OP-TEE SPMC implementation ========================== Introduction ------------ ### OP-TEE SPMC implementation This document describes the OP-TEE SPMC implementation. This implementation is used to support the Trusted Services PSA SPs. The PSA SPs are based on the Arm FF-A specifications. The OP-TEE SPMC can be used as a reference S-EL1 implementation and the Trusted Service can be used a reference S-EL0 SP implementations. ### FF-A Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed to standardize the communication between the various software images. Including the communication between the various software images in the Secure world and Normal world. The current release of the OP-TEE SPMC is based around the [FF-A v1.0 spec](https://developer.arm.com/documentation/den0077/latest.) ### OP-TEE OP-TEE is an open source Trusted Execution Environment (TEE) implementing the Arm TrustZone technology. More information can be found at [readthedocs](https://optee.readthedocs.io/en/latest/) OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC. This document describes OP-TEE as a S-El1 SPMC. The current mainline OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os) ### Trusted Services The Trusted Services project provides a framework for developing and deploying device Root Of Trust (RoT) services across a range of secure processing environments such as those provided by OP-TEE and Hafnium. More information about Trusted Service can be found at [Trusted-Services](https://trusted-services.readthedocs.io/en/latest/) Current Status -------------- Currently the mainline OP-TEE SPMC is not yet fully compliant with the FF-A V1.0 spec. It also doesn\'t support all of the Trusted Services SPs. ### SPMC status OP-TEE mainline SPMC FF-A status: ------------------- --------------- SP loading Supported SP messaging Supported Manifest file Not Supported Memory management Supported :

= OP-TEE SPMC implementation == Introduction ==== OP-TEE SPMC implementation This document describes the OP-TEE SPMC (Secure Partition Manager Core) implementation. This implementation is used to support the Trusted Services PSA Secure Partitions (SPs). The PSA SPs are implemented based on the Arm FF-A specification. The OP-TEE SPMC can be used as a reference S-EL1 implementation and the Trusted Services can be used a reference S-EL0 SP implementations. ==== FF-A Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed to standardize the communication between the various software images. Including the communication between the various software images in the Secure world and Normal world. The current release of the OP-TEE SPMC is based around the [FF-A v1.0 spec](https://developer.arm.com/documentation/den0077/latest). ==== OP-TEE OP-TEE is an open source Trusted Execution Environment (TEE) relying on the Arm TrustZone technology. More information can be found at [readthedocs](https://optee.readthedocs.io/en/latest/). OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC. This document describes OP-TEE as a S-EL1 SPMC. The current mainline OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os). ==== Trusted Services The Trusted Services project provides a framework for developing and deploying device Root of Trust (RoT) services across a range of secure processing environments such as those provided by OP-TEE and Hafnium. More information about Trusted Services can be found at [Trusted-Services](https://trusted-services.readthedocs.io/en/latest/). == Current Status Limited support for OP-TEE SPMC aligning with FF-A 1.0 is available since OP-TEE v3.19. Complete support for FF-A 1.0 and TS is planned for upcoming releases. See below for status. For the OP-TEE release specific testing and results please see the following page: - [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-19/ | OP-TEE 3.19 release ]] - [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-20/ | OP-TEE 3.20 release ]] - [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-21/ | OP-TEE 3.21 release ]] - [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]] - [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]] - [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-4-0/ | OP-TEE 4.0.0 release ]] == Important Changes of v4.0.0 release == - Added support for the `boot-order` property of the SP manifest. Earlier the boot order was determined by the linking order when using embedded packaging or by the order of SP entries in the FIP package when using FIP packaging. In case the `boot-order` property is not set for an SP, loading will fall back to the old method. - The SPMC has been updated to allow the XEN Hypervisor being executed in the NWd. All Trusted Services tests from DOM0 and DOMU virtual machines are passing. - Bug fixes: - The SPMC was accepting direct messages targeting yet to be initialized SPs, and could jumping to an invalid address as a result. - The SPMC was clearing MBZ registers when making FFA_ERROR calls. This could result in incorrect operation. - In some scenarios the destination of FFA_ERROR calls were set incorrectly. - Code handling the FFA_MEM_RECLAIM calls incorrectly assumed the NWd endpoint being 0. This resulted in a crash when a hypervisor is present in the NWd. ==== SPMC status For a list of supported FF-A features please see: https://optee.readthedocs.io/en/latest/architecture/spmc.html ==== Trusted Services status All Trusted Services Secure Partitions are supported with OP-TEE SPMC v4.0.0 Trusted Services SP support status: | Name | Status | |--------------------------|-----------| | internal-trusted-storage | Supported | | protected-storage | Supported | | crypto | Supported | | attestation | Supported | | firmware-update | Supported | | block-storage | Supported | | smm-gateway | Supported | == Build The build process follows the [OP-TEE build process](https://optee.readthedocs.io/en/latest/building/gits/build.html#get-and-build-the-solution). Additional information is needed for some steps: - [Step 1](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-1-prerequisites): The Trusted Services project has some extra requirements described on [this page](https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html), please install these. - [Step 2](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-2-install-android-repo): - - [Step 3](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-3-get-the-source-code): Use the manifest file for Trusted Services integration and use the 4.0.0 tagged version. `repo init -u https://github.com/OP-TEE/manifest.git -m fvp-ts.xml -b 4.0.0` - [Step 4](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-4-get-the-toolchains): - - [Step 5](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-5-build-the-solution): - - [Step 6 and onwards](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-6-flash-the-device): Since we're running on models instead of real hardware, these steps are not necessary. == Boot The current system uses the Arm AEMv-A Base Platform FVP to run the test environment. The latest version can be found at [Arm Architecture Models](https://developer.arm.com/downloads/-/arm-ecosystem-models). The downloaded FVP should be extracted at the project root (`<project root>/Base_RevC_AEMvA_pkg`). Boot the system on the FVP: make -C build run-only Two console windows should appear, one for the Secure World and one for the Normal World. When the boot is complete, login as root. Then run these commands to load the necessary kernel modules and install the TS test applications and libraries: /mnt/host/out/linux-arm-ffa-tee/load_module.sh /mnt/host/out/linux-arm-ffa-user/load_module.sh cp -at /usr /mnt/host/out/ts-install/arm-linux/bin /mnt/host/out/ts-install/arm-linux/lib To run the SPMC tests built into xtest (OP-TEE test suite): xtest -t ffa_spmc

= OP-TEE SPMC implementation ========================== == Introduction ------------ ###==== OP-TEE SPMC implementation This document describes the OP-TEE SPMC (Secure Partition Manager Core) implementation. This implementation is used to support the Trusted Services PSA SPsecure Partitions (SPs). The PSA SPs are implemented based on the Arm FF-A specification. The PSAOP-TEE SPMC can be used as a reference S-EL1 implementation and the Trusted Services can be used a reference S-EL0 SP implementations. ==== FF-A Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed to standardize the communication between the various software images. SPs are based on the Arm FF-A specificationsIncluding the communication between the various software images in the Secure world and Normal world. The current release of the OP-TEE SPMC is based around the [FF-A v1.0 spec](https://developer.arm.com/documentation/den0077/latest). ==== OP-TEE OP-TEE is an open source Trusted Execution Environment (TEE) relying on the Arm TrustZone technology. More information can be found at [readthedocs](https://optee.readthedocs.io/en/latest/). The OP-TEE SPMC can beOP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC. used as a reference S-EL1 implementation and the Trusted Service can beThis document describes OP-TEE as a S-EL1 SPMC. The current mainline OP-TEE version can be found [here](https://github.com/OP-TEE/optee_os). ==== Trusted Services The Trusted Services project provides a framework for developing and deploying device Root of Trust (RoT) services across a range of secure processing environments such as those provided by OP-TEE and Hafnium. used a reference S-EL0 SP implementationsMore information about Trusted Services can be found at [Trusted-Services](https://trusted-services.readthedocs.io/en/latest/). ### FF-A== Current Status Limited support for OP-TEE SPMC aligning with FF-A 1.0 is available since OP-TEE v3.19. Complete support for FF-A 1.0 and TS is planned for upcoming releases. See below for status. For the OP-TEE release specific testing and results please see the following page: Arm F- [[ https://developer.trustedfirmware Framework for Arm A-profile (FF-A) is a framework designed.org/w/trusted-services/op-tee-spmc/release-testing-3-19/ | OP-TEE 3.19 release ]] to standardize the communication between the various software images.- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-20/ | OP-TEE 3.20 release ]] Including the communication between the various software images in the- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-21/ | OP-TEE 3.21 release ]] Secure world and Normal world. The current - [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release of the-testing-3-22/ | OP-TEE SPMC is3.22 release ]] based around the [FF-A v1.0- [[ https://developer.trustedfirmware.org/w/trusted-services/op-tee-spmc/release-testing-3-22/ | OP-TEE 3.22 release ]] spec](- [[ https://developer.arm.com/documentation/den0077/latrustedfirmware.org/w/trusted-services/op-tee-spmc/release-test.)ing-4-0/ | OP-TEE 4.0.0 release ]] ### OP-TEE== Important Changes of v4.0.0 release == OP-TEE is an open source Trusted Execution Environment (TEE)- Added support for the `boot-order` property of the SP manifest. Earlier the boot order was determined by the linking order when using embedded packaging or by the order of SP entries in the FIP package when using FIP packaging. In case the `boot-order` property is not set for an SP, loading will fall back to the old method. - The SPMC has been updated to allow the XEN Hypervisor being executed in the NWd. All Trusted Services tests from DOM0 and DOMU virtual machines are passing. - Bug fixes: implementing the Arm TrustZone technology. More information can be found at [readthedocs](https://optee.readthedocs.io/en/latest/) OP-TEE can run - The SPMC was accepting direct messages targeting yet to be initialized SPs, and could jumping to an invalid address as a result. both as a S-EL1 SP or as the S-EL1 SPMC - The SPMC was clearing MBZ registers when making FFA_ERROR calls. This document describes OP-TEEcould result in incorrect operation. as a S-El1 SPMC. The current mainline OP-TEE version can be found - In some scenarios the destination of FFA_ERROR calls were set incorrectly. [here](https://github.com/OP-TEE/optee_os) - Code handling the FFA_MEM_RECLAIM calls incorrectly assumed the NWd endpoint being 0. This resulted in a crash when a hypervisor is present in the NWd. ==== SPMC status ### Trusted ServiceFor a list of supported FF-A features please see: https://optee.readthedocs.io/en/latest/architecture/spmc.html ==== Trusted Services status The Trusted Services project provides a framework for developing andAll Trusted Services Secure Partitions are supported with OP-TEE SPMC v4.0.0 Trusted Services SP support status: | Name | Status | deploying device Root Of Trust (RoT) services across a range of secure|--------------------------|-----------| processing environments such as those provided by OP-TEE and Hafnium.| internal-trusted-storage | Supported | More information about Trusted Service can be found at| protected-storage | Supported | [Trusted-Services](https://trusted-services.readthedocs.io/en/latest/) Current Status| crypto | Supported | -------------- Currently the mainline OP-TEE SPMC is not yet fully compliant with the| attestation | Supported | | firmware-update | Supported | FF-A V1.0 spec. It also doesn\'t support all of the Trus| block-storage | Supported Services| SPs.| smm-gateway | Supported | ### SPMC status== Build OP-TEE mainline SPMC FF-A statuThe build process follows the [OP-TEE build process](https://optee.readthedocs.io/en/latest/building/gits/build.html#get-and-build-the-solution). Additional information is needed for some steps: ------------------- --------------- SP loading Supported SP messaging Supported- [Step 1](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-1-prerequisites): The Trusted Services project has some extra requirements described on [this page](https://trusted-services.readthedocs.io/en/latest/developer/software-requirements.html), please install these. - [Step 2](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-2-install-android-repo): - - [Step 3](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-3-get-the-source-code): Use the manifest file for Trusted Services integration and use the 4.0.0 tagged version. Manifest file Not Supported`repo init -u https://github.com/OP-TEE/manifest.git -m fvp-ts.xml -b 4.0.0` - [Step 4](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-4-get-the-toolchains): - - [Step 5](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-5-build-the-solution): - - [Step 6 and onwards](https://optee.readthedocs.io/en/latest/building/gits/build.html#step-6-flash-the-device): Since we're running on models instead of real hardware, these steps are not necessary. == Boot The current system uses the Arm AEMv-A Base Platform FVP to run the test environment. The latest version can be found at [Arm Architecture Models](https://developer.arm.com/downloads/-/arm-ecosystem-models). The downloaded FVP should be extracted at the project root (`<project root>/Base_RevC_AEMvA_pkg`). Boot the system on the FVP: make -C build run-only Two console windows should appear, one for the Secure World and one for the Normal World. When the boot is complete, login as root. Then run these commands to load the necessary kernel modules and install the TS test applications and libraries: /mnt/host/out/linux-arm-ffa-tee/load_module.sh Memory management Supported /mnt/host/out/linux-arm-ffa-user/load_module.sh : cp -at /usr /mnt/host/out/ts-install/arm-linux/bin /mnt/host/out/ts-install/arm-linux/lib To run the SPMC tests built into xtest (OP-TEE test suite): xtest -t ffa_spmc