- tf-rmm - lists.trustedfirmware.org

Tech Forum : Discuss RME GPT block fusing

by Soby Mathew

Hi, We would like to propose the following topic for discussion at the Tech Forum tomorrow. * RME Granule Protection Table (GPT) block fusing The GPT L1 entries needs to be fused to avoid TLB shattering for RME enabled CPUs. We will talk about the different prototype approaches tried in TF-A (EL3 firmware) and issues with each approach. We have a patch in review in which implements the “brute force” fusing algorithm. We explain our reasoning for picking this approach and possible future enhancements which may resolve some of the issues anticipated. Also the fine- grained locking scheme implemented for GPT manipulation will also be discussed. The patch in review is here : https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/26674. For design details of the GPT Library, please refer here : https://trustedfirmware-a.readthedocs.io/en/latest/components/granule-prote… . Best Regards Soby Mathew -----Original Appointment----- From: Google Calendar <calendar-notification(a)google.com> On Behalf Of Trusted Firmware Public Meetings Sent: Thursday, February 22, 2024 10:27 PM To: tf-a(a)lists.trustedfirmware.org; marek.bykowski(a)gmail.com; okash.khawaja(a)gmail.com Subject: [TF-A] Updated invitation with note: TF-A Tech Forum @ Every 2 weeks from 9am to 10am on Thursday (MST) (tf-a(a)lists.trustedfirmware.org) When: Occurs every 2 week(s) on Thursday effective 07/03/2024 from 16:00 to 17:00 Europe/London. Where: TF-A Tech Forum We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this This event has been updated with a note: "Updating invite link" Changed: description Description CHANGED We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/<https://www.google.com/url?q=https%3A%2F%2Fwww.trustedfirmware.org%2Fmeetin…> Trusted Firmware is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvd…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fmy%2Ftruste…> One tap mobile +16465588656,,9159704974# US (New York) +16699009128,,9159704974# US (San Jose) Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 915 970 4974 Find your local number: https://zoom.us/u/ad27hc6t7h<https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fu%2Fad27hc6t7h&sa=D&us…> When Every 2 weeks from 9am to 10am on Thursday (Mountain Standard Time - Phoenix) Guests tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> marek.bykowski(a)gmail.com<mailto:marek.bykowski@gmail.com> okash.khawaja(a)gmail.com<mailto:okash.khawaja@gmail.com> View all guest info<https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1…> RSVP for tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> for all events in this series Yes<https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…> No<https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…> Maybe<https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…> More options<https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1…> Invitation from Google Calendar<https://calendar.google.com/calendar/> You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more<https://support.google.com/calendar/answer/37135#forwarding>

9 months, 2 weeks

1
1
0 0

Spam issue on Mailing list

by Soby Mathew

Hi Everyone, We have been having instances of spam on the tf-rmm mailing list. We have made some changes on the default posting rules now and will monitor the outcome in the coming days. Best Regards Soby Mathew

11 months, 1 week

1
0
0 0

TF-RMM aligned to RMM v1.0 EAC5 specification

by Soby Mathew

Hi Everyone, The EAC5 development branch has been merged back to the `main` and tagged (https://github.com/TF-RMM/tf-rmm/releases/tag/rmm-spec-v1.0-eac5) . TF-RMM is now RMM v1.0 EAC5 [1] compliant and all the corresponding Normal world software entities need to be updated to this version of ABI to work with RMM. The Normal world entities would be published later in due course, and we will update the list with relevant information as it becomes available. The tf-a-tests changes have been merged to master and can be found here : https://git.trustedfirmware.org/TF-A/tf-a-tests.git/commit/?id=3dc2d746aa4b… . For TF-A, the master branch is compatible with EAC5 changes. If you find any issues, please report them via mailing list, tf-rmm discord channel or github issues. Best Regards Soby Mathew [1] https://developer.arm.com/documentation/den0137/1-0eac5/?lang=en

11 months, 2 weeks

1
1
0 0

TF-RMM v0.4.0 release

by Soby Mathew

Hi Everyone This is to notify that we have done a TF-RMM v0.4.0 release [0] to correlate with TF-A v2.10 release [1]. The highlights of the release are: * Added initial support for analysing RMM source code with CBMC (https://www.cprover.org/cbmc/). * TF-RMM implementation aligned to RMM v1.0 EAC5 specification<https://developer.arm.com/documentation/den0137/1-0eac5/?lang=en>. * Supported save and restore of Non Secure SME context when Realms are scheduled. * Added TF-RMM Threat Model<https://tf-rmm.readthedocs.io/en/latest/security/threat_model/index.html> to the documentation. * Capability to privately map the per-CPU stack. * Added FEAT_PAUTH and FEAT_BTI support to RMM and capability to use FEAT_PAUTH within realms. * Migrated to PSA Crypto API for attestation and measurement functionality in RMM. * Added FEAT_LPA2 support to Stage 1 MMU code (lib/xlat) in RMM. * Tooling improvements like static commit message checker and clang-tidy integration to RMM build system. * Support for QEMU virt platform was merged. * Several bug fixes, build & test improvements. Please find more details of the release in the changelog [2]. Best Regards Soby Mathew [0] https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tag/?h=tf-rmm-v0.4.0 [1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tag/?h=v2.10.0 [2] https://tf-rmm.readthedocs.io/en/latest/about/change-log.html#v0-4-0

1 year, 1 month

1
0
0 0

CBMC initial integration in TF-RMM

by Soby Mathew

Hi Everyone, The initial integration of CBMC (C Bounded Model checking) for TF-RMM has been merged. Please refer to the application note here for more details on how to trigger CBMC analysis/coverage/assert targets on TF-RMM implementation : https://tf-rmm.readthedocs.io/en/latest/resources/application-notes/cbmc.ht… Best Regards Soby Mathew

1 year, 1 month

1
0
0 0

Realm Initial Measurement calculation

by Peter Sawicki

Hi, I wonder if there is or there is a plan to develop a dedicated tool that allows a realm developer to calculate Realm Initial Measurements (RIMs) for realms(?) As you know, the remote attestation mechanism requires a verifier to be provisioned with reference values. In this case, a realm verifier should have access to the initial reference measurement (RIM) of a realm that is intended to be run on a remote Arm CCA platform. The algorithm that measures the initial state of realms (RIM) is higly sensitive to the content of a realm memory and the order of RMI operations. This means that not only the content of populated realm memory matters but also the implementation of the host components (e.g. kvm, kvmtool/qemu). For example, in the reference implementation of https://gitlab.arm.com/linux-arm/kvmtool-cca, the layout of memory and the content of DTB highly depend on the provided options (DTB is generated in run-time). Unfortunatelly, the content of DTB also depends on the linking order of object files (the order of DTB generation is imposed by __attribute__((constructor)) that is used to register devices). This complicates development of a separate tool for caclulating RIM, as the tool would have to emulate all quirks of the kvmtool. One of the solution of retrieving Realm Initial Measurements seems to be running the whole firmware/software (e.g. kvmtool/Linux host/TF-RMM) stack on the FVP emulator and gathering the RIM directly from the TF-RMM. This would require a realm developer to have access to the whole firmware/software stack and the emulator of the CCA platform. This might not always be an option. The other solution would require the implementation of a dedicated tool. For instance, a sensible approach could be to extend the functionality of kvmtool, which can be run on an ordinary Linux machine. Is Arm going to develop a dedicated tool(-s) for calculating RIMs? What is the recommended way of retrieving/calculating RIMs for realms? Kind regards, Piotr

1 year, 2 months

2
2
1 0

TF-RMM aligned to RMM v1.0 EAC2 specification

by Soby Mathew

Hi Everyone, The EAC2 development branch has been merged back to the `main` and tagged (https://github.com/TF-RMM/tf-rmm/releases/tag/rmm-spec-v1.0-eac2). TF-RMM is now RMM v1.0 EAC2 [1] compliant and all the corresponding Normal world software entities need to be updated to this version of ABI to work with RMM. Please find the details below: 1) Linux Linux repo: git@git.gitlab.arm.com:linux-arm/linux-cca.git KVM/Host branch : cca-host/rmm-v1.0-eac2 (https://gitlab.arm.com/linux-arm/linux-cca/-/tree/cca-host/rmm-v1.0-eac2) Linux Guest branch : cca-guest/rmm-v1.0-eac2 (https://gitlab.arm.com/linux-arm/linux-cca/-/tree/cca-guest/rmm-v1.0-eac2) Full Linux stack branch : cca-full/rmm-v1.0-eac2 (https://gitlab.arm.com/linux-arm/linux-cca/-/tree/cca-full/rmm-v1.0-eac2) 2) kvmtool repo: git@git.gitlab.arm.com:linux-arm/kvmtool-cca.git eac2 branch: cca/rmm-v1.0-eac2 (https://gitlab.arm.com/linux-arm/kvmtool-cca/-/tree/cca/rmm-v1.0-eac2) 3) kvm-unit-tests repo: git@git.gitlab.arm.com:linux-arm/kvm-unit-tests-cca.git eac2 branch: cca/rmm-v1.0-eac2 (https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca/-/tree/cca/rmm-v1.0-eac2) The tf-a-tests changes have been merged to master as found here : https://git.trustedfirmware.org/TF-A/tf-a-tests.git/commit/?id=e3c73d226e7a… Best Regards Soby Mathew [1] : https://developer.arm.com/documentation/den0137/1-0eac2/?lang=en

1 year, 2 months

1
1
0 0

RMM Coverage report available on GitHub

by Javier Almansa Sobrino

Hello all, We have added a GitHub workflow to RMM which allows the former to build and run the unittests along with their corresponding coverage report and upload such report in .html format to GitHub. The workflow is automatically triggered when new pushes are done to the main branch. In order to access to the coverage report, you can either * click on the green check symbol next to the latest commit, from there to "details" on the "Coverage on unittests for RMM" action on the pop up window and once in the action page, click on "Summary" on the left side menu. The report will appear in the "Artifacts" section as a .zip file with the name "coverage-results" or * On the TF-RMM repo main page, click on "Actions" and then click on the "Coverage on unittests for RMM" action corresponding to the latest commit. You can then access to the report as explained on the previous bullet. Please keep in mind that reports older than 90 days will be automatically deleted. Thanks, Javier IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

1 year, 2 months

1
1
0 0

SME support in RMM

by Arunachalam Ganapathy

Hi All, Please review the patch-set that adds the functionality in RMM to manage Scalable Matrix Extension (SME) context. If the CPU supports SME and if Realm accesses FPU/SVE functionality then NS SME state is saved to allow Realm to use FPU/SVE register state. https://review.trustedfirmware.org/q/topic:%22rmm_sme%22+(status:open%20OR%… Brief summary of changes made in different components: RMM: - Introduces SIMD context and exports APIs to the runtime component of RMM to initialize, save, restore, and switch SIMD context. - Adds SME support in RMM to manage NS SME context. Supports SVE+SME config and SME only config. - Handles SVE hint bit passed in RMI SMCs - Handles SME exceptions from Realms https://review.trustedfirmware.org/q/topic:%22rmm_sme%22+(status:open%20OR%… TF-A: - Enables FEAT_SME for RMM - Passes SMCCCv1.3 SVE hint bit in SMC function ID to RMM tf-a-tests: - There are changes in common lib routines for sve, sme so that testcases running in NS-EL2, S-EL1, R-EL1 can use these helper routines. - Adds helper routines to read, write, compare FPU and SVE Z, P, FFR registers - Adds SMCCCv1.3 SVE hint bit support in TFTF framework - Enables SME/SME2 during arch init - Adds SME helper routines and extends SVE lib routines to support streaming SVE mode. https://review.trustedfirmware.org/q/topic:%22rmm_sme%22+(status:open%20OR%… Thanks, Arun

1 year, 3 months

1
0
0 0

Breaking dependency between 'run-coverage' and 'run-unittests' build rules

by Javier Almansa Sobrino

Hello all, We currently have a patch under review [1] which will break the existing dependency between 'run-converage' and 'run-unittests' rules in the RMM build system. This means that once the patch is merged, 'run-coverage' will not build and run RMM unittests. If ran in isolation, it will generate an empty coverage report by default. This allows to get coverage analysis for especific tests rather than for all the unittests, which makes the process of writting unittests for new modules easier as we can have a picture of the current coverage for such modules without being tainted by the rest of the unittests. Please note that in order to run coverage analysis on the whole existing set of unittests (as done previously by 'run-coverage') we need to invoke 'run-unittests' before. The patch, which is currently open for discussion and review, includes instructions on how to run 'run-coverage' to get different types of analysis. Thanks, Javier [1]: https://review.trustedfirmware.org/c/TF-RMM/tf-rmm/+/23039 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

1 year, 3 months

1
0
0 0

2024

2023

2022

tf-rmm