jim.lai/OpenBMC
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Your Name
2026-04-23 17:07:55 +08:00
commit b7e39e063b
16725 changed files with 1625565 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-arm/meta-arm-bsp/documentation/corstone1000/change-log.rst
+230
View File
@@ -0,0 +1,230 @@
..
# Copyright (c) 2022-2023, Arm Limited.
#
# SPDX-License-Identifier: MIT
##########
Change Log
##########
This document contains a summary of the new features, changes and
fixes in each release of Corstone-1000 software stack.
***************
Version 2023.06
***************
Changes
=======
- GPT support (in TF-M, TF-A, U-boot)
- Use TF-M BL1 code as the ROM code instead of MCUboot (the next stage bootloader BL2 remains to be MCUboot)
- Secure Enclave uses CC312 OTP as the provisioning backend in FVP and FPGA
- NVMXIP block storage support in U-Boot
- Upgrading the SW stack recipes
- Upgrades for the U-Boot FF-A driver and MM communication
Corstone-1000 components versions
=================================
+-------------------------------------------+--------------------------------------------+
| arm-ffa-tee | 1.1.2-r0 |
+-------------------------------------------+--------------------------------------------+
| arm-ffa-user | 5.0.1-r0 |
+-------------------------------------------+--------------------------------------------+
| corstone1000-external-sys-tests | 1.0+gitAUTOINC+2945cd92f7-r0 |
+-------------------------------------------+--------------------------------------------+
| external-system | 0.1.0+gitAUTOINC+8c9dca74b1-r0 |
+-------------------------------------------+--------------------------------------------+
| linux-yocto | 6.1.25+gitAUTOINC+36901b5b29_581dc1aa2f-r0 |
+-------------------------------------------+--------------------------------------------+
| u-boot | 2023.01-r0 |
+-------------------------------------------+--------------------------------------------+
| optee-client | 3.18.0-r0 |
+-------------------------------------------+--------------------------------------------+
| optee-os | 3.20.0-r0 |
+-------------------------------------------+--------------------------------------------+
| trusted-firmware-a | 2.8.0-r0 |
+-------------------------------------------+--------------------------------------------+
| trusted-firmware-m | 1.7.0-r0 |
+-------------------------------------------+--------------------------------------------+
| ts-newlib | 4.1.0-r0 |
+-------------------------------------------+--------------------------------------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 38cb53a4d9 |
+-------------------------------------------+--------------------------------------------+
| ts-sp-{se-proxy, smm-gateway} | 08b3d39471 |
+-------------------------------------------+--------------------------------------------+
Yocto distribution components versions
======================================
+-------------------------------------------+--------------------------------+
| meta-arm | mickledore |
+-------------------------------------------+--------------------------------+
| poky | mickledore |
+-------------------------------------------+--------------------------------+
| meta-openembedded | mickledore |
+-------------------------------------------+--------------------------------+
| busybox | 1.36.0-r0 |
+-------------------------------------------+--------------------------------+
| musl | 1.2.3+gitAUTOINC+7d756e1c04-r0 |
+-------------------------------------------+--------------------------------+
| gcc-arm-none-eabi-native | 11.2-2022.02 |
+-------------------------------------------+--------------------------------+
| gcc-cross-aarch64 | 12.2.rel1-r0 |
+-------------------------------------------+--------------------------------+
| openssl | 3.1.0-r0 |
+-------------------------------------------+--------------------------------+
******************
Version 2022.11.23
******************
Changes
=======
- Booting the External System (Cortex-M3) with RTX RTOS
- Adding MHU communication between the HOST (Cortex-A35) and the External System
- Adding a Linux application to test the External System
- Adding ESRT (EFI System Resource Table) support
- Upgrading the SW stack recipes
- Upgrades for the U-Boot FF-A driver and MM communication
Corstone-1000 components versions
=================================
+-------------------------------------------+------------+
| arm-ffa-tee | 1.1.1 |
+-------------------------------------------+------------+
| arm-ffa-user | 5.0.0 |
+-------------------------------------------+------------+
| corstone1000-external-sys-tests | 1.0 |
+-------------------------------------------+------------+
| external-system | 0.1.0 |
+-------------------------------------------+------------+
| linux-yocto | 5.19 |
+-------------------------------------------+------------+
| u-boot | 2022.07 |
+-------------------------------------------+------------+
| optee-client | 3.18.0 |
+-------------------------------------------+------------+
| optee-os | 3.18.0 |
+-------------------------------------------+------------+
| trusted-firmware-a | 2.7.0 |
+-------------------------------------------+------------+
| trusted-firmware-m | 1.6.0 |
+-------------------------------------------+------------+
| ts-newlib | 4.1.0 |
+-------------------------------------------+------------+
| ts-psa-{crypto, iat, its. ps}-api-test | 451aa087a4 |
+-------------------------------------------+------------+
| ts-sp-{se-proxy, smm-gateway} | 3d4956770f |
+-------------------------------------------+------------+
Yocto distribution components versions
======================================
+-------------------------------------------+---------------------+
| meta-arm | langdale |
+-------------------------------------------+---------------------+
| poky | langdale |
+-------------------------------------------+---------------------+
| meta-openembedded | langdale |
+-------------------------------------------+---------------------+
| busybox | 1.35.0 |
+-------------------------------------------+---------------------+
| musl | 1.2.3+git37e18b7bf3 |
+-------------------------------------------+---------------------+
| gcc-arm-none-eabi-native | 11.2-2022.02 |
+-------------------------------------------+---------------------+
| gcc-cross-aarch64 | 12.2 |
+-------------------------------------------+---------------------+
| openssl | 3.0.5 |
+-------------------------------------------+---------------------+
******************
Version 2022.04.04
******************
Changes
=======
- Linux distro openSUSE, raw image installation and boot in the FVP.
- SCT test support in FVP.
- Manual capsule update support in FVP.
******************
Version 2022.02.25
******************
Changes
=======
- Building and running psa-arch-tests on Corstone-1000 FVP
- Enabled smm-gateway partition in Trusted Service on Corstone-1000 FVP
- Enabled MHU driver in Trusted Service on Corstone-1000 FVP
- Enabled OpenAMP support in SE proxy SP on Corstone-1000 FVP
******************
Version 2022.02.21
******************
Changes
=======
- psa-arch-tests: recipe is dropped and merged into the secure-partitons recipe.
- psa-arch-tests: The tests are align with latest tfm version for psa-crypto-api suite.
******************
Version 2022.01.18
******************
Changes
=======
- psa-arch-tests: change master to main for psa-arch-tests
- U-Boot: fix null pointer exception for get_image_info
- TF-M: fix capsule instability issue for Corstone-1000
******************
Version 2022.01.07
******************
Changes
=======
- Corstone-1000: fix SystemReady-IR ACS test (SCT, FWTS) failures.
- U-Boot: send bootcomplete event to secure enclave.
- U-Boot: support populating Corstone-1000 image_info to ESRT table.
- U-Boot: add ethernet device and enable configs to support bootfromnetwork SCT.
******************
Version 2021.12.15
******************
Changes
=======
- Enabling Corstone-1000 FPGA support on:
- Linux 5.10
- OP-TEE 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.5
- Building and running psa-arch-tests
- Adding openamp support in SE proxy SP
- OP-TEE: adding smm-gateway partition
- U-Boot: introducing Arm FF-A and MM support
******************
Version 2021.10.29
******************
Changes
=======
- Enabling Corstone-1000 FVP support on:
- Linux 5.10
- OP-TEE 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.4
- Linux kernel: enabling EFI, adding FF-A debugfs driver, integrating ARM_FFA_TRANSPORT.
- U-Boot: Extending EFI support
- python3-imgtool: adding recipe for Trusted-firmware-m
- python3-imgtool: adding the Yocto recipe used in signing host images (based on MCUBOOT format)
--------------
*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
meta-arm/meta-arm-bsp/documentation/corstone1000/conf.py
+52
View File
@@ -0,0 +1,52 @@
# Configuration file for the Sphinx documentation builder.
#
# This file only contains a selection of the most common options. For a full
# list see the documentation:
# https://www.sphinx-doc.org/en/master/usage/configuration.html
# -- Path setup --------------------------------------------------------------
# If extensions (or modules to document with autodoc) are in another directory,
# add these directories to sys.path here. If the directory is relative to the
# documentation root, use os.path.abspath to make it absolute, like shown here.
#
# import os
# import sys
# sys.path.insert(0, os.path.abspath('.'))
# -- Project information -----------------------------------------------------
project = 'corstone1000'
copyright = '2020-2022, Arm Limited'
author = 'Arm Limited'
# -- General configuration ---------------------------------------------------
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = [
]
# Add any paths that contain templates here, relative to this directory.
templates_path = ['_templates']
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
# This pattern also affects html_static_path and html_extra_path.
exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store', 'docs/infra']
# -- Options for HTML output -------------------------------------------------
# The theme to use for HTML and HTML Help pages. See the documentation for
# a list of builtin themes.
#
html_theme = 'sphinx_rtd_theme'
# Add any paths that contain custom static files (such as style sheets) here,
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
#html_static_path = ['_static']
meta-arm/meta-arm-bsp/documentation/corstone1000/images/CorstoneSubsystems.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 77 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/images/ExternalFlash.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 40 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureBootChain.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 93 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureFirmwareUpdate.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 60 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/images/SecureServices.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 57 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/images/UEFISupport.png
BIN
View File
Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 65 KiB

meta-arm/meta-arm-bsp/documentation/corstone1000/index.rst
+16
View File
@@ -0,0 +1,16 @@
..
# Copyright (c) 2022, Arm Limited.
#
# SPDX-License-Identifier: MIT
################
ARM Corstone1000
################
.. toctree::
:maxdepth: 1
software-architecture
user-guide
release-notes
change-log
meta-arm/meta-arm-bsp/documentation/corstone1000/release-notes.rst
+199
View File
@@ -0,0 +1,199 @@
..
# Copyright (c) 2022-2023, Arm Limited.
#
# SPDX-License-Identifier: MIT
#############
Release notes
#############
*************************
Disclaimer
*************************
You expressly assume all liabilities and risks relating to your use or operation
of Your Software and Your Hardware designed or modified using the Arm Tools,
including without limitation, Your software or Your Hardware designed or
intended for safety-critical applications. Should Your Software or Your Hardware
prove defective, you assume the entire cost of all necessary servicing, repair
or correction.
***********************
Release notes - 2023.06
***********************
Known Issues or Limitations
---------------------------
- FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- PSA Crypto tests (psa-crypto-api-test command) take 30 minutes to complete for FVP and 1 hour for MPS3.
- Corstone-1000 SoC on FVP doesn't have a secure debug peripheral. It does on the MPS3 .
- The following limitations listed in the previous release are still applicable:
- UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
- Known limitations regarding ACS tests - see previous release's notes.
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v2
https://developer.arm.com/downloads/-/download-fpga-images
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
Release notes - 2022.11.23
**************************
Known Issues or Limitations
---------------------------
- The external-system can not be reset individually on (or using) AN550_v1 FPGA release. However, the system-wide reset still applies to the external-system.
- FPGA supports Linux distro install and boot through installer. However, FVP only supports openSUSE raw image installation and boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide can not boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- Below SCT FAILURE is a known issues in the FVP:
UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
- Below SCT FAILURE is a known issue when a terminal emulator (in the system where the user connects to serial ports) does not support 80x25 or 80x50 mode:
EFI_SIMPLE_TEXT_OUT_PROTOCOL.SetMode - SetMode() with valid mode -- FAILURE
- Known limitations regarding ACS tests: The behavior after running ACS tests on FVP is not consistent. Both behaviors are expected and are valid;
The system might boot till the Linux prompt. Or, the system might wait after finishing the ACS tests.
In both cases, the system executes the entire test suite and writes the results as stated in the user guide.
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
https://developer.arm.com/downloads/-/download-fpga-images
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.19_21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
Release notes - 2022.04.04
**************************
Known Issues or Limitations
---------------------------
- FPGA support Linux distro install and boot through installer. However,
FVP only support openSUSE raw image installation and boot.
- Due to the performance uplimit of MPS3 FPGA and FVP, some Linux distros like Fedora Rawhide
cannot boot on Corstone-1000 (i.e. user may experience timeouts or boot hang).
- Below SCT FAILURE is a known issues in the FVP:
UEFI Compliant - Boot from network protocols must be implemented -- FAILURE
Platform Support
-----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
**************************
Release notes - 2022.02.25
**************************
Known Issues or Limitations
---------------------------
- The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot.
Platform Support
----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.17_23
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Release notes - 2022.02.21
--------------------------
Known Issues or Limitations
---------------------------
- The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot, psa-arch-test.
Platform Support
----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Release notes - 2022.01.18
--------------------------
Known Issues or Limitations
---------------------------
- Before running each SystemReady-IR tests: ACS tests (SCT, FWTS, BSA), manual
capsule update test, Linux distro install and boot, etc., the SecureEnclave
flash must be cleaned. See user-guide "Clean Secure Flash Before Testing"
section.
Release notes - 2021.12.15
--------------------------
Software Features
------------------
The following components are present in the release:
- Yocto version Honister
- Linux kernel version 5.10
- U-Boot 2021.07
- OP-TEE version 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.5
- OpenAMP 347397decaa43372fc4d00f965640ebde042966d
- Trusted Services a365a04f937b9b76ebb2e0eeade226f208cbc0d2
Platform Support
----------------
- This software release is tested on Corstone-1000 FPGA version AN550_v1
- This software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Known Issues or Limitations
---------------------------
- The following tests only work on Corstone-1000 FPGA: ACS tests (SCT, FWTS,
BSA), manual capsule update test, Linux distro install and boot, and
psa-arch-tests.
- Only the manual capsule update from UEFI shell is supported on FPGA.
- Due to flash size limitation and to support A/B banks,the wic image provided
by the user should be smaller than 15MB.
- The failures in PSA Arch Crypto Test are known limitations with crypto
library. It requires further investigation. The user can refer to `PSA Arch Crypto Test Failure Analysis In TF-M V1.5 Release <https://developer.trustedfirmware.org/w/tf_m/release/psa_arch_crypto_test_failure_analysis_in_tf-m_v1.5_release/>`__
for the reason for each failing test.
Release notes - 2021.10.29
--------------------------
Software Features
-----------------
This initial release of Corstone-1000 supports booting Linux on the Cortex-A35
and TF-M/MCUBOOT in the Secure Enclave. The following components are present in
the release:
- Linux kernel version 5.10
- U-Boot 2021.07
- OP-TEE version 3.14
- Trusted Firmware-A 2.5
- Trusted Firmware-M 1.4
Platform Support
----------------
- This Software release is tested on Corstone-1000 Fast Model platform (FVP) version 11.16.21
https://developer.arm.com/tools-and-software/open-source-software/arm-platforms-software/arm-ecosystem-fvps
Known Issues or Limitations
---------------------------
- No software support for external system(Cortex M3)
- No communication established between A35 and M0+
- Very basic functionality of booting Secure Enclave, Trusted Firmware-A , OP-TEE , u-boot and Linux are performed
Support
-------
For technical support email: support-subsystem-iot@arm.com
For all security issues, contact Arm by email at arm-security@arm.com.
--------------
*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
meta-arm/meta-arm-bsp/documentation/corstone1000/software-architecture.rst
+242
View File
@@ -0,0 +1,242 @@
..
# Copyright (c) 2022-2023, Arm Limited.
#
# SPDX-License-Identifier: MIT
######################
Software architecture
######################
*****************
Arm Corstone-1000
*****************
Arm Corstone-1000 is a reference solution for IoT devices. It is part of
Total Solution for IoT which consists of hardware and software reference
implementation.
Corstone-1000 software plus hardware reference solution is PSA Level-2 ready
certified (`PSA L2 Ready`_) as well as System Ready IR certified(`SRIR cert`_).
More information on the Corstone-1000 subsystem product and design can be
found at:
`Arm corstone1000 Software`_ and `Arm corstone1000 Technical Overview`_.
This readme explicitly focuses on the software part of the solution and
provides internal details on the software components. The reference
software package of the platform can be retrieved following instructions
present in the user-guide document.
***************
Design Overview
***************
The software architecture of Corstone-1000 platform is a reference
implementation of Platform Security Architecture (`PSA`_) which provides
framework to build secure IoT devices.
The base system architecture of the platform is created from three
different types of systems: Secure Enclave, Host and External System.
Each subsystem provides different functionality to overall SoC.
.. image:: images/CorstoneSubsystems.png
:width: 720
:alt: CorstoneSubsystems
The Secure Enclave System, provides PSA Root of Trust (RoT) and
cryptographic functions. It is based on an Cortex-M0+ processor,
CC312 Cryptographic Accelerator and peripherals, such as watchdog and
secure flash. Software running on the Secure Enclave is isolated via
hardware for enhanced security. Communication with the Secure Encalve
is achieved using Message Handling Units (MHUs) and shared memory.
On system power on, the Secure Enclave boots first. Its software
comprises of a ROM code (TF-M BL1), Mcuboot BL2, and
TrustedFirmware-M(`TF-M`_) as runtime software. The software design on
Secure Enclave follows Firmware Framework for M class
processor (`FF-M`_) specification.
The Host System is based on ARM Cotex-A35 processor with standardized
peripherals to allow for the booting of a Linux OS. The Cortex-A35 has
the TrustZone technology that allows secure and non-secure security
states in the processor. The software design in the Host System follows
Firmware Framework for A class procseeor (`FF-A`_) specification.
The boot process follows Trusted Boot Base Requirement (`TBBR`_).
The Host Subsystem is taken out of reset by the Secure Enclave system
during its final stages of the initialization. The Host subsystem runs
FF-A Secure Partitions(based on `Trusted Services`_) and OPTEE-OS
(`OPTEE-OS`_) in the secure world, and U-Boot(`U-Boot repo`_) and
linux (`linux repo`_) in the non-secure world. The communication between
non-secure and the secure world is performed via FF-A messages.
An external system is intended to implement use-case specific
functionality. The system is based on Cortex-M3 and run RTX RTOS.
Communictaion between external system and Host(cortex-A35) is performed
using MHU as transport mechanism and rpmsg messaging system.
Overall, the Corstone-1000 architecture is designed to cover a range
of Power, Performance, and Area (PPA) applications, and enable extension
for use-case specific applications, for example, sensors, cloud
connectivitiy, and edge computing.
*****************
Secure Boot Chain
*****************
For the security of a device, it is essential that only authorized
software should run on the device. The Corstone-1000 boot uses a
Secure Boot Chain process where an already authenticated image verifies
and loads the following software in the chain. For the boot chain
process to work, the start of the chain should be trusted, forming the
Root of Trust (RoT) of the device. The RoT of the device is immutable in
nature and encoded into the device by the device owner before it
is deployed into the field. In Corstone-1000, the BL1 image of the secure
enclave and content of the CC312 OTP (One Time Programmable) memory
forms the RoT. The BL1 image exists in ROM (Read Only Memory).
.. image:: images/SecureBootChain.png
:width: 870
:alt: SecureBootChain
It is a lengthy chain to boot the software on Corstone-1000. On power on,
the secure enclave starts executing BL1 code from the ROM which is the RoT
of the device. Authentication of an image involves the steps listed below:
- Load image from flash to dynamic RAM.
- The public key present in the image header is validated by comparing with the hash.
Depending on the image, the hash of the public key is either stored in the OTP or part
of the software which is being already verified in the previous stages.
- The image is validated using the public key.
In the secure enclave, BL1 authenticates the BL2 and passes the execution
control. BL2 authenticates the initial boot loader of the host (Host TF-A BL2)
and TF-M. The execution control is now passed to TF-M. TF-M being the run
time executable of secure enclave which initializes itself and, at the end,
brings the host CPU out of rest. The host follows the boot standard defined
in the `TBBR`_ to authenticate the secure and non-secure software.
***************
Secure Services
***************
Corstone-1000 is unique in providing a secure environment to run a secure
workload. The platform has TrustZone technology in the Host subsystem but
it also has hardware isolated secure enclave environment to run such secure
workloads. In Corstone-1000, known Secure Services such as Crypto, Protected
Storage, Internal Trusted Storage and Attestation are available via PSA
Functional APIs in TF-M. There is no difference for a user communicating to
these services which are running on a secure enclave instead of the
secure world of the host subsystem. The below diagram presents the data
flow path for such calls.
.. image:: images/SecureServices.png
:width: 930
:alt: SecureServices
The SE Proxy SP (Secure Enclave Proxy Secure Partition) is a proxy partition
managed by OPTEE which forwards such calls to the secure enclave. The
solution relies on OpenAMP which uses shared memory and MHU interrupts as
a doorbell for communication between two cores. Corstone-1000 implements
isolation level 2. Cortex-M0+ MPU (Memory Protection Unit) is used to implement
isolation level 2.
For a user to define its own secure service, both the options of the host
secure world or secure encalve are available. It's a trade-off between
lower latency vs higher security. Services running on a secure enclave are
secure by real hardware isolation but have a higher latency path. In the
second scenario, the services running on the secure world of the host
subsystem have lower latency but virtual hardware isolation created by
TrustZone technology.
**********************
Secure Firmware Update
**********************
Apart from always booting the authorized images, it is also essential that
the device only accepts the authorized images in the firmware update
process. Corstone-1000 supports OTA (Over the Air) firmware updates and
follows Platform Security Firmware Update sepcification (`FWU`_).
As standardized into `FWU`_, the external flash is divided into two
banks of which one bank has currently running images and the other bank is
used for staging new images. There are four updatable units, i.e. Secure
Enclave's BL2 and TF-M, and Host's FIP (Firmware Image Package) and Kernel
Image (the initramfs bundle). The new images are accepted in the form of a UEFI capsule.
.. image:: images/ExternalFlash.png
:width: 690
:alt: ExternalFlash
The Metadata Block in the flash has the below firmware update state machine.
TF-M runs an OTA service that is responsible for accepting and updating the
images in the flash. The communication between the UEFI Capsule update
subsystem and the OTA service follows the same data path explained above.
The OTA service writes the new images to the passive bank after successful
capsule verification. It changes the state of the system to trial state and
triggers the reset. Boot loaders in Secure Enclave and Host read the Metadata
block to get the information on the boot bank. In the successful trial stage,
the acknowledgment from the host moves the state of the system from trial to
regular. Any failure in the trial stage or system hangs leads to a system
reset. This is made sure by the use of watchdog hardware. The Secure Enclave's
BL1 has the logic to identify multiple resets and eventually switch back to the
previous good bank. The ability to revert to the previous bank is crucial to
guarantee the availability of the device.
.. image:: images/SecureFirmwareUpdate.png
:width: 430
:alt: SecureFirmwareUpdate
******************************
UEFI Runtime Support in U-Boot
******************************
Implementation of UEFI boottime and runtime APIs require variable storage.
In Corstone-1000, these UEFI variables are stored in the Protected Storage
service. The below diagram presents the data flow to store UEFI variables.
The U-Boot implementation of the UEFI subsystem uses the U-Boot FF-A driver to
communicate with the SMM Service in the secure world. The backend of the
SMM service uses the proxy PS from the SE Proxy SP. From there on, the PS
calls are forwarded to the secure enclave as explained above.
.. image:: images/UEFISupport.png
:width: 590
:alt: UEFISupport
***************
References
***************
`ARM corstone1000 Search`_
`Arm security features`_
--------------
*Copyright (c) 2022-2023, Arm Limited. All rights reserved.*
.. _Arm corstone1000 Technical Overview: https://developer.arm.com/documentation/102360/0000
.. _Arm corstone1000 Software: https://developer.arm.com/Tools%20and%20Software/Corstone-1000%20Software
.. _Arm corstone1000 Search: https://developer.arm.com/search#q=corstone-1000
.. _Arm security features: https://www.arm.com/architecture/security-features/platform-security
.. _linux repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/
.. _FF-A: https://developer.arm.com/documentation/den0077/latest
.. _FF-M: https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4&hash=3BFD6F3E687F324672F18E5BE9F08EDC48087C93
.. _FWU: https://developer.arm.com/documentation/den0118/a/
.. _OPTEE-OS: https://github.com/OP-TEE/optee_os
.. _PSA: https://www.psacertified.org/
.. _PSA L2 Ready: https://www.psacertified.org/products/corstone-1000/
.. _SRIR cert: https://armkeil.blob.core.windows.net/developer/Files/pdf/certificate-list/arm-systemready-ir-certification-arm-corstone-1000.pdf
.. _TBBR: https://developer.arm.com/documentation/den0006/latest
.. _TF-M: https://www.trustedfirmware.org/projects/tf-m/
.. _Trusted Services: https://www.trustedfirmware.org/projects/trusted-services/
.. _U-Boot repo: https://github.com/u-boot/u-boot.git
meta-arm/meta-arm-bsp/documentation/corstone1000/user-guide.rst
+1254
View File
File diff suppressed because it is too large Load Diff