- Hafnium - lists.trustedfirmware.org

Debugging page table creation in Hafnium

by Madhukar Pappireddy

Hi, I was wondering if there is support in Hafnium to dump page tables to a log file. I am new to the Hafnium project and would appreciate any help. Below is an example from TF-A which provides such provision. ......<snip> VERBOSE: Translation tables state: VERBOSE: Xlat regime: EL3 VERBOSE: Max allowed PA: 0xfffffffff VERBOSE: Max allowed VA: 0xfffffffff VERBOSE: Max mapped PA: 0x2f1fffff VERBOSE: Max mapped VA: 0x2f1fffff VERBOSE: Initial lookup level: 1 VERBOSE: Entries @initial lookup level: 64 VERBOSE: Used 3 sub-tables out of 5 (spare: 2) [LV1] VA:0x0 size:0x40000000 [LV2] VA:0x0 size:0x200000 [LV3] VA:0x0 PA:0x0 size:0x1000 MEM-RO-EXEC-S [LV3] VA:0x1000 PA:0x1000 size:0x1000 MEM-RO-EXEC-S [LV3] VA:0x2000 PA:0x2000 size:0x1000 MEM-RO-EXEC-S [LV3] VA:0x3000 PA:0x3000 size:0x1000 MEM-RO-EXEC-S [LV3] VA:0x4000 PA:0x4000 size:0x1000 MEM-RO-EXEC-S [LV3] VA:0x5000 PA:0x5000 size:0x1000 MEM-RO-EXEC-S [LV3] VA:0x6000 PA:0x6000 size:0x1000 MEM-RO-EXEC-S [LV3] VA:0x7000 PA:0x7000 size:0x1000 MEM-RO-EXEC-S [LV3] VA:0x8000 PA:0x8000 size:0x1000 MEM-RO-XN-S [LV3] VA:0x9000 PA:0x9000 size:0x1000 MEM-RO-XN-S [LV3] VA:0xa000 PA:0xa000 size:0x1000 MEM-RO-XN-S [LV3] VA:0xb000 size:0x1000 [LV3] (500 invalid descriptors omitted) [LV2] VA:0x200000 size:0x200000 [LV2] (30 invalid descriptors omitted) [LV2] VA:0x4000000 size:0x200000 ..... <snip> Thanks, Madhukar

4 years, 8 months

1
0
0 0

TF-A Tech Forum Agenda @ Thr 16th July 2020 16:00-1700 BST

by Joanna Farley

Hi All, The next TF-A Tech Forum is scheduled for Thu 16th July 2020 16:00 – 17:00 (BST). A reoccurring meeting invite has been sent out to the subscribers of this TF-A mailing list. If you don’t have this please let me know. Agenda: * Secure EL2 SPM (Secure Partition Manager) Hafnium-based * In this TF-A Tech Forum session we present the status and open roadmap for the Secure Partition Manager firmware development. The TF-A SPM is the reference open source implementation for the PSA FF-A (Platform Security Architecture Firmware Framework for A-class) specification in the Secure world. It leverages the Armv8.4-Secure EL2 extension bringing virtualization technology in the Secure world (S-EL2 exception level). The development derives originally from the Google Hafnium project, which has been recently transitioned to https://www.trustedfirmware.org/ under the BSD 3-Clause license. * Optional TF-A Mailing List Topic Discussions If TF-A contributors have anything they wish to present at any future TF-A tech forum please contact me to have that scheduled. Previous sessions, both recording and presentation material can be found on the trustedfirmware.org TF-A Technical meeting webpage: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ A scheduling tracking page is also available to help track sessions suggested and being prepared: https://developer.trustedfirmware.org/w/tf_a/tf-a-tech-forum-scheduling/ Final decisions on what will be presented will be shared a few days before the next meeting and shared on the TF-A mailing list. Thanks Joanna

4 years, 9 months

1
0
0 0

Re: [Hafnium] change.submitWholeTopic option for Gerrit

by Andrew Walbran

No, it's only necessary if you're changing a submodule, or have changes that are in some other way dependent on each other. Most changes don't need a topic. On Thu, 9 Jul 2020 at 17:50, Varun Wadekar via Hafnium < hafnium(a)lists.trustedfirmware.org> wrote: > Hello, > > I think this is a good idea to keep multiple moving parts in sync. OTOH, > does this also mean that all changes *must* be part of a topic branch? That > would be an overkill IMO. > > -Varun > > -----Original Message----- > From: Hafnium <hafnium-bounces(a)lists.trustedfirmware.org> On Behalf Of > Olivier Deprez via Hafnium > Sent: Thursday, July 9, 2020 6:16 AM > To: Benjamin Copeland <ben.copeland(a)linaro.org>; Joanna Farley < > Joanna.Farley(a)arm.com>; bill.fletcher(a)linaro.org > Cc: hafnium(a)lists.trustedfirmware.org > Subject: Re: [Hafnium] change.submitWholeTopic option for Gerrit > > External email: Use caution opening links or attachments > > > Ben, > > Kindly please hold on, I guess I should forward this comm. to other MLs > for which the corresponding tforg projects will inherit the newly enabled > feature. > > Thanks & Regards, > Olivier. > > ________________________________________ > From: Benjamin Copeland <ben.copeland(a)linaro.org> > Sent: 09 July 2020 15:12 > To: Joanna Farley; bill.fletcher(a)linaro.org > Cc: Olivier Deprez; Andrew Walbran; hafnium(a)lists.trustedfirmware.org > Subject: Re: [Hafnium] change.submitWholeTopic option for Gerrit > > If we are all in agreement I will get it enabled. > > Regards > > Ben > > On Thu, 9 Jul 2020 at 13:51, Joanna Farley <Joanna.Farley(a)arm.com<mailto: > Joanna.Farley(a)arm.com>> wrote: > Agree __ > > On 09/07/2020, 13:48, "Hafnium on behalf of Olivier Deprez via Hafnium" < > hafnium-bounces(a)lists.trustedfirmware.org<mailto: > hafnium-bounces(a)lists.trustedfirmware.org> on behalf of > hafnium(a)lists.trustedfirmware.org<mailto:hafnium@lists.trustedfirmware.org>> > wrote: > > Hi Andrew, > > We seem to reach a consensus within ARM that it is something we can > enable. > As a slight usage detail, we'd expect developers to use their initials > for gerrit topics such a xy/topic-name. > That's already recommended for TF-A, although not always enforced. > This would avoid unintended/accidental merges in different repos > because of gerrit topic name clashes. > > Does it make sense? > > Other folks in the ML, please shout if you disagree (you can also > express that you agree 🙂). > > Regards, > Olivier. > > > ________________________________ > From: Andrew Walbran > Sent: Wednesday, July 01, 2020 11:28 > To: hafnium(a)lists.trustedfirmware.org<mailto: > hafnium(a)lists.trustedfirmware.org>; Benjamin Copeland; Olivier Deprez > Subject: Re: change.submitWholeTopic option for Gerrit > > Any thoughts on this? > > On Fri, 26 Jun 2020 at 21:21, Andrew Walbran <qwandor(a)google.com > <mailto:qwandor@google.com><mailto:qwandor@google.com<mailto: > qwandor(a)google.com>>> wrote: > Hello, > How would people feel about enabling the change.submitWholeTopic > option ( > https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#cha…) > for Gerrit? > > So far, we have relied on this to ensure that submodule changes get > submitted along with the corresponding change to the main repository. Our > usual workflow has been that whenever a change is made to one of the > submodule repositories, both that change and the corresponding change to > the main repository are tagged with the same topic. That way it is only > possible to submit either once they have all been reviewed +2 and the main > change has passed presubmit. This avoids submodules getting out of sync or > changes to them being missed or not properly tested. > > However, it looks like this is a per-host configuration option rather > than per-repository, so it would also affect the other Trusted Firmware > projects using the same Gerrit host. Are there any other uses of topics > there which would conflict with this config change? > > (If there are other people who might have an opinion on this please > add them to the thread.) > -- > Hafnium mailing list > Hafnium(a)lists.trustedfirmware.org<mailto: > Hafnium(a)lists.trustedfirmware.org> > https://lists.trustedfirmware.org/mailman/listinfo/hafnium > > -- > Hafnium mailing list > Hafnium(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/hafnium > -- > Hafnium mailing list > Hafnium(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/hafnium >

4 years, 9 months

1
0
0 0

Re: [Hafnium] change.submitWholeTopic option for Gerrit

by Varun Wadekar

Hello, I think this is a good idea to keep multiple moving parts in sync. OTOH, does this also mean that all changes *must* be part of a topic branch? That would be an overkill IMO. -Varun -----Original Message----- From: Hafnium <hafnium-bounces(a)lists.trustedfirmware.org> On Behalf Of Olivier Deprez via Hafnium Sent: Thursday, July 9, 2020 6:16 AM To: Benjamin Copeland <ben.copeland(a)linaro.org>; Joanna Farley <Joanna.Farley(a)arm.com>; bill.fletcher(a)linaro.org Cc: hafnium(a)lists.trustedfirmware.org Subject: Re: [Hafnium] change.submitWholeTopic option for Gerrit External email: Use caution opening links or attachments Ben, Kindly please hold on, I guess I should forward this comm. to other MLs for which the corresponding tforg projects will inherit the newly enabled feature. Thanks & Regards, Olivier. ________________________________________ From: Benjamin Copeland <ben.copeland(a)linaro.org> Sent: 09 July 2020 15:12 To: Joanna Farley; bill.fletcher(a)linaro.org Cc: Olivier Deprez; Andrew Walbran; hafnium(a)lists.trustedfirmware.org Subject: Re: [Hafnium] change.submitWholeTopic option for Gerrit If we are all in agreement I will get it enabled. Regards Ben On Thu, 9 Jul 2020 at 13:51, Joanna Farley <Joanna.Farley(a)arm.com<mailto:Joanna.Farley@arm.com>> wrote: Agree __ On 09/07/2020, 13:48, "Hafnium on behalf of Olivier Deprez via Hafnium" <hafnium-bounces(a)lists.trustedfirmware.org<mailto:hafnium-bounces@lists.trustedfirmware.org> on behalf of hafnium(a)lists.trustedfirmware.org<mailto:hafnium@lists.trustedfirmware.org>> wrote: Hi Andrew, We seem to reach a consensus within ARM that it is something we can enable. As a slight usage detail, we'd expect developers to use their initials for gerrit topics such a xy/topic-name. That's already recommended for TF-A, although not always enforced. This would avoid unintended/accidental merges in different repos because of gerrit topic name clashes. Does it make sense? Other folks in the ML, please shout if you disagree (you can also express that you agree 🙂). Regards, Olivier. ________________________________ From: Andrew Walbran Sent: Wednesday, July 01, 2020 11:28 To: hafnium(a)lists.trustedfirmware.org<mailto:hafnium@lists.trustedfirmware.org>; Benjamin Copeland; Olivier Deprez Subject: Re: change.submitWholeTopic option for Gerrit Any thoughts on this? On Fri, 26 Jun 2020 at 21:21, Andrew Walbran <qwandor(a)google.com<mailto:qwandor@google.com><mailto:qwandor@google.com<mailto:qwandor@google.com>>> wrote: Hello, How would people feel about enabling the change.submitWholeTopic option (https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#cha…) for Gerrit? So far, we have relied on this to ensure that submodule changes get submitted along with the corresponding change to the main repository. Our usual workflow has been that whenever a change is made to one of the submodule repositories, both that change and the corresponding change to the main repository are tagged with the same topic. That way it is only possible to submit either once they have all been reviewed +2 and the main change has passed presubmit. This avoids submodules getting out of sync or changes to them being missed or not properly tested. However, it looks like this is a per-host configuration option rather than per-repository, so it would also affect the other Trusted Firmware projects using the same Gerrit host. Are there any other uses of topics there which would conflict with this config change? (If there are other people who might have an opinion on this please add them to the thread.) -- Hafnium mailing list Hafnium(a)lists.trustedfirmware.org<mailto:Hafnium@lists.trustedfirmware.org> https://lists.trustedfirmware.org/mailman/listinfo/hafnium -- Hafnium mailing list Hafnium(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/hafnium

4 years, 9 months

1
0
0 0

Re: [Hafnium] change.submitWholeTopic option for Gerrit

by Joanna Farley

Agree __ On 09/07/2020, 13:48, "Hafnium on behalf of Olivier Deprez via Hafnium" <hafnium-bounces(a)lists.trustedfirmware.org on behalf of hafnium(a)lists.trustedfirmware.org> wrote: Hi Andrew, We seem to reach a consensus within ARM that it is something we can enable. As a slight usage detail, we'd expect developers to use their initials for gerrit topics such a xy/topic-name. That's already recommended for TF-A, although not always enforced. This would avoid unintended/accidental merges in different repos because of gerrit topic name clashes. Does it make sense? Other folks in the ML, please shout if you disagree (you can also express that you agree 🙂). Regards, Olivier. ________________________________ From: Andrew Walbran Sent: Wednesday, July 01, 2020 11:28 To: hafnium(a)lists.trustedfirmware.org; Benjamin Copeland; Olivier Deprez Subject: Re: change.submitWholeTopic option for Gerrit Any thoughts on this? On Fri, 26 Jun 2020 at 21:21, Andrew Walbran <qwandor(a)google.com<mailto:qwandor@google.com>> wrote: Hello, How would people feel about enabling the change.submitWholeTopic option (https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#cha…) for Gerrit? So far, we have relied on this to ensure that submodule changes get submitted along with the corresponding change to the main repository. Our usual workflow has been that whenever a change is made to one of the submodule repositories, both that change and the corresponding change to the main repository are tagged with the same topic. That way it is only possible to submit either once they have all been reviewed +2 and the main change has passed presubmit. This avoids submodules getting out of sync or changes to them being missed or not properly tested. However, it looks like this is a per-host configuration option rather than per-repository, so it would also affect the other Trusted Firmware projects using the same Gerrit host. Are there any other uses of topics there which would conflict with this config change? (If there are other people who might have an opinion on this please add them to the thread.) -- Hafnium mailing list Hafnium(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/hafnium

4 years, 9 months

3
2
0 0

Re: [Hafnium] change.submitWholeTopic option for Gerrit

by Olivier Deprez

Hi Andrew, We seem to reach a consensus within ARM that it is something we can enable. As a slight usage detail, we'd expect developers to use their initials for gerrit topics such a xy/topic-name. That's already recommended for TF-A, although not always enforced. This would avoid unintended/accidental merges in different repos because of gerrit topic name clashes. Does it make sense? Other folks in the ML, please shout if you disagree (you can also express that you agree 🙂). Regards, Olivier. ________________________________ From: Andrew Walbran Sent: Wednesday, July 01, 2020 11:28 To: hafnium(a)lists.trustedfirmware.org; Benjamin Copeland; Olivier Deprez Subject: Re: change.submitWholeTopic option for Gerrit Any thoughts on this? On Fri, 26 Jun 2020 at 21:21, Andrew Walbran <qwandor(a)google.com<mailto:qwandor@google.com>> wrote: Hello, How would people feel about enabling the change.submitWholeTopic option (https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#cha…) for Gerrit? So far, we have relied on this to ensure that submodule changes get submitted along with the corresponding change to the main repository. Our usual workflow has been that whenever a change is made to one of the submodule repositories, both that change and the corresponding change to the main repository are tagged with the same topic. That way it is only possible to submit either once they have all been reviewed +2 and the main change has passed presubmit. This avoids submodules getting out of sync or changes to them being missed or not properly tested. However, it looks like this is a per-host configuration option rather than per-repository, so it would also affect the other Trusted Firmware projects using the same Gerrit host. Are there any other uses of topics there which would conflict with this config change? (If there are other people who might have an opinion on this please add them to the thread.)

4 years, 9 months

2
2
0 0

Re: [Hafnium] kokoro/build and CHECKPATCH

by Olivier Deprez

Hi, The issue happens because driver/linux/Makefile defines CHECKPATCH with a default script path only if CHECKPATCH is not already set (uses ?= operator) It works by unsetting the existing environment CHECKPATCH from kokoro/build.sh when invoking the linux driver checkpatch as done here: https://review.trustedfirmware.org/c/hafnium/hafnium/+/4879 I think that's fine with build dependencies, nothing to change here. Regards, Olivier. ________________________________ From: Andrew Walbran Sent: Monday, May 18, 2020 17:21 To: Olivier Deprez Cc: hafnium(a)lists.trustedfirmware.org Subject: Re: [Hafnium] kokoro/build and CHECKPATCH If there are dependencies missing from https://hafnium.googlesource.com/hafnium/+/refs/heads/master/docs/GettingSt… then please send me a change to add them. I'm curious about pathlib, as it's not listed in https://hafnium.googlesource.com/hafnium/+/refs/heads/master/build/docker/D… either. We should probably fix the build to ignore any locally set value of CHECKPATCH, as it should always be using the version checked into the repository. On Mon, 18 May 2020 at 16:01, Olivier Deprez <Olivier.Deprez(a)arm.com<mailto:Olivier.Deprez@arm.com>> wrote: Hi Andrew, Notice I do git clean -fdx prior to trying CHECKPATCH set/not set, because it looks there's some dependency to local ninja build files. When CHECKPATCH is set I'm still seeing the issue mentioned earlier. When CHECKPATCH is not set, I got failures related to missing python dependencies on my ubuntu host (ply pathlib python-git). I don't recall seeing those dependencies listed in Hafnium pages, but that's fair enough. Now the checkpatch step passes by installing those python libs. Obviously I'm not facing this issue when running through docker hermetic build. So I guess it's low priority glitch, not sure if it really requires a fix or a notice in documentation? Regards, Olivier. ________________________________________ From: Andrew Walbran Sent: Monday, May 18, 2020 13:32 To: Olivier Deprez Cc: hafnium(a)lists.trustedfirmware.org<mailto:hafnium@lists.trustedfirmware.org> Subject: Re: [Hafnium] kokoro/build and CHECKPATCH That's weird, I haven't seen that before. Running either kokoro/build.sh or 'make checkpatch' locally works for me, whether or not CHECKPATCH is set. The Makefile in the root directory is setting CHECKPATCH unconditionally, but it looks like the one under drive/linux uses the existing value if there is one. Maybe we should change that? What error do you get when CHECKPATCH is not set? On Fri, 15 May 2020 at 18:18, Olivier Deprez via Hafnium <hafnium(a)lists.trustedfirmware.org<mailto:hafnium@lists.trustedfirmware.org>> wrote: Hi, Is there a known problem around checkpatch when running kokoro/build.sh locally? I noticed if CHECKPATCH env variable is already set then kokoro/build.sh fails with: + export CROSS_COMPILE=aarch64-linux-gnu- + CROSS_COMPILE=aarch64-linux-gnu- + cd driver/linux + make HAFNIUM_PATH=/home/olidep01/WORK/hafnium-upstream checkpatch <my-own-checkpatch-dir>/checkpatch.pl<http://checkpatch.pl> -f main.c Must be run from the top-level dir. of a kernel tree Makefile:43: recipe for target 'checkpatch' failed make: *** [checkpatch] Error 2 If I unset CHECKPATCH before running build.sh then it fails at the driver/linux check. Is this something known and/or needing fix? Regards, Olivier. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Hafnium mailing list Hafnium(a)lists.trustedfirmware.org<mailto:Hafnium@lists.trustedfirmware.org> https://lists.trustedfirmware.org/mailman/listinfo/hafnium IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

4 years, 9 months

1
0
0 0

change.submitWholeTopic option for Gerrit

by Andrew Walbran

Hello, How would people feel about enabling the change.submitWholeTopic option ( https://gerrit-review.googlesource.com/Documentation/config-gerrit.html#cha…) for Gerrit? So far, we have relied on this to ensure that submodule changes get submitted along with the corresponding change to the main repository. Our usual workflow has been that whenever a change is made to one of the submodule repositories, both that change and the corresponding change to the main repository are tagged with the same topic. That way it is only possible to submit either once they have all been reviewed +2 and the main change has passed presubmit. This avoids submodules getting out of sync or changes to them being missed or not properly tested. However, it looks like this is a per-host configuration option rather than per-repository, so it would also affect the other Trusted Firmware projects using the same Gerrit host. Are there any other uses of topics there which would conflict with this config change? (If there are other people who might have an opinion on this please add them to the thread.)

4 years, 9 months

1
1
0 0

New TrustedFirmware.org security incident process is now live

by Dan Handley

Hi all The new TrustedFirmware.org security incident process is now live. This process is described here: https://developer.trustedfirmware.org/w/collaboration/security_center/repor… Initially the process will be used for the following projects: TF-A, TF-M, OP-TEE and Mbed TLS. The security documentation for each project will be updated soon to reflect this change. If you are part of an organization that believes it should receive security vulnerability information before it is made public then please ask your relevant colleagues to register as Trusted Stakeholders as described here: https://developer.trustedfirmware.org/w/collaboration/security_center/trust… Note we prefer individuals in each organization to coordinate their registration requests with each other and to provide us with an email alias managed by your organization instead of us managing a long list of individual addresses. Best regards Dan. (on behalf of the TrustedFirmware.org security team)

4 years, 9 months

1
0
0 0

Re: [Hafnium] Running hafnium in Secure-world

by Olivier Deprez

Hi Raghu, Here are a few more technical details. An SPM design doc is in progress here: https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/4637 The following WIP patches enable an early testing (spm-wip topic branch): https://review.trustedfirmware.org/q/topic:%22spm-wip%22+(status:open%20OR%… As Matteo said, those patches are not yet marked under review waiting for re-licensing to complete. See the build script below if you wish to reproduce. Currently only FVP is supported by enabling Armv8.4-SecEL2 model toggle. This is running the TF-A-tests framework, although a reasonable target is to also have secure world test cases within Hafnium CI/test scripts. Test payloads at S-EL1 are TF-A-tests Cactus bare metal partitions (https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tree/spm/cactus/cactus_…) The test scenario is: TF-A boots and BL2 loads: Hafnium as BL32 in secure world, an SPMC manifest, two Cactus Secure Partition payloads. Hafnium is booted at S-EL2 in the secure world and returns to EL3. Normal world hands over to TFTF at NS-EL2. TFTF boots and initiates basic PSA FF-A direct messaging communication with one and the other Cactus SP. I can share more from the test logs if necessary. There is more to come related to booting a real TEE in place of Cactus. Regards, Olivier. #== Sample build script ========================================== <put bash shebang here> mkdir SPM; cd SPM # Build Hafnium git clone https://review.trustedfirmware.org/hafnium/hafnium && cd hafnium git submodule update --init git fetch "https://review.trustedfirmware.org/hafnium/hafnium" refs/changes/20/4720/1 && git checkout FETCH_HEAD git checkout -b spm cd project/reference git checkout -b spm git fetch "https://review.trustedfirmware.org/hafnium/project/reference" refs/changes/21/4721/1 && git cherry-pick FETCH_HEAD cd ../.. make PROJECT=reference cd .. # Build TF-A-tests git clone https://review.trustedfirmware.org/TF-A/tf-a-tests && cd tf-a-tests make CROSS_COMPILE=aarch64-none-elf- PLAT=fvp DEBUG=1 TESTS=spm cd .. # Build TF-A git clone https://review.trustedfirmware.org/TF-A/trusted-firmware-a && cd trusted-firmware-a make \ CROSS_COMPILE=aarch64-none-elf- \ SPD=spmd \ CTX_INCLUDE_EL2_REGS=1 \ ARM_ARCH_MINOR=4 \ PLAT=fvp \ DEBUG=1 \ BL33=../tf-a-tests/build/fvp/debug/tftf.bin \ BL32=../hafnium/out/reference/secure_aem_v8a_fvp_clang/hafnium.bin \ SP_LAYOUT_FILE=../tf-a-tests/build/fvp/debug/sp_layout.json \ all fip #===================================================== ________________________________________ From: Hafnium <hafnium-bounces(a)lists.trustedfirmware.org> on behalf of Matteo Carlini via Hafnium <hafnium(a)lists.trustedfirmware.org> Sent: 19 June 2020 10:47 To: raghu.ncstate(a)icloud.com Cc: hafnium(a)lists.trustedfirmware.org Subject: Re: [Hafnium] Running hafnium in Secure-world Hi Raghu, Hafnium is going to be precisely the reference Secure EL2 SPM, collaboratively developed and hosted here by Trusted Firmware.org. The project is finalising its migration as we speak (look at the relicensing commit here https://review.trustedfirmware.org/c/hafnium/hafnium/+/4616) and we'll soon create a blogpost to celebrate the final migration and its new life under Trusted Firmware. The development teams are already working internally to achieve the above S-EL2 goal and they'll be posting the initial enablement patches and proto-branches as soon as the relicensing is complete, so to continue the development completely in the open and welcome partners' comments and help. They can certainly chime in here and provide their current status from a technical perspective. The Normal world instance of Hafnium remains for now just as test payload for the PSA FF-A (SPCI) interface to help developing the Secure-EL2 SPM side of it, nothing more than that. You can always refer to my Linaro presentation back in March that described the overall goal and direction for this enablement: https://connect.linaro.org/resources/ltd20/ltd20-200k/ Please note there will also be a TF-A Tech Forum session entirely focused on the Secure EL2 / Hafnium development topic quite soon (2nd July tentative), watch this space: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/ So I'd strongly encourage to participate to it, to discuss live all the latest news. Thanks Matteo > From: Hafnium <hafnium-bounces(a)lists.trustedfirmware.org> on behalf of > Raghu K via Hafnium <hafnium(a)lists.trustedfirmware.org> > Sent: 18 June 2020 22:59 > To: hafnium(a)lists.trustedfirmware.org > Subject: [Hafnium] Running hafnium in Secure-world > > All, > > Is it possible to run hafnium in SEL2? From looking at the code, it seems like > hafnium currently only supports running in NS world. Is my understanding > correct? I was wondering if/when there is a plan for secure world support in > hafnium and if anybody is working on it. > > Thanks > Raghu -- Hafnium mailing list Hafnium(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/hafnium

4 years, 9 months

2
1
0 0

2025

2024

2023

2022

2021

2020

Hafnium