Another option to BL31 in system memory (DDR) is, which we are exploring,
is loading an image (in our case BL33/Uboot) to system caches (inner L1/L2
& outer LLC/L3 which ever) and initialize the DDR from within it. This is
not trivial though but working successfully with us for Cortex-A15, A53 and
A57 with CCN (Cache Coherent Network 504 and 512) featuring the Last Level
Cache on three of our SoCs.
Marek
On Fri, 10 Jan 2020 at 11:12, Soby Mathew via TF-A <
tf-a(a)lists.trustedfirmware.org> wrote:
> On 10/01/2020 09:05, shaolin.xie via TF-A wrote:
> > Hey all:
> >
> > We are trying to port ARM Trust-Firmware-A to our design, however, we
> are facing serious SRAM size problem.
> >
> > Our target SRAM is 64KB, but the compiled BL2 already taken 60K:
> >
> > After some evaluation, we found that the MMU table take most of the
> space. Our questions are:
> Hi Shaolin,
> There are some options to reduce the memory used for page-tables like
> using non-identity virtual to physical mappings. But given your SRAM
> size, I suspect you may not save enough to fit BL31.
>
> >
> > 1. Can we disable the MMU so we can fit the BL2 into 64KB space?
> > (However, in ARM's porting guide, enable MMU and icache/dcache is
> mandatory. Refer to chapter 7.3 in
> https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/porting-…
> <
> https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/porting-…
> >.)
>
> This is a possibility although not recommended for performance reasons
> and you lose the protection of MMU during BL2 execution. This is not a
> configuration we support an I suspect some changes to BL2 code may be
> required for this.
>
> >
> > 2. In current design, BL31 is run in SRAM. If we enable DDR in BL2 and
> load BL31 image to DDR, is there any potential issue?
> >
> > Thanks in advances,
> >
> >
>
> It is possible to create a secure carve-out in DDR and execute BL31 from
> there. It is less `secure` than running from SRAM but it is acceptable
> for some market segments depending on the threat model.
>
> You target SRAM of 64 KB is on the lower side and fitting both BL2 and
> BL31 in that space could be a challenge.
>
> Could you let us know your BL2 and BL31 size and could you break down
> the size in terms of PROGBITS and NOPROG BITS? The BL31 NOPROG BITS are
> usually overlayed on top of BL2 memory and this will let us know whether
> fitting both in SRAM is even possible. If both cannot fit together in
> SRAM, there are other options you can explore like loading BL31 directly
> from BootROM or using BL2 as an XIP BootROM image.
>
> Best Regards
> Soby Mathew
>
>
>
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
>
--
Slán,
Marek
Hey all:
We are trying to port ARM Trust-Firmware-A to our design, however, we are facing serious SRAM size problem.
Our target SRAM is 64KB, but the compiled BL2 already taken 60K:
After some evaluation, we found that the MMU table take most of the space. Our questions are:
1. Can we disable the MMU so we can fit the BL2 into 64KB space?
(However, in ARM's porting guide, enable MMU and icache/dcache is mandatory. Refer to chapter 7.3 in https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/porting-… <https://trustedfirmware-a.readthedocs.io/en/latest/getting_started/porting-…>.)
2. In current design, BL31 is run in SRAM. If we enable DDR in BL2 and load BL31 image to DDR, is there any potential issue?
Thanks in advances,
Back on-list.
> One more question, the operation of TrustZone is the same in the armv7-A and Armv8-A architectures, right?
Not exactly…for a description about TZ differences between the Armv7-A and Armv8-A architecture please have a look at this presentation:
https://www.youtube.com/watch?v=q32BEMMxmfwhttps://www.slideshare.net/linaroorg/arm-trusted-firmareforarmv8alcu13
As a reference, all public talks and presentations on TF-A over the years are listed here:
https://developer.trustedfirmware.org/w/tf_a/
Thanks
Matteo
> From: Iñigo Vicente Waliño <inigovicentewalino(a)gmail.com>
> Sent: 09 January 2020 11:21
> To: Matteo Carlini <Matteo.Carlini(a)arm.com>
> Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
> One more question, the operation of TrustZone is the same in the armv7-A and Armv8-A architectures, right?
> Thanks for your answers,
> Iñigo.
Another option is to look at the 96boards platforms:
https://www.96boards.org/product/developerbox/ (that's supported upstream by TF-A https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/socio… )
and the Secure96 mezzanine board
https://www.96boards.org/product/secure96/https://www.96boards.org/blog/getting-started-with-the-secure96-tpm/
but the boot flow with TF-A and this mezzanine board hasn't been officially proved.
Ard and Stuart (cc-ed) have done some investigations and experiment in this direction and might add something.
Thanks
Matteo
> -----Original Message-----
> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Dan
> Handley via TF-A
> Sent: 09 January 2020 09:56
> To: tf-a(a)lists.trustedfirmware.org
> Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
>
> (Back on the list)
>
> Sorry Iñigo, I don't know enough about the hw capabilities of Raspberry Pi
> and its boot flow to be able to help you further. Olivier gave some more
> pointers.
>
> Dan.
>
>
> From: Iñigo Vicente Waliño <inigovicentewalino(a)gmail.com>
> Sent: 09 January 2020 07:42
> To: Dan Handley <Dan.Handley(a)arm.com>
> Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
>
> Yes, thank you very much.
>
> Then, what I'm trying to say is that if I want a secure boot, I need a trust root.
> If Raspberry Pi cannot provide that trusted root, can I use a TPM?
>
> Iñigo
>
> El mié., 8 ene. 2020 a las 16:32, Dan Handley via TF-A (<tf-
> a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>)
> escribió:
> (Back on the list)
>
> By rpi I guess you mean Raspberry Pi?
>
> > How do we ensure that the ROM is safe?
> I'm not sure what you mean by "safe". By definition the ROM is non-
> modifiable but maybe you also want it to be non-readable by normal world
> software?
>
> Although Raspberry Pi contains CPUs that implement TrustZone, I believe
> there is no TrustZone Controller IP policing access to memory so there is
> nothing preventing normal world software from accessing memory that is
> mapped in as secure. Perhaps that is what you mean by "rpi does not provide
> security"? I also don't know what you mean by "a TPM does not work".
>
> Dan.
>
> From: Iñigo Vicente Waliño
> <inigovicentewalino(a)gmail.com<mailto:inigovicentewalino@gmail.com>>
> Sent: 08 January 2020 14:54
> To: Dan Handley <Dan.Handley(a)arm.com<mailto:Dan.Handley@arm.com>>
> Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
>
> Assuming that BL1 is used and implemented in ROM, for example, with an rpi.
> How do we ensure that the ROM is safe? He sought that rpi does not provide
> security and that a TPM does not work. Why?
>
> Thanks.
>
> El mié., 8 ene. 2020 a las 13:21, Dan Handley via TF-A (<tf-
> a(a)lists.trustedfirmware.org<mailto:tf-
> a(a)lists.trustedfirmware.org><mailto:tf-
> a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>>)
> escribió:
> Hi Inigo
>
> TrustZone is a trademark referring to the security extensions of the Arm
> architecture. That is separate to BL1, which is the first boot stage of Trusted
> Firmware-A (or some other equivalent boot firmware). The expectation is
> that BL1, if used, is implemented in ROM to provide the Root of Trust for the
> Application Processor (AP).
>
> An alternative flow is for a separate "security processor" to authenticate the
> AP firmware before the AP is released from reset. In such a flow, there is no
> need for BL1 and BL2 since that functionality is provided by the security
> processor. In such a flow, the TF-A RESET_TO_BL31 config can be used (see
> in-source documentation).
>
> A TPM can provide additional security by storing secrets not even visible to
> TrustZone software (e.g. root keys or boot measurements). However, TPMs
> typically don't do firmware authentication on their own; some other
> software will need to use the secrets it stores, e.g. boot firmware may ask
> the TPM verify a signature corresponding to the next boot stage.
>
> > If the TPM is changed to another, is the boot performed?
> That depends on your system design.
>
> Dan.
>
> > -----Original Message-----
> > From: TF-A
> > <tf-a-bounces(a)lists.trustedfirmware.org<mailto:tf-a-bounces@lists.trus
> > tedfirmware.org><mailto:tf-a-bounces@lists.trustedfirmware.org<mailto:
> > tf-a-bounces(a)lists.trustedfirmware.org>>> On Behalf Of Iñigo Vicente
> > Waliño via TF-A
> > Sent: 08 January 2020 10:33
> > To:
> > tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org><
> > mailto:tf-a@lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmwar
> > e.org>>
> > Subject: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
> >
> > Hi,
> >
> > Does ARMv8 TrustZone provide BL1 in a secure ROM? Can a TPM be used
> as
> > a trusted root or is it useless?
> > If the TPM is changed to another, is the boot performed?
> >
> > Thanks,
> > Inigo.
> > --
> > TF-A mailing list
> > TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org><
> > mailto:TF-A@lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmwar
> > e.org>> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended recipient,
> please notify the sender immediately and do not disclose the contents to any
> other person, use it for any purpose, or store or copy the information in any
> medium. Thank you.
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended recipient,
> please notify the sender immediately and do not disclose the contents to any
> other person, use it for any purpose, or store or copy the information in any
> medium. Thank you.
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org<mailto:TF-
> A(a)lists.trustedfirmware.org><mailto:TF-
> A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>>
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended recipient,
> please notify the sender immediately and do not disclose the contents to any
> other person, use it for any purpose, or store or copy the information in any
> medium. Thank you. IMPORTANT NOTICE: The contents of this email and any
> attachments are confidential and may also be privileged. If you are not the
> intended recipient, please notify the sender immediately and do not disclose
> the contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
> IMPORTANT NOTICE: The contents of this email and any attachments are
> confidential and may also be privileged. If you are not the intended recipient,
> please notify the sender immediately and do not disclose the contents to any
> other person, use it for any purpose, or store or copy the information in any
> medium. Thank you. IMPORTANT NOTICE: The contents of this email and any
> attachments are confidential and may also be privileged. If you are not the
> intended recipient, please notify the sender immediately and do not disclose
> the contents to any other person, use it for any purpose, or store or copy the
> information in any medium. Thank you.
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
(Back on the list)
Sorry Iñigo, I don't know enough about the hw capabilities of Raspberry Pi and its boot flow to be able to help you further. Olivier gave some more pointers.
Dan.
From: Iñigo Vicente Waliño <inigovicentewalino(a)gmail.com>
Sent: 09 January 2020 07:42
To: Dan Handley <Dan.Handley(a)arm.com>
Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
Yes, thank you very much.
Then, what I'm trying to say is that if I want a secure boot, I need a trust root. If Raspberry Pi cannot provide that trusted root, can I use a TPM?
Iñigo
El mié., 8 ene. 2020 a las 16:32, Dan Handley via TF-A (<tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>) escribió:
(Back on the list)
By rpi I guess you mean Raspberry Pi?
> How do we ensure that the ROM is safe?
I'm not sure what you mean by "safe". By definition the ROM is non-modifiable but maybe you also want it to be non-readable by normal world software?
Although Raspberry Pi contains CPUs that implement TrustZone, I believe there is no TrustZone Controller IP policing access to memory so there is nothing preventing normal world software from accessing memory that is mapped in as secure. Perhaps that is what you mean by "rpi does not provide security"? I also don't know what you mean by "a TPM does not work".
Dan.
From: Iñigo Vicente Waliño <inigovicentewalino(a)gmail.com<mailto:inigovicentewalino@gmail.com>>
Sent: 08 January 2020 14:54
To: Dan Handley <Dan.Handley(a)arm.com<mailto:Dan.Handley@arm.com>>
Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
Assuming that BL1 is used and implemented in ROM, for example, with an rpi.
How do we ensure that the ROM is safe? He sought that rpi does not provide security and that a TPM does not work. Why?
Thanks.
El mié., 8 ene. 2020 a las 13:21, Dan Handley via TF-A (<tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org><mailto:tf-a@lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>>) escribió:
Hi Inigo
TrustZone is a trademark referring to the security extensions of the Arm architecture. That is separate to BL1, which is the first boot stage of Trusted Firmware-A (or some other equivalent boot firmware). The expectation is that BL1, if used, is implemented in ROM to provide the Root of Trust for the Application Processor (AP).
An alternative flow is for a separate "security processor" to authenticate the AP firmware before the AP is released from reset. In such a flow, there is no need for BL1 and BL2 since that functionality is provided by the security processor. In such a flow, the TF-A RESET_TO_BL31 config can be used (see in-source documentation).
A TPM can provide additional security by storing secrets not even visible to TrustZone software (e.g. root keys or boot measurements). However, TPMs typically don't do firmware authentication on their own; some other software will need to use the secrets it stores, e.g. boot firmware may ask the TPM verify a signature corresponding to the next boot stage.
> If the TPM is changed to another, is the boot performed?
That depends on your system design.
Dan.
> -----Original Message-----
> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org<mailto:tf-a-bounces@lists.trustedfirmware.org><mailto:tf-a-bounces@lists.trustedfirmware.org<mailto:tf-a-bounces@lists.trustedfirmware.org>>> On Behalf Of Iñigo
> Vicente Waliño via TF-A
> Sent: 08 January 2020 10:33
> To: tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org><mailto:tf-a@lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>
> Subject: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
>
> Hi,
>
> Does ARMv8 TrustZone provide BL1 in a secure ROM? Can a TPM be used as a
> trusted root or is it useless?
> If the TPM is changed to another, is the boot performed?
>
> Thanks,
> Inigo.
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org><mailto:TF-A@lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>>
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org><mailto:TF-A@lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>>
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi,
To add to Dan's observation about rpi lacking TZ memory controller:
Notice the first subsystem to boot on BCM SoC is the VideoCore (which itself releases ARM cores resets). Thus, there are early boot stages running even before TF-A gets handed over. So it needs trusting the VC ROM and VC bootloader (residing on SD card, or EEPROM from rpi4). As to whether those early components get verified by the BCM chip, this is not documented publicly AFAIK.
I extrapolate "TPM does not work" means the "public rpi" is good for prototyping TZ and/or a TPM solution. Although it is eventually not directly usable as a production platform for such use cases.
Regards,
Olivier.
________________________________________
From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> on behalf of Dan Handley via TF-A <tf-a(a)lists.trustedfirmware.org>
Sent: 08 January 2020 16:32
To: tf-a(a)lists.trustedfirmware.org
Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
(Back on the list)
By rpi I guess you mean Raspberry Pi?
> How do we ensure that the ROM is safe?
I'm not sure what you mean by "safe". By definition the ROM is non-modifiable but maybe you also want it to be non-readable by normal world software?
Although Raspberry Pi contains CPUs that implement TrustZone, I believe there is no TrustZone Controller IP policing access to memory so there is nothing preventing normal world software from accessing memory that is mapped in as secure. Perhaps that is what you mean by "rpi does not provide security"? I also don't know what you mean by "a TPM does not work".
Dan.
From: Iñigo Vicente Waliño <inigovicentewalino(a)gmail.com>
Sent: 08 January 2020 14:54
To: Dan Handley <Dan.Handley(a)arm.com>
Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
Assuming that BL1 is used and implemented in ROM, for example, with an rpi.
How do we ensure that the ROM is safe? He sought that rpi does not provide security and that a TPM does not work. Why?
Thanks.
El mié., 8 ene. 2020 a las 13:21, Dan Handley via TF-A (<tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>) escribió:
Hi Inigo
TrustZone is a trademark referring to the security extensions of the Arm architecture. That is separate to BL1, which is the first boot stage of Trusted Firmware-A (or some other equivalent boot firmware). The expectation is that BL1, if used, is implemented in ROM to provide the Root of Trust for the Application Processor (AP).
An alternative flow is for a separate "security processor" to authenticate the AP firmware before the AP is released from reset. In such a flow, there is no need for BL1 and BL2 since that functionality is provided by the security processor. In such a flow, the TF-A RESET_TO_BL31 config can be used (see in-source documentation).
A TPM can provide additional security by storing secrets not even visible to TrustZone software (e.g. root keys or boot measurements). However, TPMs typically don't do firmware authentication on their own; some other software will need to use the secrets it stores, e.g. boot firmware may ask the TPM verify a signature corresponding to the next boot stage.
> If the TPM is changed to another, is the boot performed?
That depends on your system design.
Dan.
> -----Original Message-----
> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org<mailto:tf-a-bounces@lists.trustedfirmware.org>> On Behalf Of Iñigo
> Vicente Waliño via TF-A
> Sent: 08 January 2020 10:33
> To: tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>
> Subject: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
>
> Hi,
>
> Does ARMv8 TrustZone provide BL1 in a secure ROM? Can a TPM be used as a
> trusted root or is it useless?
> If the TPM is changed to another, is the boot performed?
>
> Thanks,
> Inigo.
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
Hi,
We are intending to move the updates to the change log from completely release based to more rolling updates. I have created a new change log file in the docs directory (change-log-upcoming.rst) for changes that need to be included for the upcoming release: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/3081. The intention is for individual developers to update the document with the relevant patch as the code change is being made. The usual change log document (docs/change-log.rst) will be updated at release time to include all changes for each release.
Thanks,
Lauren
(Back on the list)
By rpi I guess you mean Raspberry Pi?
> How do we ensure that the ROM is safe?
I'm not sure what you mean by "safe". By definition the ROM is non-modifiable but maybe you also want it to be non-readable by normal world software?
Although Raspberry Pi contains CPUs that implement TrustZone, I believe there is no TrustZone Controller IP policing access to memory so there is nothing preventing normal world software from accessing memory that is mapped in as secure. Perhaps that is what you mean by "rpi does not provide security"? I also don't know what you mean by "a TPM does not work".
Dan.
From: Iñigo Vicente Waliño <inigovicentewalino(a)gmail.com>
Sent: 08 January 2020 14:54
To: Dan Handley <Dan.Handley(a)arm.com>
Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
Assuming that BL1 is used and implemented in ROM, for example, with an rpi.
How do we ensure that the ROM is safe? He sought that rpi does not provide security and that a TPM does not work. Why?
Thanks.
El mié., 8 ene. 2020 a las 13:21, Dan Handley via TF-A (<tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>>) escribió:
Hi Inigo
TrustZone is a trademark referring to the security extensions of the Arm architecture. That is separate to BL1, which is the first boot stage of Trusted Firmware-A (or some other equivalent boot firmware). The expectation is that BL1, if used, is implemented in ROM to provide the Root of Trust for the Application Processor (AP).
An alternative flow is for a separate "security processor" to authenticate the AP firmware before the AP is released from reset. In such a flow, there is no need for BL1 and BL2 since that functionality is provided by the security processor. In such a flow, the TF-A RESET_TO_BL31 config can be used (see in-source documentation).
A TPM can provide additional security by storing secrets not even visible to TrustZone software (e.g. root keys or boot measurements). However, TPMs typically don't do firmware authentication on their own; some other software will need to use the secrets it stores, e.g. boot firmware may ask the TPM verify a signature corresponding to the next boot stage.
> If the TPM is changed to another, is the boot performed?
That depends on your system design.
Dan.
> -----Original Message-----
> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org<mailto:tf-a-bounces@lists.trustedfirmware.org>> On Behalf Of Iñigo
> Vicente Waliño via TF-A
> Sent: 08 January 2020 10:33
> To: tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org>
> Subject: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
>
> Hi,
>
> Does ARMv8 TrustZone provide BL1 in a secure ROM? Can a TPM be used as a
> trusted root or is it useless?
> If the TPM is changed to another, is the boot performed?
>
> Thanks,
> Inigo.
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
--
TF-A mailing list
TF-A(a)lists.trustedfirmware.org<mailto:TF-A@lists.trustedfirmware.org>
https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi Inigo
TrustZone is a trademark referring to the security extensions of the Arm architecture. That is separate to BL1, which is the first boot stage of Trusted Firmware-A (or some other equivalent boot firmware). The expectation is that BL1, if used, is implemented in ROM to provide the Root of Trust for the Application Processor (AP).
An alternative flow is for a separate "security processor" to authenticate the AP firmware before the AP is released from reset. In such a flow, there is no need for BL1 and BL2 since that functionality is provided by the security processor. In such a flow, the TF-A RESET_TO_BL31 config can be used (see in-source documentation).
A TPM can provide additional security by storing secrets not even visible to TrustZone software (e.g. root keys or boot measurements). However, TPMs typically don't do firmware authentication on their own; some other software will need to use the secrets it stores, e.g. boot firmware may ask the TPM verify a signature corresponding to the next boot stage.
> If the TPM is changed to another, is the boot performed?
That depends on your system design.
Dan.
> -----Original Message-----
> From: TF-A <tf-a-bounces(a)lists.trustedfirmware.org> On Behalf Of Iñigo
> Vicente Waliño via TF-A
> Sent: 08 January 2020 10:33
> To: tf-a(a)lists.trustedfirmware.org
> Subject: [TF-A] Does ARMv8 TrustZone provide a secure ROM?
>
> Hi,
>
> Does ARMv8 TrustZone provide BL1 in a secure ROM? Can a TPM be used as a
> trusted root or is it useless?
> If the TPM is changed to another, is the boot performed?
>
> Thanks,
> Inigo.
> --
> TF-A mailing list
> TF-A(a)lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/tf-a
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi,
Does ARMv8 TrustZone provide BL1 in a secure ROM? Can a TPM be used as a
trusted root or is it useless?
If the TPM is changed to another, is the boot performed?
Thanks,
Inigo.
