Hi,
I am trying to build BSP part of Total Compute platform from the following link:
https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs…
But I am facing some issues in Board Support Package Build section, after running following command:
bitbake tc0-artifacts-image
I am getting the following Error during one of the executing tasks of above command:
ERROR: secure-partitions-1.0+gitAUTOINC+2fc7e10c7c-r0 do_fetch: Fetcher failure for URL: 'http://gee.cs.oswego.edu/pub/misc/malloc.c;name=dlmalloc'.
Unable to fetch URL from any source.
Can I please get some help with this error?
Regards,
Rahul
Looking at the trusted firmware documentation it says that “Only Arm’s FVP platform is supported to use with the TF-A reference software stack.” Have you gotten this to work on a physical device, or do I need to add support for my own board?
Thanks,
Friedrich
Hi Rahul,
Notice Hafnium as an hypervisor (in the normal world) is no longer a 'supported' configuration. It's still mainly maintained as legacy and for test purposes.
The project focuses on the SPM (aka Hafnium in the secure world).
Adding an hypervisor is a bit beyond the scope of the project.
The best reference for you is perhaps to reproduce the Total Compute platform:
https://gitlab.arm.com/arm-reference-solutions/arm-reference-solutions-docs…
If you build the BSP part (no Android),
you get this setup: linux (NS EL1/0), no hypervisor, TF-A at EL3, Hafnium at SEL2, OP-TEE at SEL1.
You can run the optee xtest suite from linux console which reaches OP-TEE as a secure partition through Hafnium.
Regards,
Olivier.
________________________________________
From: Rahul Kumar Yadav <rahulkumar.yadav(a)nxp.com>
Sent: 23 February 2022 10:45
To: Olivier Deprez
Subject: RE: [Hafnium] Re: [EXT] Re: Hafnium Getting Started
Hi Olivier,
I wanted to try Hafnium with FVP but could not find the clear instructions like the ones available for Hafnium with QEMU.
In Hafnium Documentation, I was able to run tests with FVP with following command:
$ make && kokoro/test.sh --fvp
But I could not find instructions to run Hafnium and primary VM with Linux on FVP separately from Testing purposes, like in case of QEMU.
If Hafnium with QEMU is not going to work in secure world, from where can I find instructions for running Hafnium with VMs (Linux, OPTEE) on FVP in normal and secure world?
Regards,
Rahul
-----Original Message-----
From: Olivier Deprez via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: Wednesday, February 23, 2022 2:38 PM
To: hafnium(a)lists.trustedfirmware.org
Subject: [Hafnium] Re: [EXT] Re: Hafnium Getting Started
Caution: EXT Email
Hi Rahul,
TF-A + SEL2/Hafnium isn't supported on qemu.
All our testing is done on Arm's FVP, or Total Compute platform.
Regards,
Olivier.
________________________________________
From: Rahul Kumar Yadav <rahulkumar.yadav(a)nxp.com>
Sent: 23 February 2022 10:00
To: Olivier Deprez
Subject: RE: [EXT] [Hafnium] Re: Hafnium Getting Started
Hi Olivier,
Thanks for helping.
Also, I want to run Hafnium with QEMU in secure world.
From where can I get the instructions for that purpose?
Regards,
Rahul
-----Original Message-----
From: Olivier Deprez via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: Wednesday, February 23, 2022 2:22 PM
To: hafnium(a)lists.trustedfirmware.org
Subject: [EXT] [Hafnium] Re: Hafnium Getting Started
Caution: EXT Email
Hi,
In your experiment, everything runs in the normal world.
Hafnium at NS EL2.
The primary VM hosting linux at NS EL1.
Regards,
Olivier.
________________________________________
From: Rahul Kumar Yadav via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: 23 February 2022 09:16
To: hafnium(a)lists.trustedfirmware.org
Subject: [Hafnium] Hafnium Getting Started
Hi,
I have just started to learn about Hafnium and I am following Getting Started steps of it.
I built DTB with
/dts-v1/;
/ {
hypervisor {
compatible = "hafnium,hafnium";
vm1 {
debug_name = "Linux VM";
kernel_filename = "vmlinuz";
ramdisk_filename = "initrd.img";
};
};
};
And after setting up RAM disk, I was able to boot into Linux VM with following command:
qemu-system-aarch64 -M virt,gic_version=3 -cpu cortex-a57 -nographic -machine virtualization=true -kernel out/reference/qemu_aarch64_clang/hafnium.bin -initrd initrd.img -append "rdinit=/sbin/init"
But I am unable to understand whether Hafnium and Linux are running in Normal World or Secure World or At which Level (EL1, EL2, S-EL1 or S-EL2...) Hafnium and Linux are running.
Can I please get some help in understanding this?
Regards,
Rahul
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
Hi Rahul,
TF-A + SEL2/Hafnium isn't supported on qemu.
All our testing is done on Arm's FVP, or Total Compute platform.
Regards,
Olivier.
________________________________________
From: Rahul Kumar Yadav <rahulkumar.yadav(a)nxp.com>
Sent: 23 February 2022 10:00
To: Olivier Deprez
Subject: RE: [EXT] [Hafnium] Re: Hafnium Getting Started
Hi Olivier,
Thanks for helping.
Also, I want to run Hafnium with QEMU in secure world.
From where can I get the instructions for that purpose?
Regards,
Rahul
-----Original Message-----
From: Olivier Deprez via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: Wednesday, February 23, 2022 2:22 PM
To: hafnium(a)lists.trustedfirmware.org
Subject: [EXT] [Hafnium] Re: Hafnium Getting Started
Caution: EXT Email
Hi,
In your experiment, everything runs in the normal world.
Hafnium at NS EL2.
The primary VM hosting linux at NS EL1.
Regards,
Olivier.
________________________________________
From: Rahul Kumar Yadav via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: 23 February 2022 09:16
To: hafnium(a)lists.trustedfirmware.org
Subject: [Hafnium] Hafnium Getting Started
Hi,
I have just started to learn about Hafnium and I am following Getting Started steps of it.
I built DTB with
/dts-v1/;
/ {
hypervisor {
compatible = "hafnium,hafnium";
vm1 {
debug_name = "Linux VM";
kernel_filename = "vmlinuz";
ramdisk_filename = "initrd.img";
};
};
};
And after setting up RAM disk, I was able to boot into Linux VM with following command:
qemu-system-aarch64 -M virt,gic_version=3 -cpu cortex-a57 -nographic -machine virtualization=true -kernel out/reference/qemu_aarch64_clang/hafnium.bin -initrd initrd.img -append "rdinit=/sbin/init"
But I am unable to understand whether Hafnium and Linux are running in Normal World or Secure World or At which Level (EL1, EL2, S-EL1 or S-EL2...) Hafnium and Linux are running.
Can I please get some help in understanding this?
Regards,
Rahul
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
Hi,
I have just started to learn about Hafnium and I am following Getting Started steps of it.
I built DTB with
/dts-v1/;
/ {
hypervisor {
compatible = "hafnium,hafnium";
vm1 {
debug_name = "Linux VM";
kernel_filename = "vmlinuz";
ramdisk_filename = "initrd.img";
};
};
};
And after setting up RAM disk, I was able to boot into Linux VM with following command:
qemu-system-aarch64 -M virt,gic_version=3 -cpu cortex-a57 -nographic -machine virtualization=true -kernel out/reference/qemu_aarch64_clang/hafnium.bin -initrd initrd.img -append "rdinit=/sbin/init"
But I am unable to understand whether Hafnium and Linux are running in Normal World or Secure World
or At which Level (EL1, EL2, S-EL1 or S-EL2...) Hafnium and Linux are running.
Can I please get some help in understanding this?
Regards,
Rahul
Hello team,
Currently the amount of memory allocated for GICR frames is determined by the number of supported CPUs. However, the GIC redistributor might have more frames than the number of PEs. In such a case, it is possible that the core index constructed from GICR_TYPER register points to a non-existent PE. For such a case, the GIC discovery and init sequence should move to the next redistributor frame. Today, the code asserts if there are holes in the CPU topology or if GICR_FRAMES > MAX_CPUS.
Downstream Tegra platforms provide more GICR frames than number of CPUs and require the support posted to gerrit [1]. Request the team to review and post feedback.
Thanks.
[1] topic:"gicv3-gicr-frames" (status:open OR status:merged) * Gerrit Code Review (trustedfirmware.org)<https://review.trustedfirmware.org/q/topic:%22gicv3-gicr-frames%22+(status:…>
+ Hafnium mailing list
(Sorry didn't notice I had replied to you directly, and not included the mailing list. Others might have useful feedback to add.)
Friedrich,
Will try to come back to you on your last query ASAP.
________________________________
From: Friedrich <friedrichdoku(a)gmail.com>
Sent: Sunday, February 13, 2022 6:16 PM
To: Joao Alves <Joao.Alves(a)arm.com>
Subject: Re: [Hafnium] How to stop linux from preventing access to serial?
Hi João,
I am still having trouble getting my kernel to run using a secure partition. For some reason, my kernel only runs when I give it access to all the devices, but if I do this Linux is unable to run. Linux gives me stage-2 page faults. Is there any way around thiss? Here is my dts file for my kernel. Is there something I can change here to make this work?
f
I thought there is emulation for basic hardware features like timers and interrupt controllers. How can I use them in my secure partition?
/dts-v1/;
/ {
compatible = "arm,ffa-manifest-1.0";
debug_name = "partition-manifest";
/* Properties */
ffa-version = <0x00010001>; /* 31:16 - Major, 15:0 - Minor */
uuid = <0xb4b5671e 0x4a904fe1 0xb81ffb13 0xdae1dacb>;
execution-ctx-count = <4>;
exception-level = <0>; /* S-EL1 */
execution-state = <0>; /* AARCH64 */
load-address = <0x43000000>;
entrypoint-offset = <0x0000>;
xlat-granule = <0>; /* 4KiB */
messaging-method = <0x3>; /* Direct messaging only */
device-regions {
compatible = "arm,ffa-manifest-device-regions";
uart0 {
base-address = <0x00000000 0x01c28000>;
pages-count = <1>;
attributes = <0x3>; /* read-write */
};
};
};
Best,
Friedrich
On Mon, Feb 7, 2022 at 4:56 AM Joao Alves <Joao.Alves(a)arm.com<mailto:Joao.Alves@arm.com>> wrote:
Hi Friederich,
It seems the problem you're facing has to do with Stage 2 translation faults. The UART needs to be mapped in the S2 translation of the respective partition that tries to use it. The given platform that you're using is likely to have more than one UART device assigned with different memory regions. Each device should be assigned to only one partition/kernel. Unmapping the UART from Linux shouldn't help on its own, as you're simply refraining Linux from using the UART. Depending on how you configured your Linux partition, it might still try to access it at a certain address and hit a page fault at Stage 2 translation.
If you are using Hafnium with FF-A partitions, you can map different UART devices through the FF-A partition manifest, as shown in the following link: https://review.trustedfirmware.org/plugins/gitiles/hafnium/hafnium/+/refs/h…
The support for this (I think) might depend on the version that you're currently using.
Hafnium owns a UART device, that makes (indirectly) accessible to the VMs through an HVC call. Hafnium receives the bytes to write to the UART TX buffers through the GP registers through the HVC call interface. If you're trying to log the behaviour of your partition, this might be enough, and probably the easiest option to start with.
Find the HVC call function helper: https://review.trustedfirmware.org/plugins/gitiles/hafnium/hafnium/+/refs/h…
You can look for uses of the referred call.
Hope this helps. Let me know if you have further questions.
Best regards,
João Alves
________________________________
From: Friedrich via Hafnium <hafnium(a)lists.trustedfirmware.org<mailto:hafnium@lists.trustedfirmware.org>>
Sent: Thursday, February 3, 2022 5:59 PM
To: hafnium(a)lists.trustedfirmware.org<mailto:hafnium@lists.trustedfirmware.org> <hafnium(a)lists.trustedfirmware.org<mailto:hafnium@lists.trustedfirmware.org>>
Subject: [Hafnium] How to stop linux from preventing access to serial?
Hi,
I am working with the hafnium hypervisor. I am running Linux alongside
another kernel, and I need access to the serial device UART on the other
kernel. When I am trying to output serial from the other kernel, hafnium
says there is a stage 2 page fault. I tried disabling the serial device in
linux, but now I am getting a different result. When I load the hafnium
driver, I get a page fault. For some reason, if the device is not in
/proc/iomem it throws an error.
How can I use my device in my kernel and disable it in Linux. Linux is the
primary VM and my kernel is the secondary VM.
Thanks,
Friedrich
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org<mailto:hafnium@lists.trustedfirmware.org>
To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org<mailto:hafnium-leave@lists.trustedfirmware.org>
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi,
I am working with the hafnium hypervisor. I am running Linux alongside
another kernel, and I need access to the serial device UART on the other
kernel. When I am trying to output serial from the other kernel, hafnium
says there is a stage 2 page fault. I tried disabling the serial device in
linux, but now I am getting a different result. When I load the hafnium
driver, I get a page fault. For some reason, if the device is not in
/proc/iomem it throws an error.
How can I use my device in my kernel and disable it in Linux. Linux is the
primary VM and my kernel is the secondary VM.
Thanks,
Friedrich
