mirror of
https://github.com/CTCaer/switch-l4t-atf.git
synced 2024-12-13 21:58:51 +00:00
e29efeb1b4
This initial port of the Secure Partitions Manager to FVP supports BL31 in both SRAM and Trusted DRAM. A document with instructions to build the SPM has been added. Change-Id: I4ea83ff0a659be77f2cd72eaf2302cdf8ba98b32 Co-authored-by: Douglas Raillard <douglas.raillard@arm.com> Co-authored-by: Sandrine Bailleux <sandrine.bailleux@arm.com> Co-authored-by: Achin Gupta <achin.gupta@arm.com> Co-authored-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com> Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
60 lines
1.9 KiB
ReStructuredText
60 lines
1.9 KiB
ReStructuredText
ARM Trusted Firmware - SPM User Guide
|
|
=====================================
|
|
|
|
.. section-numbering::
|
|
:suffix: .
|
|
|
|
.. contents::
|
|
|
|
|
|
This document briefly presents the Secure Partition Management (SPM) support in
|
|
the Arm Trusted Firmware (TF), specifically focusing on how to build Arm TF with
|
|
SPM support.
|
|
|
|
Overview of the SPM software stack
|
|
----------------------------------
|
|
|
|
SPM is supported on the Arm FVP exclusively at the moment.
|
|
|
|
It is not currently possible for BL31 to integrate SPM support and a Secure
|
|
Payload Dispatcher (SPD) at the same time; they are mutually exclusive. In the
|
|
SPM bootflow, a Secure Partition (SP) image executing at Secure-EL0 replaces the
|
|
Secure Payload image executing at Secure-EL1 (e.g. a Trusted OS). Both are
|
|
referred to as BL32.
|
|
|
|
A working prototype of a SP has been implemented by repurposing the EDK2 code
|
|
and tools, leveraging the concept of the *Standalone Management Mode (MM)* in
|
|
the UEFI specification (see the PI v1.6 Volume 4: Management Mode Core
|
|
Interface). This will be referred to as the *Standalone MM Secure Partition* in
|
|
the rest of this document.
|
|
|
|
|
|
Building TF with SPM support
|
|
----------------------------
|
|
|
|
To enable SPM support in the TF, the source code must be compiled with the build
|
|
flag ``ENABLE_SPM=1``. On Arm platforms the build option ``ARM_BL31_IN_DRAM``
|
|
can be used to select the location of BL31, both SRAM and DRAM are supported.
|
|
|
|
|
|
Using the Standalone MM SP
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
First, build the Standalone MM Secure Partition. To build it, refer to the
|
|
`instructions in the EDK2 repository`_.
|
|
|
|
Then build TF with SPM support and include the Standalone MM Secure Partition
|
|
image in the FIP:
|
|
|
|
::
|
|
|
|
BL32=path/to/standalone/mm/sp BL33=path/to/bl33.bin \
|
|
make PLAT=fvp ENABLE_SPM=1 fip all
|
|
|
|
|
|
--------------
|
|
|
|
*Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.*
|
|
|
|
.. _instructions in the EDK2 repository: https://github.com/tianocore/edk2-staging/blob/AArch64StandaloneMm/HowtoBuild.MD
|