Hi All,
We are pleased to announce the formal release of Trusted Firmware-A version 2.9 bundle of project deliverables.
This includes Trusted Firmware-A, Trusted Firmware-A Tests, Hafnium and TF-A OpenCI Scripts/Jobs 2.9 releases involving the tagging of multiple repositories. Aligned but not yet part of the release is Trusted Firmware-A Realm Management Monitor v0.3.0.
These went live on 23rd May 2023.
I would like to thank all of the contributors for their excellent work and achievements since the last release.
Thanks Joanna
Notable Features of the Version 2.9 Release are as follows:
TF-A/EL3 Root World
* New Features:
* Support for PSCI OS initiated mode
* Architecture feature support for FEAT_TCR2, FEAT_GCS, FEAT_HCX, FEAT_SME2, FEAT_PIE/POR, FEAT_MPAM.
* System registers access trap handler
* Introduction to dynamic detection of features
* Refactoring:
* Context management
* RAS extension exception handling and crash reporting.
* Distinguish between BL2 as TF-A entry point or BL2 running at EL3 exception level.
* General Support
* CPU Support for Chaberton and Blackhawk for TC2023
* Eighteen (18) Errata Mitigations for Cortex X2/X3/A710/A510/A78/A78C and Neoverse N2/V1 family CPU’S
* Errata Management Firmware Interface implementation supported for version 1.0 of the public specification
TF-A Boot BL1/BL2
* New Feature/Support
* Support for Trusted Boot rooted into RSS RoT on TC2022 platform.
* Support for PSA attestation scheme with Measured Boot rooted into RSS on TC2022 platform
* Migration to mbedTLS 3.x as the default cryptography library retaining backwards compatibility with mbedTLS 2.x
* Improvements and hardening of Arm CCA boot and attestation support.
* Hardening efforts in the X.509 certificate parser, including a security fix (TFV-10 CVE-2022-47630)
Hafnium/SEL2 SPM
* FF-A v1.2 ALP0 Specification Early Adoption Support
* Implemented ppartition info get ABI using GP registers.
* Group0 secure interrupt handling delegation.
* Improved console log ABI.
* FF-A v1.1 REL0 Specification Support
* Interrupt handling (S-EL0 partition signalling, added action to Other-S-Int, allow a physical interrupt to be routed to a specified PE).
* Memory sharing (structures updates supporting FF-A backwards compatibility, share/lend/donate memory to multiple borrowers, normal/secure fragmented memory sharing).
* Power management (events relayed to the SPMC and removed limitations).
* Indirect messaging (buffer synchronization and ownership transfer rules).
* General Support
* SPMC manifest to declare non-secure and secure system memory address ranges.
* Hardened SP manifest memory regions boot time validation.
* CI migration to LLVM/clang 15.0.6
* Removal of non-VHE build and test configurations.
* Added EL3 SPMC test configurations using the Hafnium's CI infrastructure.
TF-A Tests
* New Test Support
* Errata Management Firmware Interface testing
* FF-A v1.1 feature testing
* Realm Management Extension feature testing
* New Architecture Specific feature testing related to v8.8
* 1 new platform port (RD-N2-Cfg3)
TF-RMM/REL2
* New Feature/Support
* Added support to create Realms which can make use of SVE, if present in hardware.
* Refactor and improved the Stage 1 translation table library lib/xlat API to better fit RMM usage.
* Add PMU support for Realms as described by RMM v1.0 Beta0 specification.
* Support getting DRAM info from the Boot manifest dynamically at runtime.
* RMM can now support the 2nd DDR bank on FVP
* Define a unit test framework using CppUTest for RMM.
* Added unit tests for granule, slot-buffer and Stage 1 translation table lib xlat.
* Improvements to fake-host and unit tests framework.
* Build improvements in RMM
Platform Support
* 1 new platform added, the Allwinner T507 SoC
* 26 platforms updated from 14 providers
* 17 different driver updates
OpenCI
* First release done solely relying on Trustedfirmware.org OpenCI
Patch Statistics Across all Repositories
* 1403 Patches merged since v2.8 November 2022 release
Please refer to the TF-A [1], Hafnium [2] and TF-A Tests [3] changelogs for the complete summary of changes from the previous release.
TF-A [4], TF-A Test [5], Hafnium [6], TF-A OpenCI Scripts [7] and TF-A OpenCI Jobs [8] repositories are available along with the compatible TF-RMM repository [9] and changelog [10].
[1] https://trustedfirmware-a.readthedocs.io/en/v2.9/change-log.html#id1
[2] https://review.trustedfirmware.org/plugins/gitiles/hafnium/hafnium/+/HEAD/d…
[3] https://trustedfirmware-a-tests.readthedocs.io/en/v2.9/change-log.html#vers…
[4] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tag/?h=v2.9
[5] https://git.trustedfirmware.org/TF-A/tf-a-tests.git/tag/?h=v2.9
[6] https://git.trustedfirmware.org/hafnium/hafnium.git/tag/?h=v2.9
[7] https://git.trustedfirmware.org/ci/tf-a-ci-scripts.git/tag/?h=v2.9
[8] https://git.trustedfirmware.org/ci/tf-a-job-configs.git/tag/?h=v2.9
[9] https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tag/?h=tf-rmm-v0.3.0
[10] https://tf-rmm.readthedocs.io/en/tf-rmm-v0.3.0/about/change-log.html#v0-3-0
Hi, Olivier,
I have a few questions for your reply.
> [OD] Unfortunately Hafnium is not designed for this. I can see few places where things can go wrong, but firstly as you highlighted in another thread, the init should take place on the same core that was used for initializing (aka the primary core). As I understand, the optee load smc can happen on any core as it's launched from a nwd/linux thread running on any core. This is not only a hafnium limitation, I guess OP-TEE would have the same problem further on, as it also must go through the primary core init on physical boot/primary core. Then it would require the normal world to coordinate the secondary core init. for all cores, the same way as it happens in the cold boot phase by duplicating TF-A's PSCI boot flows.
I have done a restrained test for optee hot update. By setting grub.cfg, only one physical core is enabled, in which case hafnium and optee could be initialized normally. But after spmd returning to the driver, the optee driver hang in optee_ffa_probe and cannot exit normally. Maybe hafnium changes the state of some registers during initialization. And these registers may be shared with the el2 host os kernel. What issues do you think I may have overlooked?
1. Primary core and secondary core should be concepts during boot phase. At runtime, primary core and secondary core should not be distinguished. Does this mean that I can initialize the core of nwd/linux running thread with hafnium as the primary core? This may require hafnium or Atf to do some initialization for the core.
2. Can a hafnium implement an optee hot update without fully initializing itself but with a few initializing actions for optee, such as manifest_init?
3. For all cores, the same way as it happens in the cold boot phase by duplicating TF-A's PSCI boot flows. Agree with you.
> [OD] No this isn't supported and not in our roadmap. As things stand with upstream components, it would be preferable going with a regular FW update flow (but requires a machine reboot).
1. When you say upstream_components, do you mean bl2u_image, ns_bl2u_image things like that or something else in other spec?
Although this is an alternative update solution, machine reboot does not have the significance and advantages that belong to the hot update.
Thanks for your support.
Regards,
Yuye.
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年5月9日(星期二) 23:54
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>
主 题:Re: optee hot update
Hi Yuye,
See few comments inline [OD].
Regards,
Olivier.
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 06 May 2023 09:34
To: Olivier Deprez <Olivier.Deprez(a)arm.com>
Cc: hafnium <hafnium(a)lists.trustedfirmware.org>
Subject: optee hot update
Hi, Olivier,
As I can see in the Hafnium code,
Hafnium performs a number of one-time functions at boot phase,
like one_time_init_mm and one_time_init.
I want to initialize Hafnium again from image_entry and then initialize optee after optee is updated.
I wonder if there are any problems with this flow for hafnium at runtime phase.
[OD] Unfortunately Hafnium is not designed for this. I can see few places where things can go wrong, but firstly as you highlighted in another thread, the init should take place on the same core that was used for initializing (aka the primary core). As I understand, the optee load smc can happen on any core as it's launched from a nwd/linux thread running on any core. This is not only a hafnium limitation, I guess OP-TEE would have the same problem further on, as it also must go through the primary core init on physical boot/primary core. Then it would require the normal world to coordinate the secondary core init. for all cores, the same way as it happens in the cold boot phase by duplicating TF-A's PSCI boot flows.
Does Hafnium provide any interface to boot optee directly at runtime phase,
and if not, how do you think it makes sense to modify the above flow?
[OD] No this isn't supported and not in our roadmap. As things stand with upstream components, it would be preferable going with a regular FW update flow (but requires a machine reboot).
Does anyone else know how to fix it?
Thanks for your support.
Regards,
Yuye.
Hi, Olivier,
As I can see in the Hafnium code,
Hafnium performs a number of one-time functions at boot phase,
like one_time_init_mm and one_time_init.
I want to initialize Hafnium again from image_entry and then initialize optee after optee is updated.
I wonder if there are any problems with this flow for hafnium at runtime phase.
Does Hafnium provide any interface to boot optee directly at runtime phase,
and if not, how do you think it makes sense to modify the above flow?
Does anyone else know how to fix it?
Thanks for your support.
Regards,
Yuye.
TF-A Community,
This is to notify that we are planning to target the Trusted Firmware-A 2.9 release during the middle of May 2023 as part of the regular 6 month cadence.
The aim is to consolidate all TF-A work since the 2.8 release. As part of this, a release candidate tag is targeted to be created and release activities commence from 10th May 2023 across all TF-A repositories.
Essentially we will not merge any major enhancements from this date until the release is made.
Please ensure any patches desired to make the 2.9 release are submitted in good time to be complete by 9th May 2023.
Any major enhancement patches still open after that date will not be merged until after the release.
This will involve the various repositories making up the broader TF-A project including the TF-A mainline, TF-A Tests, Hafnium, TF-A CI Scripts and TF-A CI Job. In addition a TF-RMM repository release will be made that is compatible with v2.9.
We will endeavour minimise the disruption on patch merging and complete release activities ASAP after we start normally completing within 7-10 working days.
Regards
Joanna Farley
Hi, Jens,
In our scenario, we need to update the entire optee image,
so booting the updated image must be done by hafnium (sel2 spmc).
Regards,
Yuye.
------------------------------------------------------------------
发件人:Jens Wiklander <jens.wiklander(a)linaro.org>
发送时间:2023年4月24日(星期一) 19:52
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
主 题:Re: [Hafnium] hyp_loaded
Hi Yuye,
On Mon, Apr 24, 2023 at 1:32 PM 梅建强(禹夜) via Hafnium
<hafnium(a)lists.trustedfirmware.org> wrote:
>
> Hi, Olivier,
> The question in the last email may be a little confusing.
> I want to change the question, do you know how implement that hafnium boot optee at runtime?
> I think there should be less initialization than the first boot.
If this is just to be able to load OP-TEE late during boot it might be
more useful to implement this in OP-TEE itself, that way it can be
used in more or less any environment supported by OP-TEE.
Cheers,
Jens
> Thanks a lot for the support.
> Regards,
> Yuye.
> ------------------------------------------------------------------
> 发件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 发送时间:2023年4月23日(星期日) 16:36
> 收件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
> 抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>
> 主 题:hyp_loaded
> Hi, Olivier,
> I would like to ask you about the solution to the optee hot update.
> In the current scenario, we have updated the optee core image after REE OS is booted.
> And we want to re-initialize hafnium and optee in the boot flow.
> So we re-execute the function spmd_init() in the ATF and enter into hafnium succesfully.
> However, we find that function plat_psci_cpu_resume() has some problems with hafnium entering into optee.
> We add some debug near the following code.
> dlog("[Hafnium] cpu_index:%x, cpu->id:%x\n",cpu_index(c), c->id);
> vcpu = vm_get_vcpu(vm, (vm->vcpu_count == 1) ? 0 : cpu_index(c));
> vcpu_locked = vcpu_lock(vcpu);
> Because the tee_driver that initiate a optee update request is running on a random cpu after REE OS is booted,
> cpu_id here is a random id, but cpu_index is still 0, like the print:
> [Hafnium] cpu_index:0, cpu->id:2d0000
> which seems to affect optee booting and the system will hang before hafnium enter into optee.
> I am not familiar with the vcpu switching.
> Do you know how to solve this problem?
> Or should we directly select the secondary core boot way instead of the primary on the current physical cpu?
> Regards,
> Yuye.
> ------------------------------------------------------------------
> 发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
> 发送时间:2023年2月3日(星期五) 18:10
> 收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Achin Gupta <Achin.Gupta(a)arm.com>; Gyorgy Szing <Gyorgy.Szing(a)arm.com>
> 主 题:Re: hyp_loaded
> Hi Yuve,
> I believe we missed to reply to:
> > In addition, the OPTEE community seems to be discussing the issue of Post-boot loading OPTEE.
> Does anyone know whether these two issues can be regarded as the same kind of issue?
> From my perspective, this is a fundamentally different approach to how OP-TEE is loaded and booted.
> And actually a quite orthogonal model of trust compared to usual TF-A deployments.
> This requires an enforcement of the bootloader and kernel to verify the filesystem contents hence this has additional assumptions about the system integration.
> So I believe this a different 'problem' addressed, if compared to the generic firmware update topic.
> Regards,
> Olivier.
> From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> Sent: 19 January 2023 18:30
> To: Gyorgy Szing <Gyorgy.Szing(a)arm.com>; Achin Gupta <Achin.Gupta(a)arm.com>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
> Cc: nd <nd(a)arm.com>
> Subject: 回复:[Hafnium] 回复:回复:回复:回复:hyp_loaded
> Hi, George
> Since I have to go home for the Spring Festival, I have delayed two days for the reply to this issue.Sorry about that.
> > would it be possible for you to instead of extending HF with SP loading capability, implement a loader SP instead?
> Yes, we have recognized that method of extanding HF is not only complex but also against the HF design principle.
> We have reanalysed the SP loading. Now we think that BL31 may be a good choice to replace the HF for loading the OPTEE at runtime phase.
> And it seems that we can benefit from some implementation of image loading in BL2 in TF-A.
> In addition, the OPTEE community seems to be discussing the issue of Post-boot loading OPTEE.
> Does anyone know whether these two issues can be regarded as the same kind of issue?
> Regards,
> Yuye
> ------------------------------------------------------------------
> 发件人:Gyorgy Szing <Gyorgy.Szing(a)arm.com>
> 发送时间:2023年1月17日(星期二) 18:27
> 收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>; Achin Gupta <Achin.Gupta(a)arm.com>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
> 抄 送:nd <nd(a)arm.com>
> 主 题:RE: [Hafnium] 回复:回复:回复:回复:hyp_loaded
> Hi Yuye,
> would it be possible for you to instead of extending HF with SP loading capability, implement a loader SP instead? This SP would be loaded by BL2 instead of OP-TEE, and would be able to "replace itself" with the real payload of the SP later (in this case OP-TEE). For that it could either host a storage driver, if boot-time loading is needed, or if storage is only accessible from the SWd, or allow the NWd to send the payload if run-time loading is more beneficial.
> The main benefit of this approach would be to keep extra complexity out of HF, and to run the loader compartmentalized (least privilege principle).
> This might need some changes in HF, and will need a new treat model and threat mitigations. But I think the same is true if the loader is implemented in HF.
> Experts any thoughts? Would this be feasible? Would this be a good approach?
> /George
> -----Original Message-----
> From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
> Sent: 17 January 2023 02:42
> To: Achin Gupta <Achin.Gupta(a)arm.com>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
> Subject: [Hafnium] 回复:回复:回复:回复:hyp_loaded
> Hi,
> > If you are looking at changing the OP-TEE image at runtime then this is effectively a firmware update right?
> Yes.
> > Are you planning to add this support to Hafnium too or will this be done on a separate controller?
> Yes, we intend to use Hafnium to support it now.
> regards,
> yuye
> ------------------------------------------------------------------
> 发件人:Achin Gupta <Achin.Gupta(a)arm.com>
> 发送时间:2023年1月17日(星期二) 05:18
> 收件人:raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 主 题:Re: [Hafnium] 回复:回复:回复:hyp_loaded
> Hi Yuye,
> If you are looking at changing the OP-TEE image at runtime then this is effectively a firmware update right? Apart from storage drivers you would need some support for verifying or measuring the image as well. Are you planning to add this support to Hafnium too or will this be done on a separate controller?
> cheers,
> Achin
> From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
> Sent: 16 January 2023 17:50
> To: raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
> Subject: [Hafnium] 回复:回复:回复:hyp_loaded
> Hi,
> In our current boot flow, we have implemented TF-A BL2 to load OPTEE.
> However, at runtime, this static loading method is not convenient for updating OPTEE, considering that we may make some changes to OPTEE on demand.
> So we wanted to load OPTEE with a dynamic loading solution, and Hafnium would be a good runtime component, since TF-A BL2 is not a runtime component.
> Before I do that, I want to implement Hafnium's static loading of OPTEE.
> If you have any questions about the above ideas or other solutions to this query, glad to discuss with you.
> Thanks for support.
> regards,
> yuye
> ------------------------------------------------------------------
> 发件人:raghu.ncstate <raghu.ncstate(a)icloud.com>
> 发送时间:2023年1月17日(星期二) 01:15
> 收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
> 抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
> 主 题:RE: [Hafnium] 回复:回复:hyp_loaded
> It would be good if consider using TF-A BL2 or equivalent to load OPTEE, that runs before hafnium, which is really the secure loader. I would recommend against hafnium including a loader, to keep it simple (and replicate the same functionality of another component), although that might be the right approach for your platform.
> -----Original Message-----
> From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
> Sent: Monday, January 16, 2023 8:37 AM
> To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
> Cc: 赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
> Subject: [Hafnium] 回复:回复:hyp_loaded
> Hi, expert
> It seems that if I want to implement the query, I need to implement storage drivers in hafnium by myself.
> Thanks for the confirmation.
> regards,
> yuye
> ------------------------------------------------------------------
> 发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
> 发送时间:2023年1月17日(星期二) 00:30
> 收件人:hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
> 主 题:Re: 回复:[Hafnium] hyp_loaded
> Hi,
> In the reference implementation, OP-TEE is loaded (from flash to DRAM) as a partition by a bootloader running before Hafnium is launched.
> The bootloader can be TF-A's BL2 or another solution.
> Hafnium cannot "load an image/partition to DRAM" as it doesn't implement storage drivers.
> Regards,
> Olivier.
> From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> Sent: 16 January 2023 17:25
> To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
> Cc: 赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
> Subject: 回复:[Hafnium] hyp_loaded
> Hi, expert
> For my configuration, Hafnium is used as a SPMC running on S-EL2.
> Is there any problems if I use Hafnium to load an OP-TEE image in the boot flow?
> regards,
> yuye
> ------------------------------------------------------------------
> 发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
> 发送时间:2023年1月17日(星期二) 00:15
> 收件人:hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
> 主 题:Re: [Hafnium] hyp_loaded
> Hi,
> As I recall hyp_loaded option was introduced in context of Hafnium used as a NS EL2 hypervisor. Is this a configuration you use?
> This option is only related to normal world VMs.
> I don't believe it was designed for SPs or the SPMC image itself.
> One reason is that SEL2/SPMC starts before the NS EL2 hypervisor in the boot flow.
> For the record, the change that introduced this option:
> https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > > < < >https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > > > < < >https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > > < < >https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > > > > Regards, Olivier.
> From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
> Sent: 16 January 2023 13:54
> To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
> Cc: 赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
> Subject: [Hafnium] hyp_loaded
> Hi, expert
> I want to confirm a problem about using hafnium to load spmc payload.
> That is, Dose hafnium supports hyp_loaded for spmc payload or ffa_partion (such as optee_os) in the boot phase?
> If the community confirms that it does not support it, I wonder, what might be the problem with doing so?
> I see the following code in hanfnium:
> if (manifest->vm[i].is_ffa_partition &&
> !manifest->vm[i].is_hyp_loaded) {
> TRY(parse_ffa_partition_package(stage1_locked, &vm_node, &manifest->vm[i], vm_id, ppool)); } else { TRY(parse_vm(&vm_node, &manifest->vm[i], vm_id)); } It seems that hafnium has no handling for both is_ffa_partition and is_hyp_loaded.
> regards,
> yuye
> --
> Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
> --
> Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
> --
> Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
> --
> Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
> --
> Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org
> To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
Hi, Olivier,
The question in the last email may be a little confusing.
I want to change the question, do you know how implement that hafnium boot optee at runtime?
I think there should be less initialization than the first boot.
Thanks a lot for the support.
Regards,
Yuye.
------------------------------------------------------------------
发件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
发送时间:2023年4月23日(星期日) 16:36
收件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>
主 题:hyp_loaded
Hi, Olivier,
I would like to ask you about the solution to the optee hot update.
In the current scenario, we have updated the optee core image after REE OS is booted.
And we want to re-initialize hafnium and optee in the boot flow.
So we re-execute the function spmd_init() in the ATF and enter into hafnium succesfully.
However, we find that function plat_psci_cpu_resume() has some problems with hafnium entering into optee.
We add some debug near the following code.
dlog("[Hafnium] cpu_index:%x, cpu->id:%x\n",cpu_index(c), c->id);
vcpu = vm_get_vcpu(vm, (vm->vcpu_count == 1) ? 0 : cpu_index(c));
vcpu_locked = vcpu_lock(vcpu);
Because the tee_driver that initiate a optee update request is running on a random cpu after REE OS is booted,
cpu_id here is a random id, but cpu_index is still 0, like the print:
[Hafnium] cpu_index:0, cpu->id:2d0000
which seems to affect optee booting and the system will hang before hafnium enter into optee.
I am not familiar with the vcpu switching.
Do you know how to solve this problem?
Or should we directly select the secondary core boot way instead of the primary on the current physical cpu?
Regards,
Yuye.
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年2月3日(星期五) 18:10
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Achin Gupta <Achin.Gupta(a)arm.com>; Gyorgy Szing <Gyorgy.Szing(a)arm.com>
主 题:Re: hyp_loaded
Hi Yuve,
I believe we missed to reply to:
> In addition, the OPTEE community seems to be discussing the issue of Post-boot loading OPTEE.
Does anyone know whether these two issues can be regarded as the same kind of issue?
From my perspective, this is a fundamentally different approach to how OP-TEE is loaded and booted.
And actually a quite orthogonal model of trust compared to usual TF-A deployments.
This requires an enforcement of the bootloader and kernel to verify the filesystem contents hence this has additional assumptions about the system integration.
So I believe this a different 'problem' addressed, if compared to the generic firmware update topic.
Regards,
Olivier.
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 19 January 2023 18:30
To: Gyorgy Szing <Gyorgy.Szing(a)arm.com>; Achin Gupta <Achin.Gupta(a)arm.com>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com>
Subject: 回复:[Hafnium] 回复:回复:回复:回复:hyp_loaded
Hi, George
Since I have to go home for the Spring Festival, I have delayed two days for the reply to this issue.Sorry about that.
> would it be possible for you to instead of extending HF with SP loading capability, implement a loader SP instead?
Yes, we have recognized that method of extanding HF is not only complex but also against the HF design principle.
We have reanalysed the SP loading. Now we think that BL31 may be a good choice to replace the HF for loading the OPTEE at runtime phase.
And it seems that we can benefit from some implementation of image loading in BL2 in TF-A.
In addition, the OPTEE community seems to be discussing the issue of Post-boot loading OPTEE.
Does anyone know whether these two issues can be regarded as the same kind of issue?
Regards,
Yuye
------------------------------------------------------------------
发件人:Gyorgy Szing <Gyorgy.Szing(a)arm.com>
发送时间:2023年1月17日(星期二) 18:27
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>; Achin Gupta <Achin.Gupta(a)arm.com>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
抄 送:nd <nd(a)arm.com>
主 题:RE: [Hafnium] 回复:回复:回复:回复:hyp_loaded
Hi Yuye,
would it be possible for you to instead of extending HF with SP loading capability, implement a loader SP instead? This SP would be loaded by BL2 instead of OP-TEE, and would be able to "replace itself" with the real payload of the SP later (in this case OP-TEE). For that it could either host a storage driver, if boot-time loading is needed, or if storage is only accessible from the SWd, or allow the NWd to send the payload if run-time loading is more beneficial.
The main benefit of this approach would be to keep extra complexity out of HF, and to run the loader compartmentalized (least privilege principle).
This might need some changes in HF, and will need a new treat model and threat mitigations. But I think the same is true if the loader is implemented in HF.
Experts any thoughts? Would this be feasible? Would this be a good approach?
/George
-----Original Message-----
From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: 17 January 2023 02:42
To: Achin Gupta <Achin.Gupta(a)arm.com>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Subject: [Hafnium] 回复:回复:回复:回复:hyp_loaded
Hi,
> If you are looking at changing the OP-TEE image at runtime then this is effectively a firmware update right?
Yes.
> Are you planning to add this support to Hafnium too or will this be done on a separate controller?
Yes, we intend to use Hafnium to support it now.
regards,
yuye
------------------------------------------------------------------
发件人:Achin Gupta <Achin.Gupta(a)arm.com>
发送时间:2023年1月17日(星期二) 05:18
收件人:raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
主 题:Re: [Hafnium] 回复:回复:回复:hyp_loaded
Hi Yuye,
If you are looking at changing the OP-TEE image at runtime then this is effectively a firmware update right? Apart from storage drivers you would need some support for verifying or measuring the image as well. Are you planning to add this support to Hafnium too or will this be done on a separate controller?
cheers,
Achin
From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: 16 January 2023 17:50
To: raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Subject: [Hafnium] 回复:回复:回复:hyp_loaded
Hi,
In our current boot flow, we have implemented TF-A BL2 to load OPTEE.
However, at runtime, this static loading method is not convenient for updating OPTEE, considering that we may make some changes to OPTEE on demand.
So we wanted to load OPTEE with a dynamic loading solution, and Hafnium would be a good runtime component, since TF-A BL2 is not a runtime component.
Before I do that, I want to implement Hafnium's static loading of OPTEE.
If you have any questions about the above ideas or other solutions to this query, glad to discuss with you.
Thanks for support.
regards,
yuye
------------------------------------------------------------------
发件人:raghu.ncstate <raghu.ncstate(a)icloud.com>
发送时间:2023年1月17日(星期二) 01:15
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
主 题:RE: [Hafnium] 回复:回复:hyp_loaded
It would be good if consider using TF-A BL2 or equivalent to load OPTEE, that runs before hafnium, which is really the secure loader. I would recommend against hafnium including a loader, to keep it simple (and replicate the same functionality of another component), although that might be the right approach for your platform.
-----Original Message-----
From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: Monday, January 16, 2023 8:37 AM
To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Cc: 赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
Subject: [Hafnium] 回复:回复:hyp_loaded
Hi, expert
It seems that if I want to implement the query, I need to implement storage drivers in hafnium by myself.
Thanks for the confirmation.
regards,
yuye
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年1月17日(星期二) 00:30
收件人:hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
主 题:Re: 回复:[Hafnium] hyp_loaded
Hi,
In the reference implementation, OP-TEE is loaded (from flash to DRAM) as a partition by a bootloader running before Hafnium is launched.
The bootloader can be TF-A's BL2 or another solution.
Hafnium cannot "load an image/partition to DRAM" as it doesn't implement storage drivers.
Regards,
Olivier.
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 16 January 2023 17:25
To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Cc: 赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
Subject: 回复:[Hafnium] hyp_loaded
Hi, expert
For my configuration, Hafnium is used as a SPMC running on S-EL2.
Is there any problems if I use Hafnium to load an OP-TEE image in the boot flow?
regards,
yuye
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年1月17日(星期二) 00:15
收件人:hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
主 题:Re: [Hafnium] hyp_loaded
Hi,
As I recall hyp_loaded option was introduced in context of Hafnium used as a NS EL2 hypervisor. Is this a configuration you use?
This option is only related to normal world VMs.
I don't believe it was designed for SPs or the SPMC image itself.
One reason is that SEL2/SPMC starts before the NS EL2 hypervisor in the boot flow.
For the record, the change that introduced this option:
https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > < < >https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > > < < >https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > < < >https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > > > Regards, Olivier.
From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: 16 January 2023 13:54
To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Cc: 赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
Subject: [Hafnium] hyp_loaded
Hi, expert
I want to confirm a problem about using hafnium to load spmc payload.
That is, Dose hafnium supports hyp_loaded for spmc payload or ffa_partion (such as optee_os) in the boot phase?
If the community confirms that it does not support it, I wonder, what might be the problem with doing so?
I see the following code in hanfnium:
if (manifest->vm[i].is_ffa_partition &&
!manifest->vm[i].is_hyp_loaded) {
TRY(parse_ffa_partition_package(stage1_locked, &vm_node, &manifest->vm[i], vm_id, ppool)); } else { TRY(parse_vm(&vm_node, &manifest->vm[i], vm_id)); } It seems that hafnium has no handling for both is_ffa_partition and is_hyp_loaded.
regards,
yuye
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
Hi, Olivier,
I would like to ask you about the solution to the optee hot update.
In the current scenario, we have updated the optee core image after REE OS is booted.
And we want to re-initialize hafnium and optee in the boot flow.
So we re-execute the function spmd_init() in the ATF and enter into hafnium succesfully.
However, we find that function plat_psci_cpu_resume() has some problems with hafnium entering into optee.
We add some debug near the following code.
dlog("[Hafnium] cpu_index:%x, cpu->id:%x\n",cpu_index(c), c->id);
vcpu = vm_get_vcpu(vm, (vm->vcpu_count == 1) ? 0 : cpu_index(c));
vcpu_locked = vcpu_lock(vcpu);
Because the tee_driver that initiate a optee update request is running on a random cpu after REE OS is booted,
cpu_id here is a random id, but cpu_index is still 0, like the print:
[Hafnium] cpu_index:0, cpu->id:2d0000
which seems to affect optee booting and the system will hang before hafnium enter into optee.
I am not familiar with the vcpu switching.
Do you know how to solve this problem?
Or should we directly select the secondary core boot way instead of the primary on the current physical cpu?
Regards,
Yuye.
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年2月3日(星期五) 18:10
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Achin Gupta <Achin.Gupta(a)arm.com>; Gyorgy Szing <Gyorgy.Szing(a)arm.com>
主 题:Re: hyp_loaded
Hi Yuve,
I believe we missed to reply to:
> In addition, the OPTEE community seems to be discussing the issue of Post-boot loading OPTEE.
Does anyone know whether these two issues can be regarded as the same kind of issue?
From my perspective, this is a fundamentally different approach to how OP-TEE is loaded and booted.
And actually a quite orthogonal model of trust compared to usual TF-A deployments.
This requires an enforcement of the bootloader and kernel to verify the filesystem contents hence this has additional assumptions about the system integration.
So I believe this a different 'problem' addressed, if compared to the generic firmware update topic.
Regards,
Olivier.
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 19 January 2023 18:30
To: Gyorgy Szing <Gyorgy.Szing(a)arm.com>; Achin Gupta <Achin.Gupta(a)arm.com>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Cc: nd <nd(a)arm.com>
Subject: 回复:[Hafnium] 回复:回复:回复:回复:hyp_loaded
Hi, George
Since I have to go home for the Spring Festival, I have delayed two days for the reply to this issue.Sorry about that.
> would it be possible for you to instead of extending HF with SP loading capability, implement a loader SP instead?
Yes, we have recognized that method of extanding HF is not only complex but also against the HF design principle.
We have reanalysed the SP loading. Now we think that BL31 may be a good choice to replace the HF for loading the OPTEE at runtime phase.
And it seems that we can benefit from some implementation of image loading in BL2 in TF-A.
In addition, the OPTEE community seems to be discussing the issue of Post-boot loading OPTEE.
Does anyone know whether these two issues can be regarded as the same kind of issue?
Regards,
Yuye
------------------------------------------------------------------
发件人:Gyorgy Szing <Gyorgy.Szing(a)arm.com>
发送时间:2023年1月17日(星期二) 18:27
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>; Achin Gupta <Achin.Gupta(a)arm.com>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
抄 送:nd <nd(a)arm.com>
主 题:RE: [Hafnium] 回复:回复:回复:回复:hyp_loaded
Hi Yuye,
would it be possible for you to instead of extending HF with SP loading capability, implement a loader SP instead? This SP would be loaded by BL2 instead of OP-TEE, and would be able to "replace itself" with the real payload of the SP later (in this case OP-TEE). For that it could either host a storage driver, if boot-time loading is needed, or if storage is only accessible from the SWd, or allow the NWd to send the payload if run-time loading is more beneficial.
The main benefit of this approach would be to keep extra complexity out of HF, and to run the loader compartmentalized (least privilege principle).
This might need some changes in HF, and will need a new treat model and threat mitigations. But I think the same is true if the loader is implemented in HF.
Experts any thoughts? Would this be feasible? Would this be a good approach?
/George
-----Original Message-----
From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: 17 January 2023 02:42
To: Achin Gupta <Achin.Gupta(a)arm.com>; raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Subject: [Hafnium] 回复:回复:回复:回复:hyp_loaded
Hi,
> If you are looking at changing the OP-TEE image at runtime then this is effectively a firmware update right?
Yes.
> Are you planning to add this support to Hafnium too or will this be done on a separate controller?
Yes, we intend to use Hafnium to support it now.
regards,
yuye
------------------------------------------------------------------
发件人:Achin Gupta <Achin.Gupta(a)arm.com>
发送时间:2023年1月17日(星期二) 05:18
收件人:raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
主 题:Re: [Hafnium] 回复:回复:回复:hyp_loaded
Hi Yuye,
If you are looking at changing the OP-TEE image at runtime then this is effectively a firmware update right? Apart from storage drivers you would need some support for verifying or measuring the image as well. Are you planning to add this support to Hafnium too or will this be done on a separate controller?
cheers,
Achin
From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: 16 January 2023 17:50
To: raghu.ncstate <raghu.ncstate(a)icloud.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Subject: [Hafnium] 回复:回复:回复:hyp_loaded
Hi,
In our current boot flow, we have implemented TF-A BL2 to load OPTEE.
However, at runtime, this static loading method is not convenient for updating OPTEE, considering that we may make some changes to OPTEE on demand.
So we wanted to load OPTEE with a dynamic loading solution, and Hafnium would be a good runtime component, since TF-A BL2 is not a runtime component.
Before I do that, I want to implement Hafnium's static loading of OPTEE.
If you have any questions about the above ideas or other solutions to this query, glad to discuss with you.
Thanks for support.
regards,
yuye
------------------------------------------------------------------
发件人:raghu.ncstate <raghu.ncstate(a)icloud.com>
发送时间:2023年1月17日(星期二) 01:15
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>; Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
主 题:RE: [Hafnium] 回复:回复:hyp_loaded
It would be good if consider using TF-A BL2 or equivalent to load OPTEE, that runs before hafnium, which is really the secure loader. I would recommend against hafnium including a loader, to keep it simple (and replicate the same functionality of another component), although that might be the right approach for your platform.
-----Original Message-----
From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: Monday, January 16, 2023 8:37 AM
To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Cc: 赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
Subject: [Hafnium] 回复:回复:hyp_loaded
Hi, expert
It seems that if I want to implement the query, I need to implement storage drivers in hafnium by myself.
Thanks for the confirmation.
regards,
yuye
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年1月17日(星期二) 00:30
收件人:hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
主 题:Re: 回复:[Hafnium] hyp_loaded
Hi,
In the reference implementation, OP-TEE is loaded (from flash to DRAM) as a partition by a bootloader running before Hafnium is launched.
The bootloader can be TF-A's BL2 or another solution.
Hafnium cannot "load an image/partition to DRAM" as it doesn't implement storage drivers.
Regards,
Olivier.
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 16 January 2023 17:25
To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Cc: 赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
Subject: 回复:[Hafnium] hyp_loaded
Hi, expert
For my configuration, Hafnium is used as a SPMC running on S-EL2.
Is there any problems if I use Hafnium to load an OP-TEE image in the boot flow?
regards,
yuye
------------------------------------------------------------------
发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
发送时间:2023年1月17日(星期二) 00:15
收件人:hafnium <hafnium(a)lists.trustedfirmware.org>; 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
主 题:Re: [Hafnium] hyp_loaded
Hi,
As I recall hyp_loaded option was introduced in context of Hafnium used as a NS EL2 hypervisor. Is this a configuration you use?
This option is only related to normal world VMs.
I don't believe it was designed for SPs or the SPMC image itself.
One reason is that SEL2/SPMC starts before the NS EL2 hypervisor in the boot flow.
For the record, the change that introduced this option:
https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > < < >https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > > < < >https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > < < >https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > > > > Regards, Olivier.
From: 梅建强(禹夜) via Hafnium <hafnium(a)lists.trustedfirmware.org>
Sent: 16 January 2023 13:54
To: Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>
Cc: 赵哲(为哲) <weizhe.zz(a)alibaba-inc.com>
Subject: [Hafnium] hyp_loaded
Hi, expert
I want to confirm a problem about using hafnium to load spmc payload.
That is, Dose hafnium supports hyp_loaded for spmc payload or ffa_partion (such as optee_os) in the boot phase?
If the community confirms that it does not support it, I wonder, what might be the problem with doing so?
I see the following code in hanfnium:
if (manifest->vm[i].is_ffa_partition &&
!manifest->vm[i].is_hyp_loaded) {
TRY(parse_ffa_partition_package(stage1_locked, &vm_node, &manifest->vm[i], vm_id, ppool)); } else { TRY(parse_vm(&vm_node, &manifest->vm[i], vm_id)); } It seems that hafnium has no handling for both is_ffa_partition and is_hyp_loaded.
regards,
yuye
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
--
Hafnium mailing list -- hafnium(a)lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave(a)lists.trustedfirmware.org
Hi, Jens,
>The first is the descriptor passed with FFA_MEM_RETRIEVE_REQ_32,
>this one is not likely to need fragmentation support soon.
Could you tell me why? I'm a little unclear.
Could you describe the difference between the retrieve process you mean and FFA-spec figure 18.4 in detail?
I need to make sure that I really understand what you mean,
so that I can implement the missing support for fragmented mem retrieve response as you said.
Or do you mean that we just need to implement the action done by optee after it receives FFA_MEM_RETRIEVE_RESP_32?
Regards,
Yuye.
------------------------------------------------------------------
发件人:Jens Wiklander <jens.wiklander(a)linaro.org>
发送时间:2023年4月14日(星期五) 14:23
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>; op-tee <op-tee(a)lists.trustedfirmware.org>
主 题:Re: fragment transmission while retrieving memory
Hi Yuye,
On Fri, Apr 14, 2023 at 4:29 AM 梅建强(禹夜)
<meijianqiang.mjq(a)alibaba-inc.com> wrote:
>
>
> Hi, Jens, Olivier,
>
> If I understand properly, for this specific issue both optee and hafnium need to do further fix.
> The following discussion and questions are based on figure 18.4 in the FFA spec.
>
> As I saw in the optee code, the retrieve mechanism would start with this code:
> retrieve_desc = spmc_retrieve_req(cookie);
> And in the function spmc_retrieve_req,
> optee sets the total length to the same size as fragment0 length before sending FFA_MEM_FRAG_REQ to hafnium,
> which means hafnium will only retrieve the fragment0 memory region.
>
> In the example process,
> optee will determines the number of TX sized fragments of descriptor before sending FFA_MEM_FRAG_REQ to hafnium.
> I have a question here.
> How should optee calculate this quantity?
>
> Hafnium then receives the FFA_MEM_FRAG_REQ.
> As I saw in the hafnium code, hafnium blocks the case that total length>fragment length.
> if (fragment_length != length) {
> dlog_verbose("Fragmentation not yet supported.\n");
> return ffa_error(FFA_INVALID_PARAMETERS);
> }
> Obviously it is not what we expected.
> Then following the example process, hafnium should allocate handle and use it to associate fragments.
> I didn't find the corresponding implementation in hafnium code for this step.
> And I want to know how to implement the associate action here.
>
> After that, optee lacks the implementation of FFA_MEM_FRAG_RX and FFA_MEM_FRAG_TX ABI in CFG_CORE_SEL2_SPMC enable case.
> Is there any support plan for the implementation of fragmented memory retrieve in the optee community?
> Does the hafnium community have a plan to implement it cooperatively?
If I've understood this correctly we have two different cases of
eventual fragmentation of descriptors. The first is the descriptor
passed with FFA_MEM_RETRIEVE_REQ_32, this one is not likely to need
fragmentation support soon. The other is the descriptor received with
FFA_MEM_RETRIEVE_RESP, I believe this is where you've run into
trouble.
From OP-TEE point of view, it would make sense if you took lead on
implementing this. I can help with review etc.
Thanks,
Jens
>
> Thanks a lot for your support.
>
> Regards,
> Yuye.
>
>
>
>
>
> ------------------------------------------------------------------
> 发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
> 发送时间:2023年4月13日(星期四) 15:52
> 收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> 主 题:Re: fragment transmission while retrieving memory
>
> Hi Yuye, Jens,
>
> For the record, and If I understand properly the last comment in the github issue:
> OP-TEE is missing the implementation for receipt of a fragmented retrieve response
> There is no further fix to be done in Hafnium for this specific issue at this moment, please let me know otherwise.
>
> Thanks, Olivier.
>
>
> ________________________________
> From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> Sent: 12 April 2023 09:27
> To: Olivier Deprez <Olivier.Deprez(a)arm.com>
> Cc: hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> Subject: Re: fragment transmission while retrieving memory
>
>
>
>
> Hi, Olivier,
>
> In our setup,
> Hafnium commit: 997476a74571aec4f1a23590d45edf516f3934f4
> optee version: 3.20.0
> Thanks.
>
> Regards,
> Yuye.
>
> ------------------------------------------------------------------
> 发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
> 发送时间:2023年4月12日(星期三) 15:22
> 收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> 主 题:Re: fragment transmission while retrieving memory
>
> Hi Yuye,
>
> AFAIK concerning Hafnium, fragmented mem sharing is supported for FFA_MEM_SHARE/LEND/DONATE and FFA_MEM_RETRIEVE_RESP.
> (For the sake of clarity, this isn't supported for FFA_MEM_RETRIEVE_REQ but this shouldn't be a concern as this limitation only exists in the case of mem sharing to multiple borrowers. In your case of a single borrower the mem retrieve req. shouldn't have to be fragmented).
>
> Can you tell which hafnium commit hash is used in your setup?
>
> At the moment, I cannot tell if the issue described concern a miss in Hafnium or OP-TEE.
> I need to dig a bit further into both implementations and I'll let you know.
>
> Regards,
> Olivier.
>
>
> ________________________________
> From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> Sent: 12 April 2023 08:21
> To: Olivier Deprez <Olivier.Deprez(a)arm.com>
> Cc: hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> Subject: fragment transmission while retrieving memory
>
>
>
>
> Hi, Olivier,
>
> Recently, I've been working on this issue.
> https://github.com/OP-TEE/optee_os/issues/5943 <https://github.com/OP-TEE/optee_os/issues/5943 >
> Do you know any differences between hafnium's current implementation of fragment transmission while retrieving memory and the example process described in FF-A 1.1 Figure 18.4?
>
> Regards,
> Yuye.
>
>
Hi, Jens, Olivier,
update for optee:
https://github.com/OP-TEE/optee_os/pull/5966 <https://github.com/OP-TEE/optee_os/pull/5966 >
update for hafnium:
diff --git a/src/api.c b/src/api.c
index 5f699478..7e43e305 100644
--- a/src/api.c
+++ b/src/api.c
@@ -3191,7 +3191,8 @@ struct ffa_value api_ffa_mem_frag_rx(ffa_memory_handle_t handle,
return ffa_error(FFA_INVALID_PARAMETERS);
}
}
-
+ if (to->id==0x8001 && to->mailbox.state != MAILBOX_STATE_EMPTY)
+ to->mailbox.state = MAILBOX_STATE_EMPTY;
to_locked = vm_lock(to);
if (vm_is_mailbox_busy(to_locked)) {
diff --git a/src/ffa_memory.c b/src/ffa_memory.c
index 3e978d23..59e71ff3 100644
--- a/src/ffa_memory.c
+++ b/src/ffa_memory.c
@@ -2385,7 +2385,7 @@ struct ffa_value ffa_memory_retrieve_continue(struct vm_locked to_locked,
&fragment_length);
CHECK(remaining_constituent_count == 0);
to_locked.vm->mailbox.recv_size = fragment_length;
- to_locked.vm->mailbox.recv_sender = HF_HYPERVISOR_VM_ID;
+ to_locked.vm->mailbox.recv_sender = to_locked.vm->id;
to_locked.vm->mailbox.recv_func = FFA_MEM_FRAG_TX_32;
to_locked.vm->mailbox.state = MAILBOX_STATE_FULL;
It seems that to->mailbox.state needs to be set to MAILBOX_STATE_EMPTY firstly.
I have not figured out why, but large TA could be loaded successfully with above fix now.
Regards,
Yuye.
------------------------------------------------------------------
发件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
发送时间:2023年4月17日(星期一) 02:16
收件人:Jens Wiklander <jens.wiklander(a)linaro.org>
抄 送:Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>; op-tee <op-tee(a)lists.trustedfirmware.org>
主 题:fragment transmission while retrieving memory
Hi, Jens,
I have implement the missing support for fragmented mem retrieve response as you suggested.
I will push fix into the community code soon and please help review it later.
Thanks.
Regards,
Yuye.
------------------------------------------------------------------
发件人:Jens Wiklander <jens.wiklander(a)linaro.org>
发送时间:2023年4月14日(星期五) 14:23
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>; op-tee <op-tee(a)lists.trustedfirmware.org>
主 题:Re: fragment transmission while retrieving memory
Hi Yuye,
On Fri, Apr 14, 2023 at 4:29 AM 梅建强(禹夜)
<meijianqiang.mjq(a)alibaba-inc.com> wrote:
>
>
> Hi, Jens, Olivier,
>
> If I understand properly, for this specific issue both optee and hafnium need to do further fix.
> The following discussion and questions are based on figure 18.4 in the FFA spec.
>
> As I saw in the optee code, the retrieve mechanism would start with this code:
> retrieve_desc = spmc_retrieve_req(cookie);
> And in the function spmc_retrieve_req,
> optee sets the total length to the same size as fragment0 length before sending FFA_MEM_FRAG_REQ to hafnium,
> which means hafnium will only retrieve the fragment0 memory region.
>
> In the example process,
> optee will determines the number of TX sized fragments of descriptor before sending FFA_MEM_FRAG_REQ to hafnium.
> I have a question here.
> How should optee calculate this quantity?
>
> Hafnium then receives the FFA_MEM_FRAG_REQ.
> As I saw in the hafnium code, hafnium blocks the case that total length>fragment length.
> if (fragment_length != length) {
> dlog_verbose("Fragmentation not yet supported.\n");
> return ffa_error(FFA_INVALID_PARAMETERS);
> }
> Obviously it is not what we expected.
> Then following the example process, hafnium should allocate handle and use it to associate fragments.
> I didn't find the corresponding implementation in hafnium code for this step.
> And I want to know how to implement the associate action here.
>
> After that, optee lacks the implementation of FFA_MEM_FRAG_RX and FFA_MEM_FRAG_TX ABI in CFG_CORE_SEL2_SPMC enable case.
> Is there any support plan for the implementation of fragmented memory retrieve in the optee community?
> Does the hafnium community have a plan to implement it cooperatively?
If I've understood this correctly we have two different cases of
eventual fragmentation of descriptors. The first is the descriptor
passed with FFA_MEM_RETRIEVE_REQ_32, this one is not likely to need
fragmentation support soon. The other is the descriptor received with
FFA_MEM_RETRIEVE_RESP, I believe this is where you've run into
trouble.
From OP-TEE point of view, it would make sense if you took lead on
implementing this. I can help with review etc.
Thanks,
Jens
>
> Thanks a lot for your support.
>
> Regards,
> Yuye.
>
>
>
>
>
> ------------------------------------------------------------------
> 发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
> 发送时间:2023年4月13日(星期四) 15:52
> 收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> 主 题:Re: fragment transmission while retrieving memory
>
> Hi Yuye, Jens,
>
> For the record, and If I understand properly the last comment in the github issue:
> OP-TEE is missing the implementation for receipt of a fragmented retrieve response
> There is no further fix to be done in Hafnium for this specific issue at this moment, please let me know otherwise.
>
> Thanks, Olivier.
>
>
> ________________________________
> From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> Sent: 12 April 2023 09:27
> To: Olivier Deprez <Olivier.Deprez(a)arm.com>
> Cc: hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> Subject: Re: fragment transmission while retrieving memory
>
>
>
>
> Hi, Olivier,
>
> In our setup,
> Hafnium commit: 997476a74571aec4f1a23590d45edf516f3934f4
> optee version: 3.20.0
> Thanks.
>
> Regards,
> Yuye.
>
> ------------------------------------------------------------------
> 发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
> 发送时间:2023年4月12日(星期三) 15:22
> 收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> 主 题:Re: fragment transmission while retrieving memory
>
> Hi Yuye,
>
> AFAIK concerning Hafnium, fragmented mem sharing is supported for FFA_MEM_SHARE/LEND/DONATE and FFA_MEM_RETRIEVE_RESP.
> (For the sake of clarity, this isn't supported for FFA_MEM_RETRIEVE_REQ but this shouldn't be a concern as this limitation only exists in the case of mem sharing to multiple borrowers. In your case of a single borrower the mem retrieve req. shouldn't have to be fragmented).
>
> Can you tell which hafnium commit hash is used in your setup?
>
> At the moment, I cannot tell if the issue described concern a miss in Hafnium or OP-TEE.
> I need to dig a bit further into both implementations and I'll let you know.
>
> Regards,
> Olivier.
>
>
> ________________________________
> From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> Sent: 12 April 2023 08:21
> To: Olivier Deprez <Olivier.Deprez(a)arm.com>
> Cc: hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> Subject: fragment transmission while retrieving memory
>
>
>
>
> Hi, Olivier,
>
> Recently, I've been working on this issue.
> https://github.com/OP-TEE/optee_os/issues/5943 <https://github.com/OP-TEE/optee_os/issues/5943 >
> Do you know any differences between hafnium's current implementation of fragment transmission while retrieving memory and the example process described in FF-A 1.1 Figure 18.4?
>
> Regards,
> Yuye.
>
>
Hi, Jens,
I have implement the missing support for fragmented mem retrieve response as you suggested.
I will push fix into the community code soon and please help review it later.
Thanks.
Regards,
Yuye.
------------------------------------------------------------------
发件人:Jens Wiklander <jens.wiklander(a)linaro.org>
发送时间:2023年4月14日(星期五) 14:23
收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
抄 送:Olivier Deprez <Olivier.Deprez(a)arm.com>; hafnium <hafnium(a)lists.trustedfirmware.org>; op-tee <op-tee(a)lists.trustedfirmware.org>
主 题:Re: fragment transmission while retrieving memory
Hi Yuye,
On Fri, Apr 14, 2023 at 4:29 AM 梅建强(禹夜)
<meijianqiang.mjq(a)alibaba-inc.com> wrote:
>
>
> Hi, Jens, Olivier,
>
> If I understand properly, for this specific issue both optee and hafnium need to do further fix.
> The following discussion and questions are based on figure 18.4 in the FFA spec.
>
> As I saw in the optee code, the retrieve mechanism would start with this code:
> retrieve_desc = spmc_retrieve_req(cookie);
> And in the function spmc_retrieve_req,
> optee sets the total length to the same size as fragment0 length before sending FFA_MEM_FRAG_REQ to hafnium,
> which means hafnium will only retrieve the fragment0 memory region.
>
> In the example process,
> optee will determines the number of TX sized fragments of descriptor before sending FFA_MEM_FRAG_REQ to hafnium.
> I have a question here.
> How should optee calculate this quantity?
>
> Hafnium then receives the FFA_MEM_FRAG_REQ.
> As I saw in the hafnium code, hafnium blocks the case that total length>fragment length.
> if (fragment_length != length) {
> dlog_verbose("Fragmentation not yet supported.\n");
> return ffa_error(FFA_INVALID_PARAMETERS);
> }
> Obviously it is not what we expected.
> Then following the example process, hafnium should allocate handle and use it to associate fragments.
> I didn't find the corresponding implementation in hafnium code for this step.
> And I want to know how to implement the associate action here.
>
> After that, optee lacks the implementation of FFA_MEM_FRAG_RX and FFA_MEM_FRAG_TX ABI in CFG_CORE_SEL2_SPMC enable case.
> Is there any support plan for the implementation of fragmented memory retrieve in the optee community?
> Does the hafnium community have a plan to implement it cooperatively?
If I've understood this correctly we have two different cases of
eventual fragmentation of descriptors. The first is the descriptor
passed with FFA_MEM_RETRIEVE_REQ_32, this one is not likely to need
fragmentation support soon. The other is the descriptor received with
FFA_MEM_RETRIEVE_RESP, I believe this is where you've run into
trouble.
From OP-TEE point of view, it would make sense if you took lead on
implementing this. I can help with review etc.
Thanks,
Jens
>
> Thanks a lot for your support.
>
> Regards,
> Yuye.
>
>
>
>
>
> ------------------------------------------------------------------
> 发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
> 发送时间:2023年4月13日(星期四) 15:52
> 收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> 主 题:Re: fragment transmission while retrieving memory
>
> Hi Yuye, Jens,
>
> For the record, and If I understand properly the last comment in the github issue:
> OP-TEE is missing the implementation for receipt of a fragmented retrieve response
> There is no further fix to be done in Hafnium for this specific issue at this moment, please let me know otherwise.
>
> Thanks, Olivier.
>
>
> ________________________________
> From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> Sent: 12 April 2023 09:27
> To: Olivier Deprez <Olivier.Deprez(a)arm.com>
> Cc: hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> Subject: Re: fragment transmission while retrieving memory
>
>
>
>
> Hi, Olivier,
>
> In our setup,
> Hafnium commit: 997476a74571aec4f1a23590d45edf516f3934f4
> optee version: 3.20.0
> Thanks.
>
> Regards,
> Yuye.
>
> ------------------------------------------------------------------
> 发件人:Olivier Deprez <Olivier.Deprez(a)arm.com>
> 发送时间:2023年4月12日(星期三) 15:22
> 收件人:梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> 抄 送:hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> 主 题:Re: fragment transmission while retrieving memory
>
> Hi Yuye,
>
> AFAIK concerning Hafnium, fragmented mem sharing is supported for FFA_MEM_SHARE/LEND/DONATE and FFA_MEM_RETRIEVE_RESP.
> (For the sake of clarity, this isn't supported for FFA_MEM_RETRIEVE_REQ but this shouldn't be a concern as this limitation only exists in the case of mem sharing to multiple borrowers. In your case of a single borrower the mem retrieve req. shouldn't have to be fragmented).
>
> Can you tell which hafnium commit hash is used in your setup?
>
> At the moment, I cannot tell if the issue described concern a miss in Hafnium or OP-TEE.
> I need to dig a bit further into both implementations and I'll let you know.
>
> Regards,
> Olivier.
>
>
> ________________________________
> From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
> Sent: 12 April 2023 08:21
> To: Olivier Deprez <Olivier.Deprez(a)arm.com>
> Cc: hafnium <hafnium(a)lists.trustedfirmware.org>; Jens Wiklander <jens.wiklander(a)linaro.org>
> Subject: fragment transmission while retrieving memory
>
>
>
>
> Hi, Olivier,
>
> Recently, I've been working on this issue.
> https://github.com/OP-TEE/optee_os/issues/5943 <https://github.com/OP-TEE/optee_os/issues/5943 >
> Do you know any differences between hafnium's current implementation of fragment transmission while retrieving memory and the example process described in FF-A 1.1 Figure 18.4?
>
> Regards,
> Yuye.
>
>
