Hello Sumit,
Thank you for reworking the patches and addressing all of my review
comments. I am happy with the latest version of these and consider them
ready to go. I plan to leave them in Gerrit for another week to give
extra time for other potential reviewers to have a look and comment.
To everyone on the list: Please raise any concerns you may have about
these patches in the coming week. If I don't hear anything by 29th
January 2020, I will merge these patches.
@Sumit: One of the next actions for this patch stack would be to have
some level of testing in the CI system to detect any potential
regressions. We (at Arm) can quite easily add a few build tests but then
testing the software stack on QEMU is a bit more involved for various
reasons (first instance of QEMU testing, dependencies on OPTEE, UEFI,
...) so this might have to wait for some time.
Regards,
Sandrine
Hi Iñigo,
We needs a little bit more information to know how best to answer your question. Is this just an academic question of is there a real use case you are trying to decide on which way to go?
Its not so much a question of which architecture is easier its just that they are different with Cortex-M powering the most energy-efficient embedded devices where as Cortex-A is offering supreme performance at optimal power. Each architecture offers different hardware constraints and the secure TrustZone is implemented to handle each and an ecosystem of solutions surrounds each.
If this is an academic question I would refer you to Arm's pages on TrustZone as a starting point:
https://www.arm.com/why-arm/technologies/trustzone-for-cortex-mhttps://www.arm.com/why-arm/technologies/trustzone-for-cortex-a
If there is need for guidance on a specific solution or difficulties you are trying to overcome while building a solution please give us some more details.
Thanks
Joanna
On 22/01/2020, 08:07, "TF-A on behalf of Iñigo Vicente Waliño via TF-A" <tf-a-bounces(a)lists.trustedfirmware.org on behalf of tf-a(a)lists.trustedfirmware.org> wrote:
Hi,
Can someone explain to me why it is easier to implement a secure TrustZone
environment with secure boot and storage and PSA certificate in cortex-M
than in cortex-A?
Who better implements a safe environment: cortex-M or cortex-A? Why?
Thanks.
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi,
Can someone explain to me why it is easier to implement a secure TrustZone
environment with secure boot and storage and PSA certificate in cortex-M
than in cortex-A?
Who better implements a safe environment: cortex-M or cortex-A? Why?
Thanks.
Please revert the removal of RSA PKCS#1 v1.5 support from cert_tool:
https://github.com/ARM-software/arm-trusted-firmware/commit/6a415a508ea6ace…
We have products shipping with such support. I think this problem came
up before when somebody tried removing such support.
They still need to run with the latest yocto codebase.
Regards,
Scott
Hi Varun,
It can be a challenge to keep on top of the reviews and we are aware of the backlog increase after the end of year break and trying different approaches to get reviews completed.
Any suggestions on process improvements from the developer community at large are welcome.
Cheers
Joanna
On 16/01/2020, 17:34, "TF-A on behalf of Varun Wadekar via TF-A" <tf-a-bounces(a)lists.trustedfirmware.org on behalf of tf-a(a)lists.trustedfirmware.org> wrote:
Hello,
We (NVIDIA) frequently post changes on the TF-A gerrit dashboard and wait for the maintainers to gradually get to them. This is very time consuming and non-deterministic.
Curious to know if other developers face the same problems or are we missing something when asking for reviews? If most of us face the same problems, then we should try to formulate a process to reduce the latency.
Thoughts?
-Varun
-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hello,
We (NVIDIA) frequently post changes on the TF-A gerrit dashboard and wait for the maintainers to gradually get to them. This is very time consuming and non-deterministic.
Curious to know if other developers face the same problems or are we missing something when asking for reviews? If most of us face the same problems, then we should try to formulate a process to reduce the latency.
Thoughts?
-Varun
-----------------------------------------------------------------------------------
This email message is for the sole use of the intended recipient(s) and may contain
confidential information. Any unauthorized review, use, disclosure or distribution
is prohibited. If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message.
-----------------------------------------------------------------------------------
On 13/12/2019 22:04, Julius Werner via TF-A wrote:
> On Fri, Dec 13, 2019 at 6:20 AM Joanna Farley <Joanna.Farley(a)arm.com> wrote:
>> On the subject of DebugFS's purpose it was envisages and is today as Sandrine describes as a debug build only capability. Saying that though there has been some early thoughts that it could evolve into a Secure Debug feature where this type of capability or something like it is always on requiring debug certificates for authenticated access. This is something very much for a possible future evolution and is not in the patches available today. We would welcome any thoughts on such an evolution in this space.
>
> I guess this gets into a bit of a philosophy discussion and becomes a
> matter of opinion, so there's probably no one right answer.
> Personally, adding authentication on top of this doesn't really
> resolve my concerns and adds yet more on top. I'm a strong proponent
> of the concept of a minimal Trusted Computing Base, i.e. keeping the
> amount of code executing at the highest privilege level as small and
> low-complexity as possible. Any code can have bugs, so the idea is
> that the more complicated the code you run in EL3 is (and the more
> complicated APIs it exposes), the more likely it becomes that you
> accidentally have an exploitable vulnerability in there. Like a p9
> filesystem driver, a certificate-based authentication system
> (especially if it's based on x509/ASN.1 which are notoriously hard to
> implement safely) is a pretty complex piece of code with a pretty
> large attack surface that I'd rather not have in my EL3 firmware if I
> can avoid it. I understand that for certain use cases you may need
> something like this (if you really want a very extensive and
> extensible debugging API that must be restricted to a few
> authenticated actors), but in my use case I really just need the
> ability to trigger one small debugging feature and that feature itself
> doesn't need to be restricted, so a minimal SMC interface would work
> much better for that case.
Hi Julius,
Just to trying to understand, if TF-A were to expose a crash inducing
SMC, this would still be restricted to special builds for your test runs
? This would not make it to production for Chromebook right ?
I agree 9p filesystem is not desirable in a EL3 runtime firmware. We
could enhance it to use a more tight data structure, if there is a
desire in that direction.
If that is the case, leaving aside the 9p filesystem issues, can
DebugFS serve this requirement (we can remove the limitation that it is
restricted to only Debug builds) ?
The intention that DebugFS can prove useful atleast in the
verification/testing space and if there is more we can do to get there,
it would be good to know.
>
>> On 13/12/2019, 13:01, "TF-A on behalf of Sandrine Bailleux via TF-A" <tf-a-bounces(a)lists.trustedfirmware.org on behalf of tf-a(a)lists.trustedfirmware.org> wrote:
>> Going back to the SMC-based solution then, I am not quite convinced
>> SYSTEM_RESET2 is the right interface for intentionally triggering a
>> panic in TF-A. I think the semantics do not quite match. If anything, a
>> firmware crash seems more like a shutdown operation to me rather than a
>> reset (we don't recover from a firmware crash). I am not even sure we
>> should look into the PSCI SMC range, as it's not a power-management
>> operation.
>
> Crash recovery behavior is platform dependent (via
> plat_panic_handler()). On all the platforms we use in Chrome OS we
> have that implemented as a system reboot. I think for most systems
> (whether it's a Chromebook, a server or some embedded device) that's
> probably what you want for random runtime crashes (and least in a
> production environment), but I agree that TF doesn't enforce any
> standard behavior so it's hard to clearly match it to one or the other
> SMC.
>
>> So it sounds like it's not the first time that you hit this issue, is
>> it? Do you have any other example of Normal World OS feature you would
>> have liked to expose through a generic SMC interface? I am wondering
>> whether this could help choosing the right SMC range, if we can identify
>> some common criteria among a set of such features.
>
> No, it's the first time I've really run into this. But I think we
> might quickly come up with more uses for a "non-secure OS" SMC range
> if we had one. We often see roughly the same SMC again on different
> platforms, because fundamentally they usually need to do the same
> kinds of things -- for example, most platforms have some kind of DDR
> frequency scaling which always needs part of it implemented in EL3, so
> they all need some kind of SMC to switch to a new DDR frequency. Many
> also need some kind of "write value to secure register" SMC that just
> allows the non-secure OS to write a few whitelisted registers that are
> only accessible in EL3 for some reason. If we could standardize these
> interfaces in a non-vendor-specific SMC range, we might be able to
> reduce some code duplication both on the TF and the Linux side.
>
> I guess none of these things are really Linux-specific, now that I
> think of it. So really, I guess the problem is that it would be great
> to have a range of "generic" SMC IDs that can be easily and
> unbureaucratically allocated to try out new features, without having
> to ask Arm to write a big specification document about it every time.
> It's sort of a development velocity issue.
>
We have utilized the ARM SiP range for some "generic" purposes in the
past (see PMF and the execution state switch SMCs). This could be
direction for the some of use-cases. But if the SMCs are meant to be
truly generic and to be relied on for use by generic normal world
software components, it would need to be properly specified I would think.
For dynamically modifying some EL3 registers, it would be good to get
these requirements out. Perhaps there is scope for architecting some of
them as an ARM specification. If not, we could revert to a TF-A standard
if there is enough pull for them (perhaps utilizing the ARM SiP range).
Best Regards
Soby Mathew
Hi
Just to add to this: Given that:
* Your BL31 is nearly 64KB on its own, and
* DDR attacks are more feasible on runtime resident code (e.g. BL31)
Perhaps another more secure solution would be to do DDR init in BL1 or a new transient BL1.5 stage in SRAM. That way you could run BL31 in SRAM, and BL2 and other boot stages in DDR. You would still need to cut down the BL1_RW size though for this to work.
One way to cut down the memory used for page tables is to map all the required memory/devices in larger/fewer address ranges, and align the ranges on block boundaries (i.e. 2MB or 1GB for 4KB translation granules). Although this means mapping in unused address space, which might be less secure, it uses less memory for page tables.
Regards
Dan.
> -----Original Message-----
> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Soby Mathew
> via TF-A
> Sent: 13 January 2020 15:13
> To: Raghupathy Krishnamurthy <raghu.ncstate(a)icloud.com>; "严鸿亮(鸿先)"
> <hongxian.yhl(a)alibaba-inc.com>; tf-a(a)lists.trustedfirmware.org
> Cc: nd <nd(a)arm.com>
> Subject: Re: [TF-A] 回复:回复: MMU Table in ARM Trust-Firmware-A
>
> [Adding back TF-A list]
> Hi Raghu
> Since the same DRAM is partitioned to run both non-secure and secure software,
> it is susceptible to Row Hammer attacks. Also depending on how accessible the
> DRAM interface is, the DDR PHY can be probed for transactions. If the DRAM is
> removable, then it can be deep frozen to retain values and plugged into
> another system to extract contents. Hence the less `secure` comment.
>
> Best Regards
> Soby Mathew
>
> From: Raghupathy Krishnamurthy <raghu.ncstate(a)icloud.com>
> Sent: 13 January 2020 14:36
> To: "严鸿亮(鸿先)" <hongxian.yhl(a)alibaba-inc.com>
> Cc: Soby Mathew <Soby.Mathew(a)arm.com>; Xie, Shaolin <shaolin.xie@alibaba-
> inc.com>; nd <nd(a)arm.com>
> Subject: Re: [TF-A] 回复:回复: MMU Table in ARM Trust-Firmware-A
>
> Hi Soby,
>
> >>It is possible to create a secure carve-out in DDR and execute BL31
> >>from there. It is less `secure` than running from SRAM but it is
> >>acceptable for some market segments depending on the threat model.
>
>
> Can you elaborate on why you say it is less "secure" to run out of DDR?
>
>
> -Raghu
>
> On January 13, 2020 at 4:36 AM, "严鸿亮(鸿先) via TF-A" <tf-
> a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>> wrote:
> Hi Soby,
>
> Many thanks for your advice. I will try to RUN BL2 as Boot ROM and try to
> reduce the BL31 size. Hope BL2_NOPROGBITS+BL31 can be restricted below 64KB.
> Wish me good luck:).
>
> Best Regards
> Yan Hongliang
>
>
>
>
>
>
>
> ------------------------------------------------------------------
> 发件人:Soby Mathew <Soby.Mathew(a)arm.com<mailto:Soby.Mathew@arm.com>>
> 发送时间:2020年1月13日(星期一) 19:37
> 收件人:严鸿亮(鸿先) <hongxian.yhl(a)alibaba-inc.com<mailto:hongxian.yhl@alibaba-
> inc.com>>; "Xie, Shaolin" <shaolin.xie@alibaba-
> inc.com<mailto:shaolin.xie@alibaba-inc.com>>; tf-
> a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> <tf-
> a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>
> 抄 送:nd <nd(a)arm.com<mailto:nd@arm.com>>; Ash Wilding
> <Ash.Wilding(a)arm.com<mailto:Ash.Wilding@arm.com>>
> 主 题:RE: 回复:[TF-A] MMU Table in ARM Trust-Firmware-A
>
> Hi Yan,
> OK, sounds good. From your description of the platform, having BL2 as the
> Boot ROM is worth exploring. This way, you avoid the BL1_RW , BL2_PROGBITS
> memory overhead. BL2_NOPROGBITS will need to be in SRAM. See the BL2_AT_EL3
> and BL2_IN_XIP_MEM build flags for details. This depends on BL31 being able
> to fit in the free space available after this is done. One option is using
> the RECLAIM_INIT_CODE option which reclaims BL31 init-only code for runtime
> data but it needs platform specific linker script support. There are other
> ways to reduce the BL31 size, but trading security like
> SEPARATE_CODE_AND_RODATA=0 or trading performance like USE_COHERENT_MEM=0.
> Hope that helps.
> Best Regards
> Soby Mathew
> From: 严鸿亮(鸿先) <hongxian.yhl(a)alibaba-inc.com<mailto:hongxian.yhl@alibaba-
> inc.com>>
> Sent: 11 January 2020 06:04
> To: Soby Mathew <Soby.Mathew(a)arm.com<mailto:Soby.Mathew@arm.com>>; Xie,
> Shaolin <shaolin.xie(a)alibaba-inc.com<mailto:shaolin.xie@alibaba-inc.com>>;
> tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>
> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>; Ash Wilding
> <Ash.Wilding(a)arm.com<mailto:Ash.Wilding@arm.com>>
> Subject: 回复:[TF-A] MMU Table in ARM Trust-Firmware-A Hi Soby, Thanks for
> your replies.
> Currently, out BL2 size is 60KB, BL1_RW is 28KB, BL31_PROGBITS is 48KB,
> BL31_NOPROGBITS is 24KB. For our testchip, we don't have too strictly
> security requirement, so maybe putting BL31 into DDR is a way to save SRAM
> and we don't need to worry about PROGBITS limit between BL31 and BL2.
> For BL1_RW and BL2, there is 40KB used for MMU table. After I disable the MMU
> related code in arm_bl1_plat_arch_setup()/arm_bl2_plat_arch_setup() and also
> disable the build of xlat_table_lib, this 40KB space is saved. If the
> consequence is decreasing performance and losing MMU protection without any
> other functionality problem, then we might try this.
>
> Best Regards
> Yan Hongliang
>
>
>
>
>
>
> ------------------------------------------------------------------
> 发件人:Soby Mathew <Soby.Mathew(a)arm.com<mailto:Soby.Mathew@arm.com>>
> 发送时间:2020年1月10日(星期五) 18:27
> 收件人:"Xie, Shaolin" <shaolin.xie@alibaba-
> inc.com<mailto:shaolin.xie@alibaba-inc.com>>; tf-
> a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> <tf-
> a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>
> 抄 送:nd <nd(a)arm.com<mailto:nd@arm.com>>; 严鸿亮(鸿先) <hongxian.yhl@alibaba-
> inc.com<mailto:hongxian.yhl@alibaba-inc.com>>; Ash Wilding
> <Ash.Wilding(a)arm.com<mailto:Ash.Wilding@arm.com>>
> 主 题:Re: [TF-A] MMU Table in ARM Trust-Firmware-A
>
> On 10/01/2020 09:05, shaolin.xie via TF-A wrote:
> > Hey all:
> >
> > We are trying to port ARM Trust-Firmware-A to our design, however, we are
> facing serious SRAM size problem.
> >
> > Our target SRAM is 64KB, but the compiled BL2 already taken 60K:
> >
> > After some evaluation, we found that the MMU table take most of the space.
> Our questions are:
> Hi Shaolin,
> There are some options to reduce the memory used for page-tables like using
> non-identity virtual to physical mappings. But given your SRAM size, I
> suspect you may not save enough to fit BL31.
>
> >
> > 1. Can we disable the MMU so we can fit the BL2 into 64KB space?
> > (However, in ARM's porting guide, enable MMU and icache/dcache is
> > mandatory. Refer to chapter 7.3 in
> > https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/por
> > ting-guide.html#introduction
> > <https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/po
> > rting-guide.html#introduction>.)
>
> This is a possibility although not recommended for performance reasons and
> you lose the protection of MMU during BL2 execution. This is not a
> configuration we support an I suspect some changes to BL2 code may be
> required for this.
>
> >
> > 2. In current design, BL31 is run in SRAM. If we enable DDR in BL2 and load
> BL31 image to DDR, is there any potential issue?
> >
> > Thanks in advances,
> >
> >
>
> It is possible to create a secure carve-out in DDR and execute BL31 from
> there. It is less `secure` than running from SRAM but it is acceptable for
> some market segments depending on the threat model.
>
> You target SRAM of 64 KB is on the lower side and fitting both BL2 and
> BL31 in that space could be a challenge.
>
> Could you let us know your BL2 and BL31 size and could you break down the
> size in terms of PROGBITS and NOPROG BITS? The BL31 NOPROG BITS are usually
> overlayed on top of BL2 memory and this will let us know whether fitting both
> in SRAM is even possible. If both cannot fit together in SRAM, there are
> other options you can explore like loading BL31 directly from BootROM or
> using BL2 as an XIP BootROM image.
>
> Best Regards
> Soby Mathew
>
>
>
>
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
[Adding back TF-A list]
Hi Raghu
Since the same DRAM is partitioned to run both non-secure and secure software, it is susceptible to Row Hammer attacks. Also depending on how accessible the DRAM interface is, the DDR PHY can be probed for transactions. If the DRAM is removable, then it can be deep frozen to retain values and plugged into another system to extract contents. Hence the less `secure` comment.
Best Regards
Soby Mathew
From: Raghupathy Krishnamurthy <raghu.ncstate(a)icloud.com>
Sent: 13 January 2020 14:36
To: "严鸿亮(鸿先)" <hongxian.yhl(a)alibaba-inc.com>
Cc: Soby Mathew <Soby.Mathew(a)arm.com>; Xie, Shaolin <shaolin.xie(a)alibaba-inc.com>; nd <nd(a)arm.com>
Subject: Re: [TF-A] 回复:回复: MMU Table in ARM Trust-Firmware-A
Hi Soby,
>>It is possible to create a secure carve-out in DDR and execute BL31 from
>>there. It is less `secure` than running from SRAM but it is acceptable
>>for some market segments depending on the threat model.
Can you elaborate on why you say it is less "secure" to run out of DDR?
-Raghu
On January 13, 2020 at 4:36 AM, "严鸿亮(鸿先) via TF-A" <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>> wrote:
Hi Soby,
Many thanks for your advice. I will try to RUN BL2 as Boot ROM and try to reduce the BL31 size. Hope BL2_NOPROGBITS+BL31 can be restricted below 64KB. Wish me good luck:).
Best Regards
Yan Hongliang
------------------------------------------------------------------
发件人:Soby Mathew <Soby.Mathew(a)arm.com<mailto:Soby.Mathew@arm.com>>
发送时间:2020年1月13日(星期一) 19:37
收件人:严鸿亮(鸿先) <hongxian.yhl(a)alibaba-inc.com<mailto:hongxian.yhl@alibaba-inc.com>>; "Xie, Shaolin" <shaolin.xie(a)alibaba-inc.com<mailto:shaolin.xie@alibaba-inc.com>>; tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>
抄 送:nd <nd(a)arm.com<mailto:nd@arm.com>>; Ash Wilding <Ash.Wilding(a)arm.com<mailto:Ash.Wilding@arm.com>>
主 题:RE: 回复:[TF-A] MMU Table in ARM Trust-Firmware-A
Hi Yan,
OK, sounds good. From your description of the platform, having BL2 as the Boot ROM is worth exploring. This way, you avoid the BL1_RW , BL2_PROGBITS memory overhead. BL2_NOPROGBITS will need to be in SRAM. See the BL2_AT_EL3 and BL2_IN_XIP_MEM build flags for details. This depends on BL31 being able to fit in the free space available after this is done. One option is using the RECLAIM_INIT_CODE option which reclaims BL31 init-only code for runtime data but it needs platform specific linker script support. There are other ways to reduce the BL31 size, but trading security like SEPARATE_CODE_AND_RODATA=0 or trading performance like USE_COHERENT_MEM=0.
Hope that helps.
Best Regards
Soby Mathew
From: 严鸿亮(鸿先) <hongxian.yhl(a)alibaba-inc.com<mailto:hongxian.yhl@alibaba-inc.com>>
Sent: 11 January 2020 06:04
To: Soby Mathew <Soby.Mathew(a)arm.com<mailto:Soby.Mathew@arm.com>>; Xie, Shaolin <shaolin.xie(a)alibaba-inc.com<mailto:shaolin.xie@alibaba-inc.com>>; tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com<mailto:nd@arm.com>>; Ash Wilding <Ash.Wilding(a)arm.com<mailto:Ash.Wilding@arm.com>>
Subject: 回复:[TF-A] MMU Table in ARM Trust-Firmware-A
Hi Soby,
Thanks for your replies.
Currently, out BL2 size is 60KB, BL1_RW is 28KB, BL31_PROGBITS is 48KB, BL31_NOPROGBITS is 24KB. For our testchip, we don't have too strictly security requirement, so maybe putting BL31 into DDR is a way to save SRAM and we don't need to worry about PROGBITS limit between BL31 and BL2.
For BL1_RW and BL2, there is 40KB used for MMU table. After I disable the MMU related code in arm_bl1_plat_arch_setup()/arm_bl2_plat_arch_setup() and also disable the build of xlat_table_lib, this 40KB space is saved. If the consequence is decreasing performance and losing MMU protection without any other functionality problem, then we might try this.
Best Regards
Yan Hongliang
------------------------------------------------------------------
发件人:Soby Mathew <Soby.Mathew(a)arm.com<mailto:Soby.Mathew@arm.com>>
发送时间:2020年1月10日(星期五) 18:27
收件人:"Xie, Shaolin" <shaolin.xie(a)alibaba-inc.com<mailto:shaolin.xie@alibaba-inc.com>>; tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> <tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>
抄 送:nd <nd(a)arm.com<mailto:nd@arm.com>>; 严鸿亮(鸿先) <hongxian.yhl(a)alibaba-inc.com<mailto:hongxian.yhl@alibaba-inc.com>>; Ash Wilding <Ash.Wilding(a)arm.com<mailto:Ash.Wilding@arm.com>>
主 题:Re: [TF-A] MMU Table in ARM Trust-Firmware-A
On 10/01/2020 09:05, shaolin.xie via TF-A wrote:
> Hey all:
>
> We are trying to port ARM Trust-Firmware-A to our design, however, we are facing serious SRAM size problem.
>
> Our target SRAM is 64KB, but the compiled BL2 already taken 60K:
>
> After some evaluation, we found that the MMU table take most of the space. Our questions are:
Hi Shaolin,
There are some options to reduce the memory used for page-tables like
using non-identity virtual to physical mappings. But given your SRAM
size, I suspect you may not save enough to fit BL31.
>
> 1. Can we disable the MMU so we can fit the BL2 into 64KB space?
> (However, in ARM's porting guide, enable MMU and icache/dcache is mandatory. Refer to chapter 7.3 in https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/porting-… <https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/porting-…>.)
This is a possibility although not recommended for performance reasons
and you lose the protection of MMU during BL2 execution. This is not a
configuration we support an I suspect some changes to BL2 code may be
required for this.
>
> 2. In current design, BL31 is run in SRAM. If we enable DDR in BL2 and load BL31 image to DDR, is there any potential issue?
>
> Thanks in advances,
>
>
It is possible to create a secure carve-out in DDR and execute BL31 from
there. It is less `secure` than running from SRAM but it is acceptable
for some market segments depending on the threat model.
You target SRAM of 64 KB is on the lower side and fitting both BL2 and
BL31 in that space could be a challenge.
Could you let us know your BL2 and BL31 size and could you break down
the size in terms of PROGBITS and NOPROG BITS? The BL31 NOPROG BITS are
usually overlayed on top of BL2 memory and this will let us know whether
fitting both in SRAM is even possible. If both cannot fit together in
SRAM, there are other options you can explore like loading BL31 directly
from BootROM or using BL2 as an XIP BootROM image.
Best Regards
Soby Mathew
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
On 10/01/2020 09:05, shaolin.xie via TF-A wrote:
> Hey all:
>
> We are trying to port ARM Trust-Firmware-A to our design, however, we are facing serious SRAM size problem.
>
> Our target SRAM is 64KB, but the compiled BL2 already taken 60K:
>
> After some evaluation, we found that the MMU table take most of the space. Our questions are:
Hi Shaolin,
There are some options to reduce the memory used for page-tables like
using non-identity virtual to physical mappings. But given your SRAM
size, I suspect you may not save enough to fit BL31.
>
> 1. Can we disable the MMU so we can fit the BL2 into 64KB space?
> (However, in ARM's porting guide, enable MMU and icache/dcache is mandatory. Refer to chapter 7.3 in https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/porting-… <https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/porting-…>.)
This is a possibility although not recommended for performance reasons
and you lose the protection of MMU during BL2 execution. This is not a
configuration we support an I suspect some changes to BL2 code may be
required for this.
>
> 2. In current design, BL31 is run in SRAM. If we enable DDR in BL2 and load BL31 image to DDR, is there any potential issue?
>
> Thanks in advances,
>
>
It is possible to create a secure carve-out in DDR and execute BL31 from
there. It is less `secure` than running from SRAM but it is acceptable
for some market segments depending on the threat model.
You target SRAM of 64 KB is on the lower side and fitting both BL2 and
BL31 in that space could be a challenge.
Could you let us know your BL2 and BL31 size and could you break down
the size in terms of PROGBITS and NOPROG BITS? The BL31 NOPROG BITS are
usually overlayed on top of BL2 memory and this will let us know whether
fitting both in SRAM is even possible. If both cannot fit together in
SRAM, there are other options you can explore like loading BL31 directly
from BootROM or using BL2 as an XIP BootROM image.
Best Regards
Soby Mathew