Hey, I have some issues understanding a few things related to
https://www.trustedfirmware.org/, specifically:
-
https://trustedfirmware-a.readthedocs.io/en/latest/components/firmware-upda…
PSA Firmware Update (PSA FWU)
-
https://trusted-services.readthedocs.io/en/latest/services/fwu/index.html
Firmware Update Service
I’ve asked on other mailing lists, but unfortunately, no one responded.
I’m writing this in the context of ARMv8 architecture machines, where
(roughly) we have the following stack running:
- payload understandable by the vendor's bootROM
- TF-A BL2
- TF-A BL31 as EL3 runtime services
- OP-TEE as BL32
- u-boot as BL33
- Linux
I will refer to BL31 and BL32 as firmware.
In the PSA Firmware Update specification, the entire procedure is
described, outlining how it should work, e.g., the update process is
initiated by the Update Client running in REE (e.g., some process on
Linux), and it describes how metadata should be handled, rollback, etc.
Assuming that my storage is eMMC, where all these things are stored,
divided into partitions (let's skip offsets and other details):
- bootROM payload
- bl2
- fip-a (required by bl2 with PSAFWUSUPPORT)
- fip-b (required by bl2 with PSAFWUSUPPORT)
- metadata-a (required by bl2 with PSAFWUSUPPORT)
- metadata-b (required by bl2 with PSAFWUSUPPORT)
- boot (e.g., with fitimage)
- rootfs-a
- rootfs-b
- data
As I was reviewing the specification, it seemed that the firmware update
should be conducted in the secure world, which (in my opinion) would mean
that, for example, fip-x and metadata-x are updated somehow from the secure
world, let’s say by a TA running in OP-TEE. However:
- OP-TEE doesn't have drivers for eMMC (simply put - for example, to
store data securely, OP-TEE communicates with Linux to write data to eMMC).
- When I started googling and asking around (e.g., on Reddit), people
told me that it's not the case at all, and typically some process runs on
Linux, like RAUC or SWUPDATE, and it just writes whatever is needed to
fip-x and metadata-x - so the whole update takes place in the so-called REE.
And now my question is - I assume that this specification and trusted
services (particularly the FWU service) that I linked were designed for a
reason - so my question is, what is the use case? Could this be more
applicable to "small MCUs" rather than microprocessors (even though the
specification I linked concerns Cortex-A)? Or is this used on servers?
Perhaps the nature of embedded systems is such that we don't use it and
just take RAUC or some other SWUPDATE and write what is needed, and the
fact that the system is trustworthy is ensured by the chain-of-trust?
Best regard
Patryk
Hi All,
The next release of the Firmware-A bundle of projects tagged v2.11 has an expected code freeze date of May, 10th 2024.
Refer to the release cadence section from TF-A documentation (https://trustedfirmware-a.readthedocs.io/en/latest/about/release-informatio…).
Closing out the release takes around 6-10 working days after the code freeze.
v2.11 release preparation tasks start from now.
We want to ensure that planned feature patches for the release are submitted in good time for the review process to conclude.
As a kind recommendation and a matter of sharing CI resources, please launch CI jobs with care e.g.:
-For simple platform, docs changes, or one liners, use Allow-CI+1 label (no need for a full Allow-CI+2 run).
-For large patch stacks use Allow-CI+2 at top of the patch stack (and if required few individual Allow+CI+1 labels in the middle of the patch stack).
-Carefully analyze results and fix the change if required, before launching new jobs on the same change.
-If after issuing a Allow-CI+1 or Allow-CI+2 label a Build start notice is not added as a gerrit comment on the patch right away please be patient as under heavy load CI jobs can be queued and in extreme conditions it can be over an hour before the Build start notice is issued. Issuing another Allow-CI+1 or Allow-CI+2 label will just result in an additional job being queued.
Thanks & Regards,
Olivier.
Hi all,
[ TS newbie alert ]
My goal is to build a new trusted service that provides a
stripped-down DPE (DICE protection engine) interface.
My initial target is a Linux PC deployment. (In a subsequent
iteration, I plan to get it run on OP-TEE.)
I have gone through all the project documentation and also a
presentation that Julian made at a previous Linaro Connect.
I think I have a quite clear understanding of the overall architecture
and how blocks have been organised.
One thing I couldn't find, which would help greatly with coding, is a
"how to build your trusted service from scratch".
Is there any such document - even if in embryonic form - somewhere?
If not, any suggestions for moving my first steps through the TS
codebase would be much appreciated :-)
Thanks in advance, cheers!
Hi all
We find the following ABI
FFA_MEM_RETRIVE_REQ
FFA_MEM_RETRIVE_RESP
FFA_MEM_RELINQUISH
FFA_MEM_SHARE
is implemented based on v1.0,
but hafnium is implemented them based on v1.2
could you make those ABI both support v1.0 and v1.2?
Thanks
Carlos
Hi trusted service
We can run a trusted service at S-EL1 with Hafnium based on trusted service project 1.0.0 library (libsp.a and libc.a) but we found that could cause unalignment stack access trap when call into
newlib C library, it is because that you don't add -mstrict-align compile option while compile newlib project, could you add this compile option when you start to build newlib?
Thanks
Carlos
Hi all
We got a compile failed and currently we don't have an idea to fix, could you help us to fix this issue?
the error message is as below
mtkuser@PC20030356:~/trusted-services-1.0.0$ cmake -B build-ct -S deployments/component-test/linux-pc
-- Looking for dependency firmware_test_builder
-- Using CLANG_LIBRARY_PATH from CMake variable (command line or cache)
-- CLANG_LIBRARY_PATH has been set to /usr/lib/llvm-6.0/lib
CMake Error at /home/mtkuser/trusted-services-1.0.0/build-ct/_deps/firmware_test_builder-src/cmake/UnitTest.cmake:138 (message):
Please install c-picker using pip
Call Stack (most recent call first):
CMakeLists.txt:23 (include)
We try to figure out the what is c-picker package of python
and we try
sudo pip install c-picker and it seems nothing installed
How could we install c-picker by pip install command?
Thanks
Carlos
Hi all
I saw all the build-in trusted services run in S-EL0, could it possible to make one of them run in S-EL1?
Should I modify sp_entry.S to support trusted service run in S-EL1?
Thanks
Carlos
We guess that all things we have to do is replace the following implementation into smm client.
EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = {
VariableServiceGetVariable,
VariableServiceGetNextVariableName,
SmmVariableSetVariable,
VariableServiceQueryVariableInfo
};
EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = {
VarCheckRegisterSetVariableCheckHandler,
VarCheckVariablePropertySet,
VarCheckVariablePropertyGet
};
And I correct or something we miss?
Do you have to document to integrate this feature into UEFI variable smm service?
Carlos