commit | f18daf7db473988bd9c5a1b34c4370accb077f9f | [log] [tgz] |
---|---|---|
author | Juan Castillo <juan.castillo@arm.com> | Tue Mar 10 15:18:55 2015 +0000 |
committer | Juan Castillo <juan.castillo@arm.com> | Thu Jun 25 08:53:26 2015 +0100 |
tree | 37617dc1eda6771ae2c3c919ba70549e9ac0bb1a | |
parent | ac402932d67f48d83492f045a765dc8714885af5 [diff] |
TBB: replace assert() with runtime checks in PolarSSL module Using assert() to check the length of keys and hashes included in a certificate is not a safe approach because assert() only applies to debug builds. A malformed certificate could exploit security flaws in release binaries due to buffer overflows. This patch replaces assert() with runtime checkings in the PolarSSL authentication module, so malformed certificates can not cause a memory overflow. Change-Id: I42ba912020595752c806cbd242fe3c74077d993b
ARM Trusted Firmware provides a reference implementation of secure world software for ARMv8-A, including Exception Level 3 (EL3) software. This release provides complete support for version 0.2 of the PSCI specification, initial support for the new version 1.0 of that specification, and prototype support for the Trusted Board Boot Requirements specification.
The intent is to provide a reference implementation of various ARM interface standards, such as the Power State Coordination Interface (PSCI), Trusted Board Boot Requirements (TBBR) and [Secure Monitor] TEE-SMC code. As far as possible the code is designed for reuse or porting to other ARMv8-A model and hardware platforms.
ARM will continue development in collaboration with interested parties to provide a full reference implementation of PSCI, TBBR and Secure Monitor code to the benefit of all developers working with ARMv8-A TrustZone technology.
The software is provided under a BSD 3-Clause license. Certain source files are derived from FreeBSD code: the original license is included in these source files.
This release is a limited functionality implementation of the Trusted Firmware. It provides a suitable starting point for productization. Future versions will contain new features, optimizations and quality improvements.
Prototype implementation of a subset of the Trusted Board Boot Requirements Platform Design Document (PDD). This includes packaging the various firmware images into a Firmware Image Package (FIP) to be loaded from non-volatile storage, and a prototype of authenticated boot using key certificates stored in the FIP.
Initializes the secure world (for example, exception vectors, control registers, GIC and interrupts for the platform), before transitioning into the normal world.
Supports both GICv2 and GICv3 initialization for use by normal world software.
Starts the normal world at the Exception Level and Register Width specified by the platform port. Typically this is AArch64 EL2 if available.
Handles SMCs (Secure Monitor Calls) conforming to the [SMC Calling Convention PDD] SMCCC using an EL3 runtime services framework.
Handles SMCs relating to the [Power State Coordination Interface PDD] PSCI for the Secondary CPU Boot, CPU Hotplug, CPU Idle and System Shutdown/Reset use-cases.
A Test Secure-EL1 Payload and Dispatcher to demonstrate Secure Monitor functionality such as world switching, EL1 context management and interrupt routing. This also demonstrates Secure-EL1 interaction with PSCI. Some of this functionality is provided in library form for re-use by other Secure-EL1 Payload Dispatchers.
Support for alternative Trusted Boot Firmware. Some platforms have their own Trusted Boot implementation and only require the Secure Monitor functionality provided by ARM Trusted Firmware.
Isolation of memory accessible by the secure world from the normal world through programming of a TrustZone controller.
Support for CPU specific reset sequences, power down sequences and register dumping during crash reporting. The CPU specific reset sequences include support for errata workarounds.
For a full description of functionality and implementation details, please see the Firmware Design and supporting documentation. The Change Log provides details of changes made since the last release.
This release of the Trusted Firmware has been tested on Revision B of the [Juno ARM Development Platform] Juno with Version r0p0-00rel7 of the [ARM SCP Firmware] SCP download.
The Trusted Firmware has also been tested on the 64-bit Linux versions of the following ARM FVPs:
Foundation_Platform
(Version 9.1, Build 9.1.33)FVP_Base_AEMv8A-AEMv8A
(Version 6.2, Build 0.8.6202)FVP_Base_Cortex-A57x4-A53x4
(Version 6.2, Build 0.8.6202)FVP_Base_Cortex-A57x1-A53x1
(Version 6.2, Build 0.8.6202)FVP_Base_Cortex-A57x2-A53x4
(Version 6.2, Build 0.8.6202)The Foundation FVP can be downloaded free of charge. The Base FVPs can be licensed from ARM: see [www.arm.com/fvp] FVP.
Complete and more flexible Trusted Board Boot implementation.
Complete implementation of the PSCI v1.0 specification.
Support for alternative types of Secure-EL1 Payloads.
Extending the GICv3 support to the secure world.
Support for new System IP devices.
For a full list of detailed issues in the current code, please see the Change Log and the GitHub issue tracker.
Get the Trusted Firmware source code from GitHub.
See the User Guide for instructions on how to install, build and use the Trusted Firmware with the ARM FVPs.
See the Firmware Design for information on how the ARM Trusted Firmware works.
See the Porting Guide as well for information about how to use this software on another ARMv8-A platform.
See the Contributing Guidelines for information on how to contribute to this project and the Acknowledgments file for a list of contributors to the project.
ARM welcomes any feedback on the Trusted Firmware. Please send feedback using the GitHub issue tracker.
ARM licensees may contact ARM directly via their partner managers.
Copyright (c) 2013-2015, ARM Limited and Contributors. All rights reserved.