| Olivier Deprez | 62405ad | 2020-10-26 18:51:49 +0100 | [diff] [blame^] | 1 | # Change log |
| 2 | |
| 3 | ## v2.4 |
| 4 | |
| 5 | This is the first drop to implement the TrustZone secure side S-EL2 firmware |
| 6 | (SPMC Core component) complying with FF-A v1.0. |
| 7 | It is a companion to the broader TF-A v2.4 release. |
| 8 | The normal world Hypervisor is maintained functional along with the |
| 9 | Hafnium CI test suite. |
| 10 | |
| 11 | * FF-A v1.0 Setup and discovery interface |
| 12 | * Hypervisor implementation re-used and extended to the SPMC and SPs. |
| 13 | * Added partition info get ABI and appropriate properties response depending |
| 14 | on partition capabilities (PVM, Secondary VM or Secure Partitions). |
| 15 | * FF-A device-tree manifest parsing. |
| 16 | * FF-A partitions can declare memory/device regions, and RX/TX buffers that |
| 17 | the SPMC sets up in the SP EL1&0 Stage-2 translation regime at boot time. |
| 18 | * FF-A IDs normal and secure world split ranges. |
| 19 | * The SPMC maps the Hypervisor (or OS kernel) RX/TX buffers as non-secure |
| 20 | buffers in its EL2 Stage-1 translation regime on FFA_RXTX_MAP ABI |
| 21 | invocation from the non-secure physical FF-A instance. |
| 22 | * FF-A v1.0 Direct message interface |
| 23 | * Added implementation for the normal world Hypervisor and test cases. |
| 24 | * Implementation extended to the SPMC and SPs. |
| 25 | * Direct message requests emitted from the PVM to a Secondary VM or a |
| 26 | Secure Partition (or OS Kernel to a Secure Partition). Direct message |
| 27 | responses emitted from Secondary VMs and Secure Partitions to the PVM. |
| 28 | * The secure world represents the "other world" (normal world Hypervisor |
| 29 | or OS kernel) vCPUs in an abstract "Hypervisor VM". |
| 30 | * FF-A v1.0 memory sharing |
| 31 | * Hypervisor implementation re-used and extended to the SPMC and SPs. |
| 32 | * A NS buffer can be shared/lent/donated by a VM to a SP (or OS Kernel |
| 33 | to a SP). |
| 34 | * The secure world configures Stage-1 NS IPA output to access the NS PA |
| 35 | space. |
| 36 | * The secure world represents the "other world" (normal world Hypervisor |
| 37 | or OS kernel) memory pages in an abstract "Hypervisor VM" and tracks |
| 38 | memory sharing permissions from incoming normal world requests. |
| 39 | * Secure world enablement |
| 40 | * The SPMC implements the logic to receive FF-A messages through the EL3 |
| 41 | SPMD, process them, and either return to the SPMD (and normal world) or |
| 42 | resume a Secure Partition. |
| 43 | * Extract NS bit from HPFAR_EL2 on Stage-2 page fault. |
| 44 | * Prevent setup of LOR regions in SWd. |
| 45 | * Avoid direct PSCI calls down to EL3. |
| 46 | * Platforms |
| 47 | * Added Arm FVP secure Hafnium build support. |
| 48 | * Added Arm TC0 "Total Compute" secure Hafnium build support. |
| 49 | * Other improvements |
| 50 | * Re-hosting to trustedfirmware.org |
| 51 | * busy_secondary timer increased to improve CI stability. |
| 52 | * Removed legacy Hypervisor calls. |
| 53 | * Fix CPTR_EL2 TTA bit position. |
| 54 | * Report FAR_EL2 on injecting EL1 exception. |
| 55 | * Known limitations: |
| 56 | * Not all fields of the FF-A manifest are actually processed by the Hafnium |
| 57 | device-tree parser. |
| 58 | * SP to SP communication not supported. |
| 59 | * SP to SP memory sharing not supported. |
| 60 | * vCPU S-EL1 and SIMD context shall be saved/restored by EL3. |
| 61 | * One-to-many memory sharing not supported. |
| 62 | * Interrupt management limited to trapping physical interrupts to |
| 63 | the first S-EL1 SP. Physical interrupt trapping at S-EL2 planned as |
| 64 | next release improvement. |
| 65 | * Validation mostly performed using first SP Execution Context (vCPU0). More |
| 66 | comprehensive multicore enablement planned as next release improvement. |