diff --git a/docs/totalcompute/readme.rst b/docs/totalcompute/readme.rst index 88a68d79bbed40ff0123957da5a684da4182eef6..987ee2488a7e002394f79abfd1e26ed6823a8962 100644 --- a/docs/totalcompute/readme.rst +++ b/docs/totalcompute/readme.rst @@ -14,6 +14,8 @@ TC1 release tags TC0 release tags ================ +`TC0-2022.02.25 `_ + `TC0-2021.07.31 `_ `TC0-2021.04.23 `_ diff --git a/docs/totalcompute/tc0/change-log.rst b/docs/totalcompute/tc0/change-log.rst index 6982f9699f0f399723e782ce404ffb27ea1a57a3..08ac07e29d417e80cad66401fe0b750912ab9f43 100644 --- a/docs/totalcompute/tc0/change-log.rst +++ b/docs/totalcompute/tc0/change-log.rst @@ -8,6 +8,22 @@ Change Log This document contains a summary of the new features, changes and fixes in each release of TC0 software stack. +Version 2022.02.25 +------------------ + +Features added +~~~~~~~~~~~~~~ +- Maximum Power Mitigation Mechanism (MPMM) Support in SCP. This is an experimental and untested feature. + +Changes +~~~~~~~ +- Updated Android to S +- Updated Trusted Firmware-A & Hafnium to v2.6 +- Updated SCP firmware to v2.9 +- Updated U-Boot to v2021.10 +- Updated Trusted Services +- Updated Yocto repositories + Version 2021.07.31 ------------------ @@ -91,4 +107,4 @@ Features added -------------- -*Copyright (c) 2020-2021, Arm Limited. All rights reserved.* +*Copyright (c) 2020-2022, Arm Limited. All rights reserved.* diff --git a/docs/totalcompute/tc0/release_notes.rst b/docs/totalcompute/tc0/release_notes.rst index 3e1504e854f436ff776ab87b05275db8e9986004..adb75a2bf586b63465c44fadae5aac00c0f5d455 100755 --- a/docs/totalcompute/tc0/release_notes.rst +++ b/docs/totalcompute/tc0/release_notes.rst @@ -1,13 +1,13 @@ .. _docs/totalcompute/tc0/release_notes: -Release notes - 2021.07.31 +Release notes - 2022.02.25 ========================== .. contents:: Release tag ----------- -The manifest tag for this release is TC0-2021.07.31 +The manifest tag for this release is TC0-2022.02.25 Components ---------- @@ -18,7 +18,7 @@ The following is a summary of the key software features of the release: - U-Boot bootloader. - Hafnium for S-EL2 Secure Partition Manager core. - OP-TEE for Trusted Execution Environment (TEE). - - Crypto and Storage Trusted Services running at S-EL0. + - Trusted Services (Crypto and Internal Trusted Storage). Hardware Features ----------------- @@ -33,14 +33,15 @@ Hardware Features Software Features ----------------- - Poky Distribution support. - - Android AOSP Support (May21). + - Android S Support. - Android Common Kernel 5.10 with PAC/BTI/MTE - - Trusted Firmware-A & Hafnium v2.5 + - With Android S support, the KVM default mode of operation is set to ``protected``. This is a nVHE based mode with kernel running at EL1. + - Trusted Firmware-A & Hafnium v2.6 - OP-TEE 3.14.0 - Support secure boot based on TBBR specification https://developer.arm.com/documentation/den0006/latest - - System Control Processor (SCP) firmware v2.8 + - System Control Processor (SCP) firmware v2.9 - Build system based on Yocto master - - U-Boot bootloader v2021.07 + - U-Boot bootloader v2021.10 - Power management features: cpufreq and cpuidle. - SCMI (System Control and Management Interface) support. - Verified u-boot for authenticating fit image (containing kernel + ramdisk) during poky boot. @@ -50,14 +51,14 @@ Software Features - OP-TEE as Secure Partition at S-EL1, managed by S-EL2 SPMC (Hafnium) - Arm FF-A driver and FF-A Transport support for OP-TEE driver in Android Common Kernel. - OP-TEE Support in Poky distribution. This includes OP-TEE client and OP-TEE test suite. - - Crypto and Storage Trusted Services running at S-EL0. + - Trusted Services (Crypto and Internal Trusted Storage) running at S-EL0. - Trusted Services test suite added to poky distribution. - Shim Layer at S-EL1 running on top of S-EL2 SPMC (Hafnium) used by Trusted Services running in S-EL0. Platform Support ---------------- - This Software release is tested on TC0 Fast Model platform (FVP). - - Supported Fast model version for this release is 11.15.20 + - Supported Fast model version for this release is 11.17.18 Known issues or Limitations --------------------------- @@ -73,4 +74,4 @@ For support email: support-arch@arm.com -------------- -*Copyright (c) 2020-2021, Arm Limited. All rights reserved.* +*Copyright (c) 2020-2022, Arm Limited. All rights reserved.* diff --git a/docs/totalcompute/tc0/tc0_sw_stack.png b/docs/totalcompute/tc0/tc0_sw_stack.png index 12da312a23436955bacd51719fa946e7ee09ac6f..4a1b334f3ca4d4a64109664c848dcab4e82fb3a9 100644 Binary files a/docs/totalcompute/tc0/tc0_sw_stack.png and b/docs/totalcompute/tc0/tc0_sw_stack.png differ diff --git a/docs/totalcompute/tc0/tc0_sw_stack.rst b/docs/totalcompute/tc0/tc0_sw_stack.rst index 139a03aa1a019f76f01599a6bc90e253a3104059..51a2641d777bfcf264e55fcc5b1da60ff9933cc8 100644 --- a/docs/totalcompute/tc0/tc0_sw_stack.rst +++ b/docs/totalcompute/tc0/tc0_sw_stack.rst @@ -18,6 +18,7 @@ SCP firmware supports: #. Initial hardware configuration #. Clock management #. Servicing power state requests from the OS Power Management (OSPM) software + #. Maximum Power Mitigation Mechanism (MPMM). This is an experimental and untested feature. SCP Boot ROM ............ @@ -74,7 +75,7 @@ Total Compute enables FEAT S-EL2 architectural extension, and it uses Hafnium as Secure Partitions ................. -Software image isolated using SPM is Secure Partition. Total Compute enables OP-TEE and Trusted Services (crypto, secure storage) as Secure Partitions. +Software image isolated using SPM is Secure Partition. Total Compute enables OP-TEE and Trusted Services (crypto, internal trusted storage) as Secure Partitions. OP-TEE ++++++ @@ -82,7 +83,7 @@ OP-TEE Trusted OS is virtualized using Hafnium at S-EL2. OP-TEE OS for Total Com Trusted Services ++++++++++++++++ -Trusted Services like Crypto Service and Secure Storage runs as S-EL0 Secure Partitions using a Shim layer at S-EL1. Crypto Service along with S-EL1 Shim layer is built as a single image. The Shim layer forwards FF-A calls from S-EL0 to S-EL2. +Trusted Services like Crypto Service and Internal Trusted Storage runs as S-EL0 Secure Partitions using a Shim layer at S-EL1. These services along with S-EL1 Shim layer is built as a single image. The Shim layer forwards FF-A calls from S-EL0 to S-EL2. U-Boot ------ @@ -103,8 +104,7 @@ Linux Kernel in Total Compute contains the subsystem-specific features that demo Android ------- Total Compute has support for Android Open-Source Project (AOSP), which contains the Android framework, Native Libraries, Android Runtime and the Hardware Abstraction Layers (HALs) for Android Operating system. -The Total Compute device profile defines the required variables for Android such as partition size and product packages and has support for 2 different configurations of Android: +The Total Compute device profile defines the required variables for Android such as partition size and product packages and has support for the below configuration of Android: - #. Nano: This is a stripped-down version to provide the bare minimum for Android Runtime and boot Android to console. It does not have Android UI support. #. Software rendering: This profile has support for Android UI and boots Android to home screen. It uses SwiftShader to achieve this. Swiftshader is a CPU base implementation of the Vulkan graphics API by Google. diff --git a/docs/totalcompute/tc0/user-guide.rst b/docs/totalcompute/tc0/user-guide.rst index 246f2bffefff7086321e448bf411c06bf5b4dd40..6bcac01913a3a60543c5c6c60103fe34074d5c9d 100755 --- a/docs/totalcompute/tc0/user-guide.rst +++ b/docs/totalcompute/tc0/user-guide.rst @@ -36,11 +36,13 @@ To resolve these dependencies, run: :: + sudo add-apt-repository ppa:ubuntu-toolchain-r/test sudo apt-get update sudo apt-get install chrpath gawk texinfo libssl-dev diffstat wget git-core unzip gcc-multilib \ build-essential socat cpio python python3 python3-pip python3-pexpect xz-utils debianutils \ iputils-ping python3-git python3-jinja2 libegl1-mesa libsdl1.2-dev pylint3 xterm git-lfs openssl \ - curl lib32ncurses5-dev libz-dev python-pip u-boot-tools m4 zip + curl lib32ncurses5-dev libz-dev python-pip u-boot-tools m4 zip gcc-9 libstdc++6 liblz4-tool zstd + To get the latest repo tool from google, run the following commands: @@ -75,7 +77,7 @@ in these instructions. mkdir cd - export TC0_RELEASE=refs/tags/TC0-2021.07.31 + export TC0_RELEASE=refs/tags/TC0-2022.02.25 To sync BSP only without Android, run the repo command. @@ -115,10 +117,7 @@ Note that the BSP includes the Poky Linux distribution, which offers BusyBox-lik Android OS build ################# -Two profiles are supported: - #. tc0_swr : This supports Android display with swiftshader (software rendering). -#. tc0_nano : This supports headless Android and provides a good runtime environment for testing shell-based applications. The android images can be built with or without authentication enabled using Android Verified Boot(AVB). AVB build is done in userdebug mode and takes a longer time to boot as the images are verified. @@ -132,22 +131,22 @@ The ``build-scripts/tc0/build_android.sh`` script in ``/android`` Incorrect script use, call script as: [OPTIONS] OPTIONS: - -d, --distro distro version, values supported [android-nano, android-swr] + -d, --distro distro version, values supported [android-swr] -a, --avb [OPTIONAL] avb boot, values supported [true, false], DEFAULT: false The ``--avb`` option does not influence the way the system boots rather it adds an optional sanity check on the prerequisite images. -As an example, to build android with software rendering and AVB enabled, run the command: +As an example, to build android with software rendering and AVB disabled, run the command: :: - ./build-scripts/tc0/build_android.sh -d android-swr -a true + ./build-scripts/tc0/build_android.sh -d android-swr -To build headless android without AVB, run the command: +To build android with software rendering and AVB enabled, run the command: :: - ./build-scripts/tc0/build_android.sh -d android-nano + ./build-scripts/tc0/build_android.sh -d android-swr -a true Android based stack takes considerable time to build, so start the build and go grab a cup of coffee! @@ -193,10 +192,10 @@ Trusted Firmware-A Based on `Trusted Firmware-A `__ +--------+------------------------------------------------------------------------------------------------------------+ -| Recipe | /bsp/layers/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc0.inc | +| Recipe | /bsp/layers/meta-arm/meta-arm-bsp/recipes-bsp/trusted-firmware-a/trusted-firmware-a-tc.inc | +--------+------------------------------------------------------------------------------------------------------------+ -| Files | * /bsp/build-poky/tmp-poky/deploy/images/tc0/bl1-tc0.bin | -| | * /bsp/build-poky/tmp-poky/deploy/images/tc0/fip-tc0.bin | +| Files | * /bsp/build-poky/tmp-poky/deploy/images/tc0/bl1-tc.bin | +| | * /bsp/build-poky/tmp-poky/deploy/images/tc0/fip_gpt.bin | +--------+------------------------------------------------------------------------------------------------------------+ @@ -206,7 +205,7 @@ System Control Processor (SCP) Based on `SCP Firmware `__ +--------+------------------------------------------------------------------------------------------------+ -| Recipe | /bsp/layers/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc0.inc | +| Recipe | /bsp/layers/meta-arm/meta-arm-bsp/recipes-bsp/scp-firmware/scp-firmware-tc.inc | +--------+------------------------------------------------------------------------------------------------+ | Files | * /bsp/build-poky/tmp-poky/deploy/images/tc0/scp_ramfw.bin | | | * /bsp/build-poky/tmp-poky/deploy/images/tc0/scp_romfw.bin | @@ -218,11 +217,11 @@ U-Boot Based on `U-Boot gitlab `__ -+--------+------------------------------------------------------------------------------------+ -| Recipe | /bsp/layers/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot-tc0.inc | -+--------+------------------------------------------------------------------------------------+ -| Files | * /bsp/build-poky/tmp-poky/deploy/images/tc0/u-boot.bin | -+--------+------------------------------------------------------------------------------------+ ++--------+---------------------------------------------------------------------------------------+ +| Recipe | /bsp/layers/meta-arm/meta-arm-bsp/recipes-bsp/u-boot/u-boot_2021.10.bb | ++--------+---------------------------------------------------------------------------------------+ +| Files | * /bsp/build-poky/tmp-poky/deploy/images/tc0/u-boot.bin | ++--------+---------------------------------------------------------------------------------------+ Hafnium @@ -231,7 +230,7 @@ Hafnium Based on `Hafnium `__ +--------+--------------------------------------------------------------------------------------+ -| Recipe | /bsp/layers/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc0.inc | +| Recipe | /bsp/layers/meta-arm/meta-arm-bsp/recipes-bsp/hafnium/hafnium-tc.inc | +--------+--------------------------------------------------------------------------------------+ | Files | * /bsp/build-poky/tmp-poky/deploy/images/tc0/hafnium.bin | +--------+--------------------------------------------------------------------------------------+ @@ -243,7 +242,7 @@ OP-TEE Based on `OP-TEE `__ +--------+------------------------------------------------------------------------------------------+ -| Recipe | /bsp/layers/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tc0.inc | +| Recipe | /bsp/layers/meta-arm/meta-arm-bsp/recipes-security/optee/optee-os-tc.inc | +--------+------------------------------------------------------------------------------------------+ | Files | * /bsp/build-poky/tmp-poky/deploy/images/tc0/optee/tee-pager_v2.bin | +--------+------------------------------------------------------------------------------------------+ @@ -257,8 +256,8 @@ Based on `Trusted Services /bsp/layers/meta-tc/recipes-security/trusted-services/secure-partitions_git.bb | +--------+-----------------------------------------------------------------------------------------------+ -| Files | * /bsp/build-poky/tmp-poky/deploy/images/tc0/firmware/crypto-sp.bin | -| | * /bsp/build-poky/tmp-poky/deploy/images/tc0/firmware/secure-storage.bin | +| Files | * /bsp/build-poky/tmp-poky/deploy/images/tc0/crypto-sp.bin | +| | * /bsp/build-poky/tmp-poky/deploy/images/tc0/internal-trusted-storage.bin | +--------+-----------------------------------------------------------------------------------------------+ Linux @@ -292,7 +291,7 @@ The provided distribution is based on BusyBox and built using glibc. Android ******* -Android Master (as on May21) is supported in this release with device profiles suitable for TC0 machine configuration. +Android S is supported in this release with device profiles suitable for TC0 machine configuration. Android is built as a separate project and then booted with the BSP built by Yocto. @@ -335,7 +334,7 @@ the previously built images as arguments. Run the ``run_model.sh`` script: [OPTIONS] OPTIONS: -m, --model path to model - -d, --distro distro version, values supported [poky, android-nano, android-swr] + -d, --distro distro version, values supported [poky, android-swr] -a, --avb [OPTIONAL] avb boot, values supported [true, false], DEFAULT: false -t, --tap-interface [OPTIONAL] enable TAP interface -e, --extra-model-params [OPTIONAL] extra model parameters @@ -357,13 +356,9 @@ Running Android For running android with AVB disabled: ./run-scripts/tc0/run_model.sh -m -d android-swr - OR - ./run-scripts/tc0/run_model.sh -m -d android-nano For running android with AVB enabled: ./run-scripts/tc0/run_model.sh -m -d android-swr -a true - OR - ./run-scripts/tc0/run_model.sh -m -d android-nano -a true When the script is run, two terminal instances will be launched. terminal_s0 used for the SCP, TF-A, OP-TEE core logs and terminal_s1 used by TF-A early boot, Hafnium, U-boot and Linux. @@ -377,12 +372,13 @@ using the username ``root``. You may need to hit Enter for the prompt to appear. The OP-TEE and Trusted Services are initialized on both the Android and Poky distribution. But the functionality of OP-TEE and core set of trusted services -such as cryptography and secure storage can be invoked only on Poky +such as cryptography and internal trusted storage can be invoked only on Poky distribution. For OP-TEE, the TEE sanity test suite can be run using command -``xtest``. For Trusted Services, run command ``ts-service-test`` for Service -API level tests and run command ``ts-demo`` for the demonstration client -application. +``xtest``. For Trusted Services, run command ``ts-service-test -sg ItsServiceTests +-sg PsaCryptoApiTests -sg CryptoServicePackedcTests -sg CryptoServiceProtobufTests +-sg CryptoServiceLimitTests -v`` for Service API level tests and run command +``ts-demo`` for the demonstration client application. -------------- -*Copyright (c) 2020-2021, Arm Limited. All rights reserved.* +*Copyright (c) 2020-2022, Arm Limited. All rights reserved.*