- Trusted-services - lists.trustedfirmware.org

Questions Regarding PSA Firmware Update and Trusted Firmware Services

by Patryk

Hey, I have some issues understanding a few things related to https://www.trustedfirmware.org/, specifically: - https://trustedfirmware-a.readthedocs.io/en/latest/components/firmware-upda… PSA Firmware Update (PSA FWU) - https://trusted-services.readthedocs.io/en/latest/services/fwu/index.html Firmware Update Service I’ve asked on other mailing lists, but unfortunately, no one responded. I’m writing this in the context of ARMv8 architecture machines, where (roughly) we have the following stack running: - payload understandable by the vendor's bootROM - TF-A BL2 - TF-A BL31 as EL3 runtime services - OP-TEE as BL32 - u-boot as BL33 - Linux I will refer to BL31 and BL32 as firmware. In the PSA Firmware Update specification, the entire procedure is described, outlining how it should work, e.g., the update process is initiated by the Update Client running in REE (e.g., some process on Linux), and it describes how metadata should be handled, rollback, etc. Assuming that my storage is eMMC, where all these things are stored, divided into partitions (let's skip offsets and other details): - bootROM payload - bl2 - fip-a (required by bl2 with PSAFWUSUPPORT) - fip-b (required by bl2 with PSAFWUSUPPORT) - metadata-a (required by bl2 with PSAFWUSUPPORT) - metadata-b (required by bl2 with PSAFWUSUPPORT) - boot (e.g., with fitimage) - rootfs-a - rootfs-b - data As I was reviewing the specification, it seemed that the firmware update should be conducted in the secure world, which (in my opinion) would mean that, for example, fip-x and metadata-x are updated somehow from the secure world, let’s say by a TA running in OP-TEE. However: - OP-TEE doesn't have drivers for eMMC (simply put - for example, to store data securely, OP-TEE communicates with Linux to write data to eMMC). - When I started googling and asking around (e.g., on Reddit), people told me that it's not the case at all, and typically some process runs on Linux, like RAUC or SWUPDATE, and it just writes whatever is needed to fip-x and metadata-x - so the whole update takes place in the so-called REE. And now my question is - I assume that this specification and trusted services (particularly the FWU service) that I linked were designed for a reason - so my question is, what is the use case? Could this be more applicable to "small MCUs" rather than microprocessors (even though the specification I linked concerns Cortex-A)? Or is this used on servers? Perhaps the nature of embedded systems is such that we don't use it and just take RAUC or some other SWUPDATE and write what is needed, and the fact that the system is trustworthy is ensured by the chain-of-trust? Best regard Patryk

4 weeks, 1 day

3
4
0 0

Trusted Firmware v2.11 release announcement

by olivier.deprez＠arm.com

The content of this message was lost. It was probably cross-posted to multiple lists and previously handled on another list.

4 months

1
0
0 0

Firmware-A v2.11 release code freeze notification

by Olivier Deprez

Hi All, The next release of the Firmware-A bundle of projects tagged v2.11 has an expected code freeze date of May, 10th 2024. Refer to the release cadence section from TF-A documentation (https://trustedfirmware-a.readthedocs.io/en/latest/about/release-informatio…). Closing out the release takes around 6-10 working days after the code freeze. v2.11 release preparation tasks start from now. We want to ensure that planned feature patches for the release are submitted in good time for the review process to conclude. As a kind recommendation and a matter of sharing CI resources, please launch CI jobs with care e.g.: -For simple platform, docs changes, or one liners, use Allow-CI+1 label (no need for a full Allow-CI+2 run). -For large patch stacks use Allow-CI+2 at top of the patch stack (and if required few individual Allow+CI+1 labels in the middle of the patch stack). -Carefully analyze results and fix the change if required, before launching new jobs on the same change. -If after issuing a Allow-CI+1 or Allow-CI+2 label a Build start notice is not added as a gerrit comment on the patch right away please be patient as under heavy load CI jobs can be queued and in extreme conditions it can be over an hour before the Build start notice is issued. Issuing another Allow-CI+1 or Allow-CI+2 label will just result in an additional job being queued. Thanks & Regards, Olivier.

4 months, 2 weeks

1
1
0 0

OP-TEE SPMC 4.2.0 status

by Imre Kis

Hi All, This is a follow-up email to the OP-TEE 4.2.0 release, highlighting the updates to the SPMC and related components. Short summary of the introduced changes: - build: Updated top level Makefile to include the Firmware Update and Logging SPs. [1]. For more details on how to get, build and test the SPMC, please see [2]. Regards, Imre [1]: https://github.com/OP-TEE/build/blob/4.2.0/fvp-psa-sp.mk [2]: https://github.com/Trusted-Services/trusted-services/wiki/OP-TEE-SPMC-v4.2-…

5 months, 2 weeks

1
0
0 0

"TS from scratch" instructions

by Thomas Fossati

Hi all, [ TS newbie alert ] My goal is to build a new trusted service that provides a stripped-down DPE (DICE protection engine) interface. My initial target is a Linux PC deployment. (In a subsequent iteration, I plan to get it run on OP-TEE.) I have gone through all the project documentation and also a presentation that Julian made at a previous Linaro Connect. I think I have a quite clear understanding of the overall architecture and how blocks have been organised. One thing I couldn't find, which would help greatly with coding, is a "how to build your trusted service from scratch". Is there any such document - even if in embryonic form - somewhere? If not, any suggestions for moving my first steps through the TS codebase would be much appreciated :-) Thanks in advance, cheers!

5 months, 3 weeks

2
1
0 0

Support FFA v1.2 for FFA_MEM_RETRIVE_REQ FFA_MEM_RETRIVE_RESP FFA_MEM_RELINQUISH FFA_MEM_SHARE

by carlos.liu＠mediatek.com

Hi all We find the following ABI FFA_MEM_RETRIVE_REQ FFA_MEM_RETRIVE_RESP FFA_MEM_RELINQUISH FFA_MEM_SHARE is implemented based on v1.0, but hafnium is implemented them based on v1.2 could you make those ABI both support v1.0 and v1.2? Thanks Carlos

6 months

2
2
0 0

Built-in new lib does not include -mstrict-align gcc compile option

by carlos.liu＠mediatek.com

Hi trusted service We can run a trusted service at S-EL1 with Hafnium based on trusted service project 1.0.0 library (libsp.a and libc.a) but we found that could cause unalignment stack access trap when call into newlib C library, it is because that you don't add -mstrict-align compile option while compile newlib project, could you add this compile option when you start to build newlib? Thanks Carlos

6 months, 2 weeks

2
2
0 0

Build code failed on nbuntu 18.04.1

by carlos.liu＠mediatek.com

Hi all We got a compile failed and currently we don't have an idea to fix, could you help us to fix this issue? the error message is as below mtkuser@PC20030356:~/trusted-services-1.0.0$ cmake -B build-ct -S deployments/component-test/linux-pc -- Looking for dependency firmware_test_builder -- Using CLANG_LIBRARY_PATH from CMake variable (command line or cache) -- CLANG_LIBRARY_PATH has been set to /usr/lib/llvm-6.0/lib CMake Error at /home/mtkuser/trusted-services-1.0.0/build-ct/_deps/firmware_test_builder-src/cmake/UnitTest.cmake:138 (message): Please install c-picker using pip Call Stack (most recent call first): CMakeLists.txt:23 (include) We try to figure out the what is c-picker package of python and we try sudo pip install c-picker and it seems nothing installed How could we install c-picker by pip install command? Thanks Carlos

8 months

2
1
0 0

Does trusted service framework project support the trusted service run in S-EL1?

by carlos.liu＠mediatek.com

Hi all I saw all the build-in trusted services run in S-EL0, could it possible to make one of them run in S-EL1? Should I modify sp_entry.S to support trusted service run in S-EL1? Thanks Carlos

8 months, 1 week

2
5
1 0

Any document to integrate smm-gateway into edk2 UEFI project?

by carlos.liu＠mediatek.com

We guess that all things we have to do is replace the following implementation into smm client. EFI_SMM_VARIABLE_PROTOCOL gSmmVariable = { VariableServiceGetVariable, VariableServiceGetNextVariableName, SmmVariableSetVariable, VariableServiceQueryVariableInfo }; EDKII_SMM_VAR_CHECK_PROTOCOL mSmmVarCheck = { VarCheckRegisterSetVariableCheckHandler, VarCheckVariablePropertySet, VarCheckVariablePropertyGet }; And I correct or something we miss? Do you have to document to integrate this feature into UEFI variable smm service? Carlos

8 months, 1 week

2
3
0 0

2024

2023

2022

Trusted-services