Re: [PATCH v5 1/5] ARM: add basic Trusted Foundations support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Sat, Sep 7, 2013 at 1:48 AM, Linus Walleij <linus.walleij@xxxxxxxxxx> wrote:
> On Thu, Sep 5, 2013 at 5:27 AM, Alexandre Courbot <acourbot@xxxxxxxxxx> wrote:
>
>> Trusted Foundations is a TrustZone-based secure monitor for ARM that
>> can be invoked  using a consistent SMC-based API on all supported
>> platforms. This patch adds initial basic support for Trusted
>> Foundations using the ARM firmware API. Current features are limited
>> to the ability to boot secondary processors.
>>
>> Signed-off-by: Alexandre Courbot <acourbot@xxxxxxxxxx>
>> Reviewed-by: Tomasz Figa <t.figa@xxxxxxxxxxx>
>> Reviewed-by: Stephen Warren <swarren@xxxxxxxxxx>
>
> I take it that this means that it is a set of standard routines
> living in the secure world that can be called by way of this
> API, correct? The commit message is written a bit like
> everybody knows what this is about but I don't :-)

It's actually written a bit like I don't really know what this is
about, thanks for exposing my ignorance. :P

> Some more background here would be nice, like where did this
> thing come from, and are there other platforms in existance that
> use trusted foundations or is it a Tegra-only thing? Does a
> specification of this thing listing available services exist for
> example?

There is unfortunately no public specification of this AFAIK. Client
(kernel) side sources are available as Tegra downstream kernel
releases, but that's about it.

> How does it relate to the (arch-neutral) trusted execution
> environment and such things that other vendors are pushing for?
> Can the trusted foundations be used "underneath" such
> frameworks for trusted applications, or is it a parallell thing
> altogether?

My understanding is that TF serves the same purpose for ARM only AFAICT.

> I tried googling it, is this a relevant URL?
> http://www.arm.com/community/partners/display_product/rw/ProductId/5393/

Yes. TF is an essential feature to support in order to boot the kernel
on some Tegra-based consumer devices (e.g. SHIELD). Basic things such
as secondary CPU control must be performed through SMCs. It has many
more features but for the moment I don't see a need to go beyond the
very basic.

The issue is that as you pointed out, public information is scarce and
future direction uncertain. That's why this patchset limits itself to
what is needed to get secondary CPUs running - the procedure is very
simple and unlikely to change in the future. DT binding is also as
concise as possible to allow malleability since we cannot predict how
it will evolve in the future.

I will try to explain better what TF is in the commit log - at least
as far as I understand it myself.

Alex.
--
To unsubscribe from this list: send the line "unsubscribe devicetree" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Device Tree Compilter]     [Device Tree Spec]     [Linux Driver Backports]     [Video for Linux]     [Linux USB Devel]     [Linux PCI Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [XFree86]     [Yosemite Backpacking]
  Powered by Linux