aboutsummaryrefslogtreecommitdiffstats
path: root/docs/spm-user-guide.rst
diff options
context:
space:
mode:
Diffstat (limited to 'docs/spm-user-guide.rst')
-rw-r--r--docs/spm-user-guide.rst59
1 files changed, 59 insertions, 0 deletions
diff --git a/docs/spm-user-guide.rst b/docs/spm-user-guide.rst
new file mode 100644
index 000000000..a3b64d931
--- /dev/null
+++ b/docs/spm-user-guide.rst
@@ -0,0 +1,59 @@
+ARM Trusted Firmware - SPM User Guide
+=====================================
+
+.. section-numbering::
+ :suffix: .
+
+.. contents::
+
+
+This document briefly presents the Secure Partition Management (SPM) support in
+the Arm Trusted Firmware (TF), specifically focusing on how to build Arm TF with
+SPM support.
+
+Overview of the SPM software stack
+----------------------------------
+
+SPM is supported on the Arm FVP exclusively at the moment.
+
+It is not currently possible for BL31 to integrate SPM support and a Secure
+Payload Dispatcher (SPD) at the same time; they are mutually exclusive. In the
+SPM bootflow, a Secure Partition (SP) image executing at Secure-EL0 replaces the
+Secure Payload image executing at Secure-EL1 (e.g. a Trusted OS). Both are
+referred to as BL32.
+
+A working prototype of a SP has been implemented by repurposing the EDK2 code
+and tools, leveraging the concept of the *Standalone Management Mode (MM)* in
+the UEFI specification (see the PI v1.6 Volume 4: Management Mode Core
+Interface). This will be referred to as the *Standalone MM Secure Partition* in
+the rest of this document.
+
+
+Building TF with SPM support
+----------------------------
+
+To enable SPM support in the TF, the source code must be compiled with the build
+flag ``ENABLE_SPM=1``. On Arm platforms the build option ``ARM_BL31_IN_DRAM``
+can be used to select the location of BL31, both SRAM and DRAM are supported.
+
+
+Using the Standalone MM SP
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+First, build the Standalone MM Secure Partition. To build it, refer to the
+`instructions in the EDK2 repository`_.
+
+Then build TF with SPM support and include the Standalone MM Secure Partition
+image in the FIP:
+
+::
+
+ BL32=path/to/standalone/mm/sp BL33=path/to/bl33.bin \
+ make PLAT=fvp ENABLE_SPM=1 fip all
+
+
+--------------
+
+*Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.*
+
+.. _instructions in the EDK2 repository: https://github.com/tianocore/edk2-staging/blob/AArch64StandaloneMm/HowtoBuild.MD
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-15 16:53:55 +0000