diff options
| author | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2017-11-09 11:34:09 +0000 |
|---|---|---|
| committer | Antonio Nino Diaz <antonio.ninodiaz@arm.com> | 2017-11-09 11:34:09 +0000 |
| commit | e29efeb1b40a3ac364fc0bf1e15928b400a57e72 (patch) | |
| tree | 3966ce64aad52d4a13adf1a679c2de1137033aa1 /docs | |
| parent | 2fccb228045696b98f83b1d865bac3c65d96b980 (diff) | |
| download | platform_external_arm-trusted-firmware-e29efeb1b40a3ac364fc0bf1e15928b400a57e72.tar.gz platform_external_arm-trusted-firmware-e29efeb1b40a3ac364fc0bf1e15928b400a57e72.tar.bz2 platform_external_arm-trusted-firmware-e29efeb1b40a3ac364fc0bf1e15928b400a57e72.zip | |
SPM: FVP: Introduce port of SPM
This initial port of the Secure Partitions Manager to FVP supports BL31
in both SRAM and Trusted DRAM.
A document with instructions to build the SPM has been added.
Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32
Co-authored-by: Douglas Raillard <douglas.raillard@arm.com>
Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: Achin Gupta <achin.gupta@arm.com>
Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/spm-user-guide.rst | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/docs/spm-user-guide.rst b/docs/spm-user-guide.rst new file mode 100644 index 000000000..a3b64d931 --- /dev/null +++ b/docs/spm-user-guide.rst @@ -0,0 +1,59 @@ +ARM Trusted Firmware - SPM User Guide +===================================== + +.. section-numbering:: + :suffix: . + +.. contents:: + + +This document briefly presents the Secure Partition Management (SPM) support in +the Arm Trusted Firmware (TF), specifically focusing on how to build Arm TF with +SPM support. + +Overview of the SPM software stack +---------------------------------- + +SPM is supported on the Arm FVP exclusively at the moment. + +It is not currently possible for BL31 to integrate SPM support and a Secure +Payload Dispatcher (SPD) at the same time; they are mutually exclusive. In the +SPM bootflow, a Secure Partition (SP) image executing at Secure-EL0 replaces the +Secure Payload image executing at Secure-EL1 (e.g. a Trusted OS). Both are +referred to as BL32. + +A working prototype of a SP has been implemented by repurposing the EDK2 code +and tools, leveraging the concept of the *Standalone Management Mode (MM)* in +the UEFI specification (see the PI v1.6 Volume 4: Management Mode Core +Interface). This will be referred to as the *Standalone MM Secure Partition* in +the rest of this document. + + +Building TF with SPM support +---------------------------- + +To enable SPM support in the TF, the source code must be compiled with the build +flag ``ENABLE_SPM=1``. On Arm platforms the build option ``ARM_BL31_IN_DRAM`` +can be used to select the location of BL31, both SRAM and DRAM are supported. + + +Using the Standalone MM SP +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +First, build the Standalone MM Secure Partition. To build it, refer to the +`instructions in the EDK2 repository`_. + +Then build TF with SPM support and include the Standalone MM Secure Partition +image in the FIP: + +:: + + BL32=path/to/standalone/mm/sp BL33=path/to/bl33.bin \ + make PLAT=fvp ENABLE_SPM=1 fip all + + +-------------- + +*Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.* + +.. _instructions in the EDK2 repository: https://github.com/tianocore/edk2-staging/blob/AArch64StandaloneMm/HowtoBuild.MD |