Hi,

To add to Dan's observation about rpi lacking TZ memory controller:

Notice the first subsystem to boot on BCM SoC is the VideoCore (which itself releases ARM cores resets). Thus, there are early boot stages running even before TF-A gets handed over. So it needs trusting the VC ROM and VC bootloader (residing on SD card, or EEPROM from rpi4). As to whether those early components get verified by the BCM chip, this is not documented publicly AFAIK.

I extrapolate "TPM does not work" means the "public rpi" is good for prototyping TZ and/or a TPM solution. Although it is eventually not directly usable as a production platform for such use cases.

Regards, Olivier.

________________________________________ From: TF-A tf-a-bounces@lists.trustedfirmware.org on behalf of Dan Handley via TF-A tf-a@lists.trustedfirmware.org Sent: 08 January 2020 16:32 To: tf-a@lists.trustedfirmware.org Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?

(Back on the list)

By rpi I guess you mean Raspberry Pi?

How do we ensure that the ROM is safe?

I'm not sure what you mean by "safe". By definition the ROM is non-modifiable but maybe you also want it to be non-readable by normal world software?

Although Raspberry Pi contains CPUs that implement TrustZone, I believe there is no TrustZone Controller IP policing access to memory so there is nothing preventing normal world software from accessing memory that is mapped in as secure. Perhaps that is what you mean by "rpi does not provide security"? I also don't know what you mean by "a TPM does not work".

Dan.

From: Iñigo Vicente Waliño inigovicentewalino@gmail.com Sent: 08 January 2020 14:54 To: Dan Handley Dan.Handley@arm.com Subject: Re: [TF-A] Does ARMv8 TrustZone provide a secure ROM?

Assuming that BL1 is used and implemented in ROM, for example, with an rpi. How do we ensure that the ROM is safe? He sought that rpi does not provide security and that a TPM does not work. Why?

Thanks.

El mié., 8 ene. 2020 a las 13:21, Dan Handley via TF-A (<tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org>) escribió: Hi Inigo

TrustZone is a trademark referring to the security extensions of the Arm architecture. That is separate to BL1, which is the first boot stage of Trusted Firmware-A (or some other equivalent boot firmware). The expectation is that BL1, if used, is implemented in ROM to provide the Root of Trust for the Application Processor (AP).

An alternative flow is for a separate "security processor" to authenticate the AP firmware before the AP is released from reset. In such a flow, there is no need for BL1 and BL2 since that functionality is provided by the security processor. In such a flow, the TF-A RESET_TO_BL31 config can be used (see in-source documentation).

A TPM can provide additional security by storing secrets not even visible to TrustZone software (e.g. root keys or boot measurements). However, TPMs typically don't do firmware authentication on their own; some other software will need to use the secrets it stores, e.g. boot firmware may ask the TPM verify a signature corresponding to the next boot stage.

If the TPM is changed to another, is the boot performed?

That depends on your system design.

Dan.

-----Original Message----- From: TF-A <tf-a-bounces@lists.trustedfirmware.orgmailto:tf-a-bounces@lists.trustedfirmware.org> On Behalf Of Iñigo Vicente Waliño via TF-A Sent: 08 January 2020 10:33 To: tf-a@lists.trustedfirmware.orgmailto:tf-a@lists.trustedfirmware.org Subject: [TF-A] Does ARMv8 TrustZone provide a secure ROM?

Hi,

Does ARMv8 TrustZone provide BL1 in a secure ROM? Can a TPM be used as a trusted root or is it useless? If the TPM is changed to another, is the boot performed?

Thanks, Inigo. -- TF-A mailing list TF-A@lists.trustedfirmware.orgmailto:TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- TF-A mailing list TF-A@lists.trustedfirmware.orgmailto:TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- TF-A mailing list TF-A@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/tf-a