xref: /arm-trusted-firmware/docs/about/features.rst (revision 91f16700b400a8c0651d24a598fc48ee2997a0d7) 
1*91f16700SchasingluluFeature Overview
2*91f16700Schasinglulu================
3*91f16700Schasinglulu
4*91f16700SchasingluluThis page provides an overview of the current |TF-A| feature set. For a full
5*91f16700Schasingluludescription of these features and their implementation details, please see
6*91f16700Schasingluluthe documents that are part of the *Components* and *System Design* chapters.
7*91f16700Schasinglulu
8*91f16700SchasingluluThe :ref:`Change Log & Release Notes` provides details of changes made since the
9*91f16700Schasinglululast release.
10*91f16700Schasinglulu
11*91f16700SchasingluluCurrent features
12*91f16700Schasinglulu----------------
13*91f16700Schasinglulu
14*91f16700Schasinglulu-  Initialization of the secure world, for example exception vectors, control
15*91f16700Schasinglulu   registers and interrupts for the platform.
16*91f16700Schasinglulu
17*91f16700Schasinglulu-  Library support for CPU specific reset and power down sequences. This
18*91f16700Schasinglulu   includes support for errata workarounds and the latest Arm DynamIQ CPUs.
19*91f16700Schasinglulu
20*91f16700Schasinglulu-  Drivers to enable standard initialization of Arm System IP, for example
21*91f16700Schasinglulu   Generic Interrupt Controller (GIC), Cache Coherent Interconnect (CCI),
22*91f16700Schasinglulu   Cache Coherent Network (CCN), Network Interconnect (NIC) and TrustZone
23*91f16700Schasinglulu   Controller (TZC).
24*91f16700Schasinglulu
25*91f16700Schasinglulu-  Secure Monitor library code such as world switching, EL2/EL1 context
26*91f16700Schasinglulu   management and interrupt routing.
27*91f16700Schasinglulu
28*91f16700Schasinglulu-  SMC (Secure Monitor Call) handling, conforming to the `SMC Calling
29*91f16700Schasinglulu   Convention`_ using an EL3 runtime services framework.
30*91f16700Schasinglulu
31*91f16700Schasinglulu-  |PSCI| library support for CPU, cluster and system power management
32*91f16700Schasinglulu   use-cases.
33*91f16700Schasinglulu   This library is pre-integrated with the AArch64 EL3 Runtime Software, and
34*91f16700Schasinglulu   is also suitable for integration with other AArch32 EL3 Runtime Software,
35*91f16700Schasinglulu   for example an AArch32 Secure OS.
36*91f16700Schasinglulu
37*91f16700Schasinglulu-  A generic |SCMI| driver to interface with conforming power controllers, for
38*91f16700Schasinglulu   example the Arm System Control Processor (SCP).
39*91f16700Schasinglulu
40*91f16700Schasinglulu-  A minimal AArch32 Secure Payload (*SP_MIN*) to demonstrate |PSCI| library
41*91f16700Schasinglulu   integration with AArch32 EL3 Runtime Software.
42*91f16700Schasinglulu
43*91f16700Schasinglulu-  Secure partition manager dispatcher(SPMD) with following two configurations:
44*91f16700Schasinglulu
45*91f16700Schasinglulu   -  S-EL2 SPMC implementation, widely compliant with FF-A v1.1 EAC0 and initial
46*91f16700Schasinglulu      support of FF-A v1.2.
47*91f16700Schasinglulu
48*91f16700Schasinglulu   -  EL3 SPMC implementation, compliant with a subset of FF-A v1.1 EAC0.
49*91f16700Schasinglulu
50*91f16700Schasinglulu-  Support for Arm CCA based on FEAT_RME which supports authenticated boot and
51*91f16700Schasinglulu   execution of RMM with the necessary routing of RMI commands as specified in
52*91f16700Schasinglulu   RMM Beta 0 Specification.
53*91f16700Schasinglulu
54*91f16700Schasinglulu-  A Test SP and SPD to demonstrate AArch64 Secure Monitor functionality and SP
55*91f16700Schasinglulu   interaction with PSCI.
56*91f16700Schasinglulu
57*91f16700Schasinglulu-  SPDs for the `OP-TEE Secure OS`_, `NVIDIA Trusted Little Kernel`_,
58*91f16700Schasinglulu   `Trusty Secure OS`_ and `ProvenCore Secure OS`_.
59*91f16700Schasinglulu
60*91f16700Schasinglulu-  A Trusted Board Boot implementation, conforming to all mandatory TBBR
61*91f16700Schasinglulu   requirements. This includes image authentication, Firmware recovery,
62*91f16700Schasinglulu   Firmware encryption and packaging of the various firmware images into a
63*91f16700Schasinglulu   Firmware Image Package (FIP).
64*91f16700Schasinglulu
65*91f16700Schasinglulu-  Measured boot support with PoC to showcase its interaction with firmware TPM
66*91f16700Schasinglulu   (fTPM) service implemneted on top of OP-TEE.
67*91f16700Schasinglulu
68*91f16700Schasinglulu-  Support for Dynamic Root of Trust for Measurement (DRTM).
69*91f16700Schasinglulu
70*91f16700Schasinglulu-  Following firmware update mechanisms available:
71*91f16700Schasinglulu
72*91f16700Schasinglulu   -  PSA Firmware Update (PSA FWU)
73*91f16700Schasinglulu
74*91f16700Schasinglulu   -  TBBR Firmware Update (TBBR FWU)
75*91f16700Schasinglulu
76*91f16700Schasinglulu-  Reliability, Availability, and Serviceability (RAS) functionality, including
77*91f16700Schasinglulu
78*91f16700Schasinglulu   -  A Secure Partition Manager (SPM) to manage Secure Partitions in
79*91f16700Schasinglulu      Secure-EL0, which can be used to implement simple management and
80*91f16700Schasinglulu      security services.
81*91f16700Schasinglulu
82*91f16700Schasinglulu   -  An |SDEI| dispatcher to route interrupt-based |SDEI| events.
83*91f16700Schasinglulu
84*91f16700Schasinglulu   -  An Exception Handling Framework (EHF) that allows dispatching of EL3
85*91f16700Schasinglulu      interrupts to their registered handlers, to facilitate firmware-first
86*91f16700Schasinglulu      error handling.
87*91f16700Schasinglulu
88*91f16700Schasinglulu-  A dynamic configuration framework that enables each of the firmware images
89*91f16700Schasinglulu   to be configured at runtime if required by the platform. It also enables
90*91f16700Schasinglulu   loading of a hardware configuration (for example, a kernel device tree)
91*91f16700Schasinglulu   as part of the FIP, to be passed through the firmware stages.
92*91f16700Schasinglulu   This feature is now incorporated inside the firmware configuration framework
93*91f16700Schasinglulu   (fconf).
94*91f16700Schasinglulu
95*91f16700Schasinglulu-  Support for alternative boot flows, for example to support platforms where
96*91f16700Schasinglulu   the EL3 Runtime Software is loaded using other firmware or a separate
97*91f16700Schasinglulu   secure system processor, or where a non-TF-A ROM expects BL2 to be loaded
98*91f16700Schasinglulu   at EL3.
99*91f16700Schasinglulu
100*91f16700Schasinglulu-  Support for Errata management firmware interface.
101*91f16700Schasinglulu
102*91f16700Schasinglulu-  Support for the GCC, LLVM and Arm Compiler 6 toolchains.
103*91f16700Schasinglulu
104*91f16700Schasinglulu-  Support for combining several libraries into a "romlib" image that may be
105*91f16700Schasinglulu   shared across images to reduce memory footprint. The romlib image is stored
106*91f16700Schasinglulu   in ROM but is accessed through a jump-table that may be stored
107*91f16700Schasinglulu   in read-write memory, allowing for the library code to be patched.
108*91f16700Schasinglulu
109*91f16700Schasinglulu-  Position-Independent Executable (PIE) support.
110*91f16700Schasinglulu
111*91f16700SchasingluluExperimental features
112*91f16700Schasinglulu---------------------
113*91f16700Schasinglulu
114*91f16700SchasingluluA feature is considered experimental when still in development or isn't known
115*91f16700Schasingluluto the TF-A team as widely deployed or proven on end products. It is generally
116*91f16700Schasingluluadvised such options aren't pulled into real deployments, or done with the
117*91f16700Schasingluluappropriate level of supplementary integration testing.
118*91f16700Schasinglulu
119*91f16700SchasingluluA feature is no longer considered experimental when it is generally agreed
120*91f16700Schasingluluthe said feature has reached a level of maturity and quality comparable to
121*91f16700Schasingluluother features that have been integrated into products.
122*91f16700Schasinglulu
123*91f16700SchasingluluExperimental build options are found in following section
124*91f16700Schasinglulu:ref:`build_options_experimental`. Their use through the build emits a warning
125*91f16700Schasinglulumessage.
126*91f16700Schasinglulu
127*91f16700SchasingluluAdditionally the following libraries are marked experimental when included
128*91f16700Schasingluluin a platform:
129*91f16700Schasinglulu
130*91f16700Schasinglulu-  MPU translation library ``lib/xlat_mpu``
131*91f16700Schasinglulu-  RSS comms driver ``drivers/arm/rss``
132*91f16700Schasinglulu
133*91f16700SchasingluluStill to come
134*91f16700Schasinglulu-------------
135*91f16700Schasinglulu
136*91f16700Schasinglulu-  Support for additional platforms.
137*91f16700Schasinglulu
138*91f16700Schasinglulu-  Documentation enhancements.
139*91f16700Schasinglulu
140*91f16700Schasinglulu-  Ongoing support for new architectural features, CPUs and System IP.
141*91f16700Schasinglulu
142*91f16700Schasinglulu-  Ongoing support for new Arm system architecture specifications.
143*91f16700Schasinglulu
144*91f16700Schasinglulu-  Ongoing security hardening, optimization and quality improvements.
145*91f16700Schasinglulu
146*91f16700Schasinglulu.. _SMC Calling Convention: https://developer.arm.com/docs/den0028/latest
147*91f16700Schasinglulu.. _OP-TEE Secure OS: https://github.com/OP-TEE/optee_os
148*91f16700Schasinglulu.. _NVIDIA Trusted Little Kernel: http://nv-tegra.nvidia.com/gitweb/?p=3rdparty/ote_partner/tlk.git;a=summary
149*91f16700Schasinglulu.. _Trusty Secure OS: https://source.android.com/security/trusty
150*91f16700Schasinglulu.. _ProvenCore Secure OS: https://provenrun.com/products/provencore/
151*91f16700Schasinglulu
152*91f16700Schasinglulu--------------
153*91f16700Schasinglulu
154*91f16700Schasinglulu*Copyright (c) 2019-2023, Arm Limited. All rights reserved.*
155