| /trusted-firmware-a/docs/design/ |
| A D | interrupt-framework-design.rst | 13 that secure interrupts are under the control of the secure software with
18 non-secure software (Non-secure interrupts) to the last executed exception
99 secure state. This is a valid routing model as secure software is in
107 non-secure state. This is an invalid routing model as a secure interrupt
115 Non-secure interrupts
119 secure state. This allows the secure software to trap non-secure
121 non-secure software through EL3. This is a valid routing model as secure
713 require a context switch from secure to non-secure or vice-versa:
820 Test secure payload dispatcher non-secure interrupt handling
850 routing model for non-secure interrupt in secure state is in effect
[all …]
|
| /trusted-firmware-a/docs/build/TF-A_2.5/_sources/design/ |
| A D | interrupt-framework-design.rst.txt | 13 that secure interrupts are under the control of the secure software with
18 non-secure software (Non-secure interrupts) to the last executed exception
99 secure state. This is a valid routing model as secure software is in
107 non-secure state. This is an invalid routing model as a secure interrupt
115 Non-secure interrupts
119 secure state. This allows the secure software to trap non-secure
121 non-secure software through EL3. This is a valid routing model as secure
713 require a context switch from secure to non-secure or vice-versa:
820 Test secure payload dispatcher non-secure interrupt handling
850 routing model for non-secure interrupt in secure state is in effect
[all …]
|
| /trusted-firmware-a/docs/components/ |
| A D | firmware-update.rst | 40 - Copying images from non-secure to secure memory
48 interfaces to non-secure memory.
84 authenticated/executed in secure or non-secure memory.
102 complex state machine than non-secure images.
114 in blocks from non-secure to secure memory.
117 copying it to secure memory.
221 This SMC copies the secure image indicated by ``image_id`` from non-secure memory
260 if (secure world caller)
264 if (image_id is secure image)
304 secure world image.
[all …]
|
| A D | secure-partition-manager.rst | 280 Loading Hafnium and secure partitions in the secure world
644 the SPMC (as suggested by the spec) configures a secure SGI, as non-secure, and
740 The FF-A id space is split into a non-secure space and secure space:
881 With secure virtualization enabled, two IPA spaces are output from the secure
882 EL1&0 Stage-1 translation (secure and non-secure). The EL1&0 Stage-2 translation
886 - Two IPA spaces (secure and non-secure) when the SP EL1&0 Stage-1 MMU is
1144 - SMMUv3 offers non-secure stream support with secure stream support being
1146 instance for secure and non-secure stream support.
1165 registers have independent secure and non-secure versions to configure the
1166 behaviour of SMMUv3 for translation of secure and non-secure streams
[all …]
|
| A D | index.rst | 22 secure-partition-manager
23 secure-partition-manager-mm
|
| /trusted-firmware-a/docs/build/TF-A_2.5/_sources/components/ |
| A D | firmware-update.rst.txt | 40 - Copying images from non-secure to secure memory
48 interfaces to non-secure memory.
84 authenticated/executed in secure or non-secure memory.
102 complex state machine than non-secure images.
114 in blocks from non-secure to secure memory.
117 copying it to secure memory.
221 This SMC copies the secure image indicated by ``image_id`` from non-secure memory
260 if (secure world caller)
264 if (image_id is secure image)
304 secure world image.
[all …]
|
| A D | secure-partition-manager.rst.txt | 280 Loading Hafnium and secure partitions in the secure world
644 the SPMC (as suggested by the spec) configures a secure SGI, as non-secure, and
740 The FF-A id space is split into a non-secure space and secure space:
881 With secure virtualization enabled, two IPA spaces are output from the secure
882 EL1&0 Stage-1 translation (secure and non-secure). The EL1&0 Stage-2 translation
886 - Two IPA spaces (secure and non-secure) when the SP EL1&0 Stage-1 MMU is
1144 - SMMUv3 offers non-secure stream support with secure stream support being
1146 instance for secure and non-secure stream support.
1165 registers have independent secure and non-secure versions to configure the
1166 behaviour of SMMUv3 for translation of secure and non-secure streams
[all …]
|
| A D | index.rst.txt | 22 secure-partition-manager
23 secure-partition-manager-mm
|
| /trusted-firmware-a/tools/marvell/doimage/secure/ |
| A D | sec_img_7K.cfg | 3 kak_key_file = "tools/doimage/secure/kak_priv_pem.key";
8 csk_key_file = ["tools/doimage/secure/csk_priv_pem0.key",
9 "tools/doimage/secure/csk_priv_pem1.key",
10 "tools/doimage/secure/csk_priv_pem2.key",
11 "tools/doimage/secure/csk_priv_pem3.key",
18 aes_key_file = "tools/doimage/secure/aes_key.txt";
|
| A D | sec_img_8K.cfg | 3 kak_key_file = "tools/doimage/secure/kak_priv_pem.key";
8 csk_key_file = ["tools/doimage/secure/csk_priv_pem0.key",
9 "tools/doimage/secure/csk_priv_pem1.key",
10 "tools/doimage/secure/csk_priv_pem2.key",
11 "tools/doimage/secure/csk_priv_pem3.key",
18 aes_key_file = "tools/doimage/secure/aes_key.txt";
|
| /trusted-firmware-a/plat/st/common/include/ |
| A D | stm32mp_shres_helpers.h | 27 static inline int stm32mp_incr_shrefcnt(unsigned int *refcnt, bool secure) in stm32mp_incr_shrefcnt() argument
31 if (secure) { in stm32mp_incr_shrefcnt()
44 static inline int stm32mp_decr_shrefcnt(unsigned int *refcnt, bool secure) in stm32mp_decr_shrefcnt() argument
48 if (secure) { in stm32mp_decr_shrefcnt()
|
| /trusted-firmware-a/docs/security_advisories/ |
| A D | security-advisory-tfv-2.rst | 5 | Title | Enabled secure self-hosted invasive debug interface can |
6 | | allow normal world to panic secure world |
18 | Impact | Denial of Service (secure world panic) |
25 The ``MDCR_EL3.SDD`` bit controls AArch64 secure self-hosted invasive debug
28 entrypoint code, which enables debug exceptions from the secure world. This can
32 normal world attacker to induce a panic in the secure world.
35 from the secure world.
42 secure self-hosted invasive debug enablement. TF assigns these bits to ``00``
45 secure privileged invasive debug is enabled by the authentication interface, at
|
| A D | security-advisory-tfv-5.rst | 6 | | secure world timing information |
18 | Impact | Leakage of sensitive secure world timing information |
32 bit is set to zero, the cycle counter (when enabled) counts during secure world
36 normal and secure worlds, normal world code can set ``PMCR_EL0.DP`` to zero to
37 cause leakage of secure world timing information. This register should be added
45 sensible default values in the secure context.
|
| /trusted-firmware-a/docs/build/TF-A_2.5/_sources/security_advisories/ |
| A D | security-advisory-tfv-2.rst.txt | 5 | Title | Enabled secure self-hosted invasive debug interface can |
6 | | allow normal world to panic secure world |
18 | Impact | Denial of Service (secure world panic) |
25 The ``MDCR_EL3.SDD`` bit controls AArch64 secure self-hosted invasive debug
28 entrypoint code, which enables debug exceptions from the secure world. This can
32 normal world attacker to induce a panic in the secure world.
35 from the secure world.
42 secure self-hosted invasive debug enablement. TF assigns these bits to ``00``
45 secure privileged invasive debug is enabled by the authentication interface, at
|
| A D | security-advisory-tfv-5.rst.txt | 6 | | secure world timing information |
18 | Impact | Leakage of sensitive secure world timing information |
32 bit is set to zero, the cycle counter (when enabled) counts during secure world
36 normal and secure worlds, normal world code can set ``PMCR_EL0.DP`` to zero to
37 cause leakage of secure world timing information. This register should be added
45 sensible default values in the secure context.
|
| /trusted-firmware-a/docs/getting_started/ |
| A D | psci-lib-integration-guide.rst | 9 at the highest secure privileged mode, which is EL3 in AArch64 or Secure SVC/
39 #. Get the non-secure ``cpu_context_t`` for the current CPU by calling
56 initializes/restores the non-secure CPU context as well.
111 values safely until it is ready for exit to non-secure world.
154 PSCI library needs the flexibility to access both secure and non-secure
223 to the non-secure world.
259 secure or non-secure world. The ``cookie`` (6th argument) and the ``handle``
288 - Restores/Initializes the non-secure context and populates the
293 prior to exit to the non-secure world.
509 in `PSCI spec`_. If the secure payload is a Uniprocessor (UP)
[all …]
|
| /trusted-firmware-a/docs/build/TF-A_2.5/_sources/getting_started/ |
| A D | psci-lib-integration-guide.rst.txt | 9 at the highest secure privileged mode, which is EL3 in AArch64 or Secure SVC/
39 #. Get the non-secure ``cpu_context_t`` for the current CPU by calling
56 initializes/restores the non-secure CPU context as well.
111 values safely until it is ready for exit to non-secure world.
154 PSCI library needs the flexibility to access both secure and non-secure
223 to the non-secure world.
259 secure or non-secure world. The ``cookie`` (6th argument) and the ``handle``
288 - Restores/Initializes the non-secure context and populates the
293 prior to exit to the non-secure world.
509 in `PSCI spec`_. If the secure payload is a Uniprocessor (UP)
[all …]
|
| /trusted-firmware-a/services/spd/trusty/ |
| A D | generic-arm64-smcall.c | 40 static void trusty_dputc(char ch, int secure) in trusty_dputc() argument
43 struct dputc_state *s = &dputc_state[!secure]; in trusty_dputc()
50 if (secure) in trusty_dputc()
|
| /trusted-firmware-a/docs/build/TF-A_2.5/_sources/plat/nxp/ |
| A D | nxp-ls-tbbr.rst.txt | 64 verified as part of CoT by Boot ROM during secure boot.
105 - There are 2 paths in secure boot flow :
109 --- However SNVS is transitioned to non-secure state
166 … | ( = 1, BootROM Booted) | ( = 010 means Intent to Secure, | (=1111 means secure boot) |
167 … | | ( = 000 Unsecure) | (=1011 means Non-secure Boot) |
175 -- For secure-boot status, read SNVS Register $SNVS_HPSR_REG from u-boot prompt:
190 …-- Refer the SoC specific table to read the register to interpret whether the secure boot is achie…
193 --- For secure-boot status, read SNVS Register $SNVS_HPSR_REG
209 -- 0xA indicates BootROM booted, with intent to secure.
210 -- 0xF = secure boot, as SSM_STATE.
|
| /trusted-firmware-a/docs/plat/nxp/ |
| A D | nxp-ls-tbbr.rst | 64 verified as part of CoT by Boot ROM during secure boot.
105 - There are 2 paths in secure boot flow :
109 --- However SNVS is transitioned to non-secure state
166 … | ( = 1, BootROM Booted) | ( = 010 means Intent to Secure, | (=1111 means secure boot) |
167 … | | ( = 000 Unsecure) | (=1011 means Non-secure Boot) |
175 -- For secure-boot status, read SNVS Register $SNVS_HPSR_REG from u-boot prompt:
190 …-- Refer the SoC specific table to read the register to interpret whether the secure boot is achie…
193 --- For secure-boot status, read SNVS Register $SNVS_HPSR_REG
209 -- 0xA indicates BootROM booted, with intent to secure.
210 -- 0xF = secure boot, as SSM_STATE.
|
| /trusted-firmware-a/docs/process/ |
| A D | security.rst | 20 Although we try to keep TF-A secure, we can only do so with the help of the
49 | | large data into secure memory |
51 | |TFV-2| | Enabled secure self-hosted invasive debug interface can allow |
52 | | normal world to panic secure world |
57 | | authentication of unexpected data in secure memory in AArch32 |
60 | |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure |
|
| /trusted-firmware-a/docs/build/TF-A_2.5/_sources/process/ |
| A D | security.rst.txt | 20 Although we try to keep TF-A secure, we can only do so with the help of the
49 | | large data into secure memory |
51 | |TFV-2| | Enabled secure self-hosted invasive debug interface can allow |
52 | | normal world to panic secure world |
57 | | authentication of unexpected data in secure memory in AArch32 |
60 | |TFV-5| | Not initializing or saving/restoring PMCR_EL0 can leak secure |
|
| /trusted-firmware-a/plat/rockchip/rk3288/ |
| A D | platform.mk | 24 -I${RK_PLAT_SOC}/drivers/secure/ \
56 ${RK_PLAT_SOC}/drivers/secure/secure.c \
|
| /trusted-firmware-a/plat/rockchip/px30/ |
| A D | platform.mk | 24 -I${RK_PLAT_SOC}/drivers/secure/ \
58 ${RK_PLAT_SOC}/drivers/secure/secure.c \
|
| /trusted-firmware-a/plat/st/stm32mp1/ |
| A D | stm32mp1_shared_resources.c | 359 unsigned int secure = 0U; in stm32mp_gpio_bank_is_secure() local
370 secure++; in stm32mp_gpio_bank_is_secure()
374 return secure == get_gpioz_nbpin(); in stm32mp_gpio_bank_is_secure()
536 bool secure = stm32mp1_rcc_is_secure(); in check_rcc_secure_configuration() local
543 if (!secure || (mckprot_protects_periph(n) && (!mckprot))) { in check_rcc_secure_configuration()
545 secure ? "secure" : "non-secure", in check_rcc_secure_configuration()
|