TFM_00_01 - Secure Bootloader

About

The purpose of this activity is to provide a secure boot implementation for RISC-V microcontrollers and other embedded processors, typically running in M-mode or M+U-modes.

The scope is the "root initial boot code" (running in M-mode), responsible for a secure transition:

  • First code executing on processor after release from reset
  • Basic system initialisation (for example, memory)
  • Load and hand over to root firmware (typically to U-Boot or similar to load rest of root firmware

Components

The implementation is an adaptation of the Trusted Firmware M secure bootloader, ported to RISC-V and extended to meet our immediate requirements.

The full TF-M runtime is not (yet) ported. This would provide services such as initial attestation, crypto primitives, protected or internal trusted storage, firmware upgrades, key management.


RISC-V specific changes

  • Support for a RISC-V toolchain (initially assumed to be the Catapult SDK)
  • RISC-V updates to common linker scripts, including symbols used by the Catapult SDK standard libraries
  • RISC-V variants for all inline assembly and defines used by the bootloaders
  • Minimal RISC-V platform support, including build files, start-up code, linker scripts, platform and HAL support

ISA-agnostic improvements and new features

  • Support for encryption of BL1_2 stage
  • Support for test run and revert of BL2 image upgrades
  • Support for test run and revert of FW image upgrades (stage following bootloaders) (*)
  • SW-only key derivation function for decryption keys
  • Option to disable build of TF-M runtime (secure firmware)
  • Provisioning and transition to secured state from BL2, if TF-M runtime is disabled


(*) Note: based on existing code for a different upgrade mechanism



Status

Dependency

None


Development

COMPLETED

URL: NA
Development TimelineQ3 2023
Upstreaming

ONGOING

URL:
Upstream version

ContactsSimon Harvey

Simon Harvey 

Updates

 

  • This work was completed in December 2024 and will now be upstreamed

  • Project reported as priority for 2H23