TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 2435318731c960be1dfdcf84accbf1f357d93665
commit2435318731c960be1dfdcf84accbf1f357d93665[log] [tgz]
authorJayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>Wed Aug 13 13:05:58 2025 +0100
committerJoao Alves <joao.alves@arm.com>Thu Aug 21 15:36:43 2025 +0000
tree4369b27a7936166f704f37840763c99c70075c5b
parent5e718236afd678c2be13bd74af49137cd0bf0f68 [diff]
fix(docker): ensure PLATFORM is forwarded correctly in Docker build

This patch resolves an inconsistency where specifying PLATFORM=...on
the host was ignored during Docker-based builds.

Changes:
- Forward "PLATFORM" variable to container's environment in
  run_in_container.sh
- Update Makefile to pass PLATFORM to the nested make invocation
  inside Docker.
- Fix a SyntaxWarning in check_platform_exists.py by using a raw
  string for the regex.

This ensures platform-specific builds behave identically inside and
outside Docker.

Change-Id: Iad3b0cc1625c45e62d203adf64f6bf8a2f07f173
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
3 files changed
tree: 4369b27a7936166f704f37840763c99c70075c5b
  1. .vscode/
  2. build/
  3. docs/
  4. inc/
  5. kokoro/
  6. project/
  7. src/
  8. test/
  9. third_party/
  10. tools/
  11. vmlib/
  12. prebuilts
  13. .clang-format
  14. .clang-tidy
  15. .gitignore
  16. .gitmodules
  17. .gn
  18. .readthedocs.yaml
  19. AUTHORS
  20. BUILD.gn
  21. commitlint.config.js
  22. CONTRIBUTING.md
  23. dco.txt
  24. LICENSE
  25. Makefile
  26. navbar.md
  27. package-lock.json
  28. package.json
  29. pyproject.toml
  30. README.md
README.md

Hafnium

Hafnium is the Secure Partition Manager(SPM) reference implementation, following the Arm's Firmware Framework specification.

It leverages Arm's virtualization extensions in the secure world of Arm's A class of devices (feature introduced with Armv8.4 FEAT_SEL2) to allow multiple Trusted OSes or Applications to run concurrently, inside the Trusted Execution Environment, each running as a Secure Partition (SP). Its main goal is to control the system access given to Trusted OSes, and serve as a mediator to the rest of the system.

For example, it limits the memory use, and handles all system calls from Trusted OS. Thus the SPM can enforce spacial isolation, and enforce some level of access control, protecting other critical system resources such as: the secure monitor, the normal world software stack, the SPM itself and other SPs/Trusted Applications. Other important features are: secure interrupt handling, device assignment, inter-partition communication and with the Normal World Software stack, also known as Rich Execution Environment (REE).

The following diagram shows an overview of a typical aarch64-based system, and where Hafnium fits:

Hafnium Architecture

Get in touch and keep up-to-date at:

See feature requests and bugs through github.

Documentation

To find more about Hafnium, view the full documentation. It includes valuable resources such as: Getting Started guide, Threat Model, and other documentation.