It would be good if consider using TF-A BL2 or equivalent to load OPTEE, that runs before hafnium, which is really the secure loader. I would recommend against hafnium including a loader, to keep it simple (and replicate the same functionality of another component), although that might be the right approach for your platform.
-----Original Message----- From: 梅建强(禹夜) via Hafnium hafnium@lists.trustedfirmware.org Sent: Monday, January 16, 2023 8:37 AM To: Olivier Deprez Olivier.Deprez@arm.com; hafnium hafnium@lists.trustedfirmware.org Cc: 赵哲(为哲) weizhe.zz@alibaba-inc.com Subject: [Hafnium] 回复:回复:hyp_loaded
Hi, expert It seems that if I want to implement the query, I need to implement storage drivers in hafnium by myself. Thanks for the confirmation. regards, yuye ------------------------------------------------------------------ 发件人:Olivier Deprez Olivier.Deprez@arm.com 发送时间:2023年1月17日(星期二) 00:30 收件人:hafnium hafnium@lists.trustedfirmware.org; 梅建强(禹夜) meijianqiang.mjq@alibaba-inc.com 抄 送:赵哲(为哲) weizhe.zz@alibaba-inc.com 主 题:Re: 回复:[Hafnium] hyp_loaded Hi, In the reference implementation, OP-TEE is loaded (from flash to DRAM) as a partition by a bootloader running before Hafnium is launched. The bootloader can be TF-A's BL2 or another solution. Hafnium cannot "load an image/partition to DRAM" as it doesn't implement storage drivers. Regards, Olivier. From: 梅建强(禹夜) meijianqiang.mjq@alibaba-inc.com Sent: 16 January 2023 17:25 To: Olivier Deprez Olivier.Deprez@arm.com; hafnium hafnium@lists.trustedfirmware.org Cc: 赵哲(为哲) weizhe.zz@alibaba-inc.com Subject: 回复:[Hafnium] hyp_loaded Hi, expert For my configuration, Hafnium is used as a SPMC running on S-EL2. Is there any problems if I use Hafnium to load an OP-TEE image in the boot flow? regards, yuye ------------------------------------------------------------------ 发件人:Olivier Deprez Olivier.Deprez@arm.com 发送时间:2023年1月17日(星期二) 00:15 收件人:hafnium hafnium@lists.trustedfirmware.org; 梅建强(禹夜) meijianqiang.mjq@alibaba-inc.com 抄 送:赵哲(为哲) weizhe.zz@alibaba-inc.com 主 题:Re: [Hafnium] hyp_loaded Hi, As I recall hyp_loaded option was introduced in context of Hafnium used as a NS EL2 hypervisor. Is this a configuration you use? This option is only related to normal world VMs. I don't believe it was designed for SPs or the SPMC image itself. One reason is that SEL2/SPMC starts before the NS EL2 hypervisor in the boot flow. For the record, the change that introduced this option: https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 <https://review.trustedfirmware.org/c/hafnium/hafnium/+/10540 > Regards, Olivier. From: 梅建强(禹夜) via Hafnium hafnium@lists.trustedfirmware.org Sent: 16 January 2023 13:54 To: Olivier Deprez Olivier.Deprez@arm.com; hafnium hafnium@lists.trustedfirmware.org Cc: 赵哲(为哲) weizhe.zz@alibaba-inc.com Subject: [Hafnium] hyp_loaded Hi, expert I want to confirm a problem about using hafnium to load spmc payload. That is, Dose hafnium supports hyp_loaded for spmc payload or ffa_partion (such as optee_os) in the boot phase? If the community confirms that it does not support it, I wonder, what might be the problem with doing so? I see the following code in hanfnium: if (manifest->vm[i].is_ffa_partition && !manifest->vm[i].is_hyp_loaded) { TRY(parse_ffa_partition_package(stage1_locked, &vm_node, &manifest->vm[i], vm_id, ppool)); } else { TRY(parse_vm(&vm_node, &manifest->vm[i], vm_id)); } It seems that hafnium has no handling for both is_ffa_partition and is_hyp_loaded. regards, yuye -- Hafnium mailing list -- hafnium@lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave@lists.trustedfirmware.org -- Hafnium mailing list -- hafnium@lists.trustedfirmware.org To unsubscribe send an email to hafnium-leave@lists.trustedfirmware.org