| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 1 | Runtime Security Subsystem (RSS) |
| 2 | ================================ |
| 3 | |
| 4 | Introduction |
| 5 | ------------ |
| 6 | |
| 7 | Runtime Security Subsystem (RSS) is an Arm subsystem that provides a reference |
| 8 | implementation of the HES Host in the |
| 9 | `Arm Confidential Compute Architecture (CCA) <https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture>`_. |
| 10 | It is designed to be integrated into A-profile compute subsystems that implement |
| 11 | Arm CCA, where it serves as the Root of Trust. |
| 12 | |
| 13 | RSS initially boots from immutable code (BL1_1) in its internal ROM, before |
| 14 | jumping to BL1_2, which is provisioned and hash-locked in RSS OTP. The updatable |
| 15 | MCUBoot BL2 boot stage is loaded from host system flash into RSS SRAM, where it |
| 16 | is authenticated. BL2 loads and authenticates the TF-M runtime into RSS SRAM |
| 17 | from host flash. BL2 is also responsible for loading initial boot code into |
| 18 | other subsystems within the host. |
| 19 | |
| David Vincze | 8c95d2a | 2022-01-19 10:11:58 +0100 | [diff] [blame] | 20 | The RSS platform port supports the TF-M Crypto, TF-M Initial Attestation, |
| 21 | Measured Boot and TF-M Platform services along with the corresponding |
| 22 | regression tests. It supports the IPC model in multi-core topology with |
| 23 | Isolation Level 1 and 2. |
| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 24 | |
| 25 | Building TF-M |
| 26 | ------------- |
| 27 | |
| Anton Komlev | 0dbe8f1 | 2022-06-17 16:48:12 +0100 | [diff] [blame] | 28 | Follow the instructions in :doc:`Build instructions </building/tfm_build_instruction>`. |
| Raef Coles | 5a6345e | 2022-09-29 12:39:58 +0100 | [diff] [blame] | 29 | Build TF-M with platform name: `arm/rss/<rss platform name>` |
| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 30 | |
| Raef Coles | 5a6345e | 2022-09-29 12:39:58 +0100 | [diff] [blame] | 31 | For example for building RSS for Total Compute platforms: |
| 32 | ``-DTFM_PLATFORM=arm/rss/tc`` |
| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 33 | |
| 34 | Signing host images |
| 35 | ------------------- |
| 36 | |
| 37 | RSS BL2 can load boot images into other subsystems within the host system. It |
| 38 | expects images to be signed, with the signatures attached to the images in the |
| 39 | MCUBoot metadata format. |
| 40 | |
| 41 | The `imgtool Python package <https://pypi.org/project/imgtool/>`_ can be used to |
| 42 | sign images in the required format. To sign a host image using the development |
| 43 | key distributed with TF-M, use the following command:: |
| 44 | |
| 45 | imgtool sign \ |
| 46 | -k <TF-M base directory>/bl2/ext/mcuboot/root-RSA-3072.pem \ |
| 47 | --public-key-format full \ |
| 48 | --max-align 8 \ |
| 49 | --align 1 \ |
| 50 | -v "0.0.1" \ |
| 51 | -s 1 \ |
| 52 | -H 0x1000 \ |
| 53 | --pad-header \ |
| 54 | -S 0x80000 \ |
| 55 | --pad \ |
| 56 | --boot-record "HOST" \ |
| 57 | -L <load address> \ |
| 58 | <binary infile> \ |
| 59 | <signed binary outfile> |
| 60 | |
| Jamie Fox | a1e8602 | 2022-07-12 17:58:02 +0100 | [diff] [blame] | 61 | The ``load address`` is the logical address in the RSS memory map to which BL2 |
| 62 | will load the image. RSS FW expects the first host image to be loaded to address |
| 63 | ``0x70000000`` (the beginning of the RSS ATU host access region), and each |
| 64 | subsequent host image to be loaded at an offset of ``0x100000`` from the |
| 65 | previous image. The RSS ATU should be configured to map these logical addresses |
| 66 | to the physical addresses in the host system that the images need to be loaded |
| 67 | to. |
| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 68 | |
| 69 | For more information on the ``imgtool`` parameters, see the MCUBoot |
| 70 | `imgtool documentation <https://docs.mcuboot.com/imgtool.html>`_. |
| 71 | |
| 72 | .. warning:: |
| 73 | |
| 74 | The TF-M development key must never be used in production. To generate a |
| 75 | production key, follow the imgtool documentation. |
| 76 | |
| 77 | Running the code |
| 78 | ---------------- |
| 79 | |
| 80 | To run the built images, they need to be concatenated into binaries that can be |
| 81 | placed in ROM and flash. To do this, navigate to the TF-M build directory and |
| 82 | run the following ``srec_cat`` commands:: |
| 83 | |
| 84 | srec_cat \ |
| 85 | bl1_1.bin -Binary -offset 0x0 \ |
| 86 | bl1_provisioning_bundle.bin -Binary -offset 0xE000 \ |
| 87 | -o rom.bin -Binary |
| 88 | |
| 89 | srec_cat \ |
| 90 | bl2_signed.bin -Binary -offset 0x0 \ |
| Raef Coles | 45b4f2a | 2022-11-10 16:43:39 +0000 | [diff] [blame] | 91 | bl2_signed.bin -Binary -offset 0x10000 \ |
| 92 | tfm_s_ns_signed.bin -Binary -offset 0x020000 \ |
| 93 | tfm_s_ns_signed.bin -Binary -offset 0x0E0000 \ |
| 94 | <Host AP BL1 image> -Binary -offset 0x1A0000 \ |
| 95 | <SCP BL1 image> -Binary -offset 0x220000 \ |
| 96 | <Host AP BL1 image> -Binary -offset 0x2A0000 \ |
| 97 | <SCP BL1 image> -Binary -offset 0x320000 \ |
| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 98 | -o flash.bin -Binary |
| 99 | |
| Raef Coles | 7763a47 | 2022-11-10 17:11:40 +0000 | [diff] [blame^] | 100 | If XIP mode is enabled, the following ``srec_cat`` command should be run to |
| 101 | create the flash image:: |
| 102 | |
| 103 | srec_cat \ |
| 104 | bl2_signed.bin -Binary -offset 0x0 \ |
| 105 | bl2_signed.bin -Binary -offset 0x10000 \ |
| 106 | tfm_s.bin -Binary -offset 0x020000 \ |
| 107 | tfm_ns.bin -Binary -offset 0x080000 \ |
| 108 | tfm_s.bin -Binary -offset 0x0E0000 \ |
| 109 | tfm_ns.bin -Binary -offset 0x140000 \ |
| 110 | <Host AP BL1 image> -Binary -offset 0x1A0000 \ |
| 111 | <SCP BL1 image> -Binary -offset 0x220000 \ |
| 112 | <Host AP BL1 image> -Binary -offset 0x2A0000 \ |
| 113 | <SCP BL1 image> -Binary -offset 0x320000 \ |
| 114 | tfm_s_sic_tables_signed.bin -Binary -offset 0x3A0000 \ |
| 115 | tfm_ns_sic_tables_signed.bin -Binary -offset 0x3AA000 \ |
| 116 | tfm_s_sic_tables_signed.bin -Binary -offset 0x3B4000 \ |
| 117 | tfm_ns_sic_tables_signed.bin -Binary -offset 0x3BE000 \ |
| 118 | -o flash.bin -Binary |
| Raef Coles | 45b4f2a | 2022-11-10 16:43:39 +0000 | [diff] [blame] | 119 | |
| 120 | Once the flash image is created, it can be combined with the host FIP to create |
| 121 | a combined host flash image:: |
| 122 | |
| 123 | srec_cat \ |
| 124 | fip-tc.bin -Binary -offset 0x0\ |
| Raef Coles | 7763a47 | 2022-11-10 17:11:40 +0000 | [diff] [blame^] | 125 | flash.bin -Binary -offset 0x02200000 \ |
| Raef Coles | 45b4f2a | 2022-11-10 16:43:39 +0000 | [diff] [blame] | 126 | -o host_flash.bin -Binary |
| 127 | |
| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 128 | For development purposes, the OTP image is included as a provisioning bundle in |
| 129 | the ROM image and provisioned into OTP by BL1_1. The flash image should include |
| 130 | the signed host images from the previous section. For each boot image, there is |
| 131 | a primary and secondary image; if these are different then BL2 will load the one |
| 132 | with the higher version number. |
| 133 | |
| Raef Coles | 45b4f2a | 2022-11-10 16:43:39 +0000 | [diff] [blame] | 134 | The ROM binary should be placed in RSS ROM at ``0x11000000`` and the host flash |
| 135 | binary should be placed at the base of the host flash. For the TC platform, |
| Raef Coles | 7763a47 | 2022-11-10 17:11:40 +0000 | [diff] [blame^] | 136 | this is at ``0x08000000``. |
| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 137 | |
| 138 | -------------- |
| 139 | |
| Raef Coles | 7763a47 | 2022-11-10 17:11:40 +0000 | [diff] [blame^] | 140 | *Copyright (c) 2022-2023, Arm Limited. All rights reserved.* |