On Mon, Jun 30, 2025 at 01:34:44PM +0100, Soby Mathew wrote:
Hi Jaehyeon, We haven’t created a shrinkwrap overlay for the MEC branches mentioned below. These branches were pushed to help prototyping efforts in various components involved. There could be several possibilities why Realm launch failed including incorrect options to lkvm tool.
Adding Jean Philippe to the thread in case there are some instructions available for consuming these branches.
Nothing comes to mind, sorry, I haven't written any documentation yet. For reference I've used the following model parameters when working on MEC:
-C cluster0.mec_support_level: 2 -C cluster0.rme_mecid_width: 16 -C cluster1.mec_support_level: 2 -C cluster1.rme_mecid_width: 16 -C bp.mpe.enable: 1 -C cluster0.output_attributes: ExtendedID[62:55]=MPAM_PMG,ExtendedID[38]=MPAM_SP[0],ExtendedID[37]=MPAM_SP[1],UserFlags[31:16]=MECID -C cluster1.output_attributes: ExtendedID[62:55]=MPAM_PMG,ExtendedID[38]=MPAM_SP[0],ExtendedID[37]=MPAM_SP[1],UserFlags[31:16]=MECID -C bp.mpe.output_attributes_parameter_of_core: ExtendedID[62:55]=MPAM_PMG,ExtendedID[38]=MPAM_SP[0],ExtendedID[37]=MPAM_SP[1],UserFlag
Apart from that kvmtool doesn't take any extra parameter, unless you want to enable shared MEC context with --shared-mec. Private MECID contexts should be enabled automatically when available.
Thanks, Jean
extending MEC feature to allow sharing pages across multiple realms are
feasible w/ current hardware (RME w/ MPE) spec? w/ utilizing MEC_STATE_SHARED state in RMM 1.1 alp14 spec.
There is no hardware limitation , but sharing pages between Realms is not supported in RMM specification. The MEC_STATE_SHARED will allow multiple realms to use the same MECID, but this will not allow to share data directly between Realms.
Best Regards
Soby Mathew
From: Juan Pablo Conde via tf-rmm tf-rmm@lists.trustedfirmware.org Sent: Friday, June 27, 2025 11:49 PM To: tf-rmm@lists.trustedfirmware.org Subject: [tf-rmm] Re: Questions regarding ARM CCA MEC feature
Hello Jaehyeon,
We are still working on providing support for FEAT_MEC on RMM. More patches are coming in the next few weeks.
In order to run the current patches with MEC enabled, you have to set some more parameters for the FVP:
-C bp.mpe.enable=1 \ -C bp.mpe.block_size_in_bytes=4096 \ -C bp.mpe.corruption_strategy=0 \ -C bp.mpe.ignore_mecid=0 \ -C bp.mpe.output_attributes_parameter_of_core=ExtendedID[62:55]=MPAM_PMG \ -C bp.mpe.output_attributes_parameter_of_core=ExtendedID[38]=MPAM_SP[0] \ -C bp.mpe.output_attributes_parameter_of_core=ExtendedID[37]=MPAM_SP[1] \ -C bp.mpe.output_attributes_parameter_of_core=UserFlags[31:16]=MECID \ -C bp.mpe.non_secure_pas_enc_key=34 \ -C bp.mpe.realm_pas_enc_key=136 \ -C bp.mpe.root_pas_enc_key=68 \ -C bp.mpe.secure_pas_enc_key=17 \ -C cluster0.mec_support_level=2 \ -C cluster0.rme_mecid_width=16 \ -C cluster1.mec_support_level=2 \ -C cluster1.rme_mecid_width=16 \I have attached a Shrinkwrap overlay in case you want to use it instead.
Let me know if you have any questions.
All the best,
Juan Pablo
--
From: Jaehyeon Lee
Sent: 23 Jun 2025 6:07 a.m To: tf-rmm@lists.trustedfirmware.org Subject: [tf-rmm] Questions regarding ARM CCA MEC feature
Hello tf-rmm group,
I'm currently conducting research on the MEC (Memory Encryption Context) feature for sharing memory pages across multiple realms, and I'm interested in testing and potentially extending this functionality w/ new use-cases.
I noticed that there are mec-proto branches available across the TF-A repositories, including rmm, linux, kvmtool, and tf-a, specifically for the CCA memory encryption context. However, I've been unable to successfully launch a system using these branches on the FVP models.
Is there a reference setup or guidance available for bringing up a MEC-enabled Realm environment, similar to the DA branches discussed here?
Also, extending MEC feature to allow sharing pages across multiple realms are feasible w/ current hardware (RME w/ MPE) spec? w/ utilizing MEC_STATE_SHARED state in RMM 1.1 alp14 spec.
Thank you, Jaehyeon Lee
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.