What does HackerNews think of arm-trusted-firmware?

Arm v7 was a Wild West, but with v8, Arm tried to standardize a lot. The Arm Trusted Firmware is the reference boot firmware implementation for v8+ CPUs: https://github.com/ARM-software/arm-trusted-firmware.

I'd think most of the referece documents can be discovered from that code base.

Relatedly, from the perspective of hands-on programming, the System Programmer's guide is the manual to start with: https://developer.arm.com/documentation/den0024/a/.

The ARM Trusted Firmware is what typically runs in the secure world, and it is indeed open source: https://github.com/ARM-software/arm-trusted-firmware

ROM code generally speaking is not open source, but has been dumped on occasion.

ARM TrustZone is basically just a hypervisor-like execution level that runs above the actual hypervisor called the "secure world", along with ways of calling into it. There's already open-source implementations of the firmware for the secure world on ARM chips, including one from ARM themselves: https://github.com/ARM-software/arm-trusted-firmware

All of the really super-secret security and DRM critical stuff is in the vendor's hardware and code.

public implementation link https://github.com/ARM-software/arm-trusted-firmware. its software running in privileged cpu mode.

> The fact that both AMD and ARM integrated similar technologies at around the same time is too much coincidence.

Don't believe the FSF's FUD. TrustZone is really not comparable at all to Intel's Management Engine or AMD's Secure Processor:

* TrustZone is an operating mode of the CPU, not a separate processor. Fundamentally, it's not all that different from supervisor mode; it's just more privileged. (If you really wanted, you could probably write an OS that ran parts of the kernel in TrustZone.)

* You don't have to have anything running under TrustZone. Indeed, most processors which support TrustZone (e.g, most Android phones) aren't using it at all.

* The TrustZone specification is publicly available [1]. You can read about it all you want. (If you're brave enough and have the right development tools, you can even write code to run in it.)

* ARM's reference implementation of a TrustZone OS is also publicly available [2]. If you're curious how it works, you can see for yourself. (This doesn't include the application code which may be present in specific implementations, of course.)

[1]: https://www.arm.com/products/processors/technologies/trustzo...

[2]: https://github.com/ARM-software/arm-trusted-firmware

So, to be honest, I don't know all that much about the ARM world, and I hadn't heard of TrustZone. I looked it up, and it seems that the OEM has a great deal of discretion in setting it up, to the extent that there's a reference implementation on GitHub [0]. And if I buy a bag of loose SOCs, which I can apparently do now, I'm the OEM.

[0] https://github.com/ARM-software/arm-trusted-firmware

I don't think that is 100% true, you can bootstrap ARMs with ARM trusted firmware+tianocore. That doesn't mean that a large number of arm devices can be bootstrapped that way due to decisions made by the ARM licensee.

https://github.com/ARM-software/arm-trusted-firmware http://www.tianocore.org/edk2/ (for more platform support add git.linaro.org/uefi/OpenPlatformPkg.git)

They already have done all that:

  hardware: https://www.96boards.org/
  boot: https://github.com/ARM-software/arm-trusted-firmware
  toolchain: http://releases.linaro.org/14.11/components/toolchain/binaries/

In particular, the ARM trusted firmware project is what is supposed to save us from todays proprietary boot madness