docs/spm-user-guide.rst - filogic/atf - Gitiles

 ARM Trusted Firmware - SPM User Guide
 =====================================

 .. section-numbering::
     :suffix: .

 .. contents::


 This document briefly presents the Secure Partition Management (SPM) support in
 the Arm Trusted Firmware (TF), specifically focusing on how to build Arm TF with
 SPM support.

 Overview of the SPM software stack
 ----------------------------------

 SPM is supported on the Arm FVP exclusively at the moment.

 It is not currently possible for BL31 to integrate SPM support and a Secure
 Payload Dispatcher (SPD) at the same time; they are mutually exclusive. In the
 SPM bootflow, a Secure Partition (SP) image executing at Secure-EL0 replaces the
 Secure Payload image executing at Secure-EL1 (e.g. a Trusted OS). Both are
 referred to as BL32.

 A working prototype of a SP has been implemented by repurposing the EDK2 code
 and tools, leveraging the concept of the *Standalone Management Mode (MM)* in
 the UEFI specification (see the PI v1.6 Volume 4: Management Mode Core
 Interface). This will be referred to as the *Standalone MM Secure Partition* in
 the rest of this document.


 Building TF with SPM support
 ----------------------------

 To enable SPM support in the TF, the source code must be compiled with the build
 flag ``ENABLE_SPM=1``. On Arm platforms the build option ``ARM_BL31_IN_DRAM``
 can be used to select the location of BL31, both SRAM and DRAM are supported.


 Using the Standalone MM SP
 ~~~~~~~~~~~~~~~~~~~~~~~~~~

 First, build the Standalone MM Secure Partition. To build it, refer to the
 `instructions in the EDK2 repository`_.

 Then build TF with SPM support and include the Standalone MM Secure Partition
 image in the FIP:

 ::

     BL32=path/to/standalone/mm/sp BL33=path/to/bl33.bin \
     make PLAT=fvp ENABLE_SPM=1 fip all


 --------------

 *Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.*

 .. _instructions in the EDK2 repository: https://github.com/tianocore/edk2-staging/blob/AArch64StandaloneMm/HowtoBuild.MD
	ARM Trusted Firmware - SPM User Guide
	=====================================

	.. section-numbering::
	:suffix: .

	.. contents::


	This document briefly presents the Secure Partition Management (SPM) support in
	the Arm Trusted Firmware (TF), specifically focusing on how to build Arm TF with
	SPM support.

	Overview of the SPM software stack
	----------------------------------

	SPM is supported on the Arm FVP exclusively at the moment.

	It is not currently possible for BL31 to integrate SPM support and a Secure
	Payload Dispatcher (SPD) at the same time; they are mutually exclusive. In the
	SPM bootflow, a Secure Partition (SP) image executing at Secure-EL0 replaces the
	Secure Payload image executing at Secure-EL1 (e.g. a Trusted OS). Both are
	referred to as BL32.

	A working prototype of a SP has been implemented by repurposing the EDK2 code
	and tools, leveraging the concept of the Standalone Management Mode (MM) in
	the UEFI specification (see the PI v1.6 Volume 4: Management Mode Core
	Interface). This will be referred to as the Standalone MM Secure Partition in
	the rest of this document.


	Building TF with SPM support
	----------------------------

	To enable SPM support in the TF, the source code must be compiled with the build
	flag ``ENABLE_SPM=1``. On Arm platforms the build option ``ARM_BL31_IN_DRAM``
	can be used to select the location of BL31, both SRAM and DRAM are supported.


	Using the Standalone MM SP
	~~~~~~~~~~~~~~~~~~~~~~~~~~

	First, build the Standalone MM Secure Partition. To build it, refer to the
	`instructions in the EDK2 repository`_.

	Then build TF with SPM support and include the Standalone MM Secure Partition
	image in the FIP:

	::

	BL32=path/to/standalone/mm/sp BL33=path/to/bl33.bin \
	make PLAT=fvp ENABLE_SPM=1 fip all


	--------------

	Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.

	.. _instructions in the EDK2 repository: https://github.com/tianocore/edk2-staging/blob/AArch64StandaloneMm/HowtoBuild.MD