TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 7945bb578a0fefad0ad9bb8f0b6e997c148636eb
commit7945bb578a0fefad0ad9bb8f0b6e997c148636eb[log] [tgz]
authorMadhukar Pappireddy <madhukar.pappireddy@arm.com>Tue Aug 20 15:22:41 2024 -0500
committerMadhukar Pappireddy <madhukar.pappireddy@arm.com>Wed Sep 11 15:03:55 2024 -0500
treeed55c61d8e98a848725935b228504a2ae8329c5d
parent93d3d7015108628f4e2d6daffd62d94006d0a44c [diff]
refactor: reduce fields tracking interrupt handling for vcpus

With the changes made in this patch stack, there are alternatives
to detect the current virtual secure interrupt being handled by
a vcpu rather than tracking it explictly through a special field
in vcpu data structures. The first valid entry in the interrupt
queue provides this information.

With this in mind, we proceed with removing two of the fields related
to interrupt handling. In order to do so, we always add a virtual
secure interrupt to the queue irrespective of whether it is signaled
or not. This does not violate the spec and is simply an implementation
choice.

Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I7aef287d54493887d6eb9a72a71c40c29014494c
4 files changed
tree: ed55c61d8e98a848725935b228504a2ae8329c5d
  1. .vscode/
  2. build/
  3. docs/
  4. driver/
  5. inc/
  6. kokoro/
  7. project/
  8. src/
  9. test/
  10. third_party/
  11. vmlib/
  12. prebuilts
  13. .clang-format
  14. .clang-tidy
  15. .gitignore
  16. .gitmodules
  17. .gn
  18. .readthedocs.yaml
  19. AUTHORS
  20. BUILD.gn
  21. CONTRIBUTING.md
  22. dco.txt
  23. LICENSE
  24. Makefile
  25. navbar.md
  26. pyproject.toml
  27. README.md
README.md

Hafnium

Hafnium is the Secure Partition Manager(SPM) reference implementation, following the Arm's Firmware Framework specification.

It leverages Arm's virtualization extensions in the secure world of Arm's A class of devices (feature introduced with Armv8.4 FEAT_SEL2) to allow multiple Trusted OSes or Applications to run concurrently, inside the Trusted Execution Environment, each running as a Secure Partition (SP). Its main goal is to control the system access given to Trusted OSes, and serve as a mediator to the rest of the system.

For example, it limits the memory use, and handles all system calls from Trusted OS. Thus the SPM can enforce spacial isolation, and enforce some level of access control, protecting other critical system resources such as: the secure monitor, the normal world software stack, the SPM itself and other SPs/Trusted Applications. Other important features are: secure interrupt handling, device assignment, inter-partition communication and with the Normal World Software stack, also known as Rich Execution Environment (REE).

The following diagram shows an overview of a typical aarch64-based system, and where Hafnium fits:

Hafnium Architecture

Get in touch and keep up-to-date at:

See feature requests and bugs through github.

Documentation

To find more about Hafnium, view the full documentation. It includes valuable resources such as: Getting Started guide, Threat Model, and other documentation.