xref: /rk3399_ARM-atf/readme.rst (revision 61f72a34250d063da67f4fc2b0eb8c3fda3376be) 
1Trusted Firmware-A - version 1.5
2================================
3
4Trusted Firmware-A (TF-A) provides a reference implementation of secure world
5software for `Armv7-A and Armv8-A`_, including a `Secure Monitor`_ executing
6at Exception Level 3 (EL3). It implements various Arm interface standards,
7such as:
8
9-  The `Power State Coordination Interface (PSCI)`_
10-  Trusted Board Boot Requirements (TBBR, Arm DEN0006C-1)
11-  `SMC Calling Convention`_
12-  `System Control and Management Interface`_
13-  `Software Delegated Exception Interface (SDEI)`_
14
15Where possible, the code is designed for reuse or porting to other Armv7-A and
16Armv8-A model and hardware platforms.
17
18Arm will continue development in collaboration with interested parties to
19provide a full reference implementation of Secure Monitor code and Arm standards
20to the benefit of all developers working with Armv7-A and Armv8-A TrustZone
21technology.
22
23License
24-------
25
26The software is provided under a BSD-3-Clause `license`_. Contributions to this
27project are accepted under the same license with developer sign-off as
28described in the `Contributing Guidelines`_.
29
30This project contains code from other projects as listed below. The original
31license text is included in those source files.
32
33-  The stdlib source code is derived from FreeBSD code, which uses various
34   BSD licenses, including BSD-3-Clause and BSD-2-Clause.
35
36-  The libfdt source code is disjunctively dual licensed
37   (GPL-2.0+ OR BSD-2-Clause). It is used by this project under the terms of
38   the BSD-2-Clause license. Any contributions to this code must be made under
39   the terms of both licenses.
40
41-  The LLVM compiler-rt source code is disjunctively dual licensed
42   (NCSA OR MIT). It is used by this project under the terms of the NCSA
43   license (also known as the University of Illinois/NCSA Open Source License),
44   which is a permissive license compatible with BSD-3-Clause. Any
45   contributions to this code must be made under the terms of both licenses.
46
47-  The zlib source code is licensed under the Zlib license, which is a
48   permissive license compatible with BSD-3-Clause.
49
50-  Some STMicroelectronics platform source code is disjunctively dual licensed
51   (GPL-2.0+ OR BSD-3-Clause). It is used by this project under the terms of the
52   BSD-3-Clause license. Any contributions to this code must be made under the
53   terms of both licenses.
54
55This release
56------------
57
58This release provides a suitable starting point for productization of secure
59world boot and runtime firmware, in either the AArch32 or AArch64 execution
60state.
61
62Users are encouraged to do their own security validation, including penetration
63testing, on any secure world code derived from TF-A.
64
65Functionality
66~~~~~~~~~~~~~
67
68-  Initialization of the secure world, for example exception vectors, control
69   registers and interrupts for the platform.
70
71-  Library support for CPU specific reset and power down sequences. This
72   includes support for errata workarounds and the latest Arm DynamIQ CPUs.
73
74-  Drivers to enable standard initialization of Arm System IP, for example
75   Generic Interrupt Controller (GIC), Cache Coherent Interconnect (CCI),
76   Cache Coherent Network (CCN), Network Interconnect (NIC) and TrustZone
77   Controller (TZC).
78
79-  A generic `SCMI`_ driver to interface with conforming power controllers, for
80   example the Arm System Control Processor (SCP).
81
82-  SMC (Secure Monitor Call) handling, conforming to the `SMC Calling
83   Convention`_ using an EL3 runtime services framework.
84
85-  `PSCI`_ library support for CPU, cluster and system power management
86   use-cases.
87   This library is pre-integrated with the AArch64 EL3 Runtime Software, and
88   is also suitable for integration with other AArch32 EL3 Runtime Software,
89   for example an AArch32 Secure OS.
90
91-  A minimal AArch32 Secure Payload (SP\_MIN) to demonstrate `PSCI`_ library
92   integration with AArch32 EL3 Runtime Software.
93
94-  Secure Monitor library code such as world switching, EL1 context management
95   and interrupt routing.
96   When a Secure-EL1 Payload (SP) is present, for example a Secure OS, the
97   AArch64 EL3 Runtime Software must be integrated with a dispatcher component
98   (SPD) to customize the interaction with the SP.
99
100-  A Test SP/SPD to demonstrate AArch64 Secure Monitor functionality and SP
101   interaction with PSCI.
102
103-  SPDs for the `OP-TEE Secure OS`_, `NVidia Trusted Little Kernel`_
104   and `Trusty Secure OS`_.
105
106-  A Trusted Board Boot implementation, conforming to all mandatory TBBR
107   requirements. This includes image authentication, Firmware Update (or
108   recovery mode), and packaging of the various firmware images into a
109   Firmware Image Package (FIP).
110
111-  Pre-integration of TBB with the Arm CryptoCell product, to take advantage of
112   its hardware Root of Trust and crypto acceleration services.
113
114-  Reliability, Availability, and Serviceability (RAS) functionality, including
115
116   -  A Secure Partition Manager (SPM) to manage Secure Partitions in
117      Secure-EL0, which can be used to implement simple management and
118      security services.
119
120   -  An SDEI dispatcher to route interrupt-based SDEI events.
121
122   -  An Exception Handling Framework (EHF) that allows dispatching of EL3
123      interrupts to their registered handlers, to facilitate firmware-first
124      error handling.
125
126-  A dynamic configuration framework that enables each of the firmware images
127   to be configured at runtime if required by the platform. It also enables
128   loading of a hardware configuration (for example, a kernel device tree)
129   as part of the FIP, to be passed through the firmware stages.
130
131-  Support for alternative boot flows, for example to support platforms where
132   the EL3 Runtime Software is loaded using other firmware or a separate
133   secure system processor, or where a non-TF-A ROM expects BL2 to be loaded
134   at EL3.
135
136-  Support for the GCC, LLVM and Arm Compiler 6 toolchains.
137
138For a full description of functionality and implementation details, please
139see the `Firmware Design`_ and supporting documentation. The `Change Log`_
140provides details of changes made since the last release.
141
142Platforms
143~~~~~~~~~
144
145Various AArch32 and AArch64 builds of this release has been tested on variants
146r0, r1 and r2 of the `Juno Arm Development Platform`_.
147
148Various AArch64 builds of this release have been tested on the following Arm
149Fixed Virtual Platforms (`FVP`_) without shifted affinities, and that do not
150support threaded CPU cores (64-bit host machine only):
151
152NOTE: Unless otherwise stated, the FVP Version is 11.2 Build 11.2.33.
153
154-  ``Foundation_Platform``
155-  ``FVP_Base_AEMv8A-AEMv8A`` (and also Version 9.0, Build 0.8.9005)
156-  ``FVP_Base_Cortex-A35x4``
157-  ``FVP_Base_Cortex-A53x4``
158-  ``FVP_Base_Cortex-A57x4-A53x4``
159-  ``FVP_Base_Cortex-A57x4``
160-  ``FVP_Base_Cortex-A72x4-A53x4``
161-  ``FVP_Base_Cortex-A72x4``
162-  ``FVP_Base_Cortex-A73x4-A53x4``
163-  ``FVP_Base_Cortex-A73x4``
164
165Additionally, various AArch64 builds were tested on the following Arm `FVP`_ s
166with shifted affinities, supporting threaded CPU cores (64-bit host machine
167only).
168
169-  ``FVP_Base_Cortex-A55x4-A75x4`` (Version 0.0, build 0.0.4395)
170-  ``FVP_Base_Cortex-A55x4`` (Version 0.0, build 0.0.4395)
171-  ``FVP_Base_Cortex-A75x4`` (Version 0.0, build 0.0.4395)
172-  ``FVP_Base_RevC-2xAEMv8A``
173
174Various AArch32 builds of this release has been tested on the following Arm
175`FVP`_\ s without shifted affinities, and that do not support threaded CPU cores
176(64-bit host machine only):
177
178-  ``FVP_Base_AEMv8A-AEMv8A``
179-  ``FVP_Base_Cortex-A32x4``
180
181The Foundation FVP can be downloaded free of charge. The Base FVPs can be
182licensed from Arm. See the `Arm FVP website`_.
183
184All the above platforms have been tested with `Linaro Release 17.10`_.
185
186This release also contains the following platform support:
187
188-  HiKey, HiKey960 and Poplar boards
189-  MediaTek MT6795 and MT8173 SoCs
190-  NVidia T132, T186 and T210 SoCs
191-  QEMU emulator
192-  Raspberry Pi 3 board
193-  RockChip RK3328, RK3368 and RK3399 SoCs
194-  Socionext UniPhier SoC family and SynQuacer SC2A11 SoCs
195-  Texas Instruments K3 SoCs
196-  Xilinx Zynq UltraScale + MPSoC
197
198Still to come
199~~~~~~~~~~~~~
200
201-  More platform support.
202
203-  Improved dynamic configuration support.
204
205-  Ongoing support for new architectural features, CPUs and System IP.
206
207-  Ongoing support for new Arm system architecture specifications.
208
209-  Ongoing security hardening, optimization and quality improvements.
210
211For a full list of detailed issues in the current code, please see the `Change
212Log`_ and the `GitHub issue tracker`_.
213
214Getting started
215---------------
216
217Get the TF-A source code from `GitHub`_.
218
219See the `User Guide`_ for instructions on how to install, build and use
220the TF-A with the Arm `FVP`_\ s.
221
222See the `Firmware Design`_ for information on how the TF-A works.
223
224See the `Porting Guide`_ as well for information about how to use this
225software on another Armv7-A or Armv8-A platform.
226
227See the `Contributing Guidelines`_ for information on how to contribute to this
228project and the `Acknowledgments`_ file for a list of contributors to the
229project.
230
231Feedback and support
232~~~~~~~~~~~~~~~~~~~~
233
234Arm welcomes any feedback on TF-A. If you think you have found a security
235vulnerability, please report this using the process defined in the TF-A
236`Security Centre`_. For all other feedback, please use the
237`GitHub issue tracker`_.
238
239Arm licensees may contact Arm directly via their partner managers.
240
241--------------
242
243*Copyright (c) 2013-2018, Arm Limited and Contributors. All rights reserved.*
244
245.. _Armv7-A and Armv8-A: https://developer.arm.com/products/architecture/a-profile
246.. _Secure Monitor: http://www.arm.com/products/processors/technologies/trustzone/tee-smc.php
247.. _Power State Coordination Interface (PSCI): PSCI_
248.. _PSCI: http://infocenter.arm.com/help/topic/com.arm.doc.den0022d/Power_State_Coordination_Interface_PDD_v1_1_DEN0022D.pdf
249.. _SMC Calling Convention: http://infocenter.arm.com/help/topic/com.arm.doc.den0028b/ARM_DEN0028B_SMC_Calling_Convention.pdf
250.. _System Control and Management Interface: SCMI_
251.. _SCMI: http://infocenter.arm.com/help/topic/com.arm.doc.den0056a/DEN0056A_System_Control_and_Management_Interface.pdf
252.. _Software Delegated Exception Interface (SDEI): SDEI_
253.. _SDEI: http://infocenter.arm.com/help/topic/com.arm.doc.den0054a/ARM_DEN0054A_Software_Delegated_Exception_Interface.pdf
254.. _Juno Arm Development Platform: http://www.arm.com/products/tools/development-boards/versatile-express/juno-arm-development-platform.php
255.. _Arm FVP website: FVP_
256.. _FVP: https://developer.arm.com/products/system-design/fixed-virtual-platforms
257.. _Linaro Release 17.10: https://community.arm.com/dev-platforms/b/documents/posts/linaro-release-notes-deprecated#LinaroRelease17.10
258.. _OP-TEE Secure OS: https://github.com/OP-TEE/optee_os
259.. _NVidia Trusted Little Kernel: http://nv-tegra.nvidia.com/gitweb/?p=3rdparty/ote_partner/tlk.git;a=summary
260.. _Trusty Secure OS: https://source.android.com/security/trusty
261.. _GitHub: https://www.github.com/ARM-software/arm-trusted-firmware
262.. _GitHub issue tracker: https://github.com/ARM-software/tf-issues/issues
263.. _Security Centre: https://github.com/ARM-software/arm-trusted-firmware/wiki/ARM-Trusted-Firmware-Security-Centre
264.. _license: ./license.rst
265.. _Contributing Guidelines: ./contributing.rst
266.. _Acknowledgments: ./acknowledgements.rst
267.. _Firmware Design: ./docs/firmware-design.rst
268.. _Change Log: ./docs/change-log.rst
269.. _User Guide: ./docs/user-guide.rst
270.. _Porting Guide: ./docs/porting-guide.rst
271