| /arm-trusted-firmware-2.8.0/tools/marvell/doimage/secure/ |
| A D | sec_img_7K.cfg | 3 kak_key_file = "tools/doimage/secure/kak_priv_pem.key";
8 csk_key_file = ["tools/doimage/secure/csk_priv_pem0.key",
9 "tools/doimage/secure/csk_priv_pem1.key",
10 "tools/doimage/secure/csk_priv_pem2.key",
11 "tools/doimage/secure/csk_priv_pem3.key",
18 aes_key_file = "tools/doimage/secure/aes_key.txt";
|
| A D | sec_img_8K.cfg | 3 kak_key_file = "tools/doimage/secure/kak_priv_pem.key";
8 csk_key_file = ["tools/doimage/secure/csk_priv_pem0.key",
9 "tools/doimage/secure/csk_priv_pem1.key",
10 "tools/doimage/secure/csk_priv_pem2.key",
11 "tools/doimage/secure/csk_priv_pem3.key",
18 aes_key_file = "tools/doimage/secure/aes_key.txt";
|
| /arm-trusted-firmware-2.8.0/docs/design/ |
| A D | interrupt-framework-design.rst | 13 that secure interrupts are under the control of the secure software with
18 non-secure software (Non-secure interrupts) to the last executed exception
99 secure state. This is a valid routing model as secure software is in
107 non-secure state. This is an invalid routing model as a secure interrupt
115 Non-secure interrupts
119 secure state. This allows the secure software to trap non-secure
121 non-secure software through EL3. This is a valid routing model as secure
713 require a context switch from secure to non-secure or vice-versa:
820 Test secure payload dispatcher non-secure interrupt handling
850 routing model for non-secure interrupt in secure state is in effect
[all …]
|
| /arm-trusted-firmware-2.8.0/docs/security_advisories/ |
| A D | security-advisory-tfv-2.rst | 5 | Title | Enabled secure self-hosted invasive debug interface can |
6 | | allow normal world to panic secure world |
18 | Impact | Denial of Service (secure world panic) |
25 The ``MDCR_EL3.SDD`` bit controls AArch64 secure self-hosted invasive debug
28 entrypoint code, which enables debug exceptions from the secure world. This can
32 normal world attacker to induce a panic in the secure world.
35 from the secure world.
42 secure self-hosted invasive debug enablement. TF assigns these bits to ``00``
45 secure privileged invasive debug is enabled by the authentication interface, at
|
| A D | security-advisory-tfv-5.rst | 6 | | secure world timing information |
18 | Impact | Leakage of sensitive secure world timing information |
32 bit is set to zero, the cycle counter (when enabled) counts during secure world
36 normal and secure worlds, normal world code can set ``PMCR_EL0.DP`` to zero to
37 cause leakage of secure world timing information. This register should be added
45 sensible default values in the secure context.
|
| /arm-trusted-firmware-2.8.0/docs/components/ |
| A D | firmware-update.rst | 136 - Copying images from non-secure to secure memory
144 interfaces to non-secure memory.
180 authenticated/executed in secure or non-secure memory.
198 complex state machine than non-secure images.
210 in blocks from non-secure to secure memory.
213 copying it to secure memory.
317 This SMC copies the secure image indicated by ``image_id`` from non-secure memory
356 if (secure world caller)
360 if (image_id is secure image)
400 secure world image.
[all …]
|
| A D | secure-partition-manager.rst | 315 Loading Hafnium and secure partitions in the secure world
853 The FF-A id space is split into a non-secure space and secure space:
1041 partitions, two IPA spaces (secure and non-secure) are output from the
1046 - One of secure or non-secure IPA when the secure EL1&0 Stage-1 MMU is enabled.
1157 or secure world.
1269 Actions for a secure interrupt triggered while execution is in secure world
1425 - SMMUv3 offers non-secure stream support with secure stream support being
1427 instance for secure and non-secure stream support.
1446 registers have independent secure and non-secure versions to configure the
1447 behaviour of SMMUv3 for translation of secure and non-secure streams
[all …]
|
| A D | index.rst | 21 secure-partition-manager
23 secure-partition-manager-mm
|
| A D | el3-spmc.rst | 23 and SPMC at EL3, one S-EL1 secure partition, with an optional
41 ``SPMC_AT_EL3`` is enabled, the secure partitions are loaded
100 Other platforms need to allocate a similar secure memory region
132 BL2 loads the BL31 image as a part of (secure) boot process.
251 as secure buffers in the MMU descriptors.
280 The FF-A ID space is split into a non-secure space and secure space:
290 use a secure FF-A ID as origin world by spoofing:
338 the FFA_SPM_ID_GET interface at the secure physical FF-A instance.
406 In platforms with or without secure virtualization:
473 In the scenario when secure interrupt occurs while the secure partition is running,
[all …]
|
| /arm-trusted-firmware-2.8.0/drivers/nxp/tzc/ |
| A D | plat_tzc380.c | 85 tzc380_reg_list[list_idx].secure = TZC_ATTR_SP_NS_RW; in populate_tzc380_reg_list()
95 tzc380_reg_list[list_idx].secure = TZC_ATTR_SP_S_RW; in populate_tzc380_reg_list()
103 tzc380_reg_list[list_idx].secure = TZC_ATTR_SP_S_RW; in populate_tzc380_reg_list()
142 attr_value = tzc380_reg_list[indx].secure | in mem_access_setup()
|
| /arm-trusted-firmware-2.8.0/services/spd/trusty/ |
| A D | generic-arm64-smcall.c | 40 static void trusty_dputc(char ch, int secure) in trusty_dputc() argument
43 struct dputc_state *s = &dputc_state[!secure]; in trusty_dputc()
50 if (secure) in trusty_dputc()
|
| /arm-trusted-firmware-2.8.0/plat/rockchip/rk3288/ |
| A D | platform.mk | 24 -I${RK_PLAT_SOC}/drivers/secure/ \
56 ${RK_PLAT_SOC}/drivers/secure/secure.c \
|
| /arm-trusted-firmware-2.8.0/docs/plat/ |
| A D | qti-msm8916.rst | 25 therefore expects the non-secure world (e.g. Linux) to manage more hardware,
31 This port is **not secure**. There is no special secure memory and the
32 used DRAM is available from both the non-secure and secure worlds.
37 separate secure world) where this limitation is not a big problem. Booting
48 By default, BL31 enters the non-secure world in EL2 AArch64 state at address
65 This image must be "signed" before flashing it, even if the board has secure
69 The `DragonBoard 410c`_ does not have secure boot enabled by default. In this
79 Do not flash incorrectly signed firmware on devices that have secure
|
| /arm-trusted-firmware-2.8.0/docs/getting_started/ |
| A D | psci-lib-integration-guide.rst | 9 at the highest secure privileged mode, which is EL3 in AArch64 or Secure SVC/
39 #. Get the non-secure ``cpu_context_t`` for the current CPU by calling
56 initializes/restores the non-secure CPU context as well.
111 values safely until it is ready for exit to non-secure world.
154 PSCI library needs the flexibility to access both secure and non-secure
223 to the non-secure world.
259 secure or non-secure world. The ``cookie`` (6th argument) and the ``handle``
288 - Restores/Initializes the non-secure context and populates the
293 prior to exit to the non-secure world.
499 in `PSCI spec`_. If the secure payload is a Uniprocessor (UP)
[all …]
|
| /arm-trusted-firmware-2.8.0/docs/components/fconf/ |
| A D | fconf_properties.rst | 35 - Physical loading base address of the configuration in the non-secure
38 in secure memory (at load-address) as well as in non-secure memory
|
| /arm-trusted-firmware-2.8.0/docs/process/ |
| A D | security.rst | 20 Although we try to keep TF-A secure, we can only do so with the help of the
49 | | large data into secure memory |
51 | |TFV-2| | Enabled secure self-hosted invasive debug interface can allow |
52 | | normal world to panic secure world |
57 | | authentication of unexpected data in secure memory in AArch32 |
60 | |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure |
|
| /arm-trusted-firmware-2.8.0/docs/plat/nxp/ |
| A D | nxp-ls-tbbr.rst | 64 verified as part of CoT by Boot ROM during secure boot.
105 - There are 2 paths in secure boot flow :
109 --- However SNVS is transitioned to non-secure state
166 … | ( = 1, BootROM Booted) | ( = 010 means Intent to Secure, | (=1111 means secure boot) |
167 … | | ( = 000 Unsecure) | (=1011 means Non-secure Boot) |
175 -- For secure-boot status, read SNVS Register $SNVS_HPSR_REG from u-boot prompt:
190 …-- Refer the SoC specific table to read the register to interpret whether the secure boot is achie…
193 --- For secure-boot status, read SNVS Register $SNVS_HPSR_REG
209 -- 0xA indicates BootROM booted, with intent to secure.
210 -- 0xF = secure boot, as SSM_STATE.
|
| /arm-trusted-firmware-2.8.0/plat/rockchip/px30/ |
| A D | platform.mk | 24 -I${RK_PLAT_SOC}/drivers/secure/ \
58 ${RK_PLAT_SOC}/drivers/secure/secure.c \
|
| /arm-trusted-firmware-2.8.0/plat/st/stm32mp1/ |
| A D | stm32mp1_shared_resources.c | 358 unsigned int secure = 0U; in stm32mp_gpio_bank_is_secure() local
369 secure++; in stm32mp_gpio_bank_is_secure()
373 return secure == get_gpioz_nbpin(); in stm32mp_gpio_bank_is_secure()
535 bool secure = stm32mp1_rcc_is_secure(); in check_rcc_secure_configuration() local
542 if (!secure || (mckprot_protects_periph(n) && (!mckprot))) { in check_rcc_secure_configuration()
544 secure ? "secure" : "non-secure", in check_rcc_secure_configuration()
|
| /arm-trusted-firmware-2.8.0/plat/rockchip/rk3399/ |
| A D | platform.mk | 20 -I${RK_PLAT_SOC}/drivers/secure/ \
67 ${RK_PLAT_SOC}/drivers/secure/secure.c \
|
| /arm-trusted-firmware-2.8.0/docs/threat_model/ |
| A D | threat_model_spm.rst | 18 - Distinct sandboxes in the secure world called secure partitions. This permits
22 - Mutual isolation of the normal world and the secure world (e.g. a Trusted OS
36 running in the secure world of TrustZone (at S-EL2 exception level).
46 - Assumes secure boot or in particular TF-A trusted boot (TBBR or dual CoT) is
54 relayer/pass-through between the normal world and the secure world. It is
110 implicitely trusted by the usage of secure boot.
135 - NS-Endpoint identifies a non-secure endpoint: normal world client at NS-EL2
137 - S-Endpoint identifies a secure endpoint typically a secure partition.
454 | | The secure partition or SPMC replies to a partition|
970 | | communicate a pending secure interrupt triggered |
[all …]
|
| /arm-trusted-firmware-2.8.0/include/drivers/nxp/tzc/ |
| A D | plat_tzc380.h | 30 unsigned int secure; member
|
| /arm-trusted-firmware-2.8.0/docs/components/measured_boot/ |
| A D | event_log.rst | 24 - Event Log base address in secure memory.
31 - Event Log base address in non-secure memory.
|
| /arm-trusted-firmware-2.8.0/plat/marvell/armada/a8k/a70x0/ |
| A D | platform.mk | 13 DOIMAGE_SEC := tools/doimage/secure/sec_img_7K.cfg
|
| /arm-trusted-firmware-2.8.0/plat/marvell/armada/a8k/a70x0_amc/ |
| A D | platform.mk | 13 DOIMAGE_SEC := tools/doimage/secure/sec_img_7K.cfg
|