| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 1 | Runtime Security Subsystem (RSS) |
| 2 | ================================ |
| 3 | |
| 4 | Introduction |
| 5 | ------------ |
| 6 | |
| 7 | Runtime Security Subsystem (RSS) is an Arm subsystem that provides a reference |
| 8 | implementation of the HES Host in the |
| 9 | `Arm Confidential Compute Architecture (CCA) <https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture>`_. |
| 10 | It is designed to be integrated into A-profile compute subsystems that implement |
| 11 | Arm CCA, where it serves as the Root of Trust. |
| 12 | |
| 13 | RSS initially boots from immutable code (BL1_1) in its internal ROM, before |
| 14 | jumping to BL1_2, which is provisioned and hash-locked in RSS OTP. The updatable |
| 15 | MCUBoot BL2 boot stage is loaded from host system flash into RSS SRAM, where it |
| 16 | is authenticated. BL2 loads and authenticates the TF-M runtime into RSS SRAM |
| 17 | from host flash. BL2 is also responsible for loading initial boot code into |
| 18 | other subsystems within the host. |
| 19 | |
| Jamie Fox | 06c09dc | 2022-06-21 16:06:08 +0100 | [diff] [blame] | 20 | The RSS platform port supports the TF-M Crypto, TF-M Initial Attestation and |
| 21 | TF-M Platform services along with the corresponding regression tests. It |
| 22 | supports the IPC model in multi-core topology with Isolation Level 1 and 2. |
| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 23 | |
| 24 | Building TF-M |
| 25 | ------------- |
| 26 | |
| Anton Komlev | 0dbe8f1 | 2022-06-17 16:48:12 +0100 | [diff] [blame] | 27 | Follow the instructions in :doc:`Build instructions </building/tfm_build_instruction>`. |
| Jamie Fox | 519cc4b | 2022-06-07 12:07:28 +0100 | [diff] [blame] | 28 | Build TF-M with platform name: `arm/rss` |
| 29 | |
| 30 | ``-DTFM_PLATFORM=arm/rss`` |
| 31 | |
| 32 | Signing host images |
| 33 | ------------------- |
| 34 | |
| 35 | RSS BL2 can load boot images into other subsystems within the host system. It |
| 36 | expects images to be signed, with the signatures attached to the images in the |
| 37 | MCUBoot metadata format. |
| 38 | |
| 39 | The `imgtool Python package <https://pypi.org/project/imgtool/>`_ can be used to |
| 40 | sign images in the required format. To sign a host image using the development |
| 41 | key distributed with TF-M, use the following command:: |
| 42 | |
| 43 | imgtool sign \ |
| 44 | -k <TF-M base directory>/bl2/ext/mcuboot/root-RSA-3072.pem \ |
| 45 | --public-key-format full \ |
| 46 | --max-align 8 \ |
| 47 | --align 1 \ |
| 48 | -v "0.0.1" \ |
| 49 | -s 1 \ |
| 50 | -H 0x1000 \ |
| 51 | --pad-header \ |
| 52 | -S 0x80000 \ |
| 53 | --pad \ |
| 54 | --boot-record "HOST" \ |
| 55 | -L <load address> \ |
| 56 | <binary infile> \ |
| 57 | <signed binary outfile> |
| 58 | |
| 59 | The ``load address`` is the address to which BL2 will load the image. The RSS |
| 60 | ATU should be configured to map this logical address to the physical address in |
| 61 | the host system that the image needs to be loaded to. |
| 62 | |
| 63 | For more information on the ``imgtool`` parameters, see the MCUBoot |
| 64 | `imgtool documentation <https://docs.mcuboot.com/imgtool.html>`_. |
| 65 | |
| 66 | .. warning:: |
| 67 | |
| 68 | The TF-M development key must never be used in production. To generate a |
| 69 | production key, follow the imgtool documentation. |
| 70 | |
| 71 | Running the code |
| 72 | ---------------- |
| 73 | |
| 74 | To run the built images, they need to be concatenated into binaries that can be |
| 75 | placed in ROM and flash. To do this, navigate to the TF-M build directory and |
| 76 | run the following ``srec_cat`` commands:: |
| 77 | |
| 78 | srec_cat \ |
| 79 | bl1_1.bin -Binary -offset 0x0 \ |
| 80 | bl1_provisioning_bundle.bin -Binary -offset 0xE000 \ |
| 81 | -o rom.bin -Binary |
| 82 | |
| 83 | srec_cat \ |
| 84 | bl2_signed.bin -Binary -offset 0x0 \ |
| 85 | bl2_signed.bin -Binary -offset 0x20000 \ |
| 86 | tfm_s_ns_signed.bin -Binary -offset 0x40000 \ |
| 87 | tfm_s_ns_signed.bin -Binary -offset 0x140000 \ |
| 88 | <Host AP BL1 image> -Binary -offset 0x240000 \ |
| 89 | <SCP BL1 image> -Binary -offset 0x2C0000 \ |
| 90 | <Host AP BL1 image> -Binary -offset 0x340000 \ |
| 91 | <SCP BL1 image> -Binary -offset 0x3C0000 \ |
| 92 | -o flash.bin -Binary |
| 93 | |
| 94 | For development purposes, the OTP image is included as a provisioning bundle in |
| 95 | the ROM image and provisioned into OTP by BL1_1. The flash image should include |
| 96 | the signed host images from the previous section. For each boot image, there is |
| 97 | a primary and secondary image; if these are different then BL2 will load the one |
| 98 | with the higher version number. |
| 99 | |
| 100 | The ROM binary should be placed in RSS ROM at ``0x11000000`` and the flash |
| 101 | binary should be placed at ``0x31000000``. |
| 102 | |
| 103 | -------------- |
| 104 | |
| 105 | *Copyright (c) 2022, Arm Limited. All rights reserved.* |