Linaro Developer Services has extensive experience developing and maintaining bootloaders for a variety of boards that boot embedded Linux or AOSP. The team has developed and maintains a number of ports of ARM Trusted Firmware, UEFI and U-Boot. These ports lay the foundations for the development of a secure boot process from initial power on, through to the loading of the operating system kernel.
ARM Trusted Firmware
We have provided several of our clients with ports of ARM Trusted Firmware. These ports are a reference implementation of secure world software for our clients SoC and board, and have been upstreamed to be included in ARM Trusted Firmware by default.
They feature full support for the ability to load a trusted execution environment such as OPTEE, and implementations of the ARM Power State Coordination Interface (PSCI), along with a secure monitor using the ARM SMC calling convention so the non-secure world may communicate with both. All ports feature the low level initialization of the secure world, as well as the addition of drivers to initialize and use the various hardware peripherals (UFS, eMMC, USB, etc) needed by the firmware.
Support for Trusted Board Boot Requirements (TBBR) is available, including image authentication using certificates, a firmware update/recovery mode boot flow, and packaging of the various firmware images into a Firmware Image Package (FIP) to be loaded from non-volatile storage. The ports all switch to non-secure mode and support the loading of a second stage bootloader such as UEFI or U-Boot.
LDS has provided several of its clients with upstreamed ports of the Unified Extensible Firmware Interface (UEFI). These ports are based on the EDKII UEFI reference implementation.
All ports feature the low level initialization of the non-secure world, as well as the addition of drivers to initialize and use the various hardware (UFS, eMMC, USB, etc) present on the device and boards needed by the bootloader. Also supported are EFI applications for fastboot and PXE.
We also have experience in providing clients with upstreamed ports of U-Boot.
All ports feature the low level initialization of the non-secure world, as well as the addition of drivers to initialize and use the various hardware devices (UFS, eMMC, USB, etc) required by the bootloader. Also supported in U-Boot is the fastboot protocol.