In particular this is about specifying the offset field in the endpoint memory access descriptor.

The Hafnium implementation only allows 0 because of the enforced IPA=PA identity mapping. In other words the only allowed policy is that the SPMC "allocates" the region in the SP Stage-2 mapping identified by the Handle.

In the FF-A spec section 5.12.3.2 "A Receiver could specify the address ranges that must be used to map the memory region in its translation regime by describing them in a composite memory region descriptor" is not possible with this implementation:
https://git.trustedfirmware.org/hafnium/hafnium.git/tree/src/ffa_memory.c?h=v2.4#n2214

I think it would be reasonable if Hafnium implements this feature when there is an explicit request for it from a Trusted OS or SP vendor. In the meantime, Hafnium returning INVALID_PARAMETERS sounds like a reasonable approach to me. It implies that the ACK test can be ignored. What do you reckon?

ACS can be updated to skip checks for this. But spec isn't specific about whether this way of retrieving memory is optional.

As there are two ways to retrieve memory, we can make retrieval of memory by specifying address ranges as an optional feature and handle way as a mandatory feature. Also we can make this optional feature discoverable through FFA_FEATURES(FFA_MEM_RETRIEVE_REQ). This can return this interface properties in w2.