other Processor Firmware Images
        • 6.4.1. MCP Boot ROM: MCP_BL1
        • 6.4.2. MCP RAM Firmware: MCP_BL2
    • 7. Porting Guide
      • 7.1. Introduction
      • 7.2. Common modifications
      • 7.3. Common mandatory modifications
        • 7.3.1. File : platform_def.h [mandatory]
        • 7.3.2. File : plat_macros.S [mandatory]
      • 7.4. Handling Reset
        • 7.4.1. Function : plat_get_my_entrypoint() [mandatory when PROGRAMMABLE_RESET_ADDRESS == 0]
        • 7.4.2. Function : plat_secondary_cold_boot_setup() [mandatory when COLD_BOOT_SINGLE_CPU == 0]
        • 7.4.3. Function : plat_is_my_cpu_primary() [mandatory when COLD_BOOT_SINGLE_CPU == 0]
        • 7.4.4. Function : platform_mem_init() [mandatory]
        • 7.4.5. Function: plat_get_rotpk_info()
        • 7.4.6. Function: plat_get_nv_ctr()
        • 7.4.7. Function: plat_set_nv_ctr()
        • 7.4.8. Function: plat_set_nv_ctr2()
      • 7.5. Common mandatory function modifications
        • 7.5.1. Function : plat_my_core_pos()
        • 7.5.2. Function : plat_core_pos_by_mpidr()
        • 7.5.3. Function : plat_get_mbedtls_heap() [when TRUSTED_BOARD_BOOT == 1]
        • 7.5.4. Function : plat_get_enc_key_info() [when FW_ENC_STATUS == 0 or 1]
        • 7.5.5. Function : plat_fwu_set_images_source() [when PSA_FWU_SUPPORT == 1]
        • 7.5.6. Function : plat_fwu_set_metadata_image_source() [when PSA_FWU_SUPPORT == 1]
      • 7.6. Common optional modifications
        • 7.6.1. Function : plat_set_my_stack()
        • 7.6.2. Function : plat_get_my_stack()
        • 7.6.3. Function : plat_report_exception()
        • 7.6.4. Function : plat_reset_handler()
        • 7.6.5. Function : plat_disable_acp()
        • 7.6.6. Function : plat_error_handler()
        • 7.6.7. Function : plat_panic_handler()
        • 7.6.8. Function : plat_get_bl_image_load_info()
        • 7.6.9. Function : plat_get_next_bl_params()
        • 7.6.10. Function : plat_get_stack_protector_canary()
        • 7.6.11. Function : plat_flush_next_bl_params()
        • 7.6.12. Function : plat_log_get_prefix()
        • 7.6.13. Function : plat_get_soc_version()
        • 7.6.14. Function : plat_get_soc_revision()
        • 7.6.15. Function : plat_is_smccc_feature_available()
        • 7.6.16. Function : plat_mboot_measure_image()
      • 7.7. Modifications specific to a Boot Loader stage
      • 7.8. Boot Loader Stage 1 (BL1)
        • 7.8.1. Function : bl1_early_platform_setup() [mandatory]
        • 7.8.2. Function : bl1_plat_arch_setup() [mandatory]
        • 7.8.3. Function : bl1_platform_setup() [mandatory]
        • 7.8.4. Function : bl1_plat_sec_mem_layout() [mandatory]
        • 7.8.5. Function : bl1_plat_prepare_exit() [optional]
        • 7.8.6. Function : bl1_plat_set_ep_info() [optional]
        • 7.8.7. Function : bl1_plat_get_next_image_id() [optional]
        • 7.8.8. Function : bl1_plat_get_image_desc() [optional]
        • 7.8.9. Function : bl1_plat_handle_pre_image_load() [optional]
        • 7.8.10. Function : bl1_plat_handle_post_image_load() [optional]
        • 7.8.11. Function : bl1_plat_fwu_done() [optional]
        • 7.8.12. Function : bl1_plat_mem_check() [mandatory]
        • 7.8.13. Function : bl1_plat_mboot_init() [optional]
        • 7.8.14. Function : bl1_plat_mboot_finish() [optional]
      • 7.9. Boot Loader Stage 2 (BL2)
        • 7.9.1. Function : bl2_early_platform_setup2() [mandatory]
        • 7.9.2. Function : bl2_plat_arch_setup() [mandatory]
        • 7.9.3. Function : bl2_platform_setup() [mandatory]
        • 7.9.4. Function : bl2_plat_handle_pre_image_load() [optional]
        • 7.9.5. Function : bl2_plat_handle_post_image_load() [optional]
        • 7.9.6. Function : bl2_plat_preload_setup [optional]
        • 7.9.7. Function : plat_try_next_boot_source() [optional]
      • 7.10. Boot Loader Stage 2 (BL2) at EL3
        • 7.10.1. Function : bl2_el3_early_platform_setup() [mandatory]
        • 7.10.2. Function : bl2_el3_plat_arch_setup() [mandatory]
        • 7.10.3. Function : bl2_el3_plat_prepare_exit() [optional]
      • 7.11. FWU Boot Loader Stage 2 (BL2U)
        • 7.11.1. Function : bl2u_early_platform_setup() [mandatory]
        • 7.11.2. Function : bl2u_plat_arch_setup() [mandatory]
        • 7.11.3. Function : bl2u_platform_setup() [mandatory]
        • 7.11.4. Function : bl2u_plat_handle_scp_bl2u() [optional]
        • 7.11.5. Function : bl2_plat_mboot_init() [optional]
        • 7.11.6. Function : bl2_plat_mboot_finish() [optional]
      • 7.12. Boot Loader Stage 3-1 (BL31)
        • 7.12.1. Function : bl31_early_platform_setup2() [mandatory]
        • 7.12.2. Function : bl31_plat_arch_setup() [mandatory]
        • 7.12.3. Function : bl31_platform_setup() [mandatory]
        • 7.12.4. Function : bl31_plat_runtime_setup() [optional]
        • 7.12.5. Function : bl31_plat_get_next_image_ep_info() [mandatory]
        • 7.12.6. Function : bl31_plat_enable_mmu [optional]
        • 7.12.7. Function : plat_init_apkey [optional]
        • 7.12.8. Function : plat_get_syscnt_freq2() [mandatory]
        • 7.12.9. Function : plat_arm_set_twedel_scr_el3() [optional]
        • 7.12.10. #define : PLAT_PERCPU_BAKERY_LOCK_SIZE [optional]
        • 7.12.11. SDEI porting requirements
        • 7.12.12. TRNG porting requirements
      • 7.13. Power State Coordination Interface (in BL31)
        • 7.13.1. Function : plat_psci_stat_accounting_start() [optional]
        • 7.13.2. Function : plat_psci_stat_accounting_stop() [optional]
        • 7.13.3. Function : plat_psci_stat_get_residency() [optional]
        • 7.13.4. Function : plat_get_target_pwr_state() [optional]
        • 7.13.5. Function : plat_get_power_domain_tree_desc() [mandatory]
        • 7.13.6. Function : plat_setup_psci_ops() [mandatory]
      • 7.14. Interrupt Management framework (in BL31)
        • 7.14.1. Function : plat_interrupt_type_to_line() [mandatory]
        • 7.14.2. Function : plat_ic_get_pending_interrupt_type() [mandatory]
        • 7.14.3. Function : plat_ic_get_pending_interrupt_id() [mandatory]
        • 7.14.4. Function : plat_ic_acknowledge_interrupt() [mandatory]
        • 7.14.5. Function : plat_ic_end_of_interrupt() [mandatory]
        • 7.14.6. Function : plat_ic_get_interrupt_type() [mandatory]
      • 7.15. Crash Reporting mechanism (in BL31)
        • 7.15.1. Function : plat_crash_console_init [mandatory]
        • 7.15.2. Function : plat_crash_console_putc [mandatory]
        • 7.15.3. Function : plat_crash_console_flush [mandatory]
      • 7.16. External Abort handling and RAS Support
        • 7.16.1. Function : plat_ea_handler
        • 7.16.2. Function : plat_handle_uncontainable_ea
        • 7.16.3. Function : plat_handle_double_fault
        • 7.16.4. Function : plat_handle_el3_ea
      • 7.17. Build flags
      • 7.18. Platform include paths
      • 7.19. C Library
      • 7.20. Storage abstraction layer
    • 8. PSCI Library Integration guide for Armv8-A AArch32 systems
      • 8.1. Generic call sequence for PSCI Library interface (AArch32)
      • 8.2. PSCI CPU context management
      • 8.3. PSCI Library Interface
        • 8.3.1. Interface : psci_setup()
        • 8.3.2. Interface : psci_prepare_next_non_secure_ctx()
        • 8.3.3. Interface : psci_register_spd_pm_hook()
        • 8.3.4. Interface : psci_smc_handler()
        • 8.3.5. Interface : psci_warmboot_entrypoint()
      • 8.4. EL3 Runtime Software dependencies
        • 8.4.1. General dependencies
        • 8.4.2. CPU Context management API
        • 8.4.3. Platform API
        • 8.4.4. Secure payload power management callback
        • 8.4.5. CPU operations
    • 9. EL3 Runtime Service Writer’s Guide
      • 9.1. Introduction
      • 9.2. Owning Entities, Call Types and Function IDs
      • 9.3. Getting started
      • 9.4. Registering a runtime service
      • 9.5. Initializing a runtime service
      • 9.6. Handling runtime service requests
      • 9.7. Services that contain multiple sub-services
      • 9.8. Secure-EL1 Payload Dispatcher service (SPD)
  • Processes & Policies
    • 1. Security Handling
      • 1.1. Security Disclosures
      • 1.2. Found a Security Issue?
      • 1.3. Attribution
      • 1.4. Security Advisories
    • 2. Platform Compatibility Policy
      • 2.1. Introduction
      • 2.2. Platform compatibility policy
    • 3. Commit Style
      • 3.1. Adding Scopes
      • 3.2. Mandated Trailers
    • 4. Coding Style
      • 4.1. File Encoding
      • 4.2. Language
      • 4.3. C Language Standard
      • 4.4. MISRA Compliance
      • 4.5. Indentation
      • 4.6. Spacing
      • 4.7. Line Length
      • 4.8. Blank Lines
      • 4.9. Braces
        • 4.9.1. Opening Brace Placement
        • 4.9.2. Conditional Statement Bodies
      • 4.10. Naming
        • 4.10.1. Functions
        • 4.10.2. Local Variables and Parameters
        • 4.10.3. Preprocessor Macros
      • 4.11. Function Attributes
      • 4.12. Alignment
        • 4.12.1. Switch Statement Alignment
        • 4.12.2. Pointer Alignment
      • 4.13. Comments
      • 4.14. Headers and inclusion
        • 4.14.1. Header guards
        • 4.14.2. Include statement ordering
        • 4.14.3. Include statement variants
      • 4.15. Typedefs
        • 4.15.1. Avoid anonymous typedefs of structs/enums in headers
    • 5. Coding Guidelines
      • 5.1. Automatic Editor Configuration
      • 5.2. Automatic Compliance Checking
        • 5.2.1. Ignored Checkpatch Warnings
      • 5.3. Performance considerations
        • 5.3.1. Avoid printf and use logging macros
        • 5.3.2. Use const data where possible
      • 5.4. Libc functions that are banned or to be used with caution
      • 5.5. Error handling and robustness
        • 5.5.1. Using CASSERT to check for compile time data errors
        • 5.5.2. Using assert() to check for programming errors
        • 5.5.3. Handling integration errors
        • 5.5.4. Handling recoverable errors
        • 5.5.5. Handling unrecoverable errors
        • 5.5.6. Handling critical unresponsiveness
      • 5.6. Use of built-in C and libc data types
      • 5.7. Favor C language over assembly language
    • 6. Contributor’s Guide
      • 6.1. Getting Started
      • 6.2. Making Changes
      • 6.3. Submitting Changes
      • 6.4. Add Build Configurations
      • 6.5. Binary Components
    • 7. Code Review Guidelines
      • 7.1. Why do we do code reviews?
      • 7.2. Good practices
      • 7.3. Guidelines for patch contributors
      • 7.4. Guidelines for all reviewers
      • 7.5. Guidelines for code owners
      • 7.6. Guidelines for maintainers
    • 8. Frequently-Asked Questions (FAQ)
      • 8.1. How do I update my changes?
      • 8.2. How long will my changes take to merge into integration?
      • 8.3. How long will it take for my changes to go from integration to master?
      • 8.4. What are these strange comments in my changes?
    • 9. Secure Development Guidelines
      • 9.1. Security considerations
        • 9.1.1. Do not leak secrets to the normal world
        • 9.1.2. Handling Denial of Service attacks
        • 9.1.3. Preventing Secure-world timing information leakage via PMU counters
      • 9.2. Build options
  • Components
    • 1. Secure Payload Dispatcher (SPD)
      • 1.1. OP-TEE Dispatcher
      • 1.2. Trusted Little Kernel (TLK) Dispatcher
        • 1.2.1. Trusted Little Kernel (TLK)
        • 1.2.2. Build TLK
        • 1.2.3. Input parameters to TLK
      • 1.3. Trusty Dispatcher
        • 1.3.1. Boot parameters
        • 1.3.2. Supported platforms
    • 2. Activity Monitors
      • 2.1. Auxiliary counters
    • 3. Arm SiP Services
      • 3.1. Performance Measurement Framework (PMF)
      • 3.2. Execution State Switching service
        • 3.2.1. ARM_SIP_SVC_EXE_STATE_SWITCH
      • 3.3. DebugFS interface
        • 3.3.1. MOUNT
        • 3.3.2. OPEN
        • 3.3.3. CLOSE
        • 3.3.4. READ
        • 3.3.5. SEEK
        • 3.3.6. BIND
        • 3.3.7. STAT
        • 3.3.8. INIT
        • 3.3.9. VERSION
    • 4. Debug FS
      • 4.1. Overview
      • 4.2. Virtual filesystem
        • 4.2.1. Namespace
        • 4.2.2. 9p interface
      • 4.3. SMC interface
      • 4.4. Security considerations
      • 4.5. Limitations
      • 4.6. Applications
    • 5. Exception Handling Framework
      • 5.1. Introduction
      • 5.2. The role of Exception Handling Framework
      • 5.3. Interrupt handling
        • 5.3.1. Partitioning priority levels
        • 5.3.2. Programming priority
      • 5.4. Registering handler
      • 5.5. Interrupt handling example
      • 5.6. Activating and Deactivating priorities
      • 5.7. Transition of priority levels
      • 5.8. Effect on SMC calls
      • 5.9. Build-time flow
      • 5.10. Run-time flow
      • 5.11. Interrupt Prioritisation Considerations
      • 5.12. Limitations
    • 6. Firmware Configuration Framework
      • 6.1. Introduction
      • 6.2. Accessing properties
      • 6.3. Defining properties
      • 6.4. Loading the property device tree
      • 6.5. Populating the properties
      • 6.6. Namespace guidance
      • 6.7. Properties binding information
        • 6.7.1. DTB binding for FCONF properties
        • 6.7.2. Activity Monitor Unit (AMU) Bindings
        • 6.7.3. Maximum Power Mitigation Mechanism (MPMM) Bindings
    • 7. Firmware Update (FWU)
      • 7.1. Introduction
        • 7.1.1. Scope
      • 7.2. FWU Overview
      • 7.3. Image Identification
      • 7.4. FWU State Machine
      • 7.5. BL1 SMC Interface
        • 7.5.1. BL1_SMC_CALL_COUNT
        • 7.5.2. BL1_SMC_UID
        • 7.5.3. BL1_SMC_VERSION
        • 7.5.4. BL1_SMC_RUN_IMAGE
        • 7.5.5. FWU_SMC_IMAGE_COPY
        • 7.5.6. FWU_SMC_IMAGE_AUTH
        • 7.5.7. FWU_SMC_IMAGE_EXECUTE
        • 7.5.8. FWU_SMC_IMAGE_RESUME
        • 7.5.9. FWU_SMC_SEC_IMAGE_DONE
        • 7.5.10. FWU_SMC_UPDATE_DONE
        • 7.5.11. FWU_SMC_IMAGE_RESET
    • 8. Measured Boot Driver (MBD)
      • 8.1. Properties binding information
        • 8.1.1. DTB binding for Event Log properties
    • 9. Maximum Power Mitigation Mechanism (MPMM)
    • 10. Platform Interrupt Controller API
      • 10.1. Function: unsigned int plat_ic_get_running_priority(void); [optional]
      • 10.2. Function: int plat_ic_is_spi(unsigned int id); [optional]
      • 10.3. Function: int plat_ic_is_ppi(unsigned int id); [optional]
      • 10.4. Function: int plat_ic_is_sgi(unsigned int id); [optional]
      • 10.5. Function: unsigned int plat_ic_get_interrupt_active(unsigned int id); [optional]
      • 10.6. Function: void plat_ic_enable_interrupt(unsigned int id); [optional]
      • 10.7. Function: void plat_ic_disable_interrupt(unsigned int id); [optional]
      • 10.8. Function: void plat_ic_set_interrupt_priority(unsigned int id, unsigned int priority); [optional]
      • 10.9. Function: int plat_ic_has_interrupt_type(unsigned int type); [optional]
      • 10.10. Function: void plat_ic_set_interrupt_type(unsigned int id, unsigned int type); [optional]
      • 10.11. Function: void plat_ic_raise_el3_sgi(int sgi_num, u_register_t target); [optional]
      • 10.12. Function: void plat_ic_set_spi_routing(unsigned int id, unsigned int routing_mode, u_register_t mpidr); [optional]
      • 10.13. Function: void plat_ic_set_interrupt_pending(unsigned int id); [optional]
      • 10.14. Function: void plat_ic_clear_interrupt_pending(unsigned int id); [optional]
      • 10.15. Function: unsigned int plat_ic_set_priority_mask(unsigned int id); [optional]
      • 10.16. Function: unsigned int plat_ic_get_interrupt_id(unsigned int raw); [optional]
    • 11. Reliability, Availability, and Serviceability (RAS) Extensions
      • 11.1. Overview
      • 11.2. Platform APIs
      • 11.3. Registering RAS error records
        • 11.3.1. Standard Error Record helpers
      • 11.4. Registering RAS interrupts
      • 11.5. Double-fault handling
      • 11.6. Engaging the RAS framework
      • 11.7. Interaction with Exception Handling Framework
    • 12. Library at ROM
      • 12.1. Introduction
      • 12.2. Index file
      • 12.3. Wrapper functions
      • 12.4. Script
      • 12.5. Patching of functions in library at ROM
      • 12.6. Memory impact
      • 12.7. Build library at ROM
    • 13. SDEI: Software Delegated Exception Interface
      • 13.1. Introduction
      • 13.2. Defining events
        • 13.2.1. Event flags
      • 13.3. Event definition example
      • 13.4. Configuration within Exception Handling Framework
      • 13.5. Determining client EL
      • 13.6. Explicit dispatch of events
        • 13.6.1. Conditions for event dispatch
      • 13.7. Porting requirements
      • 13.8. Note on writing SDEI event handlers
    • 14. Secure Partition Manager
      • 14.1. Acronyms
      • 14.2. Foreword
        • 14.2.1. Terminology
        • 14.2.2. Support for legacy platforms
      • 14.3. Sample reference stack
      • 14.4. TF-A build options
      • 14.5. FVP model invocation
      • 14.6. Boot process
        • 14.6.1. Loading Hafnium and secure partitions in the secure world
        • 14.6.2. Booting through TF-A
      • 14.7. Hafnium in the secure world
        • 14.7.1. General considerations
        • 14.7.2. Parsing SP partition manifests
        • 14.7.3. Passing boot data to the SP
        • 14.7.4. SP Boot order
        • 14.7.5. Boot phases
        • 14.7.6. Notifications
        • 14.7.7. Mandatory interfaces
        • 14.7.8. SPMC-SPMD direct requests/responses
        • 14.7.9. PE MMU configuration
        • 14.7.10. Interrupt management
        • 14.7.11. Secure interrupt handling
        • 14.7.12. Power management
      • 14.8. SMMUv3 support in Hafnium
        • 14.8.1. SMMUv3 features
        • 14.8.2. SMMUv3 Programming Interfaces
        • 14.8.3. Peripheral device manifest
        • 14.8.4. SMMUv3 driver limitations
      • 14.9. S-EL0 Partition support
      • 14.10. References
    • 15. Secure Partition Manager (MM)
      • 15.1. Foreword
      • 15.2. Background
      • 15.3. Introduction
      • 15.4. Description
        • 15.4.1. Building TF-A with Secure Partition support
        • 15.4.2. Describing Secure Partition resources
        • 15.4.3. Accessing Secure Partition services
        • 15.4.4. Exchanging data with the Secure Partition
      • 15.5. Runtime model of the Secure Partition
        • 15.5.1. Interface with SPM
        • 15.5.2. Miscellaneous interfaces
        • 15.5.3. Secure Partition Initialisation
        • 15.5.4. Runtime Event Delegation
        • 15.5.5. Secure Partition Memory Management
        • 15.5.6. Error Codes
    • 16. FF-A manifest binding to device tree
      • 16.1. Version 1.0
        • 16.1.1. Partition Properties
      • 16.2. Memory Regions
      • 16.3. Device Regions
    • 17. Translation (XLAT) Tables Library
      • 17.1. About version 1, version 2 and MPU libraries
      • 17.2. Design concepts and interfaces
        • 17.2.1. mmap regions
        • 17.2.2. Translation Context
        • 17.2.3. Static and dynamic memory regions
      • 17.3. Library APIs
      • 17.4. Library limitations
      • 17.5. Implementation details
        • 17.5.1. Code structure
        • 17.5.2. From mmap regions to translation tables
        • 17.5.3. The memory mapping algorithm
        • 17.5.4. TLB maintenance operations
    • 18. Chain of trust bindings
      • 18.1. cot
      • 18.2. Manifests and Certificate node bindings definition
      • 18.3. Images and Image node bindings definition
      • 18.4. non-volatile counter node binding definition
      • 18.5. Future update to chain of trust binding
    • 19. Realm Management Extension (RME)
      • 19.1. RME support in TF-A
        • 19.1.1. Changes to translation tables library
        • 19.1.2. Changes to context management
        • 19.1.3. Boot flow changes
        • 19.1.4. Granule Protection Tables (GPT) library
        • 19.1.5. RMM Dispatcher (RMMD)
        • 19.1.6. Test Realm Payload (TRP)
      • 19.2. Building and running TF-A with RME
        • 19.2.1. Building TF-A with TF-A Tests
        • 19.2.2. Four-world execution with Hafnium and TF-A Tests
        • 19.2.3. Running the tests
    • 20. Granule Protection Tables Library
      • 20.1. Design Concepts and Interfaces
        • 20.1.1. Defining PAS regions
        • 20.1.2. Level 0 and Level 1 Tables
        • 20.1.3. Granule Transition Service
      • 20.2. Library APIs
        • 20.2.1. API Constraints
        • 20.2.2. Sample Calculation for L0 memory size and alignment
        • 20.2.3. Sample calculation for L1 table size and alignment
  • System Design
    • 1. Alternative Boot Flows
      • 1.1. EL3 payloads alternative boot flow
        • 1.1.1. Booting an EL3 payload
      • 1.2. Preloaded BL33 alternative boot flow
    • 2. Authentication Framework & Chain of Trust
      • 2.1. Framework design
        • 2.1.1. Chain of Trust
        • 2.1.2. Image types
        • 2.1.3. Component responsibilities
        • 2.1.4. Authentication methods
      • 2.2. Specifying a Chain of Trust
        • 2.2.1. Describing the image parsing methods
        • 2.2.2. Describing the authentication method(s)
        • 2.2.3. Storing Authentication parameters
        • 2.2.4. Describing an image in a CoT
      • 2.3. Implementation example
        • 2.3.1. The TBBR CoT
        • 2.3.2. The image parser library
        • 2.3.3. The cryptographic library
    • 3. Arm CPU Specific Build Macros
      • 3.1. Security Vulnerability Workarounds
      • 3.2. CPU Errata Workarounds
      • 3.3. DSU Errata Workarounds
      • 3.4. CPU Specific optimizations
    • 4. Firmware Design
      • 4.1. Cold boot
        • 4.1.1. Dynamic Configuration during cold boot
        • 4.1.2. BL1
        • 4.1.3. BL2
        • 4.1.4. Running BL2 at EL3 execution level
        • 4.1.5. AArch64 BL31
        • 4.1.6. Using alternative Trusted Boot Firmware in place of BL1 & BL2 (AArch64 only)
        • 4.1.7. AArch32 EL3 Runtime Software entrypoint interface
      • 4.2. EL3 runtime services framework
        • 4.2.1. Registration
        • 4.2.2. Initialization
        • 4.2.3. Handling an SMC
      • 4.3. Exception Handling Framework
      • 4.4. Power State Coordination Interface
      • 4.5. Secure-EL1 Payloads and Dispatchers
        • 4.5.1. Initializing a BL32 Image
      • 4.6. Crash Reporting in BL31
      • 4.7. Guidelines for Reset Handlers
      • 4.8. Configuring secure interrupts
      • 4.9. CPU specific operations framework
        • 4.9.1. CPU specific Reset Handling
        • 4.9.2. CPU specific power down sequence
        • 4.9.3. CPU specific register reporting during crash
        • 4.9.4. CPU errata status reporting
      • 4.10. Memory layout of BL images
        • 4.10.1. Linker scripts and symbols
        • 4.10.2. How to choose the right base addresses for each bootloader stage image
      • 4.11. Firmware Image Package (FIP)
        • 4.11.1. Firmware Image Package layout
        • 4.11.2. Firmware Image Package creation tool
        • 4.11.3. Loading from a Firmware Image Package (FIP)
      • 4.12. Use of coherent memory in TF-A
        • 4.12.1. Disabling the use of coherent memory in TF-A
        • 4.12.2. Coherent memory usage in PSCI implementation
        • 4.12.3. Bakery lock data
        • 4.12.4. Non Functional Impact of removing coherent memory
      • 4.13. Isolating code and read-only data on separate memory pages
      • 4.14. Publish and Subscribe Framework
        • 4.14.1. Publish and Subscribe Example
        • 4.14.2. Reclaiming the BL31 initialization code
      • 4.15. Performance Measurement Framework
        • 4.15.1. Timestamp identifier format
        • 4.15.2. Registering a PMF service
        • 4.15.3. Capturing a timestamp
        • 4.15.4. Retrieving a timestamp
        • 4.15.5. PMF code structure
      • 4.16. Armv8-A Architecture Extensions
        • 4.16.1. Armv8.1-A
        • 4.16.2. Armv8.2-A
        • 4.16.3. Armv8.3-A
        • 4.16.4. Armv8.5-A
        • 4.16.5. Armv7-A
      • 4.17. Code Structure
    • 5. Interrupt Management Framework
      • 5.1. Concepts
        • 5.1.1. Interrupt types
        • 5.1.2. Routing model
        • 5.1.3. Valid routing models
        • 5.1.4. Mapping of interrupt type to signal
      • 5.2. Assumptions in Interrupt Management Framework
      • 5.3. Software components
      • 5.4. Interrupt registration
        • 5.4.1. EL3 runtime firmware
        • 5.4.2. Secure payload dispatcher
        • 5.4.3. Test secure payload dispatcher behavior
        • 5.4.4. Secure payload
        • 5.4.5. Test secure payload behavior
      • 5.5. Interrupt handling
        • 5.5.1. EL3 runtime firmware
        • 5.5.2. Secure payload dispatcher
        • 5.5.3. Secure payload interrupt handling
      • 5.6. Other considerations
        • 5.6.1. Implication of preempted SMC on Non-Secure Software
    • 6. PSCI Power Domain Tree Structure
      • 6.1. Requirements
      • 6.2. Design
        • 6.2.1. Describing a power domain tree
        • 6.2.2. Removing assumptions about MPIDRs used in a platform
        • 6.2.3. Traversing through and distinguishing between core and non-core power domains
        • 6.2.4. Populating the power domain tree
    • 7. CPU Reset
      • 7.1. General reset code flow
      • 7.2. Programmable CPU reset address
      • 7.3. Cold boot on a single CPU
      • 7.4. Programmable CPU reset address, Cold boot on a single CPU
      • 7.5. Using BL31 entrypoint as the reset address
        • 7.5.1. Determination of boot path
        • 7.5.2. Platform initialization
    • 8. Trusted Board Boot
      • 8.1. Chain of Trust
      • 8.2. Trusted Board Boot Sequence
      • 8.3. Authentication Framework
      • 8.4. Certificate Generation Tool
      • 8.5. Authenticated Encryption Framework
      • 8.6. Firmware Encryption Tool
    • 9. Building FIP images with support for Trusted Board Boot
  • Platform Ports
    • 1. Allwinner ARMv8 SoCs
      • 1.1. Building TF-A
      • 1.2. Installation
      • 1.3. Memory layout
        • 1.3.1. A64, H5 and H6 SoCs
        • 1.3.2. H616 SoC
      • 1.4. Trusted OS dispatcher
    • 2. Arm Development Platforms
      • 2.1. Arm Juno Development Platform
        • 2.1.1. Platform-specific build options
        • 2.1.2. Running software on Juno
        • 2.1.3. Preparing TF-A images
        • 2.1.4. Booting Firmware Update images
        • 2.1.5. Booting an EL3 payload
        • 2.1.6. Booting a preloaded kernel image
        • 2.1.7. Testing System Suspend
        • 2.1.8. Additional Resources
      • 2.2. Arm Fixed Virtual Platforms (FVP)
        • 2.2.1. Fixed Virtual Platform (FVP) Support
        • 2.2.2. Arm FVP Platform Specific Build Options
        • 2.2.3. Booting Firmware Update images
        • 2.2.4. Booting an EL3 payload
        • 2.2.5. Booting a preloaded kernel image (Base FVP)
      • 2.3. ARM V8-R64 Fixed Virtual Platform (FVP)
        • 2.3.1. Boot Sequence
      • 2.4. Arm Versatile Express
        • 2.4.1. Boot Sequence
        • 2.4.2. How to build
      • 2.5. TC Total Compute Platform
        • 2.5.1. Boot Sequence
      • 2.6. Arm FPGA Platform
        • 2.6.1. Platform-specific build options
        • 2.6.2. Building the TF-A image
        • 2.6.3. Running the TF-A image
      • 2.7. Arm Development Platform Build Options
        • 2.7.1. Arm Platform Build Options
        • 2.7.2. Arm CSS Platform-Specific Build Options
      • 2.8. Morello Platform
        • 2.8.1. Boot Sequence
      • 2.9. Diphda Platform
        • 2.9.1. Boot Sequence
    • 3. Deprecated platforms
      • 3.1. Process of deprecating a platform
      • 3.2. List of deprecated platforms
    • 4. Amlogic Meson A113D (AXG)
    • 5. Amlogic Meson S905 (GXBB)
    • 6. Amlogic Meson S905x (GXL)
    • 7. Amlogic Meson S905X2 (G12A)
    • 8. HiKey
      • 8.1. How to build
        • 8.1.1. Code Locations
        • 8.1.2. Build Procedure
      • 8.2. Setup Console
      • 8.3. Flash images in recovery mode
      • 8.4. Boot UEFI in normal mode
    • 9. HiKey960
      • 9.1. How to build
        • 9.1.1. Code Locations
        • 9.1.2. Build Procedure
      • 9.2. Setup Console
      • 9.3. Boot UEFI in recovery mode
      • 9.4. Boot UEFI in normal mode
    • 10. Intel Agilex SoCFPGA
      • 10.1. How to build
        • 10.1.1. Code Locations
        • 10.1.2. Build Procedure
        • 10.1.3. Install Procedure
      • 10.2. Boot trace
    • 11. Intel Stratix 10 SoCFPGA
      • 11.1. How to build
        • 11.1.1. Code Locations
        • 11.1.2. Build Procedure
        • 11.1.3. Install Procedure
      • 11.2. Boot trace
    • 12. Marvell
      • 12.1. TF-A Build Instructions for Marvell Platforms
        • 12.1.1. Build Instructions
        • 12.1.2. Special Build Flags
        • 12.1.3. Build output
        • 12.1.4. Tools and external components installation
      • 12.2. TF-A Porting Guide for Marvell Platforms
        • 12.2.1. Source Code Structure
        • 12.2.2. Armada-70x0/Armada-80x0 Porting
      • 12.3. Address decoding flow and address translation units of Marvell Armada 8K SoC family
      • 12.4. AMB - AXI MBUS address decoding
        • 12.4.1. Mandatory functions
        • 12.4.2. Mandatory structures
        • 12.4.3. Examples
      • 12.5. Marvell CCU address decoding bindings
        • 12.5.1. Mandatory functions
        • 12.5.2. Mandatory structures
        • 12.5.3. Example
      • 12.6. Marvell IO WIN address decoding bindings
        • 12.6.1. Mandatory functions
        • 12.6.2. Mandatory structures
        • 12.6.3. Example
      • 12.7. Marvell IOB address decoding bindings
        • 12.7.1. Mandatory functions
        • 12.7.2. Mandatory structures
        • 12.7.3. Target ID options
        • 12.7.4. Example
    • 13. MediaTek 8183
      • 13.1. Boot Sequence
      • 13.2. How to Build
    • 14. MediaTek 8192
      • 14.1. Boot Sequence
      • 14.2. How to Build
    • 15. MediaTek 8195
      • 15.1. Boot Sequence
      • 15.2. How to Build
    • 16. NVIDIA Tegra
      • 16.1. Directory structure
      • 16.2. Trusted OS dispatcher
      • 16.3. Scatter files
      • 16.4. Preparing the BL31 image to run on Tegra SoCs
      • 16.5. Power Management
      • 16.6. Tegra configs
    • 17. NXP i.MX7 WaRP7
      • 17.1. Boot Flow
      • 17.2. Build Instructions
        • 17.2.1. U-Boot
        • 17.2.2. OP-TEE
        • 17.2.3. TF-A
        • 17.2.4. FIP
      • 17.3. Deploy Images
      • 17.4. Signing BL2
    • 18. NXP i.MX 8 Series
      • 18.1. Boot Sequence
      • 18.2. How to build
        • 18.2.1. Build Procedure
        • 18.2.2. Deploy TF-A Images
    • 19. NXP i.MX 8M Series
      • 19.1. Boot Sequence
      • 19.2. How to build
        • 19.2.1. Build Procedure
        • 19.2.2. Deploy TF-A Images
      • 19.3. TBBR Boot Sequence
    • 20. NXP QorIQ® LS1043A
      • 20.1. LS1043ARDB Specification:
      • 20.2. Boot Sequence
      • 20.3. How to build
        • 20.3.1. Build Procedure
        • 20.3.2. Deploy TF-A Images
    • 21. NXP Reference Development Platforms
      • 21.1. 1. NXP SoCs - Overview
        • 21.1.1. 1.1. Table of supported boot-modes by each platform & platform that needs FIP-DDR:
        • 21.1.2. 1.2. Boot Sequence
        • 21.1.3. 1.3. Boot Sequence with FIP-DDR
        • 21.1.4. 1.4. DDR Memory Layout
      • 21.2. 2. How to build
        • 21.2.1. 2.1. Code Locations
        • 21.2.2. 2.2. Build Procedure
      • 21.3. 3. Deploy ATF Images
      • 21.4. 4. Trusted Board Boot:
      • 21.5. Steps to blow fuses on NXP LS SoC:
      • 21.6. Second method to do the fuse provsioning:
      • 21.7. NXP Platforms:
        • 21.7.1. Bare-Minimum Preparation to run TBBR on NXP Platforms:
        • 21.7.2. Two options are provided for TRUSTED_BOARD_BOOT:
      • 21.8. Option 1: CoT using X 509 certificates
      • 21.9. Option 2: CoT using NXP CSF headers.
        • 21.9.1. Deploy ATF Images
        • 21.9.2. Verification to check if Secure state is achieved:
    • 22. Poplar
      • 22.1. How to build
        • 22.1.1. Code Locations
        • 22.1.2. Build Procedure
      • 22.2. Install Procedure
      • 22.3. Boot trace
    • 23. QEMU virt Armv8-A
      • 23.1. Getting non-TF images
      • 23.2. Booting via semi-hosting option
      • 23.3. Booting via flash based firmwares
    • 24. QEMU SBSA Target
    • 25. Qualcomm Technologies, Inc.
      • 25.1. Boot Trace
      • 25.2. How to build
        • 25.2.1. Code Locations
        • 25.2.2. Build Procedure
    • 26. Raspberry Pi 3
      • 26.1. Design
        • 26.1.1. Placement of images
        • 26.1.2. Boot sequence
        • 26.1.3. Secondary cores
      • 26.2. Build Instructions
        • 26.2.1. Building the firmware for kernels that don’t support PSCI
        • 26.2.2. Building the firmware for kernels that support PSCI
      • 26.3. AArch64 kernel build instructions
      • 26.4. Setup SD card
    • 27. Raspberry Pi 4
      • 27.1. Build Instructions
      • 27.2. TF-A port design
    • 28. Renesas R-Car
      • 28.1. Renesas R-Car Gen3 evaluation boards:
      • 28.2. Overview
      • 28.3. How to build
        • 28.3.1. Build Tested:
        • 28.3.2. System Tested:
        • 28.3.3. TF-A Build Procedure
        • 28.3.4. Install Procedure
      • 28.4. Boot trace
    • 29. Renesas RZ/G
      • 29.1. Renesas RZ/G2 reference platforms:
      • 29.2. Overview
      • 29.3. How to build
        • 29.3.1. Build Tested:
        • 29.3.2. System Tested:
        • 29.3.3. TF-A Build Procedure
        • 29.3.4. Install Procedure
      • 29.4. Boot trace
    • 30. Rockchip SoCs
      • 30.1. Boot Sequence
      • 30.2. How to build
      • 30.3. How to deploy
    • 31. Socionext UniPhier
      • 31.1. Boot Flow
      • 31.2. Basic Build
      • 31.3. Optional features
    • 32. Socionext Synquacer
      • 32.1. How to build
        • 32.1.1. Code Locations
        • 32.1.2. Boot Flow
        • 32.1.3. Build Procedure
        • 32.1.4. Install the System Firmware
    • 33. STMicroelectronics STM32MP1
      • 33.1. STM32MP1 Versions
      • 33.2. Design
        • 33.2.1. Boot with FIP
        • 33.2.2. STM32IMAGE bootchain
        • 33.2.3. Memory mapping
        • 33.2.4. Boot sequence
      • 33.3. Build Instructions
        • 33.3.1. Boot with FIP
        • 33.3.2. STM32IMAGE bootchain
      • 33.4. Populate SD-card
        • 33.4.1. Boot with FIP
        • 33.4.2. STM32IMAGE bootchain
    • 34. Texas Instruments K3
      • 34.1. Boot Flow
      • 34.2. Build Instructions
      • 34.3. Deploy Images
    • 35. Xilinx Versal
      • 35.1. Xilinx Versal platform specific build options
      • 35.2. # PLM->TF-A Parameter Passing
    • 36. Xilinx Zynq UltraScale+ MPSoC
      • 36.1. ZynqMP platform specific build options
      • 36.2. FSBL->TF-A Parameter Passing
      • 36.3. Power Domain Tree
    • 37. Broadcom Stingray
      • 37.1. Description
      • 37.2. Boot Sequence
        • 37.2.1. Code Locations
      • 37.3. How to build
        • 37.3.1. Build Procedure
        • 37.3.2. Deploy TF-A Images
  • Performance & Testing
    • 1. PSCI Performance Measurements on Arm Juno Development Platform
      • 1.1. Method
      • 1.2. Results and Commentary
        • 1.2.1. CPU_SUSPEND to deepest power level on all CPUs in parallel
        • 1.2.2. CPU_SUSPEND to power level 0 on all CPUs in parallel
        • 1.2.3. CPU_SUSPEND to deepest power level on all CPUs in sequence
        • 1.2.4. CPU_SUSPEND to power level 0 on all CPUs in sequence
        • 1.2.5. CPU_OFF on all non-lead CPUs in sequence then CPU_SUSPEND on lead CPU to deepest power level
        • 1.2.6. PSCI_VERSION on all CPUs in parallel
    • 2. Test Secure Payload (TSP) and Dispatcher (TSPD)
      • 2.1. Building the Test Secure Payload
    • 3. Performance Monitoring Unit
      • 3.1. PMU Counters
        • 3.1.1. Architectural mappings
      • 3.2. Configuring the PMU for counting events
        • 3.2.1. Architectural mappings
        • 3.2.2. Relevant register fields
  • Security Advisories
    • 1. Advisory TFV-1 (CVE-2016-10319)
    • 2. Advisory TFV-2 (CVE-2017-7564)
    • 3. Advisory TFV-3 (CVE-2017-7563)
    • 4. Advisory TFV-4 (CVE-2017-9607)
    • 5. Advisory TFV-5 (CVE-2017-15031)
    • 6. Advisory TFV-6 (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754)
      • 6.1. Variant 1 (CVE-2017-5753)
      • 6.2. Variant 2 (CVE-2017-5715)
      • 6.3. Variant 3 (CVE-2017-5754)
    • 7. Advisory TFV-7 (CVE-2018-3639)
      • 7.1. Static mitigation
      • 7.2. Dynamic mitigation
    • 8. Advisory TFV-8 (CVE-2018-19440)
  • Design Documents
    • 1. TF-A CMake buildsystem
      • 1.1. Abstract
      • 1.2. Introduction
      • 1.3. Main features
        • 1.3.1. Structured configuration description
        • 1.3.2. Target description
        • 1.3.3. Compiler abstraction
        • 1.3.4. External tools
      • 1.4. Workflow
      • 1.5. Example
    • 2. Interaction between Measured Boot and an fTPM (PoC)
      • 2.1. Components
      • 2.2. Building the PoC for the Arm FVP platform
      • 2.3. Running and using the PoC on the Armv8-A Foundation AEM FVP
      • 2.4. Fine-tuning the fTPM TA
  • Threat Model
    • 1. Generic threat model
      • 1.1. Introduction
      • 1.2. Target of Evaluation
        • 1.2.1. Data Flow Diagram
      • 1.3. Threat Analysis
        • 1.3.1. Assets
        • 1.3.2. Threat Agents
        • 1.3.3. Threat Types
        • 1.3.4. Threat Risk Ratings
        • 1.3.5. Threat Assessment
    • 2. SPMC threat model
      • 2.1. Introduction
      • 2.2. Target of Evaluation
        • 2.2.1. Data Flow Diagram
      • 2.3. Threat Analysis
        • 2.3.1. Trust boundaries
        • 2.3.2. Assets
        • 2.3.3. Threat Agents
        • 2.3.4. Threat types
        • 2.3.5. Threat Assessment
  • Change Log & Release Notes
    • 2.6 (2021-11-22)
      • ⚠ BREAKING CHANGES
      • New Features
      • Resolved Issues
    • 2.5.0 (2021-05-17)
      • New Features
      • Changed
      • Resolved Issues
    • 2.4.0 (2020-11-17)
      • New Features
      • Changed
      • Resolved Issues
      • Known Issues
    • 2.3 (2020-04-20)
      • New Features
      • Changed
      • Resolved Issues
      • Known Issues
    • 2.2 (2019-10-22)
      • New Features
      • Changed
      • Resolved Issues
      • Deprecations
      • Known Issues
    • 2.1 (2019-03-29)
      • New Features
      • Changed
      • Resolved Issues
      • Deprecations
      • Known Issues
    • 2.0 (2018-10-02)
      • New Features
      • Issues resolved since last release
      • Known Issues
    • 1.6 (2018-09-21)
      • New Features
      • Issues resolved since last release
      • Known Issues
    • 1.5 (2018-03-20)
      • New features
      • Issues resolved since last release
      • Known Issues
    • 1.4 (2017-07-07)
      • New features
      • Issues resolved since last release
      • Known Issues
    • 1.3 (2016-10-13)
      • New features
      • Issues resolved since last release
      • Known issues
    • 1.2 (2015-12-22)
      • New features
      • Issues resolved since last release
      • Known issues
    • 1.1 (2015-02-04)
      • New features
      • Issues resolved since last release
      • Known issues
    • 1.0 (2014-08-28)
      • New features
      • Issues resolved since last release
      • Known issues
    • 0.4 (2014-06-03)
      • New features
      • Issues resolved since last release
      • Known issues
    • 0.3 (2014-02-28)
      • New features
      • Issues resolved since last release
      • Known issues
    • 0.2 (2013-10-25)
      • New features
      • Issues resolved since last release
      • Known issues
  • Glossary
  • License
    • SPDX Identifiers
    • Other Projects
Trusted Firmware-A
  • »
  • Performance & Testing
  • View page source
Previous Next

Performance & Testing

Contents

  • 1. PSCI Performance Measurements on Arm Juno Development Platform
  • 2. Test Secure Payload (TSP) and Dispatcher (TSPD)
  • 3. Performance Monitoring Unit

Copyright (c) 2019-2020, Arm Limited. All rights reserved.

Previous Next