1Runtime Security Subsystem (RSS)
2================================
3
4Introduction
5------------
6
7Runtime Security Subsystem (RSS) is an Arm subsystem that provides a reference
8implementation of the HES Host in the
9`Arm Confidential Compute Architecture (CCA) <https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture>`_.
10It is designed to be integrated into A-profile compute subsystems that implement
11Arm CCA, where it serves as the Root of Trust.
12
13RSS initially boots from immutable code (BL1_1) in its internal ROM, before
14jumping to BL1_2, which is provisioned and hash-locked in RSS OTP. The updatable
15MCUBoot BL2 boot stage is loaded from host system flash into RSS SRAM, where it
16is authenticated. BL2 loads and authenticates the TF-M runtime into RSS SRAM
17from host flash. BL2 is also responsible for loading initial boot code into
18other subsystems within the host.
19
20The RSS platform port supports the TF-M Crypto, TF-M Initial Attestation,
21Measured Boot and TF-M Platform services along with the corresponding
22regression tests. It supports the IPC model in multi-core topology with
23Isolation Level 1 and 2.
24
25Building TF-M
26-------------
27
28Follow the instructions in :doc:`Build instructions </building/tfm_build_instruction>`.
29Build TF-M with platform name: `arm/rss/<rss platform name>`
30
31For example for building RSS for Total Compute platforms:
32``-DTFM_PLATFORM=arm/rss/tc``
33
34Signing host images
35-------------------
36
37RSS BL2 can load boot images into other subsystems within the host system. It
38expects images to be signed, with the signatures attached to the images in the
39MCUBoot metadata format.
40
41The `imgtool Python package <https://pypi.org/project/imgtool/>`_ can be used to
42sign images in the required format. To sign a host image using the development
43key distributed with TF-M, use the following command::
44
45    imgtool sign \
46        -k <TF-M base directory>/bl2/ext/mcuboot/root-RSA-3072.pem \
47        --public-key-format full \
48        --max-align 8 \
49        --align 1 \
50        -v "0.0.1" \
51        -s 1 \
52        -H 0x1000 \
53        --pad-header \
54        -S 0x80000 \
55        --pad \
56        --boot-record "HOST" \
57        -L <load address> \
58        <binary infile> \
59        <signed binary outfile>
60
61The ``load address`` is the logical address in the RSS memory map to which BL2
62will load the image. RSS FW expects the first host image to be loaded to address
63``0x70000000`` (the beginning of the RSS ATU host access region), and each
64subsequent host image to be loaded at an offset of ``0x100000`` from the
65previous image. The RSS ATU should be configured to map these logical addresses
66to the physical addresses in the host system that the images need to be loaded
67to.
68
69For more information on the ``imgtool`` parameters, see the MCUBoot
70`imgtool documentation <https://docs.mcuboot.com/imgtool.html>`_.
71
72.. warning::
73
74    The TF-M development key must never be used in production. To generate a
75    production key, follow the imgtool documentation.
76
77Running the code
78----------------
79
80To run the built images, they need to be concatenated into binaries that can be
81placed in ROM and flash. To do this, navigate to the TF-M build directory and
82run the following ``srec_cat`` commands::
83
84    srec_cat \
85        bl1_1.bin -Binary -offset 0x0 \
86        bl1_provisioning_bundle.bin -Binary -offset 0xE000 \
87        -o rom.bin -Binary
88
89    srec_cat \
90        bl2_signed.bin -Binary -offset 0x0 \
91        bl2_signed.bin -Binary -offset 0x20000 \
92        tfm_s_ns_signed.bin -Binary -offset 0x40000 \
93        tfm_s_ns_signed.bin -Binary -offset 0x140000 \
94        <Host AP BL1 image> -Binary -offset 0x240000 \
95        <SCP BL1 image> -Binary -offset 0x2C0000 \
96        <Host AP BL1 image>  -Binary -offset 0x340000 \
97        <SCP BL1 image> -Binary -offset 0x3C0000 \
98        -o flash.bin -Binary
99
100For development purposes, the OTP image is included as a provisioning bundle in
101the ROM image and provisioned into OTP by BL1_1. The flash image should include
102the signed host images from the previous section. For each boot image, there is
103a primary and secondary image; if these are different then BL2 will load the one
104with the higher version number.
105
106The ROM binary should be placed in RSS ROM at ``0x11000000`` and the flash
107binary should be placed at ``0x31000000``.
108
109--------------
110
111*Copyright (c) 2022, Arm Limited. All rights reserved.*
112