commit | aac3801222c27657b717beab0196394ccd689b81 | [log] [tgz] |
---|---|---|
author | Karl Meakin <karl.meakin@arm.com> | Fri Feb 07 23:57:37 2025 +0000 |
committer | Karl Meakin <karl.meakin@arm.com> | Wed Mar 12 13:40:26 2025 +0000 |
tree | c6209857c6aee086f467b809419f502cfbd29ac1 | |
parent | 25954e3d2678b5140f562fb05530ec00137b6718 [diff] |
refactor(mm): inline `mm_map_root` It was only called in one place, so inline it so that the reader has to keep less context in their head. Also keeps `mm_ptable_identity_map` consistent with all the other functions, where the loop over each table in root_tables is not in its own function. Change-Id: Ia4171353338d557ef00eb83ebd8a589af6a136cf Signed-off-by: Karl Meakin <karl.meakin@arm.com>
Hafnium is the Secure Partition Manager(SPM) reference implementation, following the Arm's Firmware Framework specification.
It leverages Arm's virtualization extensions in the secure world of Arm's A class of devices (feature introduced with Armv8.4 FEAT_SEL2) to allow multiple Trusted OSes or Applications to run concurrently, inside the Trusted Execution Environment, each running as a Secure Partition (SP). Its main goal is to control the system access given to Trusted OSes, and serve as a mediator to the rest of the system.
For example, it limits the memory use, and handles all system calls from Trusted OS. Thus the SPM can enforce spacial isolation, and enforce some level of access control, protecting other critical system resources such as: the secure monitor, the normal world software stack, the SPM itself and other SPs/Trusted Applications. Other important features are: secure interrupt handling, device assignment, inter-partition communication and with the Normal World Software stack, also known as Rich Execution Environment (REE).
The following diagram shows an overview of a typical aarch64-based system, and where Hafnium fits:
Get in touch and keep up-to-date at:
See feature requests and bugs through github.
To find more about Hafnium, view the full documentation. It includes valuable resources such as: Getting Started guide, Threat Model, and other documentation.