DRTM Acrhitecture for Arm (DRTM) specification defines an architecture for Dynamic Root of Trust for Measurement (DRTM) for processors based on the Arm A-profile architecture.
For more information, download the DRTM Architecture for Arm.
- Code Quality: Alpha
- The tests are written for version 1.1 of the DRTM Architecture for Arm.
- For more details on tests implemented in this release, Please refer DRTM Test Scenario Document.
DRTM ACS code is present in the sysarch-acs repository.
$ git clone https://github.com/ARM-software/sysarch-acs.git
$ cd sysarch-acs
ACS build requires that the following requirements are met, Please skip this if you are using DRTM Application Build Script.
- Any mainstream Linux based OS distribution.
- git clone EDK2 tree.
- git clone EDK2-libc tree.
- Install GCC-ARM 14.3 toolchain.
- Install the build prerequisite packages to build EDK2. The details of the packages are beyond the scope of this document.
$ cd /path/to/sysarch-acs/
$ source tools/scripts/build_drtm_uefi.sh
The following output file is created in /path/to/sysarch-acs/workspace/output/:
- Drtm.efi
- wget https://developer.arm.com/-/media/Files/downloads/gnu/14.3.rel1/binrel/arm-gnu-toolchain-14.3.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
- tar -xf arm-gnu-toolchain-14.3.rel1-x86_64-aarch64-none-linux-gnu.tar.xz
- export GCC_AARCH64_PREFIX= GCC 14.3 toolchain path pointing to arm-gnu-toolchain-14.3.rel1-x86_64-aarch64-none-linux-gnu/bin/aarch64-none-linux-gnu-
On a system where a USB port is available and functional, perform the following steps:
- Copy 'Drtm.efi' to a USB Flash drive.
- Plug in the USB Flash drive to one of the functional USB ports on the system.
- Boot the system to UEFI shell.
- To determine the file system number of the plugged in USB drive, execute 'map -r' command.
- Type 'fsx' where 'x' is replaced by the number determined in step 4.
- To start the compliance tests, run the executable Drtm.efi with the appropriate arguments.
On an emulation environment with secondary storage, perform the following steps:
- Create an image file which contains the 'Drtm.efi' file. For Example:
$ mkfs.vfat -C -n HD0 hda.img 2097152
$ sudo mount hda.img /mnt/drtm
$ cd /path/to/sysarch-acs/workspace/output/
$ sudo cp Drtm.efi /mnt/drtm/
$ sudo umount /mnt/drtm - Load the image file to the secondary storage using a backdoor. The steps followed to load the image file are Emulation environment specific and beyond the scope of this document.
- Boot the system to UEFI shell.
- To determine the file system number of the secondary storage, execute 'map -r' command.
- Type 'fsx' where 'x' is replaced by the number determined in step 4.
- To start the compliance tests, run the executable Drtm.efi with the appropriate arguments.
Command line arguments are similar for uefi application, with some exceptions.
Shell> Drtm.efi [-v <verbosity>] [-skip <test_id>] [-f <filename>]
Choose the verbosity level.
- 1 - ERROR
- 2 - WARN and ERROR
- 3 - TEST and above
- 4 - DEBUG and above
- 5 - INFO and above
Overrides the suite to skip the execution of a particular test. For example, -skip 10 skips test 10.
Save the test output into a file in secondary storage. For example -f drtm.log creates a file drtm.log with test output.
Shell> Drtm.efi -v 5 -skip 15,20,30 -f drtm_uefi.log
Runs DRTM ACS with verbosity INFO, skips test 15, 20 and 30 and saves the test results in drtm_uefi.log.
- Since this is a Alpha quality release, contains limited number of tests based on DRTM Specification.
DRTM ACS is distributed under Apache v2.0 License.
- For feedback, use the GitHub Issue Tracker that is associated with this repository.
- For support, send an email to "support-systemready-acs@arm.com" with details.
- Arm licensees may contact Arm directly through their partner managers.
- Arm welcomes code contributions through GitHub pull requests. See the GitHub documentation on how to raise pull requests.
Copyright (c) 2024-2025, Arm Limited and Contributors. All rights reserved.