TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 04f86c9eb3c34d1226cdd397f8859a35ab41a6bc
commit04f86c9eb3c34d1226cdd397f8859a35ab41a6bc[log] [tgz]
authorKarl Meakin <karl.meakin@arm.com>Tue Mar 11 15:47:29 2025 +0000
committerKarl Meakin <karl.meakin@arm.com>Thu Mar 13 11:34:43 2025 +0000
tree64458a73d80825e2a320c3be4334c8a719c77ea4
parent9f5685818921b8c743df5cb5ade4ae1a0c2ddac2 [diff]
fix(api): check for empty range or overflow

For `FFA_MEM_PERM_GET` and `FFA_MEM_PERM_SET`, check for an empty range
(`page_count == 0`) or an overflow when calculating the end range.

Change-Id: I0c0b69728c996aa169d1f172a98e62ab5f80ffe9
Signed-off-by: Karl Meakin <karl.meakin@arm.com>
3 files changed
tree: 64458a73d80825e2a320c3be4334c8a719c77ea4
  1. .vscode/
  2. build/
  3. docs/
  4. inc/
  5. kokoro/
  6. project/
  7. src/
  8. test/
  9. third_party/
  10. vmlib/
  11. prebuilts
  12. .clang-format
  13. .clang-tidy
  14. .gitignore
  15. .gitmodules
  16. .gn
  17. .readthedocs.yaml
  18. AUTHORS
  19. BUILD.gn
  20. CONTRIBUTING.md
  21. dco.txt
  22. LICENSE
  23. Makefile
  24. navbar.md
  25. pyproject.toml
  26. README.md
README.md

Hafnium

Hafnium is the Secure Partition Manager(SPM) reference implementation, following the Arm's Firmware Framework specification.

It leverages Arm's virtualization extensions in the secure world of Arm's A class of devices (feature introduced with Armv8.4 FEAT_SEL2) to allow multiple Trusted OSes or Applications to run concurrently, inside the Trusted Execution Environment, each running as a Secure Partition (SP). Its main goal is to control the system access given to Trusted OSes, and serve as a mediator to the rest of the system.

For example, it limits the memory use, and handles all system calls from Trusted OS. Thus the SPM can enforce spacial isolation, and enforce some level of access control, protecting other critical system resources such as: the secure monitor, the normal world software stack, the SPM itself and other SPs/Trusted Applications. Other important features are: secure interrupt handling, device assignment, inter-partition communication and with the Normal World Software stack, also known as Rich Execution Environment (REE).

The following diagram shows an overview of a typical aarch64-based system, and where Hafnium fits:

Hafnium Architecture

Get in touch and keep up-to-date at:

See feature requests and bugs through github.

Documentation

To find more about Hafnium, view the full documentation. It includes valuable resources such as: Getting Started guide, Threat Model, and other documentation.