OP-TEE remoteproc framework overview

1. Framework purpose[edit source]

The OP-TEE remote processor (RPROC) framework allows the different platforms/architectures to control (power on, load firmware, power off) remote processors in the Secure context. In addition it offers services to authenticate the firmware image and isolate the associated to ensure the integrity of the firmware running on the coprocessor.

See also How_to_protect_the_coprocessor_firmware.

2. System overview[edit source]

2.1. Component description[edit source]

• remoteproc Trusted application(TA): this is the remote processor framework generic part. Its role is to provide interface to the Linux remoteproc framework to:
  • Load and authenticate a firmware image in the remote processor memory.
  • Provide resource table address.
  • Control the remote processor execution (start, stop...).
• remoteproc Pseudo Trusted application(PTA): this component is the STM32MPU platform implementation of the services associated to the management of the Cortex-M coprocessor. Its role is to provide atomic services to the remoteproc TA:
  • Load and authenticate image segment in the remote processor memory.
  • manage the memory regions isolations
• stm32mp_remoteproc driver: configuration of the Cortex-M coprocessor and associated memory based on the OP-TEE device tree.Based on the device tree configurationits role is to:
  • Determine if the Cortex-M firmware image is managed by:
    • The OP-TEE remoteproc framework ( signed firmware images): In this configuration the remoteproc driver list the memory regions declared in the device tree for the Cortex-M usage. and manage the Cortex-M configuration (reset, boot address, Trust Zone,...)
    • The Linux remoteproc framework (ELF firmware image): In this configuration the remoteproc driver disables the Trust Zone and provides access right to the Linux remoteproc framework, in the non secure context, to manage the Cortex-M (reset and non secure boot address).

Information

In the STM32MPU Embedded Software distribution, the OP-TEE remoteproc framework imposes that the remoteproc firmware is signed to use the Cortex-M Trust Zone

2.2. API description[edit source]

• The emoteproc TA API is available in ta/remoteproc/include/ta_remoteproc.h .
• The remoteproc PTA API is available in lib/libutee/include/remoteproc_pta.h .

3. Configuration[edit source]

3.1. build configuration[edit source]

• CFG_DRIVERS_REMOTEPROC and CFG_STM32MP_REMOTEPROC enable the support the stm32_remoteproc drivers
• CFG_REMOTEPROC_PTA enables the support of the remoteproc PTA but also the remoteproc TA
• CFG_IN_TREE_EARLY_TAS += remoteproc/80a4c275-0a47-4905-8285-1486a9771a08 specifies that the remoteproc TA is embedded in the OP-TEE OS firmware and accessible during the boot stage (refer to How_to_start_the_coprocessor_from_the_bootloader for detail))
• RPROC_SIGN_KEY specify the key used for the firmware image signature (default key is keys/default.pem )

3.2. Device tree configuration[edit source]

4. How to use the framework[edit source]

See How_to_protect_the_coprocessor_firmware.

5. How to debug[edit source]

6. Source code location[edit source]

• remoteproc trusted ApplicationAPI
  • ta/remoteproc/include/ta_remoteproc.h .
  • ta/remoteproc/remoteproc_core.c
• remoteproc pseudo trusted application
  • lib/libutee/include/remoteproc_pta.h
  • core/pta/stm32mp/remoteproc_pta.c
• remoteproc stm32 driver
  • core/drivers/remoteproc/stm32_remoteproc.c

7. References[edit source]