- tf-rmm - lists.trustedfirmware.org

TF-A Tech Forum: TF-RMM Stage 1 Memory Management discussion

by Javier Almansa Sobrino

Hi all, The TF-A Project runs an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It operates under the guidance of the TF TSC. The meeting is held fortnightly on thursdays @ 4PM BST. This week's TF-A Tech Forum will present the TF-RMM Stage 1 Memory Management, where we will discuss the design of the TF-RMM memory space as well as some implementation details and future work. Metting details with instructions on how to join will be provided on a follow-up email. Best regards, Javier

1 year, 2 months

1
0
0 0

Arm CCA RMM EAC5 based Linux and EDK2 changes

by Soby Mathew

Hi All, Arm CCA Linux/EDK2 support patches for RMM EAC5 specification has been published. This is based on Linux-v6.9-rc1. The mailing list posting : Linux: https://lkml.kernel.org/r/20240412084056.1733704-1-steven.price@arm.com kvm-unit-test: https://lkml.kernel.org/r/20240412103408.2706058-1-suzuki.poulose@arm.com EDK2 UEFI : https://edk2.groups.io/g/devel/message/117672 Public Repositories : Linux : Repo : https://git.gitlab.arm.com/linux-arm/linux-cca.git Host/KVM branch: cca-host/v2 Guest branch: cca-guest/v2 Combined Tree: cca-full/v2 kvmtool: Repo: https://gitlab.arm.com/linux-arm/kvmtool-cca branch: cca/v2 kvm-unit-tests: Repo: https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca branch: cca/v2 EDK2 UEFI Firmware (Guest): EDK2: https://git.gitlab.arm.com/linux-arm/edk2-cca.git Branch: 2865_arm_cca_v2 EDK2-Platforms: https://git.gitlab.arm.com/linux-arm/edk2-platforms-cca.git Branch: 2865_arm_cca_v2 This will work with RMM main and TF-A master branches. Best Regards Soby Mathew

1 year, 3 months

1
0
0 0

RMM Performance Optimization in Multi-NUMA Architecture

by wuweinan＠huawei.com

Hi, In a multi-NUMA architecture, the RMM firmware is loaded to a memory of a numa. When the confidential virtual machine triggers VM_Exit, inst cache miss exists in running of code of the RMM, and an instruction needs to be fetched from the DRAM to the instruction cache. If the vCPU and RMM firmware memory do not belong to the same NUMA node, the instruction fetch delay is longer and the performance is poorer. I would like to ask if there is an optimization plan for this problem?

1 year, 3 months

2
1
0 0

Tech Forum : Discuss RME GPT block fusing

by Soby Mathew

Hi, We would like to propose the following topic for discussion at the Tech Forum tomorrow. * RME Granule Protection Table (GPT) block fusing The GPT L1 entries needs to be fused to avoid TLB shattering for RME enabled CPUs. We will talk about the different prototype approaches tried in TF-A (EL3 firmware) and issues with each approach. We have a patch in review in which implements the “brute force” fusing algorithm. We explain our reasoning for picking this approach and possible future enhancements which may resolve some of the issues anticipated. Also the fine- grained locking scheme implemented for GPT manipulation will also be discussed. The patch in review is here : https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/26674. For design details of the GPT Library, please refer here : https://trustedfirmware-a.readthedocs.io/en/latest/components/granule-prote… . Best Regards Soby Mathew -----Original Appointment----- From: Google Calendar <calendar-notification(a)google.com> On Behalf Of Trusted Firmware Public Meetings Sent: Thursday, February 22, 2024 10:27 PM To: tf-a(a)lists.trustedfirmware.org; marek.bykowski(a)gmail.com; okash.khawaja(a)gmail.com Subject: [TF-A] Updated invitation with note: TF-A Tech Forum @ Every 2 weeks from 9am to 10am on Thursday (MST) (tf-a(a)lists.trustedfirmware.org) When: Occurs every 2 week(s) on Thursday effective 07/03/2024 from 16:00 to 17:00 Europe/London. Where: TF-A Tech Forum We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this This event has been updated with a note: "Updating invite link" Changed: description Description CHANGED We run an open technical forum call for anyone to participate and it is not restricted to Trusted Firmware project members. It will operate under the guidance of the TF TSC. Feel free to forward this invite to colleagues. Invites are via the TF-A mailing list and also published on the Trusted Firmware website. Details are here: https://www.trustedfirmware.org/meetings/tf-a-technical-forum/<https://www.google.com/url?q=https%3A%2F%2Fwww.trustedfirmware.org%2Fmeetin…> Trusted Firmware is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://linaro-org.zoom.us/my/trustedfirmware?pwd=VktXcm5MNUUyVVM4R0k3ZUtvd…<https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fmy%2Ftruste…> One tap mobile +16465588656,,9159704974# US (New York) +16699009128,,9159704974# US (San Jose) Dial by your location +1 646 558 8656 US (New York) +1 669 900 9128 US (San Jose) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 915 970 4974 Find your local number: https://zoom.us/u/ad27hc6t7h<https://www.google.com/url?q=https%3A%2F%2Fzoom.us%2Fu%2Fad27hc6t7h&sa=D&us…> When Every 2 weeks from 9am to 10am on Thursday (Mountain Standard Time - Phoenix) Guests tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> marek.bykowski(a)gmail.com<mailto:marek.bykowski@gmail.com> okash.khawaja(a)gmail.com<mailto:okash.khawaja@gmail.com> View all guest info<https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1…> RSVP for tf-a(a)lists.trustedfirmware.org<mailto:tf-a@lists.trustedfirmware.org> for all events in this series Yes<https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…> No<https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…> Maybe<https://calendar.google.com/calendar/event?action=RESPOND&eid=NWlub3Ewdm1tM…> More options<https://calendar.google.com/calendar/event?action=VIEW&eid=NWlub3Ewdm1tMmk1…> Invitation from Google Calendar<https://calendar.google.com/calendar/> You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more<https://support.google.com/calendar/answer/37135#forwarding>

1 year, 4 months

1
1
0 0

Spam issue on Mailing list

by Soby Mathew

Hi Everyone, We have been having instances of spam on the tf-rmm mailing list. We have made some changes on the default posting rules now and will monitor the outcome in the coming days. Best Regards Soby Mathew

1 year, 5 months

1
0
0 0

TF-RMM aligned to RMM v1.0 EAC5 specification

by Soby Mathew

Hi Everyone, The EAC5 development branch has been merged back to the `main` and tagged (https://github.com/TF-RMM/tf-rmm/releases/tag/rmm-spec-v1.0-eac5) . TF-RMM is now RMM v1.0 EAC5 [1] compliant and all the corresponding Normal world software entities need to be updated to this version of ABI to work with RMM. The Normal world entities would be published later in due course, and we will update the list with relevant information as it becomes available. The tf-a-tests changes have been merged to master and can be found here : https://git.trustedfirmware.org/TF-A/tf-a-tests.git/commit/?id=3dc2d746aa4b… . For TF-A, the master branch is compatible with EAC5 changes. If you find any issues, please report them via mailing list, tf-rmm discord channel or github issues. Best Regards Soby Mathew [1] https://developer.arm.com/documentation/den0137/1-0eac5/?lang=en

1 year, 6 months

1
1
0 0

TF-RMM v0.4.0 release

by Soby Mathew

Hi Everyone This is to notify that we have done a TF-RMM v0.4.0 release [0] to correlate with TF-A v2.10 release [1]. The highlights of the release are: * Added initial support for analysing RMM source code with CBMC (https://www.cprover.org/cbmc/). * TF-RMM implementation aligned to RMM v1.0 EAC5 specification<https://developer.arm.com/documentation/den0137/1-0eac5/?lang=en>. * Supported save and restore of Non Secure SME context when Realms are scheduled. * Added TF-RMM Threat Model<https://tf-rmm.readthedocs.io/en/latest/security/threat_model/index.html> to the documentation. * Capability to privately map the per-CPU stack. * Added FEAT_PAUTH and FEAT_BTI support to RMM and capability to use FEAT_PAUTH within realms. * Migrated to PSA Crypto API for attestation and measurement functionality in RMM. * Added FEAT_LPA2 support to Stage 1 MMU code (lib/xlat) in RMM. * Tooling improvements like static commit message checker and clang-tidy integration to RMM build system. * Support for QEMU virt platform was merged. * Several bug fixes, build & test improvements. Please find more details of the release in the changelog [2]. Best Regards Soby Mathew [0] https://git.trustedfirmware.org/TF-RMM/tf-rmm.git/tag/?h=tf-rmm-v0.4.0 [1] https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/tag/?h=v2.10.0 [2] https://tf-rmm.readthedocs.io/en/latest/about/change-log.html#v0-4-0

1 year, 7 months

1
0
0 0

CBMC initial integration in TF-RMM

by Soby Mathew

Hi Everyone, The initial integration of CBMC (C Bounded Model checking) for TF-RMM has been merged. Please refer to the application note here for more details on how to trigger CBMC analysis/coverage/assert targets on TF-RMM implementation : https://tf-rmm.readthedocs.io/en/latest/resources/application-notes/cbmc.ht… Best Regards Soby Mathew

1 year, 8 months

1
0
0 0

Realm Initial Measurement calculation

by Peter Sawicki

Hi, I wonder if there is or there is a plan to develop a dedicated tool that allows a realm developer to calculate Realm Initial Measurements (RIMs) for realms(?) As you know, the remote attestation mechanism requires a verifier to be provisioned with reference values. In this case, a realm verifier should have access to the initial reference measurement (RIM) of a realm that is intended to be run on a remote Arm CCA platform. The algorithm that measures the initial state of realms (RIM) is higly sensitive to the content of a realm memory and the order of RMI operations. This means that not only the content of populated realm memory matters but also the implementation of the host components (e.g. kvm, kvmtool/qemu). For example, in the reference implementation of https://gitlab.arm.com/linux-arm/kvmtool-cca, the layout of memory and the content of DTB highly depend on the provided options (DTB is generated in run-time). Unfortunatelly, the content of DTB also depends on the linking order of object files (the order of DTB generation is imposed by __attribute__((constructor)) that is used to register devices). This complicates development of a separate tool for caclulating RIM, as the tool would have to emulate all quirks of the kvmtool. One of the solution of retrieving Realm Initial Measurements seems to be running the whole firmware/software (e.g. kvmtool/Linux host/TF-RMM) stack on the FVP emulator and gathering the RIM directly from the TF-RMM. This would require a realm developer to have access to the whole firmware/software stack and the emulator of the CCA platform. This might not always be an option. The other solution would require the implementation of a dedicated tool. For instance, a sensible approach could be to extend the functionality of kvmtool, which can be run on an ordinary Linux machine. Is Arm going to develop a dedicated tool(-s) for calculating RIMs? What is the recommended way of retrieving/calculating RIMs for realms? Kind regards, Piotr

1 year, 9 months

2
2
1 0

TF-RMM aligned to RMM v1.0 EAC2 specification

by Soby Mathew

Hi Everyone, The EAC2 development branch has been merged back to the `main` and tagged (https://github.com/TF-RMM/tf-rmm/releases/tag/rmm-spec-v1.0-eac2). TF-RMM is now RMM v1.0 EAC2 [1] compliant and all the corresponding Normal world software entities need to be updated to this version of ABI to work with RMM. Please find the details below: 1) Linux Linux repo: git@git.gitlab.arm.com:linux-arm/linux-cca.git KVM/Host branch : cca-host/rmm-v1.0-eac2 (https://gitlab.arm.com/linux-arm/linux-cca/-/tree/cca-host/rmm-v1.0-eac2) Linux Guest branch : cca-guest/rmm-v1.0-eac2 (https://gitlab.arm.com/linux-arm/linux-cca/-/tree/cca-guest/rmm-v1.0-eac2) Full Linux stack branch : cca-full/rmm-v1.0-eac2 (https://gitlab.arm.com/linux-arm/linux-cca/-/tree/cca-full/rmm-v1.0-eac2) 2) kvmtool repo: git@git.gitlab.arm.com:linux-arm/kvmtool-cca.git eac2 branch: cca/rmm-v1.0-eac2 (https://gitlab.arm.com/linux-arm/kvmtool-cca/-/tree/cca/rmm-v1.0-eac2) 3) kvm-unit-tests repo: git@git.gitlab.arm.com:linux-arm/kvm-unit-tests-cca.git eac2 branch: cca/rmm-v1.0-eac2 (https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca/-/tree/cca/rmm-v1.0-eac2) The tf-a-tests changes have been merged to master as found here : https://git.trustedfirmware.org/TF-A/tf-a-tests.git/commit/?id=e3c73d226e7a… Best Regards Soby Mathew [1] : https://developer.arm.com/documentation/den0137/1-0eac2/?lang=en

1 year, 9 months

1
1
0 0

2025

2024

2023

2022

tf-rmm