Ref: https://linaro.atlassian.net/browse/TFC-669
The initial LTS document was created as pdf and was maintained in a
shared folder location, to avoid pdf getting lost and trying to find
where it is we decided to have LTS details part of docs in TF-A.
This patch directly reflects the data from pdf attached to TFC-669.
Any improvements or amends to this will be done at later phases based
on LTS maintainers comments and agreements.
Change-Id: I1434c29f0236161d2a127596e2cc528bf4cc3e85
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Add CCA Measured Boot and DPE measured boot backends to
the threat model.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I234a2400d00fea606c5312ebddf94e2624463ff8
Restructure Measured Boot threat model for more description and clarity:
- Add what critical assets are to be protected.
- Mention other attributes and the possible attacks.
- Rephrase the section that describes the Measured Boot backends.
Change-Id: I6577a56184992bf16f4aa1b773d1636781cbb049
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Abhi Singh <abhi.singh@arm.com>
The DPE implementation in RSS is aligned with the
Open Profile for DICE specification:
https://pigweed.googlesource.com/open-dice/
Type definitions are needed to specify the input
values for the DPE service. Instead of mandating to
clone the entire open-dice repo, the following file
is copied from the repository:
https://pigweed.googlesource.com/open-dice/+/refs/heads/main/include/dice/dice.h
Git SHA of the source version: cf549422e3
This is external code, with Apache 2.0 license, therefore
the license.rst is updated accordingly and a copy of this
license is also added.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ie84b8483034819d1143fe0ec812e66514ac7d4cb
Added an assumption in generic threat model that platform's hardware
conforms the Platform Security Requirements specification.
Change-Id: I753287feec1cd459edfd3d1c103e0e701827cc05
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Updated errata ABI feature enable flag and the errata non-arm
interconnect based flag, the default values for when the
feature is not enabled.
Change-Id: Ieb2144a1bc38f4ed684fda8280842a18964ba148
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
TF-A currently does not have any TPM2 driver for extending
measurements into a discrete TPM chip. In TPM-based attestation
scheme, measurements are just stored into a TCG-compatible event
log buffer in secure memory.
In light of the fact that Event Log measurements are taken by BL1 and
BL2, we need to trust these components to store genuine measurements,
and the Generic Threat Model always mitigates against attacks on these
components, therefore, there is no explicit document for the Measured
Boot threat model at this time is needed.
Change-Id: I41b037b2f5956d327b53cd834345e5aefdcfb5ef
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Threat model for EL3 SPMC.
The mitigations are based on the guidance
provided in FF-A v1.1 EAC0 spec.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I7f4c9370b6eefe6d1a7d1afac27e8b3a7b476072
Documented steps to run DRTM implementation.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I30dd8c1088a54a8906389c2584d922862610dae0
MPMM - the Maximum Power Mitigation Mechanism - is an optional
microarchitectural feature present on some Armv9-A cores, introduced
with the Cortex-X2, Cortex-A710 and Cortex-A510 cores.
MPMM allows the SoC firmware to detect and limit high activity events
to assist in SoC processor power domain dynamic power budgeting and
limit the triggering of whole-rail (i.e. clock chopping) responses to
overcurrent conditions.
This feature is enabled via the `ENABLE_MPMM` build option.
Configuration can be done via FCONF by enabling `ENABLE_MPMM_FCONF`, or
by via the plaform-implemented `plat_mpmm_topology` function.
Change-Id: I77da82808ad4744ece8263f0bf215c5a091c3167
Signed-off-by: Chris Kay <chris.kay@arm.com>
This change adds some documentation on the AMU and its purpose. This is
expanded on in later patches.
Change-Id: If2834676790938d8da5ea2ceba37b674f6cc0f01
Signed-off-by: Chris Kay <chris.kay@arm.com>
Rename the FF-A specification to:
Arm Firmware Framework for Arm A-profile
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4f9d29409d048e7a49832b95d39d2583c1fb5792
This adds the TRNG Firmware Interface Service to the standard
service dispatcher. This includes a method for dispatching entropy
requests to platforms and includes an entropy pool implementation to
avoid dropping any entropy requested from the platform.
Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
Documented the CPU specific build macros created for AT
speculative workaround.
Updated the description of 'ERRATA_SPECULATIVE_AT' errata
workaround option.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie46a80d4e8183c1d5c8b153f08742a04d41a2af2
SPCI is renamed as PSA FF-A which stands for Platform Security
Architecture Firmware Framework for A class processors.
This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
or simply FFA(in code).
Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
Signed-off-by: J-Alves <joao.alves@arm.com>
One of the current issues with the documentation is that terms and
abbreviations are frequently redefined. For example, we might have
a sentence like "... the SCP (System Control Processor) will ...".
These definitions might be repeated several times across pages, or
even within the same document. Equally, some of these abbreviations
are missed and are never expanded.
Sphinx provides a :term: keyword that takes some text and,
if that text is defined in a glossary document, links to its glossary
entry. Using this functionality will prevent repeated definitions
and will make the docs more maintainable by using a single
definition source.
The glossary added in this patch was created from a quick scrub of
the source code - there may be missing entries. The SDEI abbreviation
was used as an example.
Note that a global_substitutions file was created. This file contains
the RST 'replace' statements that convert plain text terms into linked
terms (by adding the ':term:' keyword to them). An example is:
.. |TF-A| replace:: :term:`TF-A`
The 'rst_prolog' variable in conf.py is used to inject this list of
replacements into each page. Terms must be surrounded with the pipe
character to be turned into links - this means that we can still
prevent certain terms from being linked if we don't want them to be.
Change-Id: I87010ed9cfa4a60011a9b4a431b98cb4bb7baa28
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
