Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-22 12:34:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #733 from danh-arm/dh/v1.3-final

Browse source 
Final updates for v1.3 release
This commit is contained in:
davidcunado-arm 2016-10-13 17:49:06 +01:00 committed by GitHub
commit 6bb37adc20
3 changed files with 297 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Makefile
View file

@ -32,7 +32,7 @@
# Trusted Firmware Version
#
VERSION_MAJOR := 1
VERSION_MINOR := 2
VERSION_MINOR := 3
# Default goal is build all images
.DEFAULT_GOAL := all

235
docs/change-log.md
View file

@ -1,3 +1,229 @@
ARM Trusted Firmware - version 1.3
==================================
New features
------------
* Added support for running Trusted Firmware in AArch32 execution state.
The PSCI library has been refactored to allow integration with **EL3 Runtime
Software**. This is software that is executing at the highest secure
privilege which is EL3 in AArch64 or Secure SVC/Monitor mode in AArch32. See
[PSCI Integration Guide].
Included is a minimal AArch32 Secure Payload, **SP-MIN**, that illustrates
the usage and integration of the PSCI library with EL3 Runtime Software
running in AArch32 state.
Booting to the BL1/BL2 images as well as booting straight to the Secure
Payload is supported.
* Improvements to the initialization framework for the PSCI service and ARM
Standard Services in general.
The PSCI service is now initialized as part of ARM Standard Service
initialization. This consolidates the initializations of any ARM Standard
Service that may be added in the future.
A new function `get_arm_std_svc_args()` is introduced to get arguments
corresponding to each standard service and must be implemented by the EL3
Runtime Software.
For PSCI, a new versioned structure `psci_lib_args_t` is introduced to
initialize the PSCI Library. **Note** this is a compatibility break due to
the change in the prototype of `psci_setup()`.
* To support AArch32 builds of BL1 and BL2, implemented a new, alternative
firmware image loading mechanism that adds flexibility.
The current mechanism has a hard-coded set of images and execution order
(BL31, BL32, etc). The new mechanism is data-driven by a list of image
descriptors provided by the platform code.
ARM platforms have been updated to support the new loading mechanism.
The new mechanism is enabled by a build flag (`LOAD_IMAGE_V2`) which is
currently off by default for the AArch64 build.
**Note** `TRUSTED_BOARD_BOOT` is currently not supported when
`LOAD_IMAGE_V2` is enabled.
* Updated requirements for making contributions to ARM TF.
Commits now must have a 'Signed-off-by:' field to certify that the
contribution has been made under the terms of the
[Developer Certificate of Origin].
A signed CLA is no longer required.
The [Contribution Guide] has been updated to reflect this change.
* Introduced Performance Measurement Framework (PMF) which provides support
for capturing, storing, dumping and retrieving time-stamps to measure the
execution time of critical paths in the firmware. This relies on defining
fixed sample points at key places in the code.
* To support the QEMU platform port, imported libfdt v1.4.1 from
https://git.kernel.org/cgit/utils/dtc/dtc.git
* Updated PSCI support:
* Added support for PSCI NODE_HW_STATE API for ARM platforms.
* New optional platform hook, `pwr_domain_pwr_down_wfi()`, in
`plat_psci_ops` to enable platforms to perform platform-specific actions
needed to enter powerdown, including the 'wfi' invocation.
* PSCI STAT residency and count functions have been added on ARM platforms
by using PMF.
* Enhancements to the translation table library:
* Limited memory mapping support for region overlaps to only allow regions
to overlap that are identity mapped or have the same virtual to physical
address offset, and overlap completely but must not cover the same area.
This limitation will enable future enhancements without having to
support complex edge cases that may not be necessary.
* The initial translation lookup level is now inferred from the virtual
address space size. Previously, it was hard-coded.
* Added support for mapping Normal, Inner Non-cacheable, Outer
Non-cacheable memory in the translation table library.
This can be useful to map a non-cacheable memory region, such as a DMA
buffer.
* Introduced the MT_EXECUTE/MT_EXECUTE_NEVER memory mapping attributes to
specify the access permissions for instruction execution of a memory
region.
* Enabled support to isolate code and read-only data on separate memory pages,
allowing independent access control to be applied to each.
* Enabled SCR_EL3.SIF (Secure Instruction Fetch) bit in BL1 and BL31 common
architectural setup code, preventing fetching instructions from non-secure
memory when in secure state.
* Enhancements to FIP support:
* Replaced `fip_create` with `fiptool` which provides a more consistent
and intuitive interface as well as additional support to remove an image
from a FIP file.
* Enabled printing the SHA256 digest with info command, allowing quick
verification of an image within a FIP without having to extract the
image and running sha256sum on it.
* Added support for unpacking the contents of an existing FIP file into
the working directory.
* Aligned command line options for specifying images to use same naming
convention as specified by TBBR and already used in cert_create tool.
* Refactored the TZC-400 driver to also support memory controllers that
integrate TZC functionality, for example ARM CoreLink DMC-500. Also added
DMC-500 specific support.
* Implemented generic delay timer based on the system generic counter and
migrated all platforms to use it.
* Enhanced support for ARM platforms:
* Updated image loading support to make SCP images (SCP_BL2 and SCP_BL2U)
optional.
* Enhanced topology description support to allow multi-cluster topology
definitions.
* Added interconnect abstraction layer to help platform ports select the
right interconnect driver, CCI or CCN, for the platform.
* Added support to allow loading BL31 in the TZC-secured DRAM instead of
the default secure SRAM.
* Added support to use a System Security Control (SSC) Registers Unit
enabling ARM TF to be compiled to support multiple ARM platforms and
then select one at runtime.
* Restricted mapping of Trusted ROM in BL1 to what is actually needed by
BL1 rather than entire Trusted ROM region.
* Flash is now mapped as execute-never by default. This increases security
by restricting the executable region to what is strictly needed.
* Applied following erratum workarounds for Cortex-A57: 833471, 826977,
829520, 828024 and 826974.
* Added support for Mediatek MT6795 platform.
* Added support for QEMU virtualization ARMv8-A target.
* Added support for Rockchip RK3368 and RK3399 platforms.
* Added support for Xilinx Zynq UltraScale+ MPSoC platform.
* Added support for ARM Cortex-A73 MPCore Processor.
* Added support for ARM Cortex-A72 processor.
* Added support for ARM Cortex-A35 processor.
* Added support for ARM Cortex-A32 MPCore Processor.
* Enabled preloaded BL33 alternative boot flow, in which BL2 does not load
BL33 from non-volatile storage and BL31 hands execution over to a preloaded
BL33. The User Guide has been updated with an example of how to use this
option with a bootwrapped kernel.
* Added support to build ARM TF on a Windows-based host machine.
* Updated Trusted Board Boot prototype implementation:
* Enabled the ability for a production ROM with TBBR enabled to boot test
software before a real ROTPK is deployed (e.g. manufacturing mode).
Added support to use ROTPK in certificate without verifying against the
platform value when `ROTPK_NOT_DEPLOYED` bit is set.
* Added support for non-volatile counter authentication to the
Authentication Module to protect against roll-back.
* Updated GICv3 support:
* Enabled processor power-down and automatic power-on using GICv3.
* Enabled G1S or G0 interrupts to be configured independently.
* Changed FVP default interrupt driver to be the GICv3-only driver.
**Note** the default build of Trusted Firmware will not be able to boot
Linux kernel with GICv2 FDT blob.
* Enabled wake-up from CPU_SUSPEND to stand-by by temporarily re-routing
interrupts and then restoring after resume.
Issues resolved since last release
----------------------------------
Known issues
------------
* The version of the AEMv8 Base FVP used in this release resets the model
instead of terminating its execution in response to a shutdown request using
the PSCI `SYSTEM_OFF` API. This issue will be fixed in a future version of
the model.
* Building TF with compiler optimisations disabled (`-O0`) fails.
* ARM TF cannot be built with mbed TLS version v2.3.0 due to build warnings
that the ARM TF build system interprets as errors.
* TBBR is not currently supported when running Trusted Firmware in AArch32
state.
ARM Trusted Firmware - version 1.2
==================================
@ -860,7 +1086,7 @@ releases of the ARM Trusted Firmware.
- - - - - - - - - - - - - - - - - - - - - - - - - -
_Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved._
_Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved._
[OP-TEE Dispatcher]: optee-dispatcher.md
[Power Domain Topology Design]: psci-pd-tree.md
@ -868,3 +1094,10 @@ _Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved._
[Authentication Framework]: auth-framework.md
[Firmware Update]: firmware-update.md
[TF Reset Design]: reset-design.md
[PSCI Integration Guide]: psci-lib-integration-guide.md
[Firmware Design]: firmware-design.md
[CPU Specific Build Macros]: cpu-specific-build-macros.md
[User Guide]: user-guide.md
[Porting Guide]: porting-guide.md
[Developer Certificate of Origin]: ../dco.txt
[Contribution Guide]: ../contributing.md

97
readme.md
View file

@ -1,4 +1,4 @@
ARM Trusted Firmware - version 1.2
ARM Trusted Firmware - version 1.3
==================================
ARM Trusted Firmware provides a reference implementation of secure world
@ -17,17 +17,25 @@ to the benefit of all developers working with ARMv8-A TrustZone technology.
License
-------
The software is provided under a BSD 3-Clause [license]. Certain source files
are derived from FreeBSD code: the original license is included in these
source files.
The software is provided under a BSD-3-Clause [license]. Contributions to this
project are accepted under the same license with developer sign-off as
described in the [Contributing Guidelines].
This project contains code from other projects as listed below. The original
license text is included in those source files.
* The stdlib source code is derived from FreeBSD code.
* The libfdt source code is dual licensed. It is used by this project under
the terms of the BSD-2-Clause license.
This Release
------------
This release provides a suitable starting point for productization of secure
world boot and runtime firmware. Future versions will contain new features,
optimizations and quality improvements.
world boot and runtime firmware, executing in either the AArch32 or AArch64
execution state.
Users are encouraged to do their own security validation, including penetration
testing, on any secure world code derived from ARM Trusted Firmware.
@ -42,7 +50,7 @@ testing, on any secure world code derived from ARM Trusted Firmware.
* Library support for CPU specific reset and power down sequences. This
includes support for errata workarounds.
* Drivers for both the version 2.0 and version 3.0 ARM Generic Interrupt
* Drivers for both versions 2.0 and 3.0 of the ARM Generic Interrupt
Controller specifications (GICv2 and GICv3). The latter also enables GICv3
hardware systems that do not contain legacy GICv2 support.
@ -53,18 +61,26 @@ testing, on any secure world code derived from ARM Trusted Firmware.
* SMC (Secure Monitor Call) handling, conforming to the [SMC Calling
Convention][SMCCC] using an EL3 runtime services framework.
* SMC handling relating to [PSCI] for the Secondary CPU Boot, CPU Hotplug,
CPU Idle and System Shutdown/Reset/Suspend use-cases.
* [PSCI] library support for the Secondary CPU Boot, CPU Hotplug, CPU Idle
and System Shutdown/Reset/Suspend use-cases.
This library is pre-integrated with the provided AArch64 EL3 Runtime
Software, and is also suitable for integration into other EL3 Runtime
Software.
* A minimal AArch32 Secure Payload to demonstrate [PSCI] library integration
on platforms with AArch32 EL3 Runtime Software.
* Secure Monitor library code such as world switching, EL1 context management
and interrupt routing. This must be integrated with a Secure-EL1 Payload
Dispatcher (SPD) component to customize the interaction with a Secure-EL1
Payload (SP), for example a Secure OS.
and interrupt routing.
When using the provided AArch64 EL3 Runtime Software, this must be
integrated with a Secure-EL1 Payload Dispatcher (SPD) component to
customize the interaction with a Secure-EL1 Payload (SP), for example a
Secure OS.
* A Test Secure-EL1 Payload and Dispatcher to demonstrate Secure Monitor
functionality and Secure-EL1 interaction with PSCI.
* A Test Secure-EL1 Payload and Dispatcher to demonstrate AArch64 Secure
Monitor functionality and Secure-EL1 interaction with PSCI.
* SPDs for the [OP-TEE Secure OS] and [NVidia Trusted Little Kernel]
* AArch64 SPDs for the [OP-TEE Secure OS] and [NVidia Trusted Little Kernel]
[NVidia TLK].
* A Trusted Board Boot implementation, conforming to all mandatory TBBR
@ -72,11 +88,12 @@ testing, on any secure world code derived from ARM Trusted Firmware.
Firmware Update (or recovery mode) boot flow, and packaging of the various
firmware images into a Firmware Image Package (FIP) to be loaded from
non-volatile storage.
The TBBR implementation is currently only supported in the AArch64 build.
* Support for alternative boot flows. Some platforms have their own boot
firmware and only require the ARM Trusted Firmware Secure Monitor
functionality. Other platforms require minimal initialization before
booting into an arbitrary EL3 payload.
firmware and only require the AArch64 EL3 Runtime Software provided by this
project. Other platforms require minimal initialization before booting
into an arbitrary EL3 payload.
For a full description of functionality and implementation details, please
see the [Firmware Design] and supporting documentation. The [Change Log]
@ -84,36 +101,46 @@ provides details of changes made since the last release.
### Platforms
This release of the Trusted Firmware has been tested on variants r0 and r1 of
the [Juno ARM Development Platform] [Juno] with [Linaro Release 15.10]
[Linaro Release Notes].
The AArch64 build of this release has been tested on variants r0, r1 and r2
of the [Juno ARM Development Platform] [Juno] with [Linaro Release 16.06].
The Trusted Firmware has also been tested on the 64-bit Linux versions of the
following ARM [FVP]s:
The AArch64 build of this release has been tested on the following ARM
[FVP]s (64-bit host machine only):
* `Foundation_Platform` (Version 9.4, Build 9.4.59)
* `FVP_Base_AEMv8A-AEMv8A` (Version 7.0, Build 0.8.7004)
* `FVP_Base_Cortex-A57x4-A53x4` (Version 7.0, Build 0.8.7004)
* `FVP_Base_Cortex-A57x1-A53x1` (Version 7.0, Build 0.8.7004)
* `FVP_Base_Cortex-A57x2-A53x4` (Version 7.0, Build 0.8.7004)
* `Foundation_Platform` (Version 10.1, Build 10.1.32)
* `FVP_Base_AEMv8A-AEMv8A` (Version 7.7, Build 0.8.7701)
* `FVP_Base_Cortex-A57x4-A53x4` (Version 7.7, Build 0.8.7701)
* `FVP_Base_Cortex-A57x1-A53x1` (Version 7.7, Build 0.8.7701)
* `FVP_Base_Cortex-A57x2-A53x4` (Version 7.7, Build 0.8.7701)
The AArch32 build of this release has been tested on the following ARM
[FVP]s (64-bit host machine only):
* `FVP_Base_AEMv8A-AEMv8A` (Version 7.7, Build 0.8.7701)
* `FVP_Base_Cortex-A32x4` (Version 10.1, Build 10.1.32)
The Foundation FVP can be downloaded free of charge. The Base FVPs can be
licensed from ARM: see [www.arm.com/fvp] [FVP].
This release also contains the following platform support:
* MediaTek MT6795 and MT8173 SoCs
* NVidia T210 and T132 SoCs
* MediaTek MT8173 SoC
* QEMU emulator
* RockChip RK3368 and RK3399 SoCs
* Xilinx Zynq UltraScale + MPSoC
### Still to Come
* Complete implementation of the [PSCI] v1.0 specification.
* Support for new CPUs and System IP.
* AArch32 TBBR support and ongoing TBBR alignment.
* More platform support.
* Optimization and quality improvements.
* Ongoing support for new architectural features, CPUs and System IP.
* Ongoing [PSCI] alignment and feature support.
* Ongoing security hardening, optimization and quality improvements.
For a full list of detailed issues in the current code, please see the [Change
Log] and the [GitHub issue tracker].
@ -147,7 +174,7 @@ ARM licensees may contact ARM directly via their partner managers.
- - - - - - - - - - - - - - - - - - - - - - - - - -
_Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved._
_Copyright (c) 2013-2016, ARM Limited and Contributors. All rights reserved._
[License]: ./license.md "BSD license for ARM Trusted Firmware"
@ -167,4 +194,4 @@ _Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved._
[GitHub issue tracker]: https://github.com/ARM-software/tf-issues/issues
[OP-TEE Secure OS]: https://github.com/OP-TEE/optee_os
[NVidia TLK]: http://nv-tegra.nvidia.com/gitweb/?p=3rdparty/ote_partner/tlk.git;a=summary
[Linaro Release Notes]: https://community.arm.com/docs/DOC-10952#jive_content_id_Linaro_Release_1510
[Linaro Release 16.06]: https://community.arm.com/docs/DOC-10952#jive_content_id_Linaro_Release_1606