From 03997f187ca9a4af54c2ec94097408eb56b5ea89 Mon Sep 17 00:00:00 2001 From: Madhukar Pappireddy Date: Mon, 3 Oct 2022 14:26:48 -0500 Subject: [PATCH] docs(spm): partition runtime model and schedule modes This patch documents the support for partition runtime models, call chains and schedule modes in Hafnium SPMC. Change-Id: I91d5718bb2c21d475499e402f6f27076930336cb Signed-off-by: Madhukar Pappireddy --- docs/components/secure-partition-manager.rst | 34 ++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/docs/components/secure-partition-manager.rst b/docs/components/secure-partition-manager.rst index 18d870bdc..ac1b6a4ed 100644 --- a/docs/components/secure-partition-manager.rst +++ b/docs/components/secure-partition-manager.rst @@ -1009,6 +1009,40 @@ configuration is made part of a vCPU context. For S-EL0 partitions with VHE enabled, a single secure EL2&0 Stage-1 translation regime is used for both Hafnium and the partition. +Schedule modes and SP Call chains +--------------------------------- + +An SP execution context is said to be in SPMC scheduled mode if CPU cycles are +allocated to it by SPMC. Correspondingly, an SP execution context is said to be +in Normal world scheduled mode if CPU cycles are allocated by the normal world. + +A call chain represents all SPs in a sequence of invocations of a direct message +request. When execution on a PE is in the secure state, only a single call chain +that runs in the Normal World scheduled mode can exist. FF-A v1.1 spec allows +any number of call chains to run in the SPMC scheduled mode but the Hafnium +SPMC restricts the number of call chains in SPMC scheduled mode to only one for +keeping the implementation simple. + +Partition runtime models +------------------------ + +The runtime model of an endpoint describes the transitions permitted for an +execution context between various states. These are the four partition runtime +models supported (refer to `[1]`_ section 7): + + - RTM_FFA_RUN: runtime model presented to an execution context that is + allocated CPU cycles through FFA_RUN interface. + - RTM_FFA_DIR_REQ: runtime model presented to an execution context that is + allocated CPU cycles through FFA_MSG_SEND_DIRECT_REQ interface. + - RTM_SEC_INTERRUPT: runtime model presented to an execution context that is + allocated CPU cycles by SPMC to handle a secure interrupt. + - RTM_SP_INIT: runtime model presented to an execution context that is + allocated CPU cycles by SPMC to initialize its state. + +If an endpoint execution context attempts to make an invalid transition or a +valid transition that could lead to a loop in the call chain, SPMC denies the +transition with the help of above runtime models. + Interrupt management -------------------- -- 2.39.5