Hi Junho,
See answers below [OD]
Regards, Olivier.
________________________________ From: Junho Choi junhosj.choi@samsung.com on behalf of Junho Choi via Hafnium hafnium@lists.trustedfirmware.org Sent: 18 November 2025 06:51 To: hafnium@lists.trustedfirmware.org hafnium@lists.trustedfirmware.org Cc: Jungtae Kim jt1217.kim@samsung.com; Mankyum Kim mankyum.kim@samsung.com; Keunhong Choi kn_hong.choi@samsung.com; Daero Lee daero_le.lee@samsung.com Subject: [Hafnium] Questions about Hafnium as S-EL2
Hello,
I'm Junho Choi in Samsung S.LSI and I've been working on virtualization solution.
I have some questions about Hafnium for Secure EL2 extension.
(1) Why do you consider VHE as default option? (I saw it in arch_mm_init)
According to Hafnium init sequence, has_vhe_support always returns true as long as ARM cores have support for VHE.
Is there any requirements that Hafnium should support VHE?
[OD] In a way, yes. It is assumed most if not all Armv8.1 (and greater) platforms support FEAT_VHE. Moreover FEAT_SEL2 is an Armv8.4 feature hence FEAT_VHE is assumed to be supported. In future, certain implementations will make FEAT_VHE mandatory (aka HCR_EL2.E2H=RES1 https://developer.arm.com/documentation/ka006421/1-0) Hafnium supports two secure partitions types leveraging FEAT_VHE: S-EL1 multiprocessor SPs (running in VHE guest) and S-EL0 uniprocessor SPs (running in VHE host).
(2) TF-A's SPMD has only forwarded svc_on_finish and svc_off of PSCI.
Why doesn't SPMD forward other commands such as CPU_SUSPEND?
In case of the CPU_SUSPEND, secure EL2 or SP may need to know when physcial CPU turns off.
[OD] This is a debt. This scenario has never been really exercised so far. The only caveat is that entering a SP on each CPU_SUSPEND event happening very frequently might turn to be very costly in term of world/context switching. Also note conceptually vCPUs are exposed to secure partitions. Secure partition might not have all visibilty on the physical CPU state, or require changes in Hafnium itself.
(3) Why do you set HCR_EL2.VI and VF to handle virtual interrupt?
I think we have an another method to use List registers (ICH_LRn_EL2) to inject virtual interrup to guest (SP).
[OD] This is a design choice. Hafnium exposes an para virtualized interrupt controller interface. The use of GICv3 vcpu interface and list registers has been investigated but concluded to be very complex to manage.
I'm not sure whether asking you is proper or not.
If you're not the right person, please forward this mail to the right person.
Thanks!
Best Regards,
Junho Choi
[cid:cafe_image_0@s-core.co.kr]
[update?userid=junhosj.choi&do=bWFpbElEPTIwMjUxMTE4MDU1MTQ0ZXBjbXMycDUy MjBlZTFkOGFiNGIxNGRkYzQ1MTNiN2E2ZTA3NzM2MyZyZWNpcGllbnRBZGRyZXNzPWhhZm5 pdW1AbGlzdHMudHJ1c3RlZGZpcm13YXJlLm9yZw__] -- Hafnium mailing list -- hafnium@lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave@lists.trustedfirmware.org