Page MenuHomePhabricator

OP-TEE SPMC status
Updated 399 Days AgoPublic

OP-TEE SPMC implementation

Introduction

OP-TEE SPMC implementation

This document describes the OP-TEE SPMC (Secure Partition Manager Core) implementation. This implementation is used to support the Trusted Services PSA Secure Partitions (SPs). The PSA SPs are implemented based on the Arm FF-A specification. The OP-TEE SPMC can be used as a reference S-EL1 implementation and the Trusted Services can be used a reference S-EL0 SP implementations.

FF-A

Arm Firmware Framework for Arm A-profile (FF-A) is a framework designed to standardize the communication between the various software images.
Including the communication between the various software images in the Secure world and Normal world. The current release of the OP-TEE SPMC is based around the FF-A v1.0 spec.

OP-TEE

OP-TEE is an open source Trusted Execution Environment (TEE) relying on the Arm TrustZone technology. More information can be found at readthedocs. OP-TEE can run both as a S-EL1 SP or as the S-EL1 SPMC.
This document describes OP-TEE as a S-EL1 SPMC. The current mainline OP-TEE version can be found here.

Trusted Services

The Trusted Services project provides a framework for developing and deploying device Root of Trust (RoT) services across a range of secure processing environments such as those provided by OP-TEE and Hafnium.
More information about Trusted Services can be found at Trusted-Services.

Current Status

Limited support for OP-TEE SPMC aligning with FF-A 1.0 is available since OP-TEE v3.19. Complete support for FF-A 1.0 and TS is planned for upcoming releases. See below for status.
For the OP-TEE release specific testing and results please see the following page:

Important Changes of v4.0.0 release

  • Added support for the boot-order property of the SP manifest. Earlier the boot order was determined by the linking order when using embedded packaging or by the order of SP entries in the FIP package when using FIP packaging. In case the boot-order property is not set for an SP, loading will fall back to the old method.
  • The SPMC has been updated to allow the XEN Hypervisor being executed in the NWd. All Trusted Services tests from DOM0 and DOMU virtual machines are passing.
  • Bug fixes:
    • The SPMC was accepting direct messages targeting yet to be initialized SPs, and could jumping to an invalid address as a result.
    • The SPMC was clearing MBZ registers when making FFA_ERROR calls. This could result in incorrect operation.
    • In some scenarios the destination of FFA_ERROR calls were set incorrectly.
    • Code handling the FFA_MEM_RECLAIM calls incorrectly assumed the NWd endpoint being 0. This resulted in a crash when a hypervisor is present in the NWd.
SPMC status

For a list of supported FF-A features please see: https://optee.readthedocs.io/en/latest/architecture/spmc.html

Trusted Services status

All Trusted Services Secure Partitions are supported with OP-TEE SPMC v4.0.0

Trusted Services SP support status:

NameStatus
internal-trusted-storageSupported
protected-storageSupported
cryptoSupported
attestationSupported
firmware-updateSupported
block-storageSupported
smm-gatewaySupported

Build

The build process follows the OP-TEE build process. Additional information is needed for some steps:

  • Step 1: The Trusted Services project has some extra requirements described on this page, please install these.
  • Step 3: Use the manifest file for Trusted Services integration and use the 4.0.0 tagged version.

repo init -u https://github.com/OP-TEE/manifest.git -m fvp-ts.xml -b 4.0.0

  • Step 6 and onwards: Since we're running on models instead of real hardware, these steps are not necessary.

Boot

The current system uses the Arm AEMv-A Base Platform FVP to run the test environment. The latest version can be found at Arm Architecture Models. The downloaded FVP should be extracted at the project root (<project root>/Base_RevC_AEMvA_pkg).

Boot the system on the FVP:

make -C build run-only

Two console windows should appear, one for the Secure World and one for the Normal World. When the boot is complete, login as root. Then run these commands to load the necessary kernel modules and install the TS test applications and libraries:

/mnt/host/out/linux-arm-ffa-tee/load_module.sh
/mnt/host/out/linux-arm-ffa-user/load_module.sh
cp -at /usr /mnt/host/out/ts-install/arm-linux/bin /mnt/host/out/ts-install/arm-linux/lib

To run the SPMC tests built into xtest (OP-TEE test suite):

xtest -t ffa_spmc
Last Author
gyuri-szing
Last Edited
Oct 18 2023, 12:55 PM

Event Timeline

gyuri-szing created this object.Feb 22 2022, 2:42 PM
gyuri-szing created this object with visibility "Custom Policy".
gyuri-szing changed the edit policy from "Custom Policy" to "Custom Policy".
jellesels-arm changed the title from Op-tee-spmc to OP-TEE-SPMC status.Feb 22 2022, 2:43 PM
jellesels-arm edited the content of this document. (Show Details)Feb 22 2022, 3:00 PM
jellesels-arm edited the content of this document. (Show Details)Feb 22 2022, 3:18 PM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)Feb 22 2022, 3:35 PM
jellesels-arm published a new version of this document.
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 4:38 PM
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 4:43 PM
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 4:52 PM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 4:55 PM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 4:57 PM
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 5:41 PM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 5:45 PM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 5:47 PM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 5:52 PM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 5:54 PM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 5:57 PM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm published a new version of this document.
jellesels-arm edited the content of this document. (Show Details)Feb 25 2022, 5:59 PM
jellesels-arm changed the title from OP-TEE-SPMC status to OP-TEE SPMC status-v3.16.Feb 28 2022, 5:20 PM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm edited the content of this document. (Show Details)Feb 28 2022, 5:24 PM
jellesels-arm changed the visibility from "Custom Policy" to "Public (No Login Required)".
jellesels-arm edited the content of this document. (Show Details)Mar 1 2022, 9:36 AM
jellesels-arm edited the content of this document. (Show Details)
jellesels-arm published a new version of this document.Mar 1 2022, 9:38 AM
jellesels-arm edited the content of this document. (Show Details)Mar 1 2022, 10:27 AM
gyuri-szing changed the edit policy from "Custom Policy" to "Custom Policy".Apr 21 2022, 2:22 PM
balintdobszay changed the title from OP-TEE SPMC status-v3.16 to OP-TEE SPMC status v3.17.Apr 22 2022, 9:54 AM
balintdobszay edited the content of this document. (Show Details)
balintdobszay changed the title from OP-TEE SPMC status-v3.16 to OP-TEE SPMC status v3.17.Apr 22 2022, 1:10 PM
balintdobszay edited the content of this document. (Show Details)
balintdobszay changed the title from OP-TEE SPMC status-v3.16 to OP-TEE SPMC status v3.17.Apr 22 2022, 1:53 PM
balintdobszay edited the content of this document. (Show Details)
balintdobszay published a new version of this document.Apr 22 2022, 1:58 PM
balintdobszay edited the content of this document. (Show Details)Apr 22 2022, 2:11 PM
balintdobszay changed the title from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.Jul 4 2022, 12:08 PM
balintdobszay edited the content of this document. (Show Details)
balintdobszay changed the title from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.Jul 4 2022, 1:37 PM
balintdobszay changed the title from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
balintdobszay changed the title from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.
balintdobszay edited the content of this document. (Show Details)
balintdobszay edited the content of this document. (Show Details)
balintdobszay edited the content of this document. (Show Details)
balintdobszay changed the title from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.Jul 4 2022, 1:43 PM
balintdobszay edited the content of this document. (Show Details)
balintdobszay changed the title from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.Jul 15 2022, 12:45 PM
balintdobszay edited the content of this document. (Show Details)
balintdobszay changed the title from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.Jul 15 2022, 12:57 PM
balintdobszay edited the content of this document. (Show Details)
balintdobszay changed the title from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.Jul 15 2022, 1:01 PM
balintdobszay edited the content of this document. (Show Details)
balintdobszay changed the title from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.Jul 15 2022, 1:22 PM
balintdobszay edited the content of this document. (Show Details)
balintdobszay changed the title from OP-TEE SPMC status v3.17 to OP-TEE SPMC status v3.18.Jul 15 2022, 1:30 PM
balintdobszay edited the content of this document. (Show Details)
balintdobszay published a new version of this document.
balintdobszay changed the title from OP-TEE SPMC status v3.18 to OP-TEE SPMC status.Oct 17 2022, 12:59 PM
balintdobszay edited the content of this document. (Show Details)
balintdobszay edited the content of this document. (Show Details)
balintdobszay edited the content of this document. (Show Details)Oct 18 2022, 10:10 AM
gyuri-szing changed the edit policy from "Custom Policy" to "Custom Policy".Feb 2 2023, 11:41 AM
mardyk01 edited the content of this document. (Show Details)Feb 3 2023, 3:20 PM
gyuri-szing changed the edit policy from "Custom Policy" to "Custom Policy".Apr 17 2023, 12:45 PM
imre-kis-arm edited the content of this document. (Show Details)Apr 26 2023, 10:34 AM
gyuri-szing changed the edit policy from "Custom Policy" to "Custom Policy".Jun 22 2023, 10:47 AM
gabor-toth-arm edited the content of this document. (Show Details)Jun 22 2023, 1:13 PM
gabor-toth-arm edited the content of this document. (Show Details)Jun 26 2023, 9:46 AM
gabor-toth-arm edited the content of this document. (Show Details)Jun 26 2023, 9:48 AM
gabor-toth-arm edited the content of this document. (Show Details)Jun 26 2023, 9:56 AM
gabor-toth-arm edited the content of this document. (Show Details)
gabor-toth-arm edited the content of this document. (Show Details)Jun 27 2023, 12:32 PM
gabor-toth-arm edited the content of this document. (Show Details)
gyuri-szing edited the content of this document. (Show Details)Oct 17 2023, 9:12 AM
gyuri-szing edited the content of this document. (Show Details)Oct 17 2023, 9:15 AM
gyuri-szing edited the content of this document. (Show Details)Oct 18 2023, 12:52 PM
gyuri-szing edited the content of this document. (Show Details)Oct 18 2023, 12:55 PM
gyuri-szing changed the edit policy from "Custom Policy" to "Trusted Services (Project)".Jan 24 2024, 12:24 PM

This is an excellent and comprehensive overview of the OP-TEE SPMC implementation. The document does a great job of explaining the purpose and functionality of the Secure Partition Manager Core (SPMC), its relationship with the Arm FF-A specification, and how it supports the Trusted Services PSA Secure Partitions (SPs). The detailed status of various features and functionalities provides a clear picture of the current state of the implementation. The inclusion of build steps and requirements is also very helpful for anyone looking to work with this implementation. However, it would be beneficial to provide more context or examples for some of the technical terms and acronyms used in the document for readers who may not be familiar with them. Overall, a well-written and informative piece. Great job! geometry dash