Supported Platforms

Trusted Substrate supports a variety of armv8 and armv7 boards. It’s important to understand that the hardware characteristics dictate the supported features as well as the level of the device security

Software Components

Generally the following software components are used to boot up the boards and setup the chain of trust

A high level overview of the boot chain looks will look like this

object BL2 {
U-Boot SPL
or
TF-A BL2
}
object BL31 {
Secure Monitor
}
object BL32 {
OP-TEE
fTPM
StandAloneMM
}
object BL33 {
U-Boot
}
object OS {
OS with UEFI
}

BL2 --> BL31
BL2 --> BL32
BL2 --> BL33
BL33--> OS : UEFI Secure and Measured Boot

Board Support

Supported platform features

Board	FSBL	Secure Boot	Measured Boot	Auth. Capsule Updates	A/B updates
QEMU	TF-A	Yes (Built-in vars)	Yes	No	No
DeveloperBox	SCP + TF-A	Yes (RPMB vars)	Yes [fTPM]	Yes	WIP
stm32mp157c-dk2	TF-A	Yes (Built-in vars)	No	No	WIP
stm32mp157c-ev1	TF-A	Yes (RPMB vars)	No	No	WIP
Rockpi4	U-Boot SPL	Yes (RPMB vars)	Yes [fTPM]	Yes	No
Raspberry Pi4	Proprietary	Yes (Built-in vars)	Yes (needs SPI TPM)	No	No
Xilinx kv260 starter kit	U-Boot SPL	Yes (Built-in vars)	Yes	Yes	WIP
Xilinx kv260 commercial	U-Boot SPL	Yes (Built-in vars)	Yes	Yes	WIP