Hello Jaehyeon,

 

We are still working on providing support for FEAT_MEC on RMM. More patches are coming in the next few weeks.

 

In order to run the current patches with MEC enabled, you have to set some more parameters for the FVP:

 

    -C bp.mpe.enable=1 \

    -C bp.mpe.block_size_in_bytes=4096 \

    -C bp.mpe.corruption_strategy=0 \

    -C bp.mpe.ignore_mecid=0 \

    -C bp.mpe.output_attributes_parameter_of_core=ExtendedID[62:55]=MPAM_PMG \

    -C bp.mpe.output_attributes_parameter_of_core=ExtendedID[38]=MPAM_SP[0] \

    -C bp.mpe.output_attributes_parameter_of_core=ExtendedID[37]=MPAM_SP[1] \

    -C bp.mpe.output_attributes_parameter_of_core=UserFlags[31:16]=MECID \

    -C bp.mpe.non_secure_pas_enc_key=34 \

    -C bp.mpe.realm_pas_enc_key=136 \

    -C bp.mpe.root_pas_enc_key=68 \

    -C bp.mpe.secure_pas_enc_key=17 \

    -C cluster0.mec_support_level=2 \

    -C cluster0.rme_mecid_width=16 \

    -C cluster1.mec_support_level=2 \

    -C cluster1.rme_mecid_width=16 \

 

I have attached a Shrinkwrap overlay in case you want to use it instead.

 

Let me know if you have any questions.

 

All the best,

 

 

Juan Pablo

 

 

--

From: Jaehyeon Lee

Sent: 23 Jun 2025 6:07 a.m
To: tf-rmm@lists.trustedfirmware.org
Subject: [tf-rmm] Questions regarding ARM CCA MEC feature

 

Hello tf-rmm group,

I'm currently conducting research on the MEC (Memory Encryption Context) feature for sharing memory pages across multiple realms, and I'm interested in testing and potentially extending this functionality w/ new use-cases.

I noticed that there are mec-proto branches available across the TF-A repositories, including rmm, linux, kvmtool, and tf-a, specifically for the CCA memory encryption context. However, I've been unable to successfully launch a system using these branches on the FVP models.

Is there a reference setup or guidance available for bringing up a MEC-enabled Realm environment, similar to the DA branches discussed here?

Also, extending MEC feature to allow sharing pages across multiple realms are feasible w/ current hardware (RME w/ MPE) spec? w/ utilizing MEC_STATE_SHARED state in RMM 1.1 alp14 spec.

Thank you,
Jaehyeon Lee

 

IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.