Lines Matching full:rss
1 Runtime Security Subsystem (RSS)
5 (RSS) and the application processor (AP). According to the ARM reference design
6 the RSS is an independent core next to the AP and the SCP on the same die. It
11 At power up RSS boots first from its private ROM code. It validates and loads
14 own boot process, which is the same as on non-RSS systems. Please refer to the
15 ``RSS documentation`` [1]_ for more details about the RSS boot flow.
17 The last stage of the RSS firmware is a persistent, runtime component. Much
19 just waits for external requests from other subsystems. RSS and other
20 subsystems can communicate with each other over message exchange. RSS waits
24 RSS communication layer
27 The communication between RSS and other subsystems are primarily relying on the
28 Message Handling Unit (MHU) module. The number of MHU interfaces between RSS
30 the communication. RSS is capable of mapping the AP memory to its address space.
31 Thereby either RSS core itself or a DMA engine if it is present, can move the
32 data between memory belonging to RSS or AP. In this way, a bigger amount of data
38 interface. One pair provides message sending from AP to RSS and the other pair
39 from RSS to AP. The sender and receiver are connected via channels. There is an
42 The RSS communication layer provides two ways for message exchange:
58 copied over by RSS core (or by DMA) between the sender and the receiver. This
60 compared to the embedded messaging mode. Small payloads are copied by the RSS
62 either copied into an internal buffer or directly read-written by RSS. Actual
63 behavior depends on RSS setup, whether the partition supports memory-mapped
65 the memory, where payload data lives, while the RSS handles the request.
67 The RSS communication layer supports both ways of messaging in parallel. It is
96 | RSS | | SRAM |
102 The RSS communication layer is not prepared for concurrent execution. The
109 A description of the message format can be found in the ``RSS communication
114 - RSS comms: ``drivers/arm/rss``
125 RSS provided runtime services
128 RSS provides the following runtime services:
133 in RSS can be found in the ``measured_boot_integration_guide`` [3]_ .
136 in RSS can be found in the ``delegated_attestation_integration_guide`` [4]_ .
138 process can be requested from RSS. Furthermore, AP can request RSS to
140 ``RSS key management`` [5]_ document for more details.
144 The RSS provided runtime services implement a PSA aligned API. The parameter
171 | RSS communication protocol |
191 | MHU HW on RSS side |
207 RSS based Measured Boot
213 of the device can be attested later to an external party. RSS provides a runtime
217 firmware of RSS. Data is stored in so-called measurement slots. A platform has
294 information loss. Since RSS is not constrained on special HW resources to
301 The allocation of the measurement slot among RSS, Root and Realm worlds is
306 in RSS memory. Some of the fields have a static value (measurement algorithm),
310 ``include/drivers/measured_boot/rss/rss_measured_boot.h``.
338 - ``include/drivers/measured_boot/rss/rss_measured_boot.h``
359 implementation whether RSS or TPM (or both) backend based measured boot is
428 attestation service of the RSS to get a realm attestation key and the CCA
430 it on behalf of RMM. The access to MHU interface and thereby to RSS is
436 Currently the connection between the RMM dispatcher and the PSA/RSS layer
626 RSS OTP Assets Management
629 RSS provides access for AP to assets in OTP, which include keys for image
635 AP/RSS interface for retrieving and incrementing non-volatile counters API is
659 AP/RSS interface for reading the ROTPK is as follows.
680 .. [1] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/readme.html
681 .. [2] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/rss_comms.html
684 .. [5] https://tf-m-user-guide.trustedfirmware.org/platform/arm/rss/rss_key_management.html