Hi Jun,
First a bit of background. The FF-A Secure Partition Manager (SPM) is split to two components: 1. The SPM Dispatcher or SPMD. This component runs at EL3 and the reference implementation is part of TF-A. 2. The SPM Core or SPMC. This component can run at different exception levels in the secure world. Currently two implementations exist at tf.org, Hafnium which runs at S-EL2 (secure hypervisor) and is maintained by the TF-A team, and OP-TEE SPMC which runs at S-EL1 and is maintained by the TS team. (See the chapter 2.4 of the "PSA Firmware_Framework for A (PSA-FF-A)" document here https://developer.arm.com/docs/den0077/latest for more details)
And now let me address your questions.
1, 2, 3. fvp_spmc_manifest.dts The handling and content of the SPMC manifest is SPMC implementation specific. This file in the TF-A repo is irrelevant (not used) for the OP-TEE SPMC.
4. "Secure Partitions are bundled as independent package files" One of the differences between Hafnium and OP-TEE SPMC is how they boot the SPs. Hafnium expects the SPs being loaded by BL2 from the FIP package, and expect BL2 to tell the load-address of the SPs in the SPMC manifest. OP-TEE in turn has the SPs linked into the OP-TEE binary and uses symbols bound by the linker to find the SPs.
/George
PS: I suggest taking this discussion off the TF-A mailing list as for the TF-A community this is out of scope.
-----Original Message----- From: Jun Nie jun.nie@linaro.org Sent: 19 April 2021 16:21 To: Manish Pandey2 Manish.Pandey2@arm.com; tf-a@lists.trustedfirmware.org Cc: Olivier Deprez Olivier.Deprez@arm.com; Achin Gupta Achin.Gupta@arm.com; Shebu Varghese Kuriakose Shebu.VargheseKuriakose@arm.com; Gyorgy Szing Gyorgy.Szing@arm.com Subject: Question on how enable TF-A SPM on iMX8M
Hi,
I am trying to enable SPM on iMX8MP platform, which is cortex-A53. The BL2 is already enabled and the dts file is needed. But I am not sure how to write below dts information when I referencing fvp_spmc_manifest.dts. Could you help to give some suggestion or where should I find the anwsers?
1. Is fvp_spmc_manifest.dts enough to enable SPM? I see there are dts files, such as fvp_fw_config.dts. What's necessary dts nodes to enable SPM?
2. Does vcpu_count means CPU number?
3. I see load_address of attribute is optee-os load address. But I do not know how should I decide the load addresses of hypervisors. Is this address decided by virtual machine, or it is decided in runtime? I cannot find the 0x7100000 in trusted-services project.
4. I am confused on "Secure Partitions are bundled as independent package files" in below link. Does this bundle package means fip image, or into another file by jason file? Could you help point to the files and image generation command? https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/compon...
Regards, Jun