Trusted Firmware Logo

Trusted Firmware at the Open Source Firmware Conference (OSFC) - Erlangen, 12-15 Sep 2018

Matteo Carlini| Tuesday, September 18, 2018|3 min read

The Trusted Firmware-A team attended last week the first Open Source Firmware Conference (OSFC) in Erlangen, Germany.

Hosted by Siemens, 9 Elements and FAU, this was the very first conference all around open firmware, bringing together software companies, big data centre providers, industry players and software enthusiasts to talk about hot topics and latest trends in the firmware space.

The conference was sponsored by Arm, Facebook, Google, Intel, OpenSUSE, Secunet and Siemens, and it featured the presence of all the major open source firmware projects: Coreboot, LinuxBoot, Tianocore EDK2, Petitboot, U-Boot, HardenedLinux, OpenBMC and obviously Trusted Firmware.

Sandrine Bailleux from Arm gave an overview of Trusted Firmware-A and the project (1) and then she presented in detail the new Secure Partition architecture that is currently under active development (see also (2)(3)).

The primary goal of this architecture is to provide software isolation and unprivileged execution environments under the control of the privileged (EL3) firmware to instantiate PI Standalone Management Mode (4) in the Secure world, in order to execute Management Mode services like RAS, Secure Variable access, Secure Firmware update.

Moreover, as the Arm architecture moves forward, embracing needs from different market segments, so does the reference software implementation provided by Trusted Firmware.

Therefore, as the Armv8.4 architecture introduces the Secure EL2 extension, adding support for virtualization in the Secure world, the natural evolution of the Secure Partition software architecture will also enable a scenario in which multiple mutually-mistrusting Secure EL1 software components (Trusted OSs, specific platform firmware and so on), coming from different vendors, will all coexist in the Secure world leveraging full isolation of address spaces, standard APIs to communicate with the underlying Secure EL2 software, and with the additional possibility of being audited separately from each other (5).

Sandrine’s talk was well received, and it raised lot of interest around this enablement. It was also immediately followed by another Trusted Firmware presentation from Julius Werner, Google, in which he described their Coreboot - Trusted Firmware-A solution deployed on Chromebooks.

The Arm team had also other follow ups with various industry players around interesting topics like Secure Firmware update, firmware testing and validation, firmware documentation (the Trusted Firmware one was praised to be particularly well done!), firmware complexity and an increasing need for limiting it in the privileged firmware space to reduce the potential attack surface.

In conclusion, a well-attended conference where all firmware enthusiasts could share their ideas and projects for expanding and nurturing even more an already well-established open source firmware ecosystem!






  5. 2

Recent Posts

post image
MISRA Compliance Jumpstart

Monday, October 30, 2023

White Paper: Jumpstarting MISRA compliance via the integration of static analysis into Open Source CI systems: best practices and key elements from

post image
MCUboot v2.0.0 Release!

Monday, October 30, 2023

MCUboot v2.0.0 Release

post image
Trusted Firmware OP TEE Release 4.0.0

Friday, October 20, 2023

Trusted Firmware OP TEE: v4.0.0 Release

post image
MBed TLS 3.5.0 Released with new and smaller ECC implementation!

Thursday, October 19, 2023

Introduction The Mbed TLS project has released version 3.5.0 in October 2023. The release includes several code size optimizations including a new small footprint secp256r1 implementation accessible via PSA Crypto APIs. 3.5.0 also includes feature enhancements, bug fixes and security fixes. 2.28.5 released from the Mbed TLS...

post image
Trusted Services 1.0.0 released!

Friday, October 13, 2023

Introduction Building on the Beta version of the Trusted Services release, v1.0.0 is the first stable release of the project. The release comprises PSA Services that can be deployed on Cortex-A devices to meet PSA Certified requirements and, necessary build and test infrastructure and documentation.