TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / 1d3b86f8b44950ea05fb6f175a7b2068e549bd91
commit1d3b86f8b44950ea05fb6f175a7b2068e549bd91[log] [tgz]
authorOlivier Deprez <olivier.deprez@arm.com>Mon Nov 06 09:51:04 2023 +0100
committerJoao Alves <joao.alves@arm.com>Thu Nov 16 15:22:13 2023 +0100
treea4aabc3583da890173633b256b53e21c8dbdecde
parent20158dd670b6b8b736b1bca9d77a276f67fe5020 [diff]
feat: permit building a single hafnium platform

Introduced a PLATFORM makefile command line build option to permit
downstream solutions or integrations to build only the hafnium binary
that the solution is interested in. In particular this omits building
the test framework a downstream integration may not want to consume.
This also greatly improves the build time (and limits the external
dependencies) from the solution's perspective. Combined with the
existing PROJECT variable, the intent is to make the project build
just a bit more flexible.

Example usages:
make (builds all platforms from 'reference' project incl. tests)
make PLATFORM=secure_aem_v8a_fvp_vhe (builds only the SPMC targeting FVP
from the 'reference' project)
The following two examples are hypothetical if the external project
'foo' adheres to the working model proposed by project 'reference':
make PROJECT=foo (builds all targets from an externally provided project
'foo')
make PROJECT=foo PLATFORM=bar (builds only the 'bar' platform from
project 'foo')

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I17da0419f9f4a70aec4176bc1579e5c33a680690
2 files changed
tree: a4aabc3583da890173633b256b53e21c8dbdecde
  1. .vscode/
  2. build/
  3. docs/
  4. driver/
  5. inc/
  6. kokoro/
  7. project/
  8. src/
  9. test/
  10. third_party/
  11. vmlib/
  12. prebuilts
  13. .clang-format
  14. .clang-tidy
  15. .gitignore
  16. .gitmodules
  17. .gn
  18. .readthedocs.yaml
  19. AUTHORS
  20. BUILD.gn
  21. CONTRIBUTING.md
  22. dco.txt
  23. LICENSE
  24. Makefile
  25. navbar.md
  26. pyproject.toml
  27. README.md
README.md

Hafnium

Hafnium is the Secure Partition Manager(SPM) reference implementation, following the Arm's Firmware Framework specification.

It leverages Arm's virtualization extensions in the secure world of Arm's A class of devices (feature introduced with Armv8.4 FEAT_SEL2) to allow multiple Trusted OSes or Applications to run concurrently, inside the Trusted Execution Environment, each running as a Secure Partition (SP). Its main goal is to control the system access given to Trusted OSes, and serve as a mediator to the rest of the system.

For example, it limits the memory use, and handles all system calls from Trusted OS. Thus the SPM can enforce spacial isolation, and enforce some level of access control, protecting other critical system resources such as: the secure monitor, the normal world software stack, the SPM itself and other SPs/Trusted Applications. Other important features are: secure interrupt handling, device assignment, inter-partition communication and with the Normal World Software stack, also known as Rich Execution Environment (REE).

The following diagram shows an overview of a typical aarch64-based system, and where Hafnium fits:

Hafnium Architecture

Get in touch and keep up-to-date at:

See feature requests and bugs through github.

Documentation

To find more about Hafnium, view the full documentation. It includes valuable resources such as: Getting Started guide, Threat Model, and other documentation.