没有合适的资源?快使用搜索试试~ 我知道了~
Realm Management Monitor 手册
需积分: 5 0 下载量 180 浏览量
2023-12-06
15:28:26
上传
评论
收藏 1.65MB PDF 举报
温馨提示
试读
307页
Realm Management Monitor 手册
资源推荐
资源详情
资源评论
Realm Management Monitor
specification
Document number DEN0137
Document quality EAC
Document version 1.0-eac5
Document confidentiality Non-confidential
Document build information
790fd539 doctool 0.54.0-rc1
Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved.
Realm Management Monitor specification
Release information
1.0-eac5 (05-10-2023)
Clarifications
• Fix attestation token flows (FENIMORE-718)
• Clarify behavior on Host rejection of a RIPAS change request (FENIMORE-719)
• Replace Granule::pas attribute with Granule::gpt
– PAS is an attribute of a memory access, not of a Granule.
Defects
• {RMI,RSI}_VERSION: (FENIMORE-724)
– Clarify rules regarding returned interface version, and provide examples
–
Remove rule that if the return code is SUCCESS, subsequent calls to the interface adhere to the behavior corresponding
with the returned interface version
•
Specify that SMCCC registers not specified as command input / output values are SBZ and MBZ respectively
(FENIMORE-724)
• RSI_ATTESTATION_TOKEN_INIT: return upper bound on token size (FENIMORE-720)
• RMI_DATA_CREATE: move RIPAS=RAM from being a pre-condition to a post-condition (FENIMORE-721)
Relaxations
None
1.0-eac4 (06-09-2023)
Clarifications
• Exclude GIC, timer and PMU values from “On REC exit . . . all other REC exit fields are zero” (FENIMORE-712)
• Amend contradictory statement regarding RTT folding to level 1 (FENIMORE-715) [I
QWQSB
]
Defects
• RMI_RTT_{INIT,SET}_RIPAS: fix “top” alignment check
– Ensure that “top” is Granule aligned (FENIMORE-710)
– Ensure that return code is deterministically specified (FENIMORE-711)
– Prevent RIPAS change from proceeding beyond the “top” address provided by the Realm (FENIMORE-711)
• {RMI,RSI}_VERSION: add handshake (FENIMORE-708)
– The caller provides a “requested version”
– The RMM either returns:
*
A version which it can implement, that is compatible with the requested version (and a SUCCESS return code)
*
A version which it implements, that is incompatible with the requested version (and an error code)
–
If the return code is SUCCESS, subsequent calls to the interface adhere to the behavior corresponding with the
returned interface version
• Increase width of PsciReturnCode to 64 bits (FENIMORE-709)
Relaxations
•
RMI_REALM_CREATE: permit number of PMU counters to be less than number supported by the implementation
(FENIMORE-716)
•
RMI_REALM_CREATE: permit number of breakpoints or watchpoints to be less than number supported by the
implementation (FENIMORE-717)
ii
1.0-eac3 (20-07-2023)
Clarifications
• Clarify which bits of command input / output values should / must be zero (FENIMORE-674)
• Explain distinction between concrete and abstract types (FENIMORE-693)
•
Clarify return value from RSI_IPA_STATE_SET when stopping at first DESTROYED entry (FENIMORE-699) [I
GXDDX
]
Defects
• PSCI_SYSTEM_{OFF,RESET}: change Realm state to SYSTEM_OFF (FENIMORE-694)
• RMI_REC_CREATE: update RIM only if runnable flag is set (FENIMORE-697)
• RMI_REALM_CREATE: fix list of measured parameters (FENIMORE-695)
• Remove members from RmmSystemRegisters (FENIMORE-700)
–
State saved / restored depends on architecture features supported by the platform, so defining this type as an empty
placeholder
• Avoid use of reserved ASL v1 keyword “entry” in MRS (FENIMORE-702)
– RmiRecEntry -> RmiRecEnter
– RmiRecEntryFlags -> RmiRecEnterFlags
– RmiRecRun::entry -> RmiRecRun::enter
– RmmRttWalkResult::entry -> RmmRttWalkResult::rtte
• RSI_IPA_STATE_SET: prohibit RSI_DESTROYED input value (FENIMORE-705)
• RMI_PSCI_COMPLETE: PSCI_CPU_ON: fix copy of context_id to target CPU X0 (FENIMORE-703)
• Allow Host to reject request to change RIPAS to RAM (FENIMORE-661)
• Allow Host to reject PSCI_CPU_ON request via RMI_PSCI_COMPLETE (FENIMORE-706)
Relaxations
• Permit folding of level 2 RTT to create level 1 block mapping (FENIMORE-608)
• Remove restriction that attestation token size must not exceed 4KB (FENIMORE-691)
1.0-eac2 (07-06-2023)
Clarifications
• Remove reference to triggering ERROR_INPUT by setting MBZ bit to 1 (FENIMORE-675)
• Clarify constraints on output values in case of command failure [R
TFZMS
] (FENIMORE-676)
• Clarify encoding of RmiRealmParams::sve_sz (FENIMORE-684)
• Clarify set of SMCCC interfaces available to a Realm [R
NPLKX
] (FENIMORE-685)
Defects
• Replace PMU fields in RmiRecExit with single bit indicating the PMU overflow status [R
WXTZF
] (FENIMORE-679)
• RMI_PSCI_COMPLETE: failure condition should compare against MPIDR, not RD address (FENIMORE-681)
• RMI_REC_CREATE: remove params_valid failure condition (FENIMORE-686)
• RMI_RTT_{INIT,SET}_RIPAS: check alignment of “top” input value (FENIMORE-687)
• Reduce coupling between HIPAS and RIPAS (FENIMORE-680)
– Replace HIPAS=DESTROYED with RIPAS=DESTROYED
– Remove RmiRttEntryState::RMI_DESTROYED
– Change encoding of RmiRttEntryState::RMI_TABLE
– Add RmiRipas::RMI_DESTROYED
– Add RsiRipas::RSI_DESTROYED
– RMI_DATA_CREATE_UNKNOWN: remove pre-condition that RIPAS=RAM
– RMI_DATA_DESTROY:
*
In all cases, post-condition now states that HIPAS=UNASSIGNED
*
If pre-condition was RIPAS=RAM, post-condition states that RIPAS=DESTROYED
– RMI_RTT_DESTROY:
*
Remove post-condition that HIPAS=DESTROYED
*
Add post-condition that state of parent RTTE is UNASSIGNED
*
Add post-condition that RIPAS=DESTROYED
DEN0137
1.0-eac5
Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved.
Non-confidential
iii
– RMI_RTT_SET_IPA_STATE: stop at first DESTROYED entry if “destroyed” flag is set
– RSI_IPA_STATE_SET: add “destroyed” flag
– Clarify distinction between “RTT folding” [D
QPXCP
] and “RTT destruction” [D
VXRZW
]
• RMI_RTT_INIT_RIPAS: success conditions should be bounded by walk_top, not top
Relaxations
• RSI_REALM_CONFIG: provide Realm hash algorithm (FENIMORE-678)
1.0-eac1 (31-03-2023)
Clarifications
• Unused bits of RmiRecEntry::gicv3_hcr are SBZ [I
SMHXB
] (FENIMORE-666)
•
RMI_REC_ENTER: all RMI_ERROR_INPUT failure conditions precede all RMI_ERROR_REC failure conditions
(FENIMORE-668)
• Avoid use of raw Xn values in command conditions where possible (FENIMORE-671)
• Clarify definition of REC exit due to (Non-)emulatable Data Abort [D
CYRMT
, D
MTZMC
] (FENIMORE-673)
Defects
• RMI_RTT_INIT_RIPAS: take account of “top” IPA value when calculating RIM contribution (FENIMORE-662)
• RttSkipEntriesWithRipas: fix inverted logic (FENIMORE-663)
• RMI_RTT_SET_RIPAS: on success, modify IPA range [base, walk_top) (FENIMORE-669)
• RMI_RTT_{INIT,SET}_RIPAS: remove redundant failure conditions (FENIMORE-670)
• Clarify HIPAS=DESTROYED implies RIPAS=UNDEFINED [R
JYDRL
] (FENIMORE-672)
Relaxations
• RSI_HOST_CALL: relax alignment requirement from 4KB to 256B
1.0-eac0 (31-01-2023)
Clarifications
None
Defects
• RmiRealmParams: reduce width of integer attributes (FENIMORE-647)
• RSI_IPA_STATE_SET: replace (base, size) with (base, top) (FENIMORE-656)
•
RMI_RTT_INIT_RIPAS, RMI_RTT_SET_RIPAS: allow single command to modify multiple RTT entries
(FENIMORE-656)
Relaxations
• RMI_RTT_SET_RIPAS: remove “ripas” input value (FENIMORE-659)
1.0-bet2 (16-12-2022)
Clarifications
• Flows: update RMI_REC_ENTRY to take a single ‘run’ input value
• Clarify meaning of “TTD” [I
YMNSR
] (FENIMORE-641)
• Fix typo in reference to “CCA platform token claim map” [I
FJKFY
] (FENIMORE-647)
• Fix reference to “RME system architecture spec” (FENIMORE-648)
• Flows: remove stale reference to parameters passed to RMI_DATA_CREATE (FENIMORE-649)
• Improve definition and constistency of usage of the term “REC” (FENIMORE-650)
– Where referring to the RMM data structure “REC object” is now used
• Clarify description of properties of Realm IPA space [I
TPGKW
] (FENIMORE-639)
– Replace “permitted, under control of host” with statements which refer to particular HIPAS values.
– Add “Protected IPA, HIPAS=DESTROYED” row, thereby removing contradictory statements regarding SEA taken
to Realm, previously in “Protected IPA, RIPAS=EMPTY”.
• On assertion of an EL1 timer, the RMM guarantees a REC exit, not only a Realm exit (FENIMORE-651)
DEN0137
1.0-eac5
Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved.
Non-confidential
iv
• RMI_RTT_FOLD: preserve RIPAS value if IPA is Protected (FENIMORE-638)
Defects
• Attestation: wrap sub-tokens in byte stream (FENIMORE-643)
• RMI_DATA_DESTROY, RMI_RTT_{DESTROY,FOLD}: return PA of destroyed object (FENIMORE-563)
•
RMI_REALM_DESTROY, RMI_REC_DESTROY, RMI_REC_ENTER, RMI_RTT_DESTROY, RMI_RTT_FOLD,
RMI_RTT_SET_RIPAS: Remove RMI_ERROR_IN_USE (FENIMORE-588)
•
RMI_DATA_CREATE, RMI_DATA_CREATE_UNKNOWN, RMI_REC_CREATE, RMI_RTT_CREATE: pass RD
pointer in X1 (FENIMORE-655)
• Replace RmiRealmParams::features_0 with discrete fields (FENIMORE-655)
• RMI_DATA_CREATE(_UNKNOWN): require RIPAS=RAM (FENIMORE-645)
• Apply “must / should be zero” consistently (FENIMORE-619)
– In command inputs, unused bits are SBZ
– In command outputs, unused bits are MBZ
Relaxations
• RSI_HOST_CALL: expand set of GPRs to X0-X30 (FENIMORE-607)
– This enables the RMM to support any calling convention.
•
RMI_DATA_DESTROY, RMI_RTT_DESTROY, RMI_RTT_UNMAP_UNPROTECTED: return IPA of next live RTT
entry (FENIMORE-563)
1.0-bet1 (31-10-2022)
Clarifications
• Rename HIPAS VALID_NS -> UNASSIGNED (FENIMORE-631)
• SEA injection is independent of whether Host emulates MMIO (FENIMORE-632)
•
In RIPAS change flow, permit Host to apply the change to zero or more pages of the target IPA region (FENIMORE-633)
• Flows: replace HVC with Host call (FENIMORE-611)
• Clarify behavior of VmidIsValid() function (FENIMORE-630)
• Qualify “all other exit fields are zero” statements [R
GTJRP
, R
LRCFP
] (FENIMORE-634)
– GIC, timer and PMU fields are valid on every REC exit.
Defects
• Change size of RsiHostCall type to 256 bytes (FENIMORE-629)
• Correct the set of ESR_EL2 fields which are returned to the Host on REC exit due to Data abort [R
RYVFL
]
– On all Data Aborts, add FnV.
– On Emulatable Data Aborts, add SF.
– On Non-emulatable Data Abort at an Unprotected IPA, add IL.
Relaxations
None
DEN0137
1.0-eac5
Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved.
Non-confidential
v
剩余306页未读,继续阅读
资源评论
solomon1530
- 粉丝: 1
- 资源: 12
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功