Lines Matching defs:A
25 | FF-A | Firmware Framework for Arm A-profile |
73 Three implementations of a Secure Partition Manager co-exist in the TF-A
76 #. S-EL2 SPMC based on the FF-A specification `[1]`_, enabling virtualization in
78 #. EL3 SPMC based on the FF-A specification, managing a single S-EL1 partition
89 - covers the implications to TF-A used as a bootloader, and Hafnium used as a
101 partition and implementing the FF-A ABI on platforms not implementing the
110 SPMC) residing at different exception levels. To permit the FF-A specification
114 - The SPMD is located at EL3 and mainly relays the FF-A protocol from NWd
119 TF-A supports both cases:
122 extension. The SPMD relays the FF-A protocol from EL3 to S-EL1.
124 extension. The SPMD relays the FF-A protocol from EL3 to S-EL2.
136 TF-A build options
139 This section explains the TF-A build options involved in building with
140 support for an FF-A based SPM where the SPMD is located at EL3 and the
143 - **SPD=spmd**: this option selects the SPMD component to relay the FF-A
179 - Only Arm's FVP platform is supported to use with the TF-A reference software
183 - ``(*) CTX_INCLUDE_EL2_REGS``, this flag is |TF-A| internal and informational
188 binary implementing FF-A interfaces.
192 Sample TF-A build command line when the SPMC is located at S-EL1
206 Sample TF-A build command line when FEAT_SEL2 architecture extension is
224 Sample TF-A build command line when FEAT_SEL2 architecture extension is
248 Sample TF-A build command line when the SPMC is located at EL3:
262 Sample TF-A build command line when the SPMC is located at EL3 and SEL0 SP is
333 TF-A BL2 is the bootlader for the SPMC and SPs in the secure world.
340 Booting through TF-A
347 (partition manifest at virtual FF-A instance) in DTS format. It is
348 represented as a single file associated with the SP. A sample is
349 provided by `[5]`_. A binding document is provided by `[6]`_.
365 The SP package identified by its UUID (matching FF-A uuid property) is
366 inserted as a single entry into the FIP at end of the TF-A build flow
388 A json-formatted description file is passed to the build flow specifying paths
442 time. It implements `[1]`_ (SP manifest at physical FF-A instance) and serves
476 A sample can be found at `[7]`_:
479 indicates a FF-A compliant SP. The *load_address* field specifies the load
520 Platforms not using TF-A's *Firmware CONFiguration* framework would adjust to a
536 - A maximum of 4 partitions can be signed with the S-ROTPK key and 4 partitions
539 Also refer to `Describing secure partitions`_ and `TF-A build options`_ sections.
557 The FF-A specification `[1]`_ provides two ways to relinquinsh CPU time to
570 total number of PEs. The FF-A specification `[1]`_ recommends the
590 load time (or EL1&0 Stage-1 for an S-EL1 SPMC). A memory region node can
662 lowest to the highest value. If the boot order attribute is absent from the FF-A
679 at secure physical FF-A instance).
693 virtual FF-A instance (SMC invocation from SP to SPMC) to provide the IPA
702 woken up by the ``PSCI_CPU_ON`` service invocation. The TF-A SPD hook mechanism
711 a NWd FF-A driver has been loaded:
726 The FF-A v1.1 specification `[1]`_ defines notifications as an asynchronous
727 communication mechanism with non-blocking semantics. It allows for one FF-A
735 FF-A endpoints.
741 FFA_NOTIFICATION_BITMAP_CREATE to allocate the notifications bitmap per FF-A
744 A sender can signal notifications once the receiver has provided it with
753 Per the FF-A v1.1 spec, each FF-A endpoint must be associated with a scheduler
755 FF-A driver calls FFA_NOTIFICATION_INFO_GET to retrieve the information about
756 which FF-A endpoints have pending notifications. The receiver scheduler is
757 called and informed by the FF-A driver, and it should allocate CPU cycles to the
762 - Global, which are targeted to a FF-A endpoint and can be handled within any of
764 - Per-vCPU, which are targeted to a FF-A endpoint and to be handled within a
773 the FF-A driver within the receiver scheduler. At initialization the SPMC
783 The notifications receipt support is enabled in the partition FF-A manifest.
811 As part of the FF-A v1.1 support, the following interfaces were added:
841 FF-A features supported by the SPMC may be discovered by secure partitions at
844 The SPMC calling FFA_FEATURES at secure physical FF-A instance always get
880 The FF-A id space is split into a non-secure space and secure space:
882 - FF-A ID with bit 15 clear relates to VMs.
883 - FF-A ID with bit 15 set related to SPs.
884 - FF-A IDs 0, 0xffff, 0x8000 are assigned respectively to the Hypervisor, SPMD
894 an FF-A ABI invocation. In particular the SPMC shall filter unauthorized
896 use a secure FF-A ID as origin world by spoofing:
898 - A VM-to-SP direct request/response shall set the origin world to be non-secure
899 (FF-A ID bit 15 clear) and destination world to be secure (FF-A ID bit 15
901 - Similarly, an SP-to-SP direct request/response shall set the FF-A ID bit 15
947 handling notifications, an FF-A endpoint must allow a given sender to signal a
950 If the receiver doesn't have notification support enabled in its FF-A manifest,
962 respectively. A delayed SRI is triggered if the counter is non-zero when the
979 Returns the FF-A ID allocated to an SPM component which can be one of SPMD
984 the FFA_SPM_ID_GET interface at the secure physical FF-A instance.
986 Secure partitions call this interface at the virtual FF-A instance, to which
1002 A secondary EC is first resumed either upon invocation of PSCI_CPU_ON from
1008 The RX buffers can be used to pass information to an FF-A endpoint in the
1020 to use the RX buffer, in any of the aforementioned scenarios. A successful
1024 The FFA_RX_RELEASE interface is used after the FF-A endpoint is done with
1055 Implementation-defined FF-A IDs are allocated to the SPMC and SPMD.
1102 A lender SP can only donate NS memory to a borrower from the normal world.
1104 The SPMC supports the hypervisor retrieve request, as defined by the FF-A
1121 descriptors from FF-A v1.0. These get translated to FF-A v1.1 descriptors for
1122 Hafnium's internal processing of the operation. If the FF-A version of a
1123 borrower is v1.0, Hafnium provides FF-A v1.0 compliant memory transaction
1134 - A secure IPA when the SP EL1&0 Stage-1 MMU is disabled.
1161 A call chain represents all SPs in a sequence of invocations of a direct message
1163 that runs in the Normal World scheduled mode can exist. FF-A v1.1 spec allows
1201 - NS-Int: A non-secure physical interrupt. It requires a switch to the normal
1203 - Other S-Int: A secure physical interrupt targeted to an SP different from
1205 - Self S-Int: A secure physical interrupt targeted to the SP that is currently
1212 interrupt as per the guidance provided by FF-A v1.1 EAC0 specification.
1222 by the subsequent execution contexts. Please refer to FF-A v1.1 EAC0 section
1229 SPMC as per the guidance provided by FF-A v1.1 EAC0 specification.
1245 A physical secure interrupt could trigger while CPU is executing in normal world
1287 A SP signals secure interrupt handling completion to the SPMC through the
1293 This is a remnant of SPMC implementation based on the FF-A v1.0 specification.
1336 A brief description of the events:
1379 | | | Table 8.4 in the FF-A v1.1 EAC0 spec. |
1394 A brief description of the events:
1448 - A power management event is relayed through the SPD hook to the SPMC.
1473 A random key is generated at boot time and restored upon entry into Hafnium
1481 such that an indirect branch must always target a landpad. A fault is
1488 EL2 Stage-1 translation regime. A synchronous data abort is generated upon tag
1489 check failure on load/stores. A random seed is generated at boot time and
1515 support for SMMUv3 driver in both normal and secure world. A brief introduction
1538 - Additionally, SMMUv3.2 provides support for PEs implementing Armv8.4-A
1552 - A large number of SMMU configuration registers that are memory mapped during
1603 The SPMC (Hafnium) has limited capability to run S-EL0 FF-A partitions using
1616 can use FF-A defined services (FFA_MEM_PERM_*) to update or change permissions
1619 S-EL0 partitions are required by the FF-A specification to be UP endpoints,
1636 [1] `Arm Firmware Framework for Arm A-profile <https://developer.arm.com/docs/den0077/latest>`__
1649 [4] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/lib/el3_runtime/aarch64/context.S#n45
1653 [5] https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/plat/arm/fvp/fdts/cactus.dts
1661 [7] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tree/plat/arm/board/fvp/fdts/fvp_spmc_manifest.dts