TrustedSubstrate Home
Billboard
May 2023
Released v0.3
Enable chain of trust past BL1
On boards that use TF-A, BL2 authenticates BL31, BL32 and BL33
On boards that use SPL, FIT images are used for authenticating up to BL33
On Xilinx boards the Xilinx FSBL performs the authentication for all firmware components
On all boards BL33 with authenticate the next payload using UEFI Secure boot
Added initial support for zcu102. Only UEFI secure boot is currently supported
April 2023
Enable the ethernet interface in zynqmp kria starter
Update OP-TEE to 3.20
March 2023
Add support for QEMU aarch32
Enabled UEFI Secure Boot, Measured Boot and OP-TEE xtests in LAVA
February 2023
Switched zyqmp kria starter kit to FSBL instead of U-Boot SPL as the first stage bootloader
Fixed ethernet speed issues on rockpi4b
Add OP-TEE support on zyqmp kria starter builds
January 2023
Update U-Boot to 2023.01
Meetings
This calendar is displayed using UTC timezone with no DST offsets.
Project Contacts
Project lead: ilias.apalodimas@linaro.org
Project manager: julianus.larson@linaro.org
About this project
Trusted Substrate is a meta-layer in OpenEmbedded aimed toward board makers who want to produce an Arm SystemReady compliant firmware and ensure consistent behaviour, tamper protection and common features across platforms. In a nutshell, TrustedSubstrate is building firmware for devices which verifies the running software hasn’t been tampered with. It does so by utilizing a well-known set of standards.
UEFI secure boot enabled by default UEFI Secure Boot is a verification mechanism for ensuring that code launched by a computer’s UEFI firmware is trusted. It is designed to protect a system against malicious code being loaded and executed early in the boot process before the operating system has been loaded.
Measured boot. With a discrete or firmware, TPM Measured Boot is a method where each of the software layers in the boot sequence of the device, measures the next layer in the execution order and extends the value in a designated TPM PCR. Measured boot further validates the boot process beyond Secure Boot.
Dual banked firmware updates with rollback and bricking protection provides protection to the firmware update mechanism and shield the device against bricking as well as rollback attacks.
Requirements and specifications
Trusted Substrate interfaces rely on a combination of existing standards:
SystemReady compliance
SystemReady BBSR compliance (optional in the main case)
PSA Firmware Framework A specification compliance (Trust Services)
PSCI compliance
SCMI compliance
ParSec compliance
Global Platform TEE compliance
You can find a complete list of the requirements here
The following diagram shows how Trusted Substrate can be seen from upper layers:
Trusted Substrate exists in two flavours that build on SystemReady counterparts: TrustedSubstrate-IR and TrustedSubstrate-ES:
TrustedSubstrate-IR implementation is built on Trusted Firmware A, OP-TEE, and U-Boot and uses Device Tree as hardware description.
TrustedSubstrate-ES implementation is built on EDK2, OP-TEE and uses ACPI as hardware description (the main difference with typical data center firmware is the presence of OP-TEE). There are discussions to extend U-Boot to offer full ACPI support in this context.
The primary goal of the project is to upstream all necessary technologies in a number of open-source projects to seed SystemReady compliance. Linaro Edge & Fog computing group hardware as well as Qemu (64 & 32 bits) will be used as reference platforms for the development.
Development of Trusted Substrate is "feature orientated" rather than upstream project orientated. In other words, when a feature is planned, activities in relevant upstream projects is identified and monitored for completion as a whole. Each upstream project has its own roadmap that is not related to SystemReady compliance and is independent from other projects. So if you are evaluating what community to join, the decision criteria is whether your goal is holistic or just focused at an individual project.
Related Linaro software development projects
The Trusted Substrate project covers a wide range of software components as stated above. To orchestrate engineering activities in manageable pieces, the development is split between the following projects (Trusted Substrate project leadership ensure coherency and completeness across projects):
Dependable Boot - ensure SystemReady boot flow conformance across firmware projects (TF-A, OP-TEE, U-Boot, Linux kernel). This project collates work from different teams in Linaro (Kernel Working Group, Security Working Group, LEDGE). This is the main part of the Trusted Substrate project.
https://linaro.atlassian.net/wiki/spaces/DTE - efforts to create a System Device Tree that covers asymmetric computing platforms and to change the lifecycle of Device Tree so that it is provided by firmware to operating systems. Linaro does not carry out major development in Device Tree right now. Instead the work is done in other projects where needed.
https://linaro.atlassian.net/wiki/spaces/LOC - while most OP-TEE activities related to SystemReady are guided by Dependable Boot, some long term changes such as Trusted Application lifecycle and distribution scenarios may actually be driven by this project.
https://linaro.atlassian.net/wiki/spaces/SCMI - the service may be hosted in the SCP, as a TA or even as a VM. When it is distributed as a TA or in the SCP firmware, this service is an integral part of the Trusted Substrate.
Deliverables
Trusted Substrate project deliverables are upstream patches in many upstream projects. The development is driven by the Linaro projects as said above.
Upstream activity can be found in:
U-Boot, EDK2
Trusted-Firmware A, OP-TEE
Linux kernel
FreeBSD
TrustedSubstrate-IR images are accessible here.
Services
Linaro is evaluating the opportunity to create SystemReady and Trusted Substrate services such as:
Board SystemReady-IR readiness, i.e. making sure the board will pass SystemReady-IR certification
include SystemReady-IR CI/CD loops
Collaborative maintenance of Trusted Substrate project members defined LTSes (this is very early stages of thinking)
Should you want to have more information or more generally discuss any of the above, please contact us
Get Involved
Mailing List
Project membership for roadmap steering and resources allocation
Please contact us
Board integration in CI
Please contact us