Page MenuHomePhabricator
Create Task
Maniphest T987

TF-A to permit bundling more than 8 secure partitions
Open, Needs TriagePublic
Actions

Description

TF-A flow permits integrating up to 8 secure partitions to be:
-packaged by TF-A build flow
-loaded and authenticated by BL2
-consumed by an SPMC component.

Those 8 secure partitions are statically split into max. 4 signed by the platform owner, and max. 4 signed by the silicon provider.

This affects different parts of the TF-A build flow, secure partitions packaging tools, TBBR certificates:

https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/tools/sptool/sp_mk_generator.py#n64
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/14506/comment/7f969bd3_2f18b7db/

https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/include/common/tbbr/tbbr_img_def.h#n23

https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts#n32

This task is about improving flexibility with integrating more than 8 partitions. Possibly per platform.

Event Timeline

odeprez created this task.Apr 20 2022, 6:55 AM
odeprez updated the task description. (Show Details)Apr 20 2022, 6:57 AM
odeprez updated the task description. (Show Details)
tomusa0106 added a subscriber: tomusa0106.Aug 8 2023, 6:47 AM

"Secure partitioning" usually involves dividing into separate areas on a device or computer, slope each with its own environment and access rights. This helps prevent unwanted interference between different parts of the system.

timothyferriss added a subscriber: timothyferriss.Sep 8 2023, 6:49 AM

Start by thoroughly reviewing the existing code and documentation related to secure retro bowl partition handling in TF-A. Understand how the current system works and where the limitations are regarding the number of secure partitions

kelseyradley added a subscriber: kelseyradley.Sep 19 2023, 3:04 AM

TF-A's secure partition handling is covered in detail in the existing code and documentation, so start there. Recognize the constraints of the current system, including the amount of secure partitions, and how it operates. skribbl io

mira23435 added a subscriber: mira23435.Nov 23 2023, 9:46 AM

The Secure Partition Manager (SPM) sets security attributions for flash memory, SRAM, dino game and other peripherals using the System Protection Unit (SPU) peripheral. Security attributions are boolean Kconfig options that allow you to establish security settings such as marking a peripheral as secure or non-secure.