| Soby Mathew | b4c6df4 | 2022-11-09 11:13:29 +0000 | [diff] [blame] | 1 | .. SPDX-License-Identifier: BSD-3-Clause |
| 2 | .. SPDX-FileCopyrightText: Copyright TF-RMM Contributors. |
| 3 | |
| 4 | ########################## |
| 5 | RMM Fake host architecture |
| 6 | ########################## |
| 7 | |
| 8 | RMM supports building and running the program natively as a regular user-space |
| 9 | application on the host machine. It achieves this by emulating the ``aarch64`` |
| 10 | specific parts of the program on the host machine by suitable hooks in the |
| 11 | program. The implementation of the hooks can differ based on the target |
| 12 | employment of running the program in this mode. Some of the foreseen |
| 13 | employment scenarios of this architecture includes: |
| 14 | |
| 15 | 1. Facilitate development of architecture independent parts of |
| 16 | RMM on the host machine. |
| 17 | 2. Enable unit testing of components within RMM with the benefit of |
| 18 | not having to mock all the dependencies of the component. |
| 19 | 3. Leverage host development environment and tools for various |
| 20 | purposes like debugging, measure code coverage, fuzz testing, |
| 21 | stress testing, runtime analysis of program etc. |
| 22 | 4. Enable RMM compliance testing and verification of state machine |
| 23 | and locking rules on the host machine. |
| 24 | 5. Profile RMM on the host machine and generate useful insights |
| 25 | for possible optimizations. |
| 26 | |
| 27 | We expect the fake host architecture to be developed over time in future to |
| 28 | cover some of the employment scenarios described above. The current code |
| 29 | may not reflect the full scope of this architecture as discussed in this |
| 30 | document. |
| 31 | |
| 32 | The fake host architecture has some limitations: |
| 33 | |
| 34 | 1. The architecture is not intended to support multi-thread execution. |
| 35 | The intrisics to support critical section and atomics are emulated |
| 36 | as NOP. |
| 37 | 2. Cannot execute AArch64 assembly code on the host due to obvious |
| 38 | reasons. |
| 39 | 3. Cannot emulate AArch64 exceptions during RMM execution although |
| 40 | some limited form of handling exceptions occurring in Realms can |
| 41 | probably be emulated. |
| 42 | 4. The program links against the native compiler libraries which enables |
| 43 | use of development and debug features available on the host machine. |
| 44 | This means the libc implementation in RMM cannot be verified using |
| 45 | this architecture. |
| 46 | |
| 47 | The fake host architecture config is selected by setting the config |
| 48 | ``RMM_ARCH=fake_host`` and the platform has to be set to a variant |
| 49 | of `host` when building RMM. The different variants of the `host` |
| 50 | platform allow to build RMM for each of the target employment |
| 51 | scenarios as listed above. |
| 52 | |
| 53 | ***************************** |
| 54 | Fake host architecture design |
| 55 | ***************************** |
| 56 | |
| 57 | |Fake Host Architecture Diagram| |
| 58 | |
| 59 | |
| 60 | The above figure shows the fake host architecture design. |
| 61 | The architecture independent parts of RMM are linked against |
| 62 | suitable host emulation blocks to enable the program to run |
| 63 | on the host platform. |
| 64 | |
| 65 | The EL3 (monitor) emulation layer emulates the entry and exception |
| 66 | from EL3 into Realm-EL2. This includes entry and exit from RMM |
| 67 | as part of RMI handling, entry into RMM as part of warm/cold boot, |
| 68 | and EL3 service invocations by RMM using SMC calls. Similarly the |
| 69 | Realm entry/exit emulation block allows emulation of running |
| 70 | a Realm. It would also allow to emulate exit from Realm due to |
| 71 | synchronous or asynchronous exceptions like SMC calls, IRQs, etc. |
| 72 | |
| 73 | The hardware emulation block allows to emulate sysreg accesses, |
| 74 | granule memory delegation and NS memory accesses needed for RMM. Since |
| 75 | RMM is running as a user space application, it does not have the ability |
| 76 | to map granule memory to a Virtual Address space. This capability is |
| 77 | needed for the ``slot buffer`` component in RMM. Hence there is |
| 78 | also need to emulate VA mapping for this case. |
| 79 | |
| 80 | The AArch64 intrinsics emulation block allows emulation of exclusives, |
| 81 | assembly instructions for various architecture extensions, barriers and |
| 82 | atomics, cache and TLB operations although most of them are defined |
| 83 | as NOP at the moment. |
| 84 | |
| 85 | Within the RMM source tree, all files within the ``fake_host`` |
| 86 | folder of each component implement the necessary emulation on host. |
| 87 | Depending on the target employment for the fake host |
| 88 | architecture, it is necessary to adapt the behaviour of |
| 89 | the emulation layer. This is facilitated by the APIs defined |
| 90 | in ``host_harness.h`` header. The implementation of the API |
| 91 | is done by the ``host`` platform and each variant of the ``host`` |
| 92 | can have a different implementation of the API suiting its |
| 93 | target employment. The API also facilitates test and verification |
| 94 | of the emulated property as needed by the employment. |
| 95 | |
| 96 | |
| 97 | ****************************************************************** |
| 98 | Fake host architecture employment scenarios implemented or ongoing |
| 99 | ****************************************************************** |
| 100 | |
| 101 | This section describes the currently implemented scenarios utilizing |
| 102 | the fake host architecture. |
| 103 | |
| 104 | 1. Unit testing framework in RMM which allows testing public API of |
| 105 | components and generation of code coverage data. |
| 106 | |
| 107 | .. |Fake Host Architecture Diagram| image:: ./diagrams/fake_host_arch.drawio.png |
| 108 | |