- Last edited 10 months ago ago
1 Trusted Firmware-A
Trusted Firmware-A is a reference implementation of secure-world software provided by Arm®. It was first designed for Armv8-A platforms, and has been adapted to be used on Armv7-A platforms by STMicroelectronics. Trusted Firmware-A is part of the Trusted Firmware project that is an open governance community project hosted by Linaro.
It is used as the first-stage boot loader (FSBL) on STM32 MPU platforms when using the trusted boot chain.
The code is open source, under a BSD-3-Clause license, and can be found on Linaro project page , including an up-to-date documentation about Trusted Firmware-A implementation .
Trusted Firmware-A also implements a set of features with various Arm interface standards:
- The power state coordination interface (PSCI) 
- SMC calling convention 
- System control and management interface 
Trusted Firmware-A is usually shortened to TF-A.
The global architecture of TF-A is explained in the Trusted Firmware-A design  document.
TF-A is divided into several binaries, each with a dedicated main role.
For 32-bit Arm processors (AArch32), the trusted boot is divided into four stages (in order of execution):
- Boot loader stage 1 (BL1) application processor trusted ROM
- Boot loader stage 2 (BL2) trusted boot firmware
- Boot loader stage 3-2 (BL32) trusted runtime firmware
- Boot loader stage 3-3 (BL33) non-trusted firmware
BL1, BL2 and BL32 are parts of TF-A.
Because STM32 MPU platforms uses a dedicated ROM code, the BL1 boot stage is then removed. ROM code expects the BL2 to run at EL3 execution level. This mode is selected when the BL2_AT_EL3 build flag is enabled.
BL33 is outside of TF-A. This is the first non-secure code loaded by TF-A. During the boot sequence, this is the secondary stage boot loader (SSBL). For STM32 MPU platforms, the SSBL is U-Boot by default.
TF-A can manage its configuration with a device tree. In the BL2 stage, it is a reduced version of the Linux kernel one, with only the required devices used during boot. It can be configured with STM32CubeMX.
TF-A loading steps:
- ROM code loads and calls BL2
- BL2 loads BL32
- BL2 loads BL33
- BL2 calls BL32
- BL32 calls BL33
3 Boot loader stages
BL1 is the first stage executed, and is designed to act as ROM code; it is loaded and executed in internal RAM. It is not used for the STM32 MPU. As the STM32 MPU has its own proprietary ROM code, this part can be removed and BL2 is then the first TF-A binary to be executed.
BL2 is in charge of loading the next-stage images (secure and non secure). To achieve this role, BL2 has to initialize all the required peripherals.
- System components: clocks, DDR, ...
- Security components: cryptographic peripheral, memory firewall, ...
BL2 offers different features to load and authenticate images.
At the end of its execution, after having loaded BL32 and the next boot stage (BL33), BL2 jumps to BL32.
BL32 provides runtime secure services.
On Armv7 architecture, the BL32 must embed a Secure Monitor as it will be executed in the same privilege level (PL1-SVC Secure). TF-A provides a minimal monitor implementation: SP-MIN. It is described in the TF-A functionality list  as: "A minimal AArch32 Secure Payload (SP-MIN) to demonstrate PSCI  library integration with AArch32 EL3 Runtime Software."
This minimal implementation can be replaced with a trusted OS or trusted environment execution (TEE), such as OP-TEE that also embeds a secure monitor on Armv7.
BL32 acts as a secure monitor and thus provides secure services to non-secure OSs. These services are called by non-secure software with secure monitor calls .
This code is in charge of standard service calls, like PSCI  or SCMI .
It also provides STMicroelectronics proprietary services to access some specific and limited secure peripherals (with secure access control).