Trusted Substrate


March 31st

  • The ASIL-B compliance is morphing into an IEC 61508 compliance project to broaden applicability. There is a by invitation only workshop on April 15th 9am-11am CET: to be invited please send a request to francois<dot>ozog<at>

February 18th

  • Following members' vote, UEFI Measured boot, PKCS#11 in OP-TEE and ASIL-B compliance assessment are the big development topics for the next cycle (ending October 2021).

January 24th

  • UEFI Secure Boot is now fully functional on STM32MP1, the 32 bits reference platform


This calendar is displayed using UTC timezone with no DST offsets.

About this project

Trusted Substrate is an integrated firmware solution made of all necessary components to implement Arm SystemReady standards with all security options turned on.

Its ambition is to enable industrial grade off-the-shelf operating systems and hypervisors to run as is on compliant platforms and greatly augment supported platforms for vertical market targeted distributions such as Civil Infrastructure Platform, Automotive Grade Linux, OpenIL, Scientific Linux and its derivatives as well as LEDGE Reference Platform and other commercial versions.

SystemReady is very flexible and allows many different cases to be compliant. To achieve its goals in the intended industrial grade context, Trusted Substrate adds requirements to those assumed by SystemReady:

  • mandates security option

  • requires that UEFI update capsules become the standard vehicle to update any secure or device firmware in the system

  • adds anti-rollback and anti-bricking requires to Over-The-Air updates

  • implement Global Platform compliant TEE interface

As a result Trusted Substrate interfaces requires:

  • SystemReady compliance

  • SystemReady BBSR compliance (optional in the main case)

  • PSA Firmware Framework A / in progress Firmware Update specification compliance

  • PSCI compliance

  • SCMI compliance

  • ParSec compliance

  • Global Platform TEE compliance

  • (future DTE project driven compliance)

In a nutshell, Trusted Substrate complements SystemReady functional aspects of boot, OTA and security with additional functions and add some "security performance" elements.

Trusted Substrate exists in two flavors that complement respective SystemReady counterparts: TrustedSubstrate-IR and TrustedSubstrate-SR:

  • TrustedSubstrate-IR implementation is built on Trusted Firmware A, OP-TEE, U-Boot and uses Device Tree as hardware description. 
  • TrustedSubstrate-SR implementation is built on EDK2, OP-TEE and uses ACPI as hardware description (main difference with typical datacenter firmware is the presence of OP-TEE)

The primary goal of the project is to upstream all necessary technologies in a number of open source projects to seed SystemReady compliance. Linaro Edge & Fog computing group hardware as well as Qemu (64 & 32 bits) will be used as reference platforms for the development.

Development of Trusted Substrate is "feature orientated" rather than upstream project orientated. In other words, when a feature is planned, activities in relevant upstream projects is identified and monitored for completion as a whole. Each upstream project has its own roadmap that is not related to SystemReady compliance and independent from other projects. So if you are evaluating what community to join, the decision criteria is whether your goal is holistic or just focused at an individual project.

NOTE: more details on Trusted Substrate: whys, what, how (note: This presentation was produced before SystemReady was announced. a new version will be authored)

Related Linaro software development  projects

Trusted Substrate project covers a wide range of software components as stated above. To orchestrate engineering activities in manageable pieces, the development is split between the following projects (Trusted Substrate project leadership ensure coherency and completeness across projects):

  • Dependable Boot - ensure SystemReady boot flow conformance across firmware projects (TF-A, OP-TEE, U-Boot, Linux kernel). This project collates work from different teams in Linaro (Kernel Working Group, Security Working Group, LEDGE)

  • Device Tree Evolution - efforts to create a System Device Tree that covers asymmetric computing platforms and to change the lifecycle of Device Tree so that it is provided by firmware to operating systems

  • Linaro OP-TEE Contributions - while most OP-TEE activities related to SystemReady are guided by Dependable Boot, some long term changes such as Trusted Application lifecycle and distribution scenarios may actually be driven by this project.

  • SCMI Server - the service may be hosted in the SCP, as a TA or even as a VM. When it is distributed as a TA or in the SCP firmware, this service is integral part of the Trusted Substrate.


Trusted Substrate project deliverables are upstream patches in many upstream projects. The development is driven by the Linaro projects as said above.

Upstream activity can be found in:

  • U-Boot, EDK2
  • Trusted-Firmware A, OP-TEE
  • Linux kernel
  • FreeBSD

Currently TrustedSubstrate-IR for Qemu-BSA 32 bits (U-Boot/DT) and Qemu-BSA 64 bits (EDK2/ACPI and U-Boot/DT) are accessible through the LEDGE Reference Platform downloads.

In the future, and to simplify using Trusted Substrate, a multi-project build repository will be made available as well as binary versions of reference hardware for direct usage.


Linaro is evaluating the opportunity to create SystemReady and Trusted Substrate services such as:

  • Board SystemReady-IR readiness, i.e. making sure the board will pass SystemReady-IR certification

  • include SystemReady-IR CI/CD loops

  • Collaborative maintenance of Trusted Substrate project members defined LTSes (this is very early stages of thinking)

Should you want to have more information or more generally discuss any of the above, please contact us

Get Involved

  • Project membership for roadmap steering and resources allocation



SystemReady is key enabler of  project Cassini which is the open, collaborative, standards-based initiative to deliver a cloud-native software experience across a secure Arm edge ecosystem. SystemReady defines a set of hardware requirements and <operating system>/<firmware> interface standards. Those standards are assembled to address market specific needs:

Trusted Substrate supported...


CI supported

64 bits









32 bits




Texas Instruments


Am57x Sitara
Texas InstrumentsBeaglebone-x15Am57x Sitara


Arm-BSA 32 bits

Tested (to be added)

64 bits








Armada 3700LP
MarvellMachiattoBinArmada 8040

Operating Systems


Poky@Yocto: meta-ledge(Dunfell@OE)
Fedora IoT 33


Ubuntu 20.10
FreeBSD 13.0


Please view the structure here.

Plan of Record


The following items are on the project backlog but not currently planned. If you are interested in contributing to any of these items, please state your intention on the project's mailing list (found above)

key summary type created updated due assignee reporter priority status resolution

Unable to locate JIRA server for this macro. It may be due to Application Link configuration.

Health Checks

Linaro Ltd.