| Louis Mayencourt | 5f0fc15 | 2019-11-29 15:05:14 +0000 | [diff] [blame^] | 1 | SPCI manifest binding to device tree |
| 2 | ==================================== |
| 3 | |
| 4 | This document defines the nodes and properties used to define a partition, |
| 5 | according to the SPCI specification. |
| 6 | |
| 7 | Version 1.0 |
| 8 | ----------- |
| 9 | |
| 10 | spci-manifest-partition |
| 11 | ^^^^^^^^^^^^^^^^^^^^^^^ |
| 12 | |
| 13 | - compatible [mandatory] |
| 14 | - value type: <string> |
| 15 | - Must be the string "arm,spci-manifest-X.Y" which specifies the major and |
| 16 | minor versions fo the device tree binding for the SPCI manifest represented |
| 17 | by this node. The minor number is incremented if the binding changes in a |
| 18 | backwards compatible manner. |
| 19 | - X is an integer representing the major version number of this document. |
| 20 | - Y is an integer representing the minor version number of this document. |
| 21 | |
| 22 | - spci-version [mandatory] |
| 23 | - value type: <u32> |
| 24 | - Must be two 16 bits values (X, Y), concatenated as 31:16 -> X, |
| 25 | 15:0 -> Y, where: |
| 26 | - X is the major version of PSA-FF-A expected by the partition at the SPCI |
| 27 | instance it will execute. |
| 28 | - Y is the minor version of PSA-FF-A expected by the partition at the SPCI |
| 29 | instance it will execute. |
| 30 | |
| 31 | - uuid [mandatory] |
| 32 | - value type: <prop-encoded-array> |
| 33 | - An array consisting of 4 <u32> values, identifying the UUID of the service |
| 34 | implemented by this partition. The UUID format is described in RFC 4122. |
| 35 | UUID can be shared by multiple instances of partitions that offer the same |
| 36 | service For example: |
| 37 | - If there are multiple instances of a Trusted OS, then the UUID can be |
| 38 | shared by all instances. |
| 39 | - The TEE driver in the HLOS can use the UUID with the |
| 40 | SPCI_PARTITION_INFO_GET interface to determine the: |
| 41 | - Number of Trusted OSs |
| 42 | - The partition ID of each instance of the Trusted OS |
| 43 | |
| 44 | - id |
| 45 | - value type: <u32> |
| 46 | - Pre-allocated partition ID. |
| 47 | |
| 48 | - auxiliary-id |
| 49 | - value type: <u32> |
| 50 | - Pre-allocated ID that could be used in memory management transactions. |
| 51 | |
| 52 | - description |
| 53 | - value type: <string> |
| 54 | - Name of the partition e.g. for debugging purposes. |
| 55 | |
| 56 | - execution-ctx-count [mandatory] |
| 57 | - value type: <u32> |
| 58 | - Number of vCPUs that a VM or SP wants to instantiate. |
| 59 | - In the absence of virtualization, this is the number of execution |
| 60 | contexts that a partition implements. |
| 61 | - If value of this field = 1 and number of PEs > 1 then the partition is |
| 62 | treated as UP & migrate capable. |
| 63 | - If the value of this field > 1 then the partition is treated as a MP |
| 64 | capable partition irrespective of the number of PEs. |
| 65 | |
| 66 | - exception-level [mandatory] |
| 67 | - value type: <u32> |
| 68 | - The target exception level for the partition: |
| 69 | - 0x0: EL1 |
| 70 | - 0x1: S_EL0 |
| 71 | - 0x2: S_EL1 |
| 72 | - 0x3: EL2 |
| 73 | - 0x4: Supervisor mode |
| 74 | - 0x5: Secure User mode |
| 75 | |
| 76 | - execution-state [mandatory] |
| 77 | - value type: <u32> |
| 78 | - The target execution state of the partition: |
| 79 | - 0: AArch64 |
| 80 | - 1: AArch32 |
| 81 | |
| 82 | - load-address |
| 83 | - value type: <u64> |
| 84 | - Physical base address of the partition in memory. Absence of this field |
| 85 | indicates that the partition is position independent and can be loaded at |
| 86 | any address chosen at boot time. |
| 87 | |
| 88 | - entrypoint-offset |
| 89 | - value type: <u64> |
| 90 | - Offset from the base of the partition's binary image to the entry point of |
| 91 | the partition. Absence of this field indicates that the entry point is at |
| 92 | offset 0x0 from the base of the partition's binary. |
| 93 | |
| 94 | - xlat-granule [mandatory] |
| 95 | - value type: <u32> |
| 96 | - Translation granule used with the partition: |
| 97 | - 0x0: 4k |
| 98 | - 0x1: 16k |
| 99 | - 0x2: 32k |
| 100 | |
| 101 | - boot-order |
| 102 | - value type: <u32> |
| 103 | - A unique number amongst all partitions that specifies if this partition |
| 104 | must be booted before others. The partition with the smaller number will be |
| 105 | booted first. |
| 106 | |
| 107 | - rx-tx-buffer |
| 108 | - value type: "memory-regions" node |
| 109 | - Specific "memory-regions" nodes that describe the RX/TX buffers expected |
| 110 | by the partition. |
| 111 | The "compatible" must be the string "arm,spci-manifest-rx_tx-buffer". |
| 112 | |
| 113 | - messaging-method [mandatory] |
| 114 | - value type: <u32> |
| 115 | - Specifies which messaging methods are supported by the partition: |
| 116 | - 0x0: direct messaging method |
| 117 | - 0x1: indirect messaging method |
| 118 | - 0x2: both direct and indirect messaging methods |
| 119 | |
| 120 | - has-primary-scheduler |
| 121 | - value type: <empty> |
| 122 | - Presence of this field indicates that the partition implements the primary |
| 123 | scheduler. If so, run-time EL must be EL1. |
| 124 | |
| 125 | - run-time-model |
| 126 | - value type: <u32> |
| 127 | - Run time model that the SPM must enforce for this SP: |
| 128 | - 0x0: Run to completion |
| 129 | - 0x1: Preemptible |
| 130 | |
| 131 | - time-slice-mem |
| 132 | - value type: <empty> |
| 133 | - Presence of this field indicates that the partition doesn't expect the |
| 134 | partition manager to time slice long running memory management functions. |
| 135 | |
| 136 | - gp-register-num |
| 137 | - value type: <u32> |
| 138 | - Presence of this field indicates that the partition expects the |
| 139 | spci_init_info structure to be passed in via the specified general purpose |
| 140 | register. |
| 141 | The field specifies the general purpose register number but not its width. |
| 142 | The width is derived from the partition's execution state, as specified in |
| 143 | the partition properties. For example, if the number value is 1 then the |
| 144 | general-purpose register used will be x1 in AArch64 state and w1 in AArch32 |
| 145 | state. |
| 146 | |
| 147 | - stream-endpoint-ids |
| 148 | - value type: <prop-encoded-array> |
| 149 | - List of <u32> tuples, identifying the IDs this partition is acting as |
| 150 | proxy for. |
| 151 | |
| 152 | memory-regions |
| 153 | -------------- |
| 154 | |
| 155 | - compatible [mandatory] |
| 156 | - value type: <string> |
| 157 | - Must be the string "arm,spci-manifest-memory-regions". |
| 158 | |
| 159 | - description |
| 160 | - value type: <string> |
| 161 | - Name of the memory region e.g. for debugging purposes. |
| 162 | |
| 163 | - pages-count [mandatory] |
| 164 | - value type: <u32> |
| 165 | - Count of pages of memory region as a multiple of the translation granule |
| 166 | size |
| 167 | |
| 168 | - attributes [mandatory] |
| 169 | - value type: <u32> |
| 170 | - ?? TO DEFINE |
| 171 | |
| 172 | - base-address |
| 173 | - value type: <u64> |
| 174 | - Base address of the region. The address must be aligned to the translation |
| 175 | granule size. |
| 176 | The address given may be a Physical Address (PA), Virtual Address (VA), or |
| 177 | Intermediate Physical Address (IPA). Refer to the SPCI specification for |
| 178 | more information on the restrictions around the address type. |
| 179 | If the base address is omitted then the partition manager must map a memory |
| 180 | region of the specified size into the partition's translation regime and |
| 181 | then communicate the region properties (including the base address chosen |
| 182 | by the partition manager) to the partition. |
| 183 | |
| 184 | device-regions |
| 185 | -------------- |
| 186 | |
| 187 | - compatible [mandatory] |
| 188 | - value type: <string> |
| 189 | - Must be the string "arm,spci-manifest-device-regions". |
| 190 | |
| 191 | - description |
| 192 | - value type: <string> |
| 193 | - Name of the device region e.g. for debugging purposes. |
| 194 | |
| 195 | - reg [mandatory] |
| 196 | - value type: <prop-encoded-array> |
| 197 | - A (address, num-pages) pair describing the device, where: |
| 198 | - address: The physical base address <u64> value of the device MMIO |
| 199 | region. |
| 200 | - num-pages: The <u32> number of pages of the region. The total size of |
| 201 | the region is this value multiplied by the translation granule size. |
| 202 | |
| 203 | - attributes [mandatory] |
| 204 | - value type: <u32> |
| 205 | - ?? TO DEFINE |
| 206 | |
| 207 | - smmu-id |
| 208 | - value type: <u32> |
| 209 | - On systems with multiple System Memory Management Units (SMMUs) this |
| 210 | identifier is used to inform the partition manager which SMMU the device is |
| 211 | upstream of. If the field is omitted then it is assumed that the device is |
| 212 | not upstream of any SMMU. |
| 213 | |
| 214 | - stream-ids [mandatory] |
| 215 | - value type: <prop-encoded-array> |
| 216 | - A list of (id, mem-manage) pair, where: |
| 217 | - id: A unique <u32> value amongst all devices assigned to the partition. |
| 218 | - mem-manage: A <u32> value used in memory management operations. |
| 219 | |
| 220 | - interrupts [mandatory] |
| 221 | - value type: <prop-encoded-array> |
| 222 | - A list of (id, attributes) pair describing the device interrupts, where: |
| 223 | - id: The <u32> interrupt IDs. |
| 224 | - attributes: A ?? TO DEFINE value, |
| 225 | containing the attributes for each interrupt ID: |
| 226 | - Interrupt type: SPI, PPI, SGI |
| 227 | - Interrupt configuration: Edge triggered, Level triggered |
| 228 | - Interrupt security state: Secure, Non-secure |
| 229 | - Interrupt priority value |
| 230 | - Target execution context/vCPU for each SPI |
| 231 | |
| 232 | - exclusive-access |
| 233 | - value type: <empty> |
| 234 | - Presence of this field implies that this endpoint must be granted exclusive |
| 235 | access and ownership of this devices's MMIO region. |
| 236 | |
| 237 | -------------- |
| 238 | |
| 239 | *Copyright (c) 2019-2020, Arm Limited and Contributors. All rights reserved.* |