Trusted Substrate
Billboard
January 2022
Major cleanup and bug fixes on UEFI secure boot
A/B update support merged in TF-A
v3 of A/B updates in U-Boot under review
ARM secure side virtualization FFA-1.0: patches for optee-os and optee linux driver based on FF-A have been merged
December 2021
FF-A Firmware Update specifications update forwarded to U-Boot mailing list
BTI patches for OP-TEE
Linux kernel OP-TEE runtime check PoC released
November 2021
OP-TEE release 3.15, asynchronous notifications of secure world in progress
Xen mediator for OP-TEE PoC ready (DRM for automotive for instance)
EFI TCG2 compliance in U-Boot. All patches have been merged upstream
Fixed PE/COFF alignment in U-Boot.
Meetings
This calendar is displayed using UTC timezone with no DST offsets.
Project Contacts
Project lead: ilias.apalodimas@linaro.org
Project manager: julianus.larson@linaro.org
About this project
Trusted Substrate is a meta-layer in OpenEmbedded to be used by board makers to produce an Arm SystemReady compliant firmware and ensure a consistent behavior, tamper protection and "performance" across platforms.
In a nutshell TrustedSubstrate is building firmware for devices which verifies the running software hasn't been tampered with. It does so by utilizing a well known set of standards
UEFI secure boot enabled by default
UEFI variables will be stored in a rollback protected storage as long as the device supports it
Measured boot. With a discrete or firmware TPM based on the device capabilities
Dual banked firmware updates with rollback and bricking protection
TF-A patches are already upstreamed
U-Boot patches are WIP
Requirements and specifications
Trusted Substrate interfaces requires:
SystemReady compliance
SystemReady BBSR compliance (optional in the main case)
PSA Firmware Framework A specification compliance (Trust Services)
PSCI compliance
SCMI compliance
ParSec compliance
Global Platform TEE compliance
(future DTE project driven compliance)
You can find a complete list of the requirements here
CI Tests/Targets
Passing SystemReady-IR ACS tests | SystemReady-IR | Yes - link?? | |
SystemReady BBSR compliance (optional) | Should be part of the SystemReady-IR ACS security extensions | Not in CI yet. passes locally (TS-192) | N/A |
PSA Firmware Framework A specification compliance (Trust Services) | Tests aren't implemented yet (work in progress by Arm) | ||
PSCI compliance | Basic tests available | Not in CI yet | Not in CI yet |
SCMI compliance | Basic tests available upstream. Can be added to CI. SCMI project is working on adding proper test suite | Not in CI yet | Not in CI yet |
ParSec compliance (not applicable to trusted substrate. Should be in the LEDGE RP list of tests ) | Tests are available | N/A | N/A |
Global Platform TEE compliance - needs a subscription (not applicable to trusted substrate. Should be in the LEDGE RP list of tests ) | Run in OP_TEE CI as part of Xtest | N/A | N/A |
Op-Tee Xtest (not applicable to trusted substrate. Should be in the LEDGE RP list of tests ) | Run in OP_TEE CI | N/A | N/A |
(future DTE project driven compliance) | N/A | N/A | N/A |
The following diagram shows how Trusted Substrate can be seen from upper layers:
Trusted Substrate exists in two flavors that build on SystemReady counterparts: TrustedSubstrate-IR and TrustedSubstrate-ES:
TrustedSubstrate-IR implementation is built on Trusted Firmware A, OP-TEE, U-Boot and uses Device Tree as hardware description.
TrustedSubstrate-ES implementation is built on EDK2, OP-TEE and uses ACPI as hardware description (main difference with typical datacenter firmware is the presence of OP-TEE). There are discussions to extend U-Boot to offer a full ACPI support in this context.
The primary goal of the project is to upstream all necessary technologies in a number of open source projects to seed SystemReady compliance. Linaro Edge & Fog computing group hardware as well as Qemu (64 & 32 bits) will be used as reference platforms for the development.
Development of Trusted Substrate is "feature orientated" rather than upstream project orientated. In other words, when a feature is planned, activities in relevant upstream projects is identified and monitored for completion as a whole. Each upstream project has its own roadmap that is not related to SystemReady compliance and independent from other projects. So if you are evaluating what community to join, the decision criteria is whether your goal is holistic or just focused at an individual project.
NOTE: more details on Trusted Substrate: whys, what, how (note: This presentation was produced before SystemReady was announced. a new version will be authored)
Related Linaro software development projects
Trusted Substrate project covers a wide range of software components as stated above. To orchestrate engineering activities in manageable pieces, the development is split between the following projects (Trusted Substrate project leadership ensure coherency and completeness across projects):
Dependable Boot - ensure SystemReady boot flow conformance across firmware projects (TF-A, OP-TEE, U-Boot, Linux kernel). This project collates work from different teams in Linaro (Kernel Working Group, Security Working Group, LEDGE)
https://linaro.atlassian.net/wiki/spaces/DTE - efforts to create a System Device Tree that covers asymmetric computing platforms and to change the lifecycle of Device Tree so that it is provided by firmware to operating systems
https://linaro.atlassian.net/wiki/spaces/LOC - while most OP-TEE activities related to SystemReady are guided by Dependable Boot, some long term changes such as Trusted Application lifecycle and distribution scenarios may actually be driven by this project.
https://linaro.atlassian.net/wiki/spaces/SCMI - the service may be hosted in the SCP, as a TA or even as a VM. When it is distributed as a TA or in the SCP firmware, this service is integral part of the Trusted Substrate.
Deliverables
Trusted Substrate project deliverables are upstream patches in many upstream projects. The development is driven by the Linaro projects as said above.
Upstream activity can be found in:
U-Boot, EDK2
Trusted-Firmware A, OP-TEE
Linux kernel
FreeBSD
Currently TrustedSubstrate-IR for Qemu-BSA 32 bits (U-Boot/DT) and Qemu-BSA 64 bits (EDK2/ACPI and U-Boot/DT) are accessible through the LEDGE Reference Platform downloads.
In the future, and to simplify using Trusted Substrate, a multi-project build repository will be made available as well as binary versions of reference hardware for direct usage.
Services
Linaro is evaluating the opportunity to create SystemReady and Trusted Substrate services such as:
Board SystemReady-IR readiness, i.e. making sure the board will pass SystemReady-IR certification
include SystemReady-IR CI/CD loops
Collaborative maintenance of Trusted Substrate project members defined LTSes (this is very early stages of thinking)
Should you want to have more information or more generally discuss any of the above, please contact us
Get Involved
Mailing List
Project membership for roadmap steering and resources allocation
Please contact us
Board integration in CI
Please contact us