|
Name |
|
Date |
Size |
#Lines |
LOC |
| .. | | 22-Aug-2025 | - |
| readme.rst | A D | 22-Aug-2025 | 3.9 KiB | 137 | 100 |
readme.rst
1**************************
2RSE ROM Release 2024-04-08
3**************************
4
5.. contents:: Contents
6 :depth: 1
7 :local:
8
9Features
10========
11
12- A ROM bootloader for RSE that supports chainloading a second immutable boot
13 stage (BL1-2) from OTP.
14- Integrity protection of the BL1-2 boot image using a provisioned SHA-256 hash
15 of the image.
16- Hardware-accelerated crypto operations using the built-in CryptoCell-3xx ROM
17 driver.
18- Support for hardware lifecycle management and provisioning using code and
19 values loaded through a debugger.
20- A DMA Initial Command Sequence placed at offset 0x1F000 in the ROM.
21- Support for secure provisioning, using AEAD encryption with keys derived from
22 the RTL key.
23- Allows for setup of SAM configuration with provisioned values before CPU is
24 started via the DMA ICS.
25- Uses TRAM for BL1_1 data sections.
26
27Known errata
28============
29
30- The build instructions for this release initially contained an incorrect
31 address for the DMA ICS concatenation with the ROM code. The build
32 instructions in this document have been updated and are now correct. The
33 correct address is 0x1F000, instead of 0x1E000. Some distributed ROM binaries
34 have also been impacted, and hence will not boot.
35
36 If a ROM binary does not boot, it can be checked for this error using the
37 command:
38
39 .. code-block:: bash
40
41 xxd -s 0x1F000 rom.bin
42
43 If there is no output, or the output is all zero-words, then the ROM binary is
44 affected by the issue. It is possible to fix a ROM binary affected by the
45 issue by running the following command:
46
47 .. code-block:: bash
48
49 dd if=rom.bin bs=1k skip=120 seek=124 count=4 of=rom.bin
50
51TF-M version
52============
53
54The RSE ROM image should be generated from TF-M commit hash:
55
56.. code-block:: bash
57
58 2ca8c58dc2feddc93b87585ffc07e4d169f54278
59
60Tested Environment
61==================
62
63- arm-none-eabi-gcc --version | head -n 1
64
65.. code-block:: bash
66
67 arm-none-eabi-gcc (GNU Arm Embedded Toolchain 10.3-2021.10) 10.3.1 20210824 (release)
68
69- python3 --version
70
71.. code-block:: bash
72
73 Python 3.11.6
74
75- python3 -m pip list
76
77.. code-block:: bash
78
79 Package Version
80 ------------------------- ---------
81 attrs 23.2.0
82 cbor2 5.6.2
83 cffi 1.16.0
84 click 8.1.7
85 cryptography 42.0.5
86 ecdsa 0.18.0
87 imgtool 2.0.0
88 intelhex 2.3.0
89 Jinja2 3.1.3
90 jsonschema 4.21.1
91 jsonschema-specifications 2023.12.1
92 kconfiglib 14.1.0
93 MarkupSafe 2.1.5
94 networkx 3.3
95 pip 23.2
96 pyasn1 0.6.0
97 pycparser 2.22
98 pyhsslms 2.0.0
99 PyYAML 6.0.1
100 referencing 0.34.0
101 rpds-py 0.18.0
102 setuptools 68.1.2
103 six 1.16.0
104
105Build command
106=============
107
108The RSE ROM image should be generated with the following build commands:
109
110.. code-block:: bash
111
112 python3 -m venv ./venv
113 source ./venv/bin/activate
114
115 python3 -m pip install -r ./tools/requirements.txt
116
117 cmake -S . -B build -DTFM_PLATFORM=arm/rse/tc \
118 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake \
119 -DCMAKE_BUILD_TYPE=minsizerel \
120 -DRSE_ENABLE_TRAM=ON \
121 -DRSE_OTP_TRNG=ON \
122 -DTFM_DUMMY_PROVISIONING=OFF \
123 -DRSE_XIP=ON \
124 -DTFM_PARTITION_DPE=OFF
125
126 cmake --build build -- install
127
128 srec_cat build/bin/bl1_1.bin -Binary -offset 0x0 \
129 build/bin/rom_dma_ics.bin -Binary -offset 0x1F000 \
130 -o rse_rom_2024-04-08.bin -Binary
131
132 truncate --size 131072 rse_rom_2024-04-08.bin
133
134--------------
135
136*Copyright (c) 2024, Arm Limited. All rights reserved.*
137