SFO15-101: Security requirements on ARMv8-A boot architecture
Speakers: Grant Likely, Dan Handley
Date: September 21, 2015
★ Session Description ★
It’s not easy, perhaps not possible, to establish a common boot architecture meeting the security needs of OS vendors, SoC vendors, BIOS vendors and OEMs across all market segments. This informal session evaluates the current boot architecture(s) and immediate security needs of the ARMv8-A ecosystem. This is an opportunity for all interested attendees to meet and set the agenda for more specific discussions during the week.
★ Resources ★
Video: https://www.youtube.com/watch?v=q5nF9tSrak4
Presentation: NA
Etherpad: pad.linaro.org/p/sfo15-101
Pathable: https://sfo15.pathable.com/meetings/302650
★ Event Details ★
Linaro Connect San Francisco 2015 - #SFO15
September 21-25, 2015
Hyatt Regency Hotel
http://www.linaro.org
http://connect.linaro.org
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
SFO15-101: Security requirements on ARMv8-A boot architecture
1. Security and Boot Architecture
• PI/MM on ARM discussions tomorrow (Tues)
– UEFI members only
• Brief Trusted Firmware update
– Where is the upstream for 96Boards TF platform code?
– Potential requirements
• GICv3 impact on secure world architecture
• Improving AArch32 secure world support
– More library support for Secure OS integration (PSCI + IP drivers)
• Common support for boot path verification
• Secure firmware interfaces
– Standard secure world -> normal world cold boot interface
– Or, more standard SMCs
– For example, to pass Secure DRAM region info
2. Security and Boot Architecture (2)
• Segment specific use-cases
– Trusted OS / Secure-EL1 payload on Enterprise systems?
– Boot architecture on Cortex-A class IoT systems
• Missing secure services/drivers/features
– Especially for OPTEE
• Security hardening
– Threat models, code audits, Pen testing, etc...
• Non-functional requirements
– Performance, RAM budget on IoT or many core systems
– Trace format for use-cases touching multiple components
• Anything else?
4. 2
Reference boot flows
For 64-bit ARMv8-A systems
Open Source at GitHub
BSD License
Contributors welcome
BL31 runtime is compatible
with other boot firmware
Trusted OS is optional
Applicable to all segments
ARM Trusted Firmware for 64-bit ARMv8-A
AP_BL31
EL3 Runtime Firmware
EL2 Execution
Secure-EL1 Execution
SCP Execution
Key
EL3 Execution
AP_BL33
Normal World
Firmware
(e.g. U-Boot,
EDK2)
AP_BL1
Boot ROM
AP_BL2
Trusted Boot
Firmware
AP_BL32
Secure-EL1 Payload
SCP_BL1
Boot ROM
SCP_BL2
Runtime
Firmware
Platform Boot
Initialization
System &
Power Control
Trusted Board
Boot
Trusted Board
Boot
PSCI
World Switch
Library
SMCCC
Trusted OS Kernel
S-EL1 Payload
Dispatch
Secure World Normal World
SCP Application Processor (AP)
2nd level Boot
Loader (BL2)
loads other
images
1st level Boot
Loader (BL1)
loads 2nd level
image
Loading
RESET RESET
https://github.com/ARM-software/arm-trusted-firmware
Juno Example Boot Flow
5. 3
PSCI v1.0
Platform porting interface overhaul for flexible topology and enhanced CPU_SUSPEND support
Now upstream including compatibility support for existing platform ports
Trusted Board Boot
Futureproof interface supporting alternative Crypto Libs, Certificate structures and Chains ofTrust
Mandatory features nearly complete: Firmware Update (Recovery Mode) coming soon
System IP
CCN-xxx driver complete (pull request pending)
Full GICv3 support coming soon (see later)
Firmware interoperability (entrypoint rework, programmable reset address)
Platform ports
NVidia has upstreamed ports forTegraT210 andT132
Mediatek has upstreamed a port for MT8173
Feature evolution
6. 4
GIC versions
Features
Up to 8 cores
Up to 1020 interrupt IDs
Up to 8 bits of priority
Software Generated Interrupts
TrustZone support
Virtualization support
Implemented by:
CoreLink™ GIC-400
Adds:
Support for many more than 8 cores
Message Based Interrupts
Enhanced security model
System register interface
Vastly expanded interrupt ID space
Optional support for legacy GICv2
compatible operation
Implemented by:
CoreLink™ GIC-500
GICv2 GICv3
7. 5
GICv3 Security Groups
Group 0 Secure Group 1 Non-Secure Group 1
Always secure FIQ if in Non-Secure
state
FIQ if in Secure state
Always FIQ IRQ if in Secure state IRQ if in Non-Secure
state
Typically used by
EL3 firmware
Typically used by
Trusted OS
Typically used by
Rich OS or Hypervisor
8. 6
“Canonical” model (trap other world interrupt to EL3) is rare in practice
MostTrusted OS always trap Group0 (S) interrupts to S-EL1
Some (for example OPTEE) also trap Group1 (NS) interrupts to S-EL1
◦ For example, save task state, before forwarding to normal world via SMC
OtherTrusted OS do not enable Group1 interrupts at S-EL1 (symmetric model)
TSPD supports both models
GICv3 S-Group1 interrupts will be useful to enable dedicated EL3 interrupts
Avoids having to shoe-horn use-cases into GICv2 systems
But expect S-EL1 initial handling of Group0/NS-Group1 will continue with GICv3
Substantial design/implementation churn inTrusted OS required to switch to trap-to-EL3 model
GIC Interrupt Groups, Lines and Usage models
9. 7
GICv3 Software Migration Strategy
Hardware and Software System compatibility
Hardware Systems
SoftwareArchitectures
GICv2
(e.g. GIC-400)
GICv3+v2
(e.g. GIC-500)
GICv3
(no legacy)
Symmetric GICv2
all ARE=0, SRE=0 ✓ ✓ X
Asymmetric GICv3 + GICv2
ARE_NS=1, ARE_S=0,
all SRE=1 except SRE_EL1(S)=0
X ✓ X
Symmetric GICv3
all ARE=1, SRE=1 X ✓ ✓
10. 8
Hardware Systems
SoftwareArchitectures
GICv2
(e.g. GIC-400)
GICv3+v2
(e.g. GIC-500)
GICv3
(no legacy)
Symmetric GICv2
all ARE=0, SRE=0 ✓ ✓ X
Asymmetric GICv3 + GICv2
ARE_NS=1, ARE_S=0,
all SRE=1 except SRE_EL1(S)=0
X ✓? X
Symmetric GICv3
all ARE=1, SRE=1 X X X
GICv3 Software Migration Strategy
Current support in ARM Trusted Firmware
Current GIC driver
Not supported
11. 9
Hardware Systems
SoftwareArchitectures
GICv2
(e.g. GIC-400)
GICv3+v2
(e.g. GIC-500)
GICv3
(no legacy)
Symmetric GICv2
all ARE=0, SRE=0 ✓ X X
Asymmetric GICv3 + GICv2
ARE_NS=1, ARE_S=0,
all SRE=1 except SRE_EL1(S)=0
X X X
Symmetric GICv3
all ARE=1, SRE=1 X ✓ ✓
GICv3 Software Migration Strategy
Proposed GIC driver support
New GICv2 driver
New GICv3 driverDeprecate