diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/about/acknowledgements.rst (renamed from docs/acknowledgements.rst) | 7 | ||||
| -rw-r--r-- | docs/about/contact.rst | 47 | ||||
| -rw-r--r-- | docs/about/features.rst | 127 | ||||
| -rw-r--r-- | docs/about/index.rst | 13 | ||||
| -rw-r--r-- | docs/about/maintainers.rst (renamed from docs/maintainers.rst) | 14 | ||||
| -rw-r--r-- | docs/about/release-information.rst (renamed from docs/process/release-information.rst) | 36 | ||||
| -rw-r--r-- | docs/components/firmware-update.rst | 2 | ||||
| -rw-r--r-- | docs/conf.py | 3 | ||||
| -rw-r--r-- | docs/design/firmware-design.rst | 4 | ||||
| -rw-r--r-- | docs/getting_started/image-terminology.rst | 8 | ||||
| -rw-r--r-- | docs/getting_started/porting-guide.rst | 6 | ||||
| -rw-r--r-- | docs/getting_started/user-guide.rst | 7 | ||||
| -rw-r--r-- | docs/index.rst | 265 | ||||
| -rw-r--r-- | docs/perf/psci-performance-juno.rst | 2 | ||||
| -rw-r--r-- | docs/plat/index.rst | 81 | ||||
| -rw-r--r-- | docs/plat/marvell/porting.rst | 2 | ||||
| -rw-r--r-- | docs/plat/meson-g12a.rst | 2 | ||||
| -rw-r--r-- | docs/process/coding-guidelines.rst | 4 | ||||
| -rw-r--r-- | docs/process/index.rst | 1 | ||||
| -rw-r--r-- | docs/security_advisories/security-advisory-tfv-6.rst | 2 |
20 files changed, 342 insertions, 291 deletions
diff --git a/docs/acknowledgements.rst b/docs/about/acknowledgements.rst index 74b77ff1..dfc66c8f 100644 --- a/docs/acknowledgements.rst +++ b/docs/about/acknowledgements.rst @@ -6,7 +6,8 @@ Contributor Acknowledgements specific contributors referred to in "Arm Limited and Contributors" copyright notices. As contributors are now encouraged to put their name or company name directly into the copyright notices, this file is not relevant for new - contributions. + contributions. See the :ref:`License` document for the correct template to + use for new contributions. - Linaro Limited - Marvell International Ltd. @@ -15,3 +16,7 @@ Contributor Acknowledgements - Socionext Inc. - STMicroelectronics - Xilinx, Inc. + +-------------- + +*Copyright (c) 2019, Arm Limited. All rights reserved.* diff --git a/docs/about/contact.rst b/docs/about/contact.rst new file mode 100644 index 00000000..9cb25ef4 --- /dev/null +++ b/docs/about/contact.rst @@ -0,0 +1,47 @@ +Support & Contact +----------------- + +We welcome any feedback on |TF-A| and there are several methods for providing +it or for obtaining support. + +.. warning:: + If you think you have found a security vulnerability, please report this using + the process defined in the :ref:`Security Handling` document. + +Mailing Lists +^^^^^^^^^^^^^ + +Public mailing lists for TF-A and the wider Trusted Firmware project are +hosted on TrustedFirmware.org. The mailing lists can be used for general +enquiries, enhancement requests and issue reports, or to follow and participate +in technical or organizational discussions around the project. These discussions +include design proposals, advance notice of changes and upcoming events. + +The relevant lists for the TF-A project are: + +- `TF-A development`_ +- `TF-A-Tests development`_ + +You can see a `summary of all the lists`_ on the TrustedFirmware.org website. + +Issue Tracker +^^^^^^^^^^^^^ + +Specific issues may be raised using the `issue tracker`_ on the +TrustedFirmware.org website. Using this tracker makes it easy for the +maintainers to prioritise and respond to your ticket. + +Arm Licensees +^^^^^^^^^^^^^ + +Arm licensees have an additional support conduit - they may contact Arm directly +via their partner managers. + +.. _`issue tracker`: https://developer.trustedfirmware.org +.. _`TF-A development`: https://lists.trustedfirmware.org/pipermail/tf-a/ +.. _`TF-A-Tests development`: https://lists.trustedfirmware.org/pipermail/tf-a-tests/ +.. _`summary of all the lists`: https://lists.trustedfirmware.org + +-------------- + +*Copyright (c) 2019, Arm Limited. All rights reserved.* diff --git a/docs/about/features.rst b/docs/about/features.rst new file mode 100644 index 00000000..3441c5eb --- /dev/null +++ b/docs/about/features.rst @@ -0,0 +1,127 @@ +Feature Overview +================ + +This page provides an overview of the current |TF-A| feature set. For a full +description of these features and their implementation details, please see +the documents that are part of the *Components* and *System Design* chapters. + +The :ref:`Change Log & Release Notes` provides details of changes made since the +last release. + +Current features +---------------- + +- Initialization of the secure world, for example exception vectors, control + registers and interrupts for the platform. + +- Library support for CPU specific reset and power down sequences. This + includes support for errata workarounds and the latest Arm DynamIQ CPUs. + +- Drivers to enable standard initialization of Arm System IP, for example + Generic Interrupt Controller (GIC), Cache Coherent Interconnect (CCI), + Cache Coherent Network (CCN), Network Interconnect (NIC) and TrustZone + Controller (TZC). + +- A generic |SCMI| driver to interface with conforming power controllers, for + example the Arm System Control Processor (SCP). + +- SMC (Secure Monitor Call) handling, conforming to the `SMC Calling + Convention`_ using an EL3 runtime services framework. + +- |PSCI| library support for CPU, cluster and system power management + use-cases. + This library is pre-integrated with the AArch64 EL3 Runtime Software, and + is also suitable for integration with other AArch32 EL3 Runtime Software, + for example an AArch32 Secure OS. + +- A minimal AArch32 Secure Payload (*SP_MIN*) to demonstrate |PSCI| library + integration with AArch32 EL3 Runtime Software. + +- Secure Monitor library code such as world switching, EL1 context management + and interrupt routing. + When a Secure-EL1 Payload (SP) is present, for example a Secure OS, the + AArch64 EL3 Runtime Software must be integrated with a Secure Payload + Dispatcher (SPD) component to customize the interaction with the SP. + +- A Test SP and SPD to demonstrate AArch64 Secure Monitor functionality and SP + interaction with PSCI. + +- SPDs for the `OP-TEE Secure OS`_, `NVIDIA Trusted Little Kernel`_ + and `Trusty Secure OS`_. + +- A Trusted Board Boot implementation, conforming to all mandatory TBBR + requirements. This includes image authentication, Firmware Update (or + recovery mode), and packaging of the various firmware images into a + Firmware Image Package (FIP). + +- Pre-integration of TBB with the Arm CryptoCell product, to take advantage of + its hardware Root of Trust and crypto acceleration services. + +- Reliability, Availability, and Serviceability (RAS) functionality, including + + - A Secure Partition Manager (SPM) to manage Secure Partitions in + Secure-EL0, which can be used to implement simple management and + security services. + + - An |SDEI| dispatcher to route interrupt-based |SDEI| events. + + - An Exception Handling Framework (EHF) that allows dispatching of EL3 + interrupts to their registered handlers, to facilitate firmware-first + error handling. + +- A dynamic configuration framework that enables each of the firmware images + to be configured at runtime if required by the platform. It also enables + loading of a hardware configuration (for example, a kernel device tree) + as part of the FIP, to be passed through the firmware stages. + +- Support for alternative boot flows, for example to support platforms where + the EL3 Runtime Software is loaded using other firmware or a separate + secure system processor, or where a non-TF-A ROM expects BL2 to be loaded + at EL3. + +- Support for the GCC, LLVM and Arm Compiler 6 toolchains. + +- Support for combining several libraries into a "romlib" image that may be + shared across images to reduce memory footprint. The romlib image is stored + in ROM but is accessed through a jump-table that may be stored + in read-write memory, allowing for the library code to be patched. + +- A prototype implementation of a Secure Partition Manager (SPM) that is based + on the SPCI Alpha 1 and SPRT draft specifications. + +- Support for ARMv8.3 pointer authentication in the normal and secure worlds. + The use of pointer authentication in the normal world is enabled whenever + architectural support is available, without the need for additional build + flags. Use of pointer authentication in the secure world remains an + experimental configuration at this time and requires the + ``BRANCH_PROTECTION`` option to be set to non-zero. + +- Position-Independent Executable (PIE) support. Initially for BL31 only, with + further support to be added in a future release. + +Still to come +------------- + +- Support for additional platforms. + +- Refinements to Position Independent Executable (PIE) support. + +- Continued support for the draft SPCI specification, to enable the use of + secure partition management in the secure world. + +- Documentation enhancements. + +- Ongoing support for new architectural features, CPUs and System IP. + +- Ongoing support for new Arm system architecture specifications. + +- Ongoing security hardening, optimization and quality improvements. + +.. _SMC Calling Convention: http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf +.. _OP-TEE Secure OS: https://github.com/OP-TEE/optee_os +.. _NVIDIA Trusted Little Kernel: http://nv-tegra.nvidia.com/gitweb/?p=3rdparty/ote_partner/tlk.git;a=summary +.. _Trusty Secure OS: https://source.android.com/security/trusty + +-------------- + +*Copyright (c) 2019, Arm Limited. All rights reserved.* diff --git a/docs/about/index.rst b/docs/about/index.rst new file mode 100644 index 00000000..3a102668 --- /dev/null +++ b/docs/about/index.rst @@ -0,0 +1,13 @@ +About +===== + +.. toctree:: + :maxdepth: 1 + :caption: Contents + :numbered: + + features + release-information + maintainers + contact + acknowledgements diff --git a/docs/maintainers.rst b/docs/about/maintainers.rst index d997baac..68f84ea5 100644 --- a/docs/maintainers.rst +++ b/docs/about/maintainers.rst @@ -19,8 +19,8 @@ Main maintainers :G: `AlexeiFedorov`_ :M: Paul Beesley <paul.beesley@arm.com> :G: `pbeesley-arm`_ -:M: John Tsichritzis <john.tsichritzis@arm.com> -:G: `jts-arm`_ +:M: György Szing <gyorgy.szing@arm.com> +:G: `gyuri-szing`_ Allwinner ARMv8 platform port ----------------------------- @@ -49,9 +49,9 @@ Amlogic Meson S905x (GXL) platform port :F: plat/amlogic/gxl/ Amlogic Meson S905X2 (G12A) platform port ---------------------------------------- +----------------------------------------- :M: Carlo Caione <ccaione@baylibre.com> -:G: `carlo.caione`_ +:G: `carlocaione`_ :F: docs/plat/meson-g12a.rst :F: drivers/amlogic/g12a :F: plat/amlogic/g12a/ @@ -122,7 +122,7 @@ Intel SocFPGA platform ports :M: Tien Hock Loh <tien.hock.loh@intel.com> :G: `thloh85-intel`_ :M: Hadi Asyrafi <muhammad.hadi.asyrafi.abdul.halim@intel.com> -:G: `mabdulha`_ +:G: mabdulha :F: plat/intel/soc :F: drivers/intel/soc/ @@ -282,14 +282,15 @@ Xilinx platform port .. _Anson-Huang: https://github.com/Anson-Huang .. _bryanodonoghue: https://github.com/bryanodonoghue .. _b49020: https://github.com/b49020 +.. _carlocaione: https://github.com/carlocaione .. _danh-arm: https://github.com/danh-arm .. _etienne-lms: https://github.com/etienne-lms .. _glneo: https://github.com/glneo .. _grandpaul: https://github.com/grandpaul +.. _gyuri-szing: https://github.com/gyuri-szing .. _hzhuang1: https://github.com/hzhuang1 .. _JackyBai: https://github.com/JackyBai .. _jenswi-linaro: https://github.com/jenswi-linaro -.. _jts-arm: https://github.com/jts-arm .. _jwerner-chromium: https://github.com/jwerner-chromium .. _kostapr: https://github.com/kostapr .. _ldts: https://github.com/ldts @@ -308,6 +309,7 @@ Xilinx platform port .. _sivadur: https://github.com/sivadur .. _smaeul: https://github.com/smaeul .. _soby-mathew: https://github.com/soby-mathew +.. _thloh85-intel: https://github.com/thloh85-intel .. _thomas-arm: https://github.com/thomas-arm .. _TonyXie06: https://github.com/TonyXie06 .. _vwadekar: https://github.com/vwadekar diff --git a/docs/process/release-information.rst b/docs/about/release-information.rst index e264e51a..c230e605 100644 --- a/docs/process/release-information.rst +++ b/docs/about/release-information.rst @@ -6,11 +6,11 @@ Project Release Cadence The project currently aims to do a release once every 6 months which will be tagged on the master branch. There will be a code freeze (stop merging -non-essential PRs) up to 4 weeks prior to the target release date. The release +non-essential changes) up to 4 weeks prior to the target release date. The release candidates will start appearing after this and only bug fixes or updates required for the release will be merged. The maintainers are free to use their -judgement on what PRs are essential for the release. A release branch may be -created after code freeze if there are significant PRs that need merging onto +judgement on what changes are essential for the release. A release branch may be +created after code freeze if there are significant changes that need merging onto the integration branch during the merge window. The release testing will be performed on release candidates and depending on @@ -38,6 +38,10 @@ depending on project requirement and partner feedback. +-----------------+---------------------------+------------------------------+ | v2.1 | 5th week of Mar '19 | 1st week of Mar '19 | +-----------------+---------------------------+------------------------------+ +| v2.2 | 4th week of Oct '19 | 1st week of Oct '19 | ++-----------------+---------------------------+------------------------------+ +| v2.3 | 4th week of Mar '20 | 1st week of Mar '20 | ++-----------------+---------------------------+------------------------------+ Removal of Deprecated Interfaces -------------------------------- @@ -51,32 +55,14 @@ Release version after which it will be removed. | | Date | after | | | | | Release | | +================================+=============+=========+=========================================================+ -| Legacy Console API | Jan '18 | v2.1 | Deprecated in favour of ``MULTI_CONSOLE_API`` | -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| Weak default | Oct '18 | v2.1 | The default implementations are defined in | -| ``plat_crash_console_*`` | | | ``crash_console_helpers.S``. The platforms have to | -| APIs | | | define ``plat_crash_console_*``. | -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| ``finish_console_register`` | Oct '18 | v2.1 | The old version of the macro is deprecated. See commit | -| macro in | | | cc5859c_ for more details. | -| ``MULTI_CONSOLE_API`` | | | | +| ``AARCH32``/``AARCH64`` macros | Oct '19 | v2.3 | Deprecated in favor of ``__aarch64__`` | +--------------------------------+-------------+---------+---------------------------------------------------------+ -| Types ``tzc_action_t`` and | Oct '18 | v2.1 | Using logical operations such as OR in enumerations | -| ``tzc_region_attributes_t`` | | | goes against the MISRA guidelines. | +| ``__ASSEMBLY__`` macro | Oct '19 | v2.3 | Deprecated in favor of ``__ASSEMBLER__`` | +--------------------------------+-------------+---------+---------------------------------------------------------+ -| Macro ``EL_IMPLEMENTED()`` | Oct '18 | v2.1 | Deprecated in favour of ``el_implemented()``. | -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| ``get_afflvl_shift()``, | Dec '18 | v2.1 | Removed. | -| ``mpidr_mask_lower_afflvls()``,| | | | -| and ``eret()``. | | | | -+--------------------------------+-------------+---------+---------------------------------------------------------+ -| Extra include paths in the | Jan '18 | v2.1 | Now it is needed to use the full path of the common | -| Makefile in ``INCLUDES``. | | | header files. More information in commit 09d40e0e0828_. | +| Prototype SPCI-based SPM | Oct '19 | v2.2 | Based on outdated Alpha 1 spec. Will be replaced with | +| (services/std_svc/spm) | | | alternative methods of secure partitioning support. | +--------------------------------+-------------+---------+---------------------------------------------------------+ -------------- *Copyright (c) 2018-2019, Arm Limited and Contributors. All rights reserved.* - -.. _cc5859c: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=cc5859ca19ff546c35eb0331000dae090b6eabcf -.. _09d40e0e0828: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/commit/?id=09d40e0e08283a249e7dce0e106c07c5141f9b7e diff --git a/docs/components/firmware-update.rst b/docs/components/firmware-update.rst index 2bff00f5..a5915656 100644 --- a/docs/components/firmware-update.rst +++ b/docs/components/firmware-update.rst @@ -7,7 +7,7 @@ Introduction This document describes the design of the Firmware Update (FWU) feature, which enables authenticated firmware to update firmware images from external interfaces such as USB, UART, SD-eMMC, NAND, NOR or Ethernet to SoC Non-Volatile -memories such as NAND Flash, LPPDR2-NVM or any memory determined by the +memories such as NAND Flash, LPDDR2-NVM or any memory determined by the platform. This feature functions even when the current firmware in the system is corrupt or missing; it therefore may be used as a recovery mode. It may also be complemented by other, higher level firmware update software. diff --git a/docs/conf.py b/docs/conf.py index b267de0e..a100241c 100644 --- a/docs/conf.py +++ b/docs/conf.py @@ -15,9 +15,6 @@ import os project = 'Trusted Firmware-A' -version = '2.1' -release = version # We don't need these to be distinct - # -- General configuration --------------------------------------------------- # Add any Sphinx extension module names here, as strings. They can be diff --git a/docs/design/firmware-design.rst b/docs/design/firmware-design.rst index 1deacb7f..4958fc09 100644 --- a/docs/design/firmware-design.rst +++ b/docs/design/firmware-design.rst @@ -1672,7 +1672,7 @@ The following list describes the memory layout on the Arm development platforms: point during a cold boot. - On Juno, SCP_BL2 is loaded temporarily into the EL3 Runtime Software memory - region and transfered to the SCP before being overwritten by EL3 Runtime + region and transferred to the SCP before being overwritten by EL3 Runtime Software. - BL32 (for AArch64) can be loaded in one of the following locations: @@ -2623,7 +2623,7 @@ Cortex-A architecture through ``ARM_CORTEX_A<X> = yes`` in their Cortex-A15 target. Platform can also set ``ARM_WITH_NEON=yes`` to enable neon support. -Note that using neon at runtime has constraints on non secure wolrd context. +Note that using neon at runtime has constraints on non secure world context. TF-A does not yet provide VFP context management. Directive ``ARM_CORTEX_A<x>`` and ``ARM_WITH_NEON`` are used to set diff --git a/docs/getting_started/image-terminology.rst b/docs/getting_started/image-terminology.rst index d9e08f76..5993d6e7 100644 --- a/docs/getting_started/image-terminology.rst +++ b/docs/getting_started/image-terminology.rst @@ -7,7 +7,7 @@ images referred to in the Trusted Firmware project. General Notes ------------- -- Some of the names and abbreviated names have changed to accomodate new +- Some of the names and abbreviated names have changed to accommodate new requirements. The changed names are as backward compatible as possible to minimize confusion. Where applicable, the previous names are indicated. Some code, documentation and build artefacts may still refer to the previous names; @@ -44,7 +44,7 @@ AP Boot ROM: ``AP_BL1`` ~~~~~~~~~~~~~~~~~~~~~~~ Typically, this is the first code to execute on the AP and cannot be modified. -Its primary purpose is to perform the minimum intialization necessary to load +Its primary purpose is to perform the minimum initialization necessary to load and authenticate an updateable AP firmware image into an executable RAM location, then hand-off control to that image. @@ -96,7 +96,7 @@ SCP Boot ROM: ``SCP_BL1`` (previously ``BL0``) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Typically, this is the first code to execute on the SCP and cannot be modified. -Its primary purpose is to perform the minimum intialization necessary to load +Its primary purpose is to perform the minimum initialization necessary to load and authenticate an updateable SCP firmware image into an executable RAM location, then hand-off control to that image. This may be performed in conjunction with other processor firmware (for example, ``AP_BL1`` and @@ -129,7 +129,7 @@ AP Firmware Update Boot ROM: ``AP_NS_BL1U`` Typically, this is the first normal world code to execute on the AP during a firmware update operation, and cannot be modified. Its primary purpose is to -load subequent firmware update images from an external interface and communicate +load subsequent firmware update images from an external interface and communicate with ``AP_BL1`` to authenticate those images. During firmware update, there are (potentially) multiple transitions between the diff --git a/docs/getting_started/porting-guide.rst b/docs/getting_started/porting-guide.rst index d7157690..9cca75e9 100644 --- a/docs/getting_started/porting-guide.rst +++ b/docs/getting_started/porting-guide.rst @@ -549,7 +549,7 @@ optionally be defined: - **PLAT_PARTITION_BLOCK_SIZE** The size of partition block. It could be either 512 bytes or 4096 bytes. The default value is 512. - `For example, define the build flag in platform.mk`_: + For example, define the build flag in ``platform.mk``: PLAT_PARTITION_BLOCK_SIZE := 4096 $(eval $(call add_define,PLAT_PARTITION_BLOCK_SIZE)) @@ -954,7 +954,7 @@ Function : plat_reset_handler() Return : void A platform may need to do additional initialization after reset. This function -allows the platform to do the platform specific intializations. Platform +allows the platform to do the platform specific initializations. Platform specific errata workarounds could also be implemented here. The API should preserve the values of callee saved registers x19 to x29. @@ -2777,7 +2777,7 @@ more functionality is required, the needed library functions will need to be added to the local implementation. Some C headers have been obtained from `FreeBSD`_ and `SCC`_, while others have -been written specifically for TF-A. Fome implementation files have been obtained +been written specifically for TF-A. Some implementation files have been obtained from `FreeBSD`_, others have been written specifically for TF-A as well. The files can be found in ``include/lib/libc`` and ``lib/libc``. diff --git a/docs/getting_started/user-guide.rst b/docs/getting_started/user-guide.rst index c7359ada..9876531a 100644 --- a/docs/getting_started/user-guide.rst +++ b/docs/getting_started/user-guide.rst @@ -188,8 +188,6 @@ Building TF-A `Summary of build options`_ for more information on available build options. - - (AArch32 only) Currently only ``PLAT=fvp`` is supported. - - (AArch32 only) ``AARCH32_SP`` is the AArch32 EL3 Runtime Software and it corresponds to the BL32 image. A minimal ``AARCH32_SP``, sp_min, is provided by TF-A to demonstrate how PSCI Library can be integrated with @@ -1360,7 +1358,7 @@ a single FIP binary. It assumes that a `Linaro Release`_ has been installed. make [DEBUG=1] [V=1] fiptool # Unpack firmware images from Linaro FIP - ./tools/fiptool/fiptool unpack <path-to-linaro-release>/fip.bin + ./tools/fiptool/fiptool unpack <path-to-linaro-release>/[SOFTWARE]/fip.bin The unpack operation will result in a set of binary images extracted to the current working directory. The SCP_BL2 image corresponds to @@ -1407,7 +1405,7 @@ a single FIP binary. It assumes that a `Linaro Release`_ has been installed. .. code:: shell - export CROSS_COMPILE=<path-to-aarch32-gcc>/bin/arm-linux-gnueabihf- + export CROSS_COMPILE=<path-to-aarch32-gcc>/bin/arm-eabi- - Build BL32 in AArch32. @@ -1766,6 +1764,7 @@ Arm FVPs without shifted affinities, and that do not support threaded CPU cores - ``FVP_Base_Cortex-A76AEx8`` - ``FVP_Base_Cortex-A77x4`` (Version 11.7 build 36) - ``FVP_Base_Neoverse-N1x4`` +- ``FVP_Base_Zeusx4`` - ``FVP_CSS_SGI-575`` (Version 11.3 build 42) - ``FVP_CSS_SGM-775`` (Version 11.3 build 42) - ``FVP_RD_E1Edge`` (Version 11.3 build 42) diff --git a/docs/index.rst b/docs/index.rst index 4f0f6ef7..baadd42c 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -6,6 +6,7 @@ Trusted Firmware-A Documentation :hidden: Home<self> + about/index getting_started/index process/index components/index @@ -14,14 +15,9 @@ Trusted Firmware-A Documentation perf/index security_advisories/index change-log - acknowledgements glossary - maintainers license -.. contents:: On This Page - :depth: 3 - Trusted Firmware-A (TF-A) provides a reference implementation of secure world software for `Armv7-A and Armv8-A`_, including a `Secure Monitor`_ executing at Exception Level 3 (EL3). It implements various Arm interface standards, @@ -47,229 +43,41 @@ In collaboration with interested parties, we will continue to enhance |TF-A| with reference implementations of Arm standards to benefit developers working with Armv7-A and Armv8-A TrustZone technology. -Functionality -------------- - -- Initialization of the secure world, for example exception vectors, control - registers and interrupts for the platform. - -- Library support for CPU specific reset and power down sequences. This - includes support for errata workarounds and the latest Arm DynamIQ CPUs. - -- Drivers to enable standard initialization of Arm System IP, for example - Generic Interrupt Controller (GIC), Cache Coherent Interconnect (CCI), - Cache Coherent Network (CCN), Network Interconnect (NIC) and TrustZone - Controller (TZC). - -- A generic `SCMI`_ driver to interface with conforming power controllers, for - example the Arm System Control Processor (SCP). - -- SMC (Secure Monitor Call) handling, conforming to the `SMC Calling - Convention`_ using an EL3 runtime services framework. - -- `PSCI`_ library support for CPU, cluster and system power management - use-cases. - This library is pre-integrated with the AArch64 EL3 Runtime Software, and - is also suitable for integration with other AArch32 EL3 Runtime Software, - for example an AArch32 Secure OS. - -- A minimal AArch32 Secure Payload (SP\_MIN) to demonstrate `PSCI`_ library - integration with AArch32 EL3 Runtime Software. - -- Secure Monitor library code such as world switching, EL1 context management - and interrupt routing. - When a Secure-EL1 Payload (SP) is present, for example a Secure OS, the - AArch64 EL3 Runtime Software must be integrated with a Secure Payload - Dispatcher (SPD) component to customize the interaction with the SP. - -- A Test SP and SPD to demonstrate AArch64 Secure Monitor functionality and SP - interaction with PSCI. - -- SPDs for the `OP-TEE Secure OS`_, `NVIDIA Trusted Little Kernel`_ - and `Trusty Secure OS`_. - -- A Trusted Board Boot implementation, conforming to all mandatory TBBR - requirements. This includes image authentication, Firmware Update (or - recovery mode), and packaging of the various firmware images into a - Firmware Image Package (FIP). - -- Pre-integration of TBB with the Arm CryptoCell product, to take advantage of - its hardware Root of Trust and crypto acceleration services. - -- Reliability, Availability, and Serviceability (RAS) functionality, including - - - A Secure Partition Manager (SPM) to manage Secure Partitions in - Secure-EL0, which can be used to implement simple management and - security services. - - - An |SDEI| dispatcher to route interrupt-based |SDEI| events. - - - An Exception Handling Framework (EHF) that allows dispatching of EL3 - interrupts to their registered handlers, to facilitate firmware-first - error handling. - -- A dynamic configuration framework that enables each of the firmware images - to be configured at runtime if required by the platform. It also enables - loading of a hardware configuration (for example, a kernel device tree) - as part of the FIP, to be passed through the firmware stages. - -- Support for alternative boot flows, for example to support platforms where - the EL3 Runtime Software is loaded using other firmware or a separate - secure system processor, or where a non-TF-A ROM expects BL2 to be loaded - at EL3. - -- Support for the GCC, LLVM and Arm Compiler 6 toolchains. - -- Support for combining several libraries into a "romlib" image that may be - shared across images to reduce memory footprint. The romlib image is stored - in ROM but is accessed through a jump-table that may be stored - in read-write memory, allowing for the library code to be patched. - -- A prototype implementation of a Secure Partition Manager (SPM) that is based - on the SPCI Alpha 1 and SPRT draft specifications. - -- Support for ARMv8.3 pointer authentication in the normal and secure worlds. - The use of pointer authentication in the normal world is enabled whenever - architectural support is available, without the need for additional build - flags. Use of pointer authentication in the secure world remains an - experimental configuration at this time and requires the - ``BRANCH_PROTECTION`` option to be set to non-zero. - -- Position-Independent Executable (PIE) support. Initially for BL31 only, with - further support to be added in a future release. - -For a full description of functionality and implementation details, please -see :ref:`Firmware Design` and supporting documentation. The -:ref:`Change Log & Release Notes` provides details of changes made since the -last release. - -Platforms ---------- - -Various AArch32 and AArch64 builds of this release have been tested on r0, r1 -and r2 variants of the `Juno Arm Development Platform`_. - -The latest version of the AArch64 build of TF-A has been tested on the following -Arm FVPs without shifted affinities, and that do not support threaded CPU cores -(64-bit host machine only). - -.. note:: - The FVP models used are Version 11.5 Build 33, unless otherwise stated. - -- ``FVP_Base_AEMv8A-AEMv8A`` -- ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502`` -- ``FVP_Base_RevC-2xAEMv8A`` -- ``FVP_Base_Cortex-A32x4`` -- ``FVP_Base_Cortex-A35x4`` -- ``FVP_Base_Cortex-A53x4`` -- ``FVP_Base_Cortex-A55x4+Cortex-A75x4`` -- ``FVP_Base_Cortex-A55x4`` -- ``FVP_Base_Cortex-A57x1-A53x1`` -- ``FVP_Base_Cortex-A57x2-A53x4`` -- ``FVP_Base_Cortex-A57x4-A53x4`` -- ``FVP_Base_Cortex-A57x4`` -- ``FVP_Base_Cortex-A72x4-A53x4`` -- ``FVP_Base_Cortex-A72x4`` -- ``FVP_Base_Cortex-A73x4-A53x4`` -- ``FVP_Base_Cortex-A73x4`` -- ``FVP_Base_Cortex-A75x4`` -- ``FVP_Base_Cortex-A76x4`` -- ``FVP_Base_Cortex-A76AEx4`` (Tested with internal model) -- ``FVP_Base_Cortex-A76AEx8`` (Tested with internal model) -- ``FVP_Base_Cortex-A77x4`` (Version 11.7 build 36) -- ``FVP_Base_Neoverse-N1x4`` (Tested with internal model) -- ``FVP_CSS_SGI-575`` (Version 11.3 build 42) -- ``FVP_CSS_SGM-775`` (Version 11.3 build 42) -- ``FVP_RD_E1Edge`` (Version 11.3 build 42) -- ``FVP_RD_N1Edge`` (Version 11.3 build 42) -- ``Foundation_Platform`` - -The latest version of the AArch32 build of TF-A has been tested on the following -Arm FVPs without shifted affinities, and that do not support threaded CPU cores -(64-bit host machine only). - -- ``FVP_Base_AEMv8A-AEMv8A`` -- ``FVP_Base_Cortex-A32x4`` - -.. note:: - The ``FVP_Base_RevC-2xAEMv8A`` FVP only supports shifted affinities. - -The Foundation FVP can be downloaded free of charge. The Base FVPs can be -licensed from Arm. See the `Arm FVP website`_. - -All the above platforms have been tested with `Linaro Release 18.04`_. - -This release also contains the following platform support: - -- Allwinner sun50i_a64 and sun50i_h6 -- Amlogic Meson S905 (GXBB) -- Arm Juno Software Development Platform -- Arm Neoverse N1 System Development Platform (N1SDP) -- Arm Neoverse Reference Design N1 Edge (RD-N1-Edge) FVP -- Arm Neoverse Reference Design E1 Edge (RD-E1-Edge) FVP -- Arm SGI-575 and SGM-775 -- Arm Versatile Express FVP -- HiKey, HiKey960 and Poplar boards -- Intel Stratix 10 SoC FPGA -- Marvell Armada 3700 and 8K -- MediaTek MT6795 and MT8173 SoCs -- NVIDIA T132, T186 and T210 SoCs -- NXP QorIQ LS1043A, i.MX8MM, i.MX8MQ, i.MX8QX, i.MX8QM and i.MX7Solo WaRP7 -- QEMU -- Raspberry Pi 3 -- Renesas R-Car Generation 3 -- RockChip RK3328, RK3368 and RK3399 SoCs -- Socionext UniPhier SoC family and SynQuacer SC2A11 SoCs -- STMicroelectronics STM32MP1 -- Texas Instruments K3 SoCs -- Xilinx Versal and Zynq UltraScale + MPSoC - -Still to come -------------- - -- Support for additional platforms. - -- Refinements to Position Independent Executable (PIE) support. - -- Refinements to the SPCI-based SPM implementation as the draft SPCI and SPRT - specifications continue to evolve. - -- Documentation enhancements. - -- Ongoing support for new architectural features, CPUs and System IP. - -- Ongoing support for new Arm system architecture specifications. - -- Ongoing security hardening, optimization and quality improvements. - -For a full list of detailed issues in the current code, please see the -:ref:`Change Log & Release Notes` and the `issue tracker`_. - -Getting started +Getting Started --------------- -See the :ref:`User Guide` for instructions on how to download, install, build -and use TF-A with the Arm `FVP`_\ s. +The |TF-A| documentation contains guidance for obtaining and building the +software for existing, supported platforms, as well as supporting information +for porting the software to a new platform. + +The **About** chapter gives a high-level overview of |TF-A| features as well as +some information on the project and how it is organized. -See the :ref:`Firmware Design` for information on how TF-A works. +Refer to the documents in the **Getting Started** chapter for information about +the prerequisites and requirements for building |TF-A|. -See the :ref:`Porting Guide` as well for information about how to use this -software on another Armv7-A or Armv8-A platform. +The **Processes & Policies** chapter explains the project's release schedule +and process, how security disclosures are handled, and the guidelines for +contributing to the project (including the coding style). -See the :ref:`Contributor's Guide` for information on how to contribute to this -project and the :ref:`Contributor Acknowledgements` file for a list of -contributors to the project. +The **Components** chapter holds documents that explain specific components +that make up the |TF-A| software, the :ref:`Exception Handling Framework`, for +example. -Contact Us -~~~~~~~~~~ +In the **System Design** chapter you will find documents that explain the +design of portions of the software that involve more than one component, such +as the :ref:`Trusted Board Boot` process. -We welcome any feedback on TF-A. If you think you have found a security -vulnerability, please report this using the process defined in the TF-A -:ref:`Security Handling` document. +**Platform Ports** provides a list of the supported hardware and software-model +platforms that are supported upstream in |TF-A|. Most of these platforms also +have additional documentation that has been provided by the maintainers of the +platform. -For all other feedback, please use the `issue tracker`_ or our `mailing list`_. +The results of any performance evaluations are added to the +**Performance & Testing** chapter. -Arm licensees may contact Arm directly via their partner managers. +**Security Advisories** holds a list of documents relating to |CVE| entries that +have previously been raised against the software. -------------- @@ -277,21 +85,8 @@ Arm licensees may contact Arm directly via their partner managers. .. _Armv7-A and Armv8-A: https://developer.arm.com/products/architecture/a-profile .. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php -.. _Power State Coordination Interface (PSCI): PSCI_ -.. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf +.. _Power State Coordination Interface (PSCI): http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf .. _Trusted Board Boot Requirements CLIENT (TBBR-CLIENT): https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a +.. _System Control and Management Interface (SCMI): http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf +.. _Software Delegated Exception Interface (SDEI): http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf .. _SMC Calling Convention: http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf -.. _System Control and Management Interface (SCMI): SCMI_ -.. _SCMI: http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf -.. _Software Delegated Exception Interface (SDEI): SDEI_ -.. _SDEI: http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf -.. _Juno Arm Development Platform: http://www.arm.com/products/tools/development-boards/versatile-express/juno-arm-development-platform.php -.. _Arm FVP website: FVP_ -.. _FVP: https://developer.arm.com/products/system-design/fixed-virtual-platforms -.. _Linaro Release 18.04: https://community.arm.com/dev-platforms/b/documents/posts/linaro-release-notes-deprecated#LinaroRelease18.04 -.. _OP-TEE Secure OS: https://github.com/OP-TEE/optee_os -.. _NVIDIA Trusted Little Kernel: http://nv-tegra.nvidia.com/gitweb/?p=3rdparty/ote_partner/tlk.git;a=summary -.. _Trusty Secure OS: https://source.android.com/security/trusty -.. _trustedfirmware.org: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git -.. _issue tracker: https://issues.trustedfirmware.org -.. _mailing list: https://lists.trustedfirmware.org/mailman/listinfo/tf-a diff --git a/docs/perf/psci-performance-juno.rst b/docs/perf/psci-performance-juno.rst index 4cc43026..c127c1c4 100644 --- a/docs/perf/psci-performance-juno.rst +++ b/docs/perf/psci-performance-juno.rst @@ -168,7 +168,7 @@ the cache associated with power level 0 is flushed (L1). | 5 | 21 | 17 | 6 | +-------+---------------------+--------------------+--------------------------+ -The ``CLUSH_OVERHEAD`` times for lead CPU 4 and all CPUs in the non-lead cluster +The ``CFLUSH_OVERHEAD`` times for lead CPU 4 and all CPUs in the non-lead cluster are large because all other CPUs in the cluster are powered down during the test. The ``CPU_SUSPEND`` call powers down to the cluster level, requiring a flush of both L1 and L2 caches. diff --git a/docs/plat/index.rst b/docs/plat/index.rst index d0b4827b..5495280a 100644 --- a/docs/plat/index.rst +++ b/docs/plat/index.rst @@ -5,6 +5,7 @@ Platform Ports :maxdepth: 1 :caption: Contents :numbered: + :hidden: allwinner meson-gxbb @@ -35,3 +36,83 @@ Platform Ports ti-k3 xilinx-versal xilinx-zynqmp + +This section provides a list of supported upstream *platform ports* and the +documentation associated with them. The list of suported Arm |FVP| platforms is +outlined in the following section. + +.. note:: + In addition to the platforms ports listed within the table of contents, there + are several additional platforms that are supported upstream but which do not + currently have associated documentation: + + - Arm Juno Software Development Platform. Various |AArch32| and |AArch64| + builds of this release have been tested on r0, r1 and r2 variants of the + `Juno Arm Development Platform`_. + - Arm Neoverse N1 System Development Platform (N1SDP) + - Arm Neoverse Reference Design N1 Edge (RD-N1-Edge) FVP + - Arm Neoverse Reference Design E1 Edge (RD-E1-Edge) FVP + - Arm SGI-575 and SGM-775 + - MediaTek MT6795 and MT8173 SoCs + +Fixed Virtual Platform (FVP) Support +------------------------------------ + +The latest version of the AArch64 build of TF-A has been tested on the +following Arm FVPs without shifted affinities, and that do not support threaded +CPU cores (64-bit host machine only). + +.. note:: + The FVP models used are Version 11.6 Build 45, unless otherwise stated. + +- ``FVP_Base_AEMv8A-AEMv8A`` +- ``FVP_Base_AEMv8A-AEMv8A-AEMv8A-AEMv8A-CCN502`` +- ``FVP_Base_RevC-2xAEMv8A`` +- ``FVP_Base_Cortex-A32x4`` +- ``FVP_Base_Cortex-A35x4`` +- ``FVP_Base_Cortex-A53x4`` +- ``FVP_Base_Cortex-A55x4+Cortex-A75x4`` +- ``FVP_Base_Cortex-A55x4`` +- ``FVP_Base_Cortex-A57x1-A53x1`` +- ``FVP_Base_Cortex-A57x2-A53x4`` +- ``FVP_Base_Cortex-A57x4-A53x4`` +- ``FVP_Base_Cortex-A57x4`` +- ``FVP_Base_Cortex-A72x4-A53x4`` +- ``FVP_Base_Cortex-A72x4`` +- ``FVP_Base_Cortex-A73x4-A53x4`` +- ``FVP_Base_Cortex-A73x4`` +- ``FVP_Base_Cortex-A75x4`` +- ``FVP_Base_Cortex-A76x4`` +- ``FVP_Base_Cortex-A76AEx4`` (Tested with internal model) +- ``FVP_Base_Cortex-A76AEx8`` (Tested with internal model) +- ``FVP_Base_Cortex-A77x4`` (Version 11.7 build 36) +- ``FVP_Base_Zeusx4`` +- ``FVP_Base_Neoverse-N1x4`` (Tested with internal model) +- ``FVP_CSS_SGI-575`` (Version 11.3 build 42) +- ``FVP_CSS_SGM-775`` (Version 11.3 build 42) +- ``FVP_RD_E1Edge`` (Version 11.3 build 42) +- ``FVP_RD_N1Edge`` (Version 11.3 build 42) +- ``Foundation_Platform`` + +The latest version of the AArch32 build of TF-A has been tested on the +following Arm FVPs without shifted affinities, and that do not support threaded +CPU cores (64-bit host machine only). + +- ``FVP_Base_AEMv8A-AEMv8A`` +- ``FVP_Base_Cortex-A32x4`` + +.. note:: + The ``FVP_Base_RevC-2xAEMv8A`` FVP only supports shifted affinities. + +The *Foundation* and *Base* FVPs can be downloaded free of charge. See the +`Arm FVP website`_. + +All the above platforms have been tested with `Linaro Release 19.06`_. + +-------------- + +*Copyright (c) 2019, Arm Limited. All rights reserved.* + +.. _Juno Arm Development Platform: http://www.arm.com/products/tools/development-boards/versatile-express/juno-arm-development-platform.php +.. _Arm FVP website: https://developer.arm.com/products/system-design/fixed-virtual-platforms +.. _Linaro Release 19.06: http://releases.linaro.org/members/arm/platforms/19.06 diff --git a/docs/plat/marvell/porting.rst b/docs/plat/marvell/porting.rst index 8fc1c1f6..0a71dbd5 100644 --- a/docs/plat/marvell/porting.rst +++ b/docs/plat/marvell/porting.rst @@ -112,7 +112,7 @@ Comphy Porting (phy-porting-layer.h or phy-default-porting-layer.h) .. seealso:: For XFI/SFI comphy type there is procedure "rx_training" which eases - process of suiting some of the parameters. Please see :ref:`uboot_cmd` + process of suiting some of the parameters. Please see *uboot_cmd* section: rx_training. The PHY porting layer simplifies updating static values per board type, diff --git a/docs/plat/meson-g12a.rst b/docs/plat/meson-g12a.rst index 1021da47..7cd1bf74 100644 --- a/docs/plat/meson-g12a.rst +++ b/docs/plat/meson-g12a.rst @@ -1,5 +1,5 @@ Amlogic Meson S905X2 (G12A) -========================== +=========================== The Amlogic Meson S905X2 is a SoC with a quad core Arm Cortex-A53 running at ~1.8GHz. It also contains a Cortex-M3 used as SCP. diff --git a/docs/process/coding-guidelines.rst b/docs/process/coding-guidelines.rst index a53da77b..cb8b8924 100644 --- a/docs/process/coding-guidelines.rst +++ b/docs/process/coding-guidelines.rst @@ -23,8 +23,8 @@ include: - ``**WARNING: Use of volatile is usually wrong``: see `Why the “volatile” type class should not be used`_ . Although this document - contains some very useful information, there are several legimate uses of the - volatile keyword within the TF codebase. + contains some very useful information, there are several legitimate uses of + the volatile keyword within the TF codebase. Headers and inclusion --------------------- diff --git a/docs/process/index.rst b/docs/process/index.rst index a870c8f5..9c12de82 100644 --- a/docs/process/index.rst +++ b/docs/process/index.rst @@ -6,7 +6,6 @@ Processes & Policies :caption: Contents :numbered: - release-information security platform-compatibility-policy coding-guidelines diff --git a/docs/security_advisories/security-advisory-tfv-6.rst b/docs/security_advisories/security-advisory-tfv-6.rst index 495eddda..9eeaeec5 100644 --- a/docs/security_advisories/security-advisory-tfv-6.rst +++ b/docs/security_advisories/security-advisory-tfv-6.rst @@ -51,7 +51,7 @@ the MMU. For Cortex-A73 and Cortex-A75 CPUs, the PRs in this advisory invalidate the branch predictor when entering EL3 by temporarily dropping into AArch32 Secure-EL1 and executing the ``BPIALL`` instruction. This workaround is -signifiantly more complex than the "MMU disable/enable" workaround. The latter +significantly more complex than the "MMU disable/enable" workaround. The latter is not effective at invalidating the branch predictor on Cortex-A73/Cortex-A75. Note that if other privileged software, for example a Rich OS kernel, implements |