Hi Mei Jianqiang,
> In my environment, hafnium is running as spmc in s-el2, and my question is as follows:
Can you tell a bit more on your setup, if possible, do you intend to use OP-TEE as SEL1 payload / secure partition?
Are you running linux in the normal world?
> 1) In the spmc_optee_sp_manifest.dts file, there is an attribute load_address = <0x0 0xFF200000>.
> What do the two parts of load_address mean respectively? Any details on other configurations in the dts file?
In the TF-A tree plat/arm/board/fvp/fdts/fvp_spmc_optee_sp_manifest.dts is a sample device tree consumed by Hafnium/SPMC to describe the system properties and declare secure partitions.
Please refer to https://trustedfirmware-a.readthedocs.io/en/latest/components/secure-partit…
The load_address field specifies the location at which the SPMC finds a 'partition package'. It consists of a partition's DT blob and a partition image.
https://trustedfirmware-a.readthedocs.io/en/latest/components/secure-partit…
In this sample 0x0 is the high 32b part of the physical address and 0xFF200000 the lower 32 bits.
> 2) If only one core is available during the startup of hafnium, how to configure it?
> In this case, when I set CPUS_PER_CLUSTER 1 in fvp-defs.dtsi file of ATF reference code, the building error is: Duplicate node name /cpus/cpu@20000. Why?
I don't believe you should do change directly in this file, but rather provide the system topology through the TF-A command line by using FVP_MAX_CPUS_PER_CLUSTER/FVP_CLUSTER_COUNT/FVP_MAX_PE_PER_CPU
The device tree should describe cpus as they exist when the system is booted at run-time.
When TF-A and Hafnium boot, only a single primary core runs anyways so is this really what you intend to do?
Regards,
Olivier.
________________________________
From: 梅建强(禹夜) <meijianqiang.mjq(a)alibaba-inc.com>
Sent: 24 November 2022 11:33
To: hafnium-owner <hafnium-owner(a)lists.trustedfirmware.org>
Subject: run hafnium as spmc at s-el2
Hello expert,
I'm a developer at Alibaba Cloud, and I'm having some problems using hafnium.
In my environment, hafnium is running as spmc in s-el2, and my question is as follows:
1) In the spmc_optee_sp_manifest.dts file, there is an attribute load_address = <0x0 0xFF200000>.
What do the two parts of load_address mean respectively? Any details on other configurations in the dts file?
2) If only one core is available during the startup of hafnium, how to configure it?
In this case, when I set CPUS_PER_CLUSTER 1 in fvp-defs.dtsi file of ATF reference code, the building error is: Duplicate node name /cpus/cpu@20000. Why?
Looking forward to your reply. Thank you very much~
Hello,
We get the following error in the non-secure terminal in the QEMU, while booting the normal world with hafnium(SPMC) at S-EL2 and SP at S-EL1.
NOTICE: Trapped access to system register write: op0=1, op1=0, crn=7, crm=14, op2=2, rt=11.
NOTICE: Injecting Unknown Reason exception into VM 0x8001.
Above system register found as DC CISW.
It found that this happened with the recent hafnium change "feat(interrupts): preferred managed exit signal"
Thanks.
Hi all,
Sorry for asking this question, but I just want to do some tests about Armv8.4.
In my scenario, I wanna boot with ATF, with Armv8.4-enabled FVP, but
without Hafnium. I may need to boot a secure OS.
I know how to boot it with Hafnium, but how about without Hafnium?
Also, I still want some Armv8.4 features to manage my secure OS.
I think I may need (1) shell commands to compile the TF-A, and (2)
shell commands to boot the FVP. Could you help me?
Sincerely,
WANG Chenxu
Hi all,
I want to find a register which will specifically control the Secure
Stage 2 translation. But Arm document does not provide it.
I find that a register, called HCR_EL2, will control the Stage 2
translation. But the document didn't mention which secure type it will
control. Thus, does the Non-secure hypervisor (like KVM) influence the
Secure Stage-2 address translation? For example, disabling it through
HCR_EL2?
Sincerely,
WANG Chenxu
Hi all,
I am not sure whether it is OK to ask the question here, but I still
wish you can help me address the problem.
I used to test Hafnium with FVP, and the Linux kernel is provided by
arm-reference-platform. Recently I want to test something on an OPTEE
kernel (rather than a cactus OS). But, since the provided linux kernel
is a bit old (v5.3), its /drivers/tee/optee will not send FF-A calls.
I find that Linux introduces FF-A ABI to OP-TEE driver since v5.16,
which is a relatively new kernel. Previously I download the Linux
kernel here ( https://git.linaro.org/landing-teams/working/arm/kernel-release.git),
but they only provide old kernels. I also try to replace the "linux"
directory with the upstream Linux v5.17 source code, and use the guide
here (https://community.arm.com/oss-platforms/w/docs/459/modify-linux-kernel-conf…)
to compile. But the source seems to be inconsistent with the
arm-reference-platforms.
Can someone help me?
Sincerely,
WANG Chenxu
Hi all,
I want to boot one or more OPTEE on SEL1, with using Hafnium (v2.4) on
SEL2 and TF-A (v2.4) on EL3, and Arm FVP. Before I can boot multiple
Cactus SP, but I can find little infos about booting OP-TEE.
Can you provide some useful guide?
Sincerely,
WANG Chenxu
Hi,
Note we now have two jenkins jobs started on patch submission:
The regular Hafnium builder running unit tests, hypervisor test suite on qemu, static checks and checkpatch.
A new job running the test_spmc.sh script on FVP, corresponding to the Hypervisor+SPMC configuration with a single and multiple partitions.
This has been a long road, thanks to everyone involved from multiple teams.
Both test results are reported to the gerrit code review.
It remains to fix the Verified+1 vote, based on the two above results. Hope to improve it soonish.
Regards,
Olivier.
Hi,
Can someone please help me in understanding how TF-A (EL3) forwards FF-A calls to Hafnium (SEL2)?
And what Hafnium code I should look into for seeing how Hafnium handles these calls?
Regards,
Rahul
