TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-RMM / tf-rmm / edf5f80f47e4e7bf04a372ff9c360562bcaf64d5 / . / docs / about / change-log.rst
blob: 3a9d94dacd169faef4eb7f9c36298b94d405db13 [file] [log] [blame]
Soby Mathewb4c6df42022-11-09 11:13:29 +0000[diff] [blame]1.. SPDX-License-Identifier: BSD-3-Clause
2.. SPDX-FileCopyrightText: Copyright TF-RMM Contributors.
3
4############################
5Change-log and Release notes
6############################
7
8******
Soby Mathewa7e3caf2023-05-09 13:37:44 +0100[diff] [blame]9v0.3.0
10******
11
12The following sections have the details on the release. This release has been
13verified with `TF-A v2.9`_ release.
14
15============================
16New features in this release
17============================
18
19- Add support to create Realms which can make use of SVE, if present in
20 hardware.
21
22- Refactor the Stage 1 translation table library `lib/xlat` API to better
23 fit RMM usage. Also harden dynamic mapping via slot buffer mechanism by
24 use of ``TRANSIENT`` software defined attribute.
25
26- Add PMU support for Realms as described by RMM v1.0 Beta0 specification.
27
28- Support getting DRAM info from the Boot manifest dynamically at runtime.
29
30 * RMM can now support the 2nd DDR bank on FVP.
31
32==========================
33Build/Testing improvements
34==========================
35
36- Define a unit test framework using CppUTest for RMM.
37
38- Add unittests for `granule`, `slot-buffer` and Stage 1 translation table lib
39 `xlat`.
40
41- Improve the ``fake-host`` mock capability by adding support for per PE sysreg
42 emulation.
43
44- Improve the VA to PA mock layer for ``fake-host``.
45
46- Enable generation of gprof profiling data as part of ``fake-host`` runs.
47
48- Improve the sample application on ``host-build`` platform by adding the cold
49 attestation initialization flow. Also a sample minimal Realm create, run and
50 destroy sequence is added to showcase the RMI calls involved.
51
52- Further improvements to the the unit test framework :
53
54 * Restore the sysreg state between test runs so each test gets a known
55 sysreg state.
56 * Add capability to test assertions.
57 * Support dynamic behaviour for test harness depending on requirement.
58 * Add support for coverage report generation as part of unit test run.
59
60- Build improvements in RMM:
61
62 * Move mbedTLS build from configure stage to build stage.
63 * Simplify QCBOR build.
64 * Fix build artefact directory path to better cater to multi-config builds.
65
66=========================
67Bug fixes in this release
68=========================
69
70- Remove HVC exit handling from RMI_REC_ENTER handler.
71
72- Fix parameter in measurement_extend_sha512().
73
74- Fix issues in `lib/xlat` for some corner cases.
75
76- Mask MTE capability from `id_aa64pfr1_el1` so that Realms
77 can see that MTE is not supported.
78
79- Add isb() after writes to `cptr_el2` system register.
80
81- Fix the granule alignment check on granule_addr.
82
83- Fix some cppcheck warnings.
84
85- Properly handle errors for granule (un)delegate calls.
86
87- Fix the incorrect bit map manipulation for tracking VMID for realms.
88
89- Fix some incorrect Block mapping cases in Stage 2 translation.
90
91=================
92Upcoming features
93=================
94
95- RMM EAC Specification alignment.
96
97- Support Self-Hosted Debug Realms.
98
99- Support FEAT_PAuth for Realms and utilize the same for RMM.
100
101- Support LPA2 for Stage 2 Realm translation tables.
102
103- Threat model covering RMM data flows.
104
105- Enable Bounded Model Checker (CBMC) for source analysis.
106
107- Save and restore SME/SME2 context belonging to NS Host. This allows NS Host
108 to make use of SME/SME2 when Realms are scheduled.
109
110============================
111Known issues and limitations
112============================
113
114- The size of ``RsiHostCall`` structure is 256 bytes in the implementation
115 and aligns to `RMM Beta1 specification`_ rather than the 4 KB size
116 specified in `RMM Beta0 specification`_.
117
118- The `RMM Beta0 specification`_ does not require to have a CBOR bytestream
119 wrapper around the cca-platform-token and cca-realm-delegated-token, but
120 the RMM implementation does so and this is aligned with later versions
121 of the RMM specification (Beta2 onwards).
122
123- The RMM config ``RMM_FPU_USE_AT_REL2`` does not work as intended and
124 this config is disabled by default. This will be fixed in a future release.
125
Soby Mathewedf5f802023-05-23 09:45:10 +0100[diff] [blame^]126- When the ``RSI_ATTEST_TOKEN_CONTINUE`` call is interrupted and then resumed
127 later by Host via ``RMI_REC_ENTER``, the original SMC is replayed again
128 with the original arguments rather than returning ``RSI_INCOMPLETE`` error
129 code to Realm. The result is that the interrupted RSI call is continued
130 again till completion and then returns back to Realm with the appropriate
131 error code.
132
Soby Mathewa7e3caf2023-05-09 13:37:44 +0100[diff] [blame]133.. _TF-A v2.9: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tag/?h=v2.9.0
134
135
136******
Soby Mathew8fc82c52022-11-21 12:35:41 +0000[diff] [blame]137v0.2.0
138******
139
140- This release has been verified with `TF-A v2.8`_ release.
141
142- The release has the following fixes and enhancements:
143
144 * Add support to render documentation on read-the-docs.
145 * Fix the known issue with RSI_IPA_STATE_GET returning
146 ``RSI_ERROR_INPUT`` for a `destroyed` IPA instead of
147 emulating data abort to NS Host.
148 * Fix an issue with RSI_HOST_CALL not returning back to Host
149 to emulate a stage2 data abort.
150 * Harden an assertion check for ``do_host_call()``.
151
152- The other known issues and limitations remain the same as
153 listed for v0.1.0_.
154
155.. _TF-A v2.8: https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tag/?h=v2.8.0
156
157******
Soby Mathewb4c6df42022-11-09 11:13:29 +0000[diff] [blame]158v0.1.0
159******
160
161- First TF-RMM source release aligned to `RMM Beta0 specification`_.
162 The specified interfaces : Realm Management Interface (RMI) and
163 Realm Service Interface (RSI) are implemented which can attest
164 and run Realm VMs as described by the `Arm CCA`_ Architecture.
165
166=================
167Upcoming features
168=================
169
170- Support SVE, Self-Hosted Debug and PMU in Realms
171- Support LPA2 for Stage 2 Realm translation tables.
172- Threat model covering RMM data flows.
173- Enable Bounded Model Checker (CBMC) for source analysis.
174- Unit test framework based on :ref:`RMM Fake host architecture`.
175
176============================
177Known issues and limitations
178============================
179
180The following is a list of issues which are expected to be fixed in the future
181releases of TF-RMM :
182
183- The size of ``RsiHostCall`` structure is 256 bytes in the implementation
184 and aligns to `RMM Beta1 specification`_ rather than the 4 KB size
185 specified in `RMM Beta0 specification`_.
186
187- The RSI_IPA_STATE_GET command returns error ``RSI_ERROR_INPUT`` for a
188 `destroyed` IPA instead of emulating data abort to Host.
189
190- The `RMM Beta0 specification`_ does not require to have a CBOR bytestream
191 wrapper around the cca-platform-token and cca-realm-delegated-token, but
192 the RMM implementation does so.
193
194---------------------------
195
196.. _RMM Beta0 specification: https://developer.arm.com/documentation/den0137/1-0bet0/?lang=en
197.. _RMM Beta1 specification: https://developer.arm.com/documentation/den0137/1-0bet1/?lang=en
198.. _Arm CCA: https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture