TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / hafnium / hafnium.git / c0e7dc20f2a97eb59cfeb6fc5cfdd6c1d33635d4 / . / docs / secure-partition-manager / ffa-manifest-binding.rst
blob: 4d41e10ff043057e7495b108bd0a98b1b69c437c [file] [log] [blame]
Olivier Deprezcbf7d5b2023-05-22 12:12:24 +0200[diff] [blame]1FF-A manifest binding to device tree
2====================================
3
4This document defines the nodes and properties used to define a partition,
5according to the FF-A specification.
6
7.. contents::
8
9Partition Properties
10--------------------
11
12- compatible [mandatory]
13 - value type: <string>
14 - Must be the string "arm,ffa-manifest-X.Y" which specifies the major and
15 minor versions of the device tree binding for the FFA manifest represented
16 by this node. The minor number is incremented if the binding changes in a
17 backwards compatible manner.
18
19 - X is an integer representing the major version number of this document.
20 - Y is an integer representing the minor version number of this document.
21
22- ffa-version [mandatory]
23 - value type: <u32>
24 - Must be two 16 bits values (X, Y), concatenated as 31:16 -> X,
25 15:0 -> Y, where:
26
27 - X is the major version of FF-A expected by the partition at the FFA
28 instance it will execute.
29 - Y is the minor version of FF-A expected by the partition at the FFA
30 instance it will execute.
31
32- uuid [mandatory]
33 - value type: <prop-encoded-array>
34 - An array consisting of 4 <u32> values, identifying the UUID of the service
35 implemented by this partition. The UUID format is described in RFC 4122.
36
37- id
38 - value type: <u32>
39 - Pre-allocated partition ID.
40
41- auxiliary-id
42 - value type: <u32>
43 - Pre-allocated ID that could be used in memory management transactions.
44
45- description
46 - value type: <string>
47 - Name of the partition e.g. for debugging purposes.
48
49- execution-ctx-count [mandatory]
50 - value type: <u32>
51 - Number of vCPUs that a VM or SP wants to instantiate.
52
53 - In the absence of virtualization, this is the number of execution
54 contexts that a partition implements.
55 - If value of this field = 1 and number of PEs > 1 then the partition is
56 treated as UP & migrate capable.
57 - If the value of this field > 1 then the partition is treated as a MP
58 capable partition irrespective of the number of PEs.
59
60- exception-level [mandatory]
61 - value type: <u32>
62 - The target exception level for the partition:
63
64 - 0x0: EL1
65 - 0x1: S_EL0
66 - 0x2: S_EL1
67
68- execution-state [mandatory]
69 - value type: <u32>
70 - The target execution state of the partition:
71
72 - 0: AArch64
73 - 1: AArch32
74
75- load-address
76 - value type: <u64>
77 - Physical base address of the partition in memory. Absence of this field
78 indicates that the partition is position independent and can be loaded at
79 any address chosen at boot time.
80
81- entrypoint-offset
82 - value type: <u64>
83 - Offset from the base of the partition's binary image to the entry point of
84 the partition. Absence of this field indicates that the entry point is at
85 offset 0x0 from the base of the partition's binary.
86
87- xlat-granule [mandatory]
88 - value type: <u32>
89 - Translation granule used with the partition:
90
91 - 0x0: 4k
92 - 0x1: 16k
93 - 0x2: 64k
94
95- boot-order
96 - value type: <u16>
97 - A unique number amongst all partitions that specifies if this partition
98 must be booted before others. The partition with the smaller number will be
99 booted first.
100
101- rx-tx-buffer
102 - value type: "memory-regions" node
103 - Specific "memory-regions" nodes that describe the RX/TX buffers expected
104 by the partition.
105 The "compatible" must be the string "arm,ffa-manifest-rx_tx-buffer".
106
107- messaging-method [mandatory]
Kathleen Capellac0e7dc22023-12-19 15:56:36 -0500[diff] [blame^]108 - value type: <u16>
Olivier Deprezcbf7d5b2023-05-22 12:12:24 +0200[diff] [blame]109 - Specifies which messaging methods are supported by the partition, set bit
110 means the feature is supported, clear bit - not supported:
111
Kathleen Capellac0e7dc22023-12-19 15:56:36 -0500[diff] [blame^]112 - Bit[0]: partition can receive direct requests via FFA_MSG_SEND_DIRECT_REQ ABI if set
113 - Bit[1]: partition can send direct requests via FFA_MSG_SEND_DIRECT_REQ ABI if set
Olivier Deprezcbf7d5b2023-05-22 12:12:24 +0200[diff] [blame]114 - Bit[2]: partition can send and receive indirect messages
Kathleen Capellac0e7dc22023-12-19 15:56:36 -0500[diff] [blame^]115 - Bit[9]: partition can receive direct requests via FFA_MSG_SEND_DIRECT_REQ2 ABI if set
116 - Bit[10]: partition can send direct requests via FFA_MSG_SEND_DIRECT_REQ2 ABI if set
Olivier Deprezcbf7d5b2023-05-22 12:12:24 +0200[diff] [blame]117
118- managed-exit
119 - value type: <empty>
120 - Specifies if managed exit is supported.
121 - This field is deprecated in favor of ns-interrupts-action field in the FF-A
122 v1.1 EAC0 spec.
123
Madhukar Pappireddyddef7d72023-10-10 18:06:16 -0500[diff] [blame]124- managed-exit-virq
125 - value type: <empty>
126 - Indicates if the partition needs managed exit, if supported, to be signaled
127 through vFIQ signal.
128
Olivier Deprezcbf7d5b2023-05-22 12:12:24 +0200[diff] [blame]129- ns-interrupts-action [mandatory]
130 - value type: <u32>
131 - Specifies the action that the SPMC must take in response to a Non-secure
132 physical interrupt.
133
134 - 0x0: Non-secure interrupt is queued
135 - 0x1: Non-secure interrupt is signaled after a managed exit
136 - 0x2: Non-secure interrupt is signaled
137
138 - This field supersedes the managed-exit field in the FF-A v1.0 spec.
139
140- other-s-interrupts-action
141 - value type: <u32>
142 - Specifies the action that the SPMC must take in response to a Other-Secure
143 physical interrupt.
144
145 - 0x0: Other-Secure interrupt is queued
146 - 0x1: Other-Secure interrupt is signaled
147
Madhukar Pappireddyddef7d72023-10-10 18:06:16 -0500[diff] [blame]148- runtime-model
149 - value type: <u32>
150 - Indicates whether the SP execution can be preempted.
151 - This field is deprecated in favor of other-s-interrupts-action and
152 ns-interrupts-action fields in the FF-A v1.1 spec.
153
Olivier Deprezcbf7d5b2023-05-22 12:12:24 +0200[diff] [blame]154- has-primary-scheduler
155 - value type: <empty>
156 - Presence of this field indicates that the partition implements the primary
157 scheduler. If so, run-time EL must be EL1.
158
159- time-slice-mem
160 - value type: <empty>
161 - Presence of this field indicates that the partition doesn't expect the
162 partition manager to time slice long running memory management functions.
163
164- gp-register-num
165 - value type: <u32>
166 - The field specifies the general purpose register number but not its width.
167 The width is derived from the partition's execution state, as specified in
168 the partition properties. For example, if the number value is 1 then the
169 general-purpose register used will be x1 in AArch64 state and w1 in AArch32
170 state.
171 Presence of this field indicates that the partition expects the address of
172 the FF-A boot information blob to be passed in the specified general purpose
173 register.
174
Olivier Deprezcbf7d5b2023-05-22 12:12:24 +0200[diff] [blame]175- power-management-messages
176 - value type: <u32>
177 - Specifies which power management messages a partition subscribes to.
178 A set bit means the partition should be informed of the power event, clear
179 bit - should not be informed of event:
180
181 - Bit[0]: CPU_OFF
182 - Bit[1]: CPU_SUSPEND
183 - Bit[2]: CPU_SUSPEND_RESUME
184
185Memory Regions
186--------------
187
188- compatible [mandatory]
189 - value type: <string>
190 - Must be the string "arm,ffa-manifest-memory-regions".
191
192- description
193 - value type: <string>
194 - Name of the memory region e.g. for debugging purposes.
195
196- pages-count [mandatory]
197 - value type: <u32>
198 - Count of pages of memory region as a multiple of the translation granule
199 size
200
201- attributes [mandatory]
202 - value type: <u32>
203 - Mapping modes: ORed to get required permission
204
205 - 0x1: Read
206 - 0x2: Write
207 - 0x4: Execute
208 - 0x8: Security state
209
210- base-address
211 - value type: <u64>
212 - Base address of the region. The address must be aligned to the translation
213 granule size.
214 The address given may be a Physical Address (PA), Virtual Address (VA), or
215 Intermediate Physical Address (IPA). Refer to the FF-A specification for
216 more information on the restrictions around the address type.
217 If the base address is omitted then the partition manager must map a memory
218 region of the specified size into the partition's translation regime and
219 then communicate the region properties (including the base address chosen
220 by the partition manager) to the partition.
221
222Device Regions
223--------------
224
225- compatible [mandatory]
226 - value type: <string>
227 - Must be the string "arm,ffa-manifest-device-regions".
228
229- description
230 - value type: <string>
231 - Name of the device region e.g. for debugging purposes.
232
233- pages-count [mandatory]
234 - value type: <u32>
235 - Count of pages of memory region as a multiple of the translation granule
236 size
237
238- attributes [mandatory]
239 - value type: <u32>
240 - Mapping modes: ORed to get required permission
241
242 - 0x1: Read
243 - 0x2: Write
244 - 0x4: Execute
245 - 0x8: Security state
246
247- base-address [mandatory]
248 - value type: <u64>
249 - Base address of the region. The address must be aligned to the translation
250 granule size.
251 The address given may be a Physical Address (PA), Virtual Address (VA), or
252 Intermediate Physical Address (IPA). Refer to the FF-A specification for
253 more information on the restrictions around the address type.
254
255- smmu-id
256 - value type: <u32>
257 - On systems with multiple System Memory Management Units (SMMUs) this
258 identifier is used to inform the partition manager which SMMU the device is
259 upstream of. If the field is omitted then it is assumed that the device is
260 not upstream of any SMMU.
261
262- stream-ids
263 - value type: <prop-encoded-array>
Madhukar Pappireddyddef7d72023-10-10 18:06:16 -0500[diff] [blame]264 - List of IDs where an ID is a unique <u32> value amongst all devices assigned
265 to the partition.
Olivier Deprezcbf7d5b2023-05-22 12:12:24 +0200[diff] [blame]266
267- interrupts [mandatory]
268 - value type: <prop-encoded-array>
269 - A list of (id, attributes) pair describing the device interrupts, where:
270
271 - id: The <u32> interrupt IDs.
272 - attributes: A <u32> value, containing attributes for each interrupt ID:
273
274 +----------------------+----------+
275 |Field | Bit(s) |
276 +----------------------+----------+
277 | Priority | 7:0 |
278 +----------------------+----------+
279 | Security state | 8 |
280 +----------------------+----------+
281 | Config(Edge/Level) | 9 |
282 +----------------------+----------+
283 | Type(SPI/PPI/SGI) | 11:10 |
284 +----------------------+----------+
285
286 Security state:
287 - Secure: 1
288 - Non-secure: 0
289
290 Configuration:
291 - Edge triggered: 0
292 - Level triggered: 1
293
294 Type:
295 - SPI: 0b10
296 - PPI: 0b01
297 - SGI: 0b00
298
299- interrupts-target
300 - value type: <prop-encoded-array>
301 - A list of (id, mpdir upper bits, mpidr lower bits) tuples describing which
302 mpidr the interrupt is routed to, where:
303
304 - id: The <u32> interrupt ID. Must be one of those specified in the
305 "interrupts" field.
306 - mpidr upper bits: The <u32> describing the upper bits of the 64 bits
307 mpidr
308 - mpidr lower bits: The <u32> describing the lower bits of the 64 bits
309 mpidr
310
311- exclusive-access
312 - value type: <empty>
313 - Presence of this field implies that this endpoint must be granted exclusive
314 access and ownership of this device's MMIO region.
315
316--------------
317
318*Copyright (c) 2019-2023, Arm Limited and Contributors. All rights reserved.*