Lines Matching full:secure
1 Secure Partition Manager (MM)
7 This document describes the implementation where the Secure Partition Manager
8 resides at EL3 and management services run from isolated Secure Partitions at
17 applications to provide security services like DRM, secure payment and
19 used by Non-secure world applications to access these services. A Trusted OS
31 centres and enterprise servers) the secure software stack typically does not
43 A **Secure Partition** is a software execution environment instantiated in
45 Since S-EL0 is an unprivileged Exception Level, a Secure Partition relies on
47 resources. Essentially, it is a software sandbox in the Secure world that runs
57 Note that currently TF-A only supports handling one Secure Partition.
59 A Secure Partition enables TF-A to implement only the essential secure
61 Furthermore, multiple Secure Partitions can be used to isolate unrelated
64 The following diagram illustrates the place of a Secure Partition in a typical
65 Armv8-A software stack. A single or multiple Secure Partitions provide secure
66 services to software components in the Non-secure world and other Secure
71 The TF-A build system is responsible for including the Secure Partition image
73 Secure Partition image. A BL31 component called **Secure Partition Manager
79 - Allocate resources requested by the Secure Partition.
81 - Perform architectural and system setup required by the Secure Partition to
84 - Implement a standard interface that is used for initialising a Secure
89 - Implement a standard interface that is used by a Secure Partition to fulfil
92 - Implement a standard interface that is used by the Non-secure world for
93 accessing the services exported by a Secure Partition. A service can be
104 architecture of a Secure Partition. This section describes the specific choices
109 Building TF-A with Secure Partition support
113 implementation supports inclusion of only a single Secure Partition in which a
117 It is not currently possible for BL31 to integrate SPM support and a Secure
119 SPM bootflow, a Secure Partition image executing at S-EL0 replaces the Secure
126 Interface). This will be referred to as the *Standalone MM Secure Partition* in
135 First, build the Standalone MM Secure Partition. To build it, refer to the
138 Then build TF-A with SPM support and include the Standalone MM Secure Partition
146 Describing Secure Partition resources
150 resources required by the Secure Partition. Some instructions are given below.
154 - A Secure Partition is considered a BL32 image, so the same defines that apply
155 to BL32 images apply to a Secure Partition: ``BL32_BASE`` and ``BL32_LIMIT``.
158 used by the Secure Partition: ``PLAT_SP_IMAGE_MMAP_REGIONS`` and
167 describe the memory regions that the SPM needs to allocate for a Secure
172 with information about the memory map of the Secure Partition.
177 Accessing Secure Partition services
181 accessing services implemented in the Secure world. The ``MM_COMMUNICATE``
183 0060A*) is used to invoke a Secure Partition service as a Fast Call.
192 buffer shared with the Secure Partition.
200 Exchanging data with the Secure Partition
203 The exchange of data between the Non-secure world and the partition takes place
207 to the Non-secure world or discovered through a platform discovery mechanism
208 e.g. ACPI table or device tree. It is possible for the Non-secure world to
215 agreed between the Non-secure world and the Secure Partition. For example, in
217 describes that the communication buffer shared between the Non-secure world and
218 the Management Mode (MM) in the Secure world must be of the type
224 Runtime model of the Secure Partition
227 This section describes how the Secure Partition interfaces with the SPM.
232 In order to instantiate one or more secure services in the Secure Partition in
237 amongst multiple software components in the Secure world or cannot be directly
240 - Interfaces that establish the control path between the SPM and the Secure
244 Secure Partition to initialise itself and export its services in S-EL0. These
245 interfaces are not accessible from the Non-secure world.
255 Hence, the SVC conduit must be used by the Secure Partition to access interfaces
260 from a Secure Partition as a SMC request to the SPM in EL3. Upon servicing the
277 instruction (ERET) to S-EL0. Later, the Secure Partition issues an SVC
281 - A request to initialise the Secure Partition during system boot.
285 Communication initiated by Secure Partition
288 A request is initiated from the Secure Partition by executing a SVC instruction.
294 the Secure EL1&0 translation regime).
300 Secure Service calls range (see `SMC Calling Convention`_ (*Arm DEN 0028B*)
306 Secure Partition Event Management
309 The Secure Partition provides an Event Management interface that is used by the
310 SPM to delegate service requests to the Secure Partition. The interface also
311 allows the Secure Partition to:
351 This function returns the version of the Secure Partition Manager
374 Secure Partition Initialisation
381 handling requests for services implemented by the Secure Partition. The
388 used as the target of the ERET instruction to start initialisation of the Secure
401 The platform port of a Secure Partition specifies to the SPM a list of regions
403 description and initialises the Secure EL1&0 translation regime as follows.
484 buffer will be mapped in the Secure EL1&0 translation regime with read-only
496 The SPM receives requests for Secure Partition services through a synchronous
497 invocation (i.e. a SMC from the Non-secure world). These requests are delegated
500 was made to signal either completion of Secure Partition initialisation or
519 The values depend upon the original event that was delegated to the Secure
522 - ``SUCCESS`` : Used to indicate that the Secure Partition was initialised
541 from the Non-secure world.
545 - ``NOT_SUPPORTED``: Function was called from the Non-secure world.
552 Address of a buffer shared between the SPM and Secure Partition to pass
556 The buffer is mapped in the Secure EL1&0 translation regime with read-only
580 A Secure Partition must only call ``MM_SP_EVENT_COMPLETE_AARCH64`` to signal
585 When the SPM receives this call from a Secure Partition, the corresponding
587 instruction, to the instruction immediately after the call in the Secure
592 event to the Secure Partition. The return parameters of this interface must
596 Secure Partition Memory Management
599 A Secure Partition executes at S-EL0, which is an unprivileged Exception Level.
601 address map from a Secure Partition. This is done by mapping these regions in
602 the Secure EL1&0 Translation regime with appropriate memory attributes.
607 All memory required by the Secure Partition is allocated upfront in the SPM,
608 even before handing over to the Secure Partition for the first time. The initial
610 port and should allow the Secure Partition to run its initialisation code.
612 However, they might not suit the final needs of the Secure Partition because its
613 final memory layout might not be known until the Secure Partition initialises
614 itself. As the Secure Partition initialises its runtime environment it might,
615 for example, load dynamically some modules. For instance, a Secure Partition
618 a part of the Secure Partition image. The location of various sections in an
622 In this case, the Secure Partition needs a way to change the access permissions
625 available to the Secure Partition during a specific time window: from the first
626 entry into the Secure Partition up to the first ``SP_EVENT_COMPLETE`` call that
627 signals the Secure Partition has finished its initialisation. Once the
633 Secure Partition.
679 - ``INVALID_PARAMETERS``: The Secure Partition is not allowed to access the
683 any memory page that is accessible by the Secure Partition, or the
684 function was called from the Non-secure world. Also returned if it is
693 memory region accessible from a Secure Partition. The size of the memory
694 region is equal to the Translation Granule size used in the Secure EL1&0
700 The caller must obtain the Translation Granule Size of the Secure EL1&0
706 is not accessible from a Secure Partition.
726 of the Translation Granule Size used in the Secure EL1&0 translation
764 has been specified. The Base Address is not correctly aligned. The Secure
772 memory region that is accessible by the Secure Partition. Function was
773 called from the Non-secure world. Also returned if it is used after
782 memory region accessible from a Secure Partition. The size of the memory
783 region is equal to the Translation Granule size used in the Secure EL1&0
788 the Secure Partition sends the first ``MM_SP_EVENT_COMPLETE_AARCH64`` to
793 The caller must obtain the Translation Granule Size of the Secure EL1&0