1************************** 2RSE ROM Release 2024-04-08 3************************** 4 5.. contents:: Contents 6 :depth: 1 7 :local: 8 9Features 10======== 11 12- A ROM bootloader for RSE that supports chainloading a second immutable boot 13 stage (BL1-2) from OTP. 14- Integrity protection of the BL1-2 boot image using a provisioned SHA-256 hash 15 of the image. 16- Hardware-accelerated crypto operations using the built-in CryptoCell-3xx ROM 17 driver. 18- Support for hardware lifecycle management and provisioning using code and 19 values loaded through a debugger. 20- A DMA Initial Command Sequence placed at offset 0x1F000 in the ROM. 21- Support for secure provisioning, using AEAD encryption with keys derived from 22 the RTL key. 23- Allows for setup of SAM configuration with provisioned values before CPU is 24 started via the DMA ICS. 25- Uses TRAM for BL1_1 data sections. 26 27Known errata 28============ 29 30- The build instructions for this release initially contained an incorrect 31 address for the DMA ICS concatenation with the ROM code. The build 32 instructions in this document have been updated and are now correct. The 33 correct address is 0x1F000, instead of 0x1E000. Some distributed ROM binaries 34 have also been impacted, and hence will not boot. 35 36 If a ROM binary does not boot, it can be checked for this error using the 37 command: 38 39 .. code-block:: bash 40 41 xxd -s 0x1F000 rom.bin 42 43 If there is no output, or the output is all zero-words, then the ROM binary is 44 affected by the issue. It is possible to fix a ROM binary affected by the 45 issue by running the following command: 46 47 .. code-block:: bash 48 49 dd if=rom.bin bs=1k skip=120 seek=124 count=4 of=rom.bin 50 51TF-M version 52============ 53 54The RSE ROM image should be generated from TF-M commit hash: 55 56.. code-block:: bash 57 58 2ca8c58dc2feddc93b87585ffc07e4d169f54278 59 60Tested Environment 61================== 62 63- arm-none-eabi-gcc --version | head -n 1 64 65.. code-block:: bash 66 67 arm-none-eabi-gcc (GNU Arm Embedded Toolchain 10.3-2021.10) 10.3.1 20210824 (release) 68 69- python3 --version 70 71.. code-block:: bash 72 73 Python 3.11.6 74 75- python3 -m pip list 76 77.. code-block:: bash 78 79 Package Version 80 ------------------------- --------- 81 attrs 23.2.0 82 cbor2 5.6.2 83 cffi 1.16.0 84 click 8.1.7 85 cryptography 42.0.5 86 ecdsa 0.18.0 87 imgtool 2.0.0 88 intelhex 2.3.0 89 Jinja2 3.1.3 90 jsonschema 4.21.1 91 jsonschema-specifications 2023.12.1 92 kconfiglib 14.1.0 93 MarkupSafe 2.1.5 94 networkx 3.3 95 pip 23.2 96 pyasn1 0.6.0 97 pycparser 2.22 98 pyhsslms 2.0.0 99 PyYAML 6.0.1 100 referencing 0.34.0 101 rpds-py 0.18.0 102 setuptools 68.1.2 103 six 1.16.0 104 105Build command 106============= 107 108The RSE ROM image should be generated with the following build commands: 109 110.. code-block:: bash 111 112 python3 -m venv ./venv 113 source ./venv/bin/activate 114 115 python3 -m pip install -r ./tools/requirements.txt 116 117 cmake -S . -B build -DTFM_PLATFORM=arm/rse/tc \ 118 -DTFM_TOOLCHAIN_FILE=toolchain_GNUARM.cmake \ 119 -DCMAKE_BUILD_TYPE=minsizerel \ 120 -DRSE_ENABLE_TRAM=ON \ 121 -DRSE_OTP_TRNG=ON \ 122 -DTFM_DUMMY_PROVISIONING=OFF \ 123 -DRSE_XIP=ON \ 124 -DTFM_PARTITION_DPE=OFF 125 126 cmake --build build -- install 127 128 srec_cat build/bin/bl1_1.bin -Binary -offset 0x0 \ 129 build/bin/rom_dma_ics.bin -Binary -offset 0x1F000 \ 130 -o rse_rom_2024-04-08.bin -Binary 131 132 truncate --size 131072 rse_rom_2024-04-08.bin 133 134-------------- 135 136*Copyright (c) 2024, Arm Limited. All rights reserved.* 137
