LVC21-307: PSA-FF-A compliant Secure User Mode partition support for Arm platforms

Session Abstract

Platform Security Architecture Firmware Framework For A Profile (PSA FF-A) specification defines an architecture that allows standardized communication among various software stacks, running across Normal and Secure world. FF-A defines the architecture of a Secure Partition Manager (SPM) that manages this standardized communication. It is split into two components – the SPM-Core (SPMC) and SPM-Dispatcher (SPMD). SPMD is part of the secure monitor executing at EL3. But SPMC, based on the hardware and architectural requirements, can exist in either EL3, S-EL2 or S-EL1. This talk focuses on secure software architecture for Arm platforms that support the use of FF-A defined SPMD and SPMC components at EL3 and secure partitions at secure user mode (S-EL0). This software architecture is targeted to be deployed on Arm platforms that do not support virtualization in the secure world. Typical uses of such a software architecture include enabling support for UEFI secure boot and handling of secure platform hardware errors. There has been significant progress in this direction and multiple software components including EDK II, StandaloneMM and Trusted firmware have been enabled to support the FF-A defined software architecture. This talk uses Arm’s Neoverse reference design platform as an example to demonstrate the deployment of this software architecture and typical uses. Key objectives of this talk are to present the details on deploying this software architecture on Arm platforms and discuss other possible secure partition scenarios with the audience.

Session Speakers

Sayanta Pattanayak

Arm (ARM Ltd. , Principal Engineer, Open Source Infra Platform Solution Team)

Sayanta Pattanayak is Principal Software Engineer in the Open Source Software group at Arm. He works on platform software development for Arm's Neoverse reference platforms. He has been working on various SOC platforms and embedded software for more than 10 years with primary work area: system bring-up, power/performance feature addition and optimization, audio support etc. Of late his focus area has been developing secure framework for Neoverse reference design platforms.

Aditya Angadi

Arm (ARM Ltd, Software Engineer, Open Source Infra Platform Solution Team)

Aditya Angadi is Software Engineer in the Open Source Software group at Arm. He works on platform software development for Arm's Neoverse reference platforms. His key work areas are Platform Bring-UP, MPAM etc. Of late his focus area has been developing secure framework for Neoverse reference design platforms.

Platform Security Architecture Firmware Framework For A Profile (PSA FF-A) specification defines an architecture that allows standardized communication among various software stacks, running across Normal and Secure world. FF-A defines the architecture of a Secure Partition Manager (SPM) that manages this standardized communication. It is split into two components – the SPM-Core (SPMC) and SPM-Dispatcher (SPMD). SPMD is part of the secure monitor executing at EL3. But SPMC, based on the hardware and architectural requirements, can exist in either EL3, S-EL2 or S-EL1.

This talk focuses on secure software architecture for Arm platforms that support the use of FF-A defined SPMD and SPMC components at EL3 and secure partitions at secure user mode (S-EL0). This software architecture is targeted to be deployed on Arm platforms that do not support virtualization in the secure world. Typical uses of such a software architecture include enabling support for UEFI secure boot and handling of secure platform hardware errors. There has been significant progress in this direction and multiple software components including EDK II, StandaloneMM and Trusted firmware have been enabled to support the FF-A defined software architecture. This talk uses Arm’s Neoverse reference design platform as an example to demonstrate the deployment of this software architecture and typical uses.

Key objectives of this talk are to present the details on deploying this software architecture on Arm platforms and discuss other possible secure partition scenarios with the audience.

comments powered by Disqus

Recent Posts

Other Posts

Sign up. Receive Updates. Stay informed.

Sign up to our mailing list to receive updates on the latest Linaro Connect news!