TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 98ab38b51a861c44c89053ee457ad41a3189f20a
commit98ab38b51a861c44c89053ee457ad41a3189f20a[log] [tgz]
authorMadhukar Pappireddy <madhukar.pappireddy@arm.com>Thu May 08 15:46:31 2025 -0500
committerJoao Alves <joao.alves@arm.com>Thu Sep 11 16:43:32 2025 +0000
treec05a06db02664516734be81360d9e14b889bd10e
parentd6c055dd5283b4e394b3ea7434f35522fb25fab8 [diff]
feat: adapt vcpu operational mode to interpret newly added states

With a set of newly introduced states for a vCPU to allow fine grain
tracking of lifecycle of a partition, we have to slightly extend the
notion of a vCPU being ON and OFF.

This patch adds necessary support and refactors helpers to interpret
if a vCPU is in ON or OFF from a operational mode perspective. For
example, VCPU_STATE_STARTING is also considered as OFF since partition
manager has not yet scheduled the vCPU on a physical CPU.

Change-Id: I03aeca4ecb83c28e6cb7897ad0e2a51b315e16b0
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
4 files changed
tree: c05a06db02664516734be81360d9e14b889bd10e
  1. .vscode/
  2. build/
  3. docs/
  4. inc/
  5. kokoro/
  6. project/
  7. src/
  8. test/
  9. third_party/
  10. tools/
  11. vmlib/
  12. prebuilts
  13. .clang-format
  14. .clang-tidy
  15. .gitignore
  16. .gitmodules
  17. .gn
  18. .readthedocs.yaml
  19. AUTHORS
  20. BUILD.gn
  21. commitlint.config.js
  22. CONTRIBUTING.md
  23. dco.txt
  24. LICENSE
  25. Makefile
  26. navbar.md
  27. package-lock.json
  28. package.json
  29. pyproject.toml
  30. README.md
README.md

Hafnium

Hafnium is the Secure Partition Manager(SPM) reference implementation, following the Arm's Firmware Framework specification.

It leverages Arm's virtualization extensions in the secure world of Arm's A class of devices (feature introduced with Armv8.4 FEAT_SEL2) to allow multiple Trusted OSes or Applications to run concurrently, inside the Trusted Execution Environment, each running as a Secure Partition (SP). Its main goal is to control the system access given to Trusted OSes, and serve as a mediator to the rest of the system.

For example, it limits the memory use, and handles all system calls from Trusted OS. Thus the SPM can enforce spacial isolation, and enforce some level of access control, protecting other critical system resources such as: the secure monitor, the normal world software stack, the SPM itself and other SPs/Trusted Applications. Other important features are: secure interrupt handling, device assignment, inter-partition communication and with the Normal World Software stack, also known as Rich Execution Environment (REE).

The following diagram shows an overview of a typical aarch64-based system, and where Hafnium fits:

Hafnium Architecture

Get in touch and keep up-to-date at:

See feature requests and bugs through github.

Documentation

To find more about Hafnium, view the full documentation. It includes valuable resources such as: Getting Started guide, Threat Model, and other documentation.