From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail05.groups.io (mail05.groups.io [45.79.224.7]) by spool.mail.gandi.net (Postfix) with ESMTPS id 880F8AC11A6 for ; Thu, 17 Apr 2025 12:13:26 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=C8eDYi1JVBuD0mX4XeDxZzIoY21M5S3F41e3xuM4gMY=; c=relaxed/simple; d=groups.io; h=Received-SPF:Received-SPF:From:To:CC:Subject:Date:Message-ID:In-Reply-To:References:MIME-Version:NoDisclaimer:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type; s=20240830; t=1744892006; v=1; x=1745151205; b=ZzfHsPmp2/JxH/WRW8TQfvEssFlI9vDIzUk2Yv3GEvnJ2I/cYmObvCmudxuWL6W01NukvNw+ 7LlnvWAFwHsVQK7L216f8+cUCMQWZR9AqCstrkGSdOXHGcL+H9VyX1DhRTFaejdq/jMZJNpaVu7 a4bA9NZIh3mVf95VGPeDGjxLc+S61uM/j+3gqtjjYYHxQ+Ki2+SaYnwgRVvBm6uKQDENf4Dot/P Mh85O9CDTRwgiurGcpYQkPLIUJRmAzC530MPnOY9X0Ws20BBWI0JoTE9VF9X61VfPsOMiWvRAhc T+Je3RlodB534c13nYg8sbw/UYplCyQB7E2CAk7YbeF1Q== X-Received: by 127.0.0.2 with SMTP id NCN4YY7687511xKozf8WAfWq; Thu, 17 Apr 2025 05:13:25 -0700 X-Received: from EUR02-AM0-obe.outbound.protection.outlook.com (EUR02-AM0-obe.outbound.protection.outlook.com [40.107.247.80]) by mx.groups.io with SMTP id smtpd.web11.7358.1744892002524023364 for ; Thu, 17 Apr 2025 05:13:24 -0700 X-Received: from DU6P191CA0042.EURP191.PROD.OUTLOOK.COM (2603:10a6:10:53f::18) by PAVPR08MB9260.eurprd08.prod.outlook.com (2603:10a6:102:306::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8632.28; Thu, 17 Apr 2025 12:13:15 +0000 X-Received: from DU2PEPF00028D13.eurprd03.prod.outlook.com (2603:10a6:10:53f:cafe::d3) by DU6P191CA0042.outlook.office365.com (2603:10a6:10:53f::18) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.22 via Frontend Transport; Thu, 17 Apr 2025 12:13:14 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 4.158.2.129) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=arm.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 4.158.2.129 as permitted sender) receiver=protection.outlook.com; client-ip=4.158.2.129; helo=outbound-uk1.az.dlp.m.darktrace.com; pr=C X-Received: from outbound-uk1.az.dlp.m.darktrace.com (4.158.2.129) by DU2PEPF00028D13.mail.protection.outlook.com (10.167.242.27) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 12:13:13 +0000 X-Received: from DUZPR01CA0187.eurprd01.prod.exchangelabs.com (2603:10a6:10:4b6::17) by DB5PR08MB10000.eurprd08.prod.outlook.com (2603:10a6:10:48b::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8655.26; Thu, 17 Apr 2025 12:12:40 +0000 X-Received: from DB5PEPF00014B9A.eurprd02.prod.outlook.com (2603:10a6:10:4b6:cafe::bd) by DUZPR01CA0187.outlook.office365.com (2603:10a6:10:4b6::17) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8632.36 via Frontend Transport; Thu, 17 Apr 2025 12:12:34 +0000 X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 172.205.89.229) smtp.mailfrom=arm.com; dkim=none (message not signed) header.d=none;dmarc=fail action=none header.from=arm.com; Received-SPF: Fail (protection.outlook.com: domain of arm.com does not designate 172.205.89.229 as permitted sender) receiver=protection.outlook.com; client-ip=172.205.89.229; helo=nebula.arm.com; X-Received: from nebula.arm.com (172.205.89.229) by DB5PEPF00014B9A.mail.protection.outlook.com (10.167.8.167) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.20.8655.12 via Frontend Transport; Thu, 17 Apr 2025 12:12:39 +0000 X-Received: from AZ-NEU-EX06.Arm.com (10.240.25.134) by AZ-NEU-EX06.Arm.com (10.240.25.134) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.39; Thu, 17 Apr 2025 12:12:37 +0000 X-Received: from E114225.Arm.com (10.1.196.56) by mail.arm.com (10.240.25.134) with Microsoft SMTP Server id 15.1.2507.39 via Frontend Transport; Thu, 17 Apr 2025 12:12:37 +0000 From: "Sami Mujawar via groups.io" To: CC: Sami Mujawar , , , , , , , , , Subject: [edk2-devel] [staging/arm-cca PATCH v1 1/1] Staging branch for integrating Arm CCA support Date: Thu, 17 Apr 2025 13:12:35 +0100 Message-ID: <20250417121235.18752-2-sami.mujawar@arm.com> In-Reply-To: <20250417121235.18752-1-sami.mujawar@arm.com> References: <20250417121235.18752-1-sami.mujawar@arm.com> MIME-Version: 1.0 X-EOPAttributedMessage: 1 X-MS-TrafficTypeDiagnostic: DB5PEPF00014B9A:EE_|DB5PR08MB10000:EE_|DU2PEPF00028D13:EE_|PAVPR08MB9260:EE_ X-MS-Office365-Filtering-Correlation-Id: 35b8f6a9-6ce2-48b0-400f-08dd7da93a54 x-checkrecipientrouted: true NoDisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0;ARA:13230040|376014|36860700013|1800799024|82310400026|13003099007; X-Microsoft-Antispam-Message-Info-Original: =?us-ascii?Q?bDp3eDLJ5FvK90vWJQdsjCA7DsjTJIIVYQ1RlCPyTCeeAnJWPOYl073+vW0n?= =?us-ascii?Q?0vXE63EdGbdJCQVyqQDIJvB4iE6eYMrsgZjcwzor7breqjXEKSP+5Dovvqmv?= =?us-ascii?Q?+ewdLTllN5ux/VOB/atndhHb2bosSkF5+7nJnrcJ2uO2ftZLoyn14Hzijvn8?= =?us-ascii?Q?IKM3ECdYTDiJL46edTYRlM1H3a5lkJATM4/0urLxZ1H7iPlO062HQKB+srxD?= =?us-ascii?Q?DJwKy5f1hJFiVP9b0/on9Gp/0CrQ4XUtNJxaxDLQ9PhisEg3ZXjKvwflkwEy?= =?us-ascii?Q?+QWCGt2PwHqDeePfeR8o+pP2A9rNAzsanW6qLAXrtqa/qx9Z+qhCOlNe5szL?= =?us-ascii?Q?rzLAZmbsXShV2OAORCF5aNIIGu70EakmT9c/wA9rG/3dcDbg96TminTefn4r?= =?us-ascii?Q?/+5WfDpL00HIyThUz8qI43pyU/0l421jldCu1CrFr+USTX758UPiIxnQZzlT?= =?us-ascii?Q?AQ4zWO/pmlOhhMC9F1XIXjp8GVuIUBX+SUpBHzWYSTVymgS/os73OPHiIPhb?= =?us-ascii?Q?feGwbS8J1Lr1HqdxoFvaa5WPnFlr8e0KDx3PyGZ8Wkd4ebsyVW2pGkM+v++i?= =?us-ascii?Q?2ho/L4C5PHDJ4E1WR1BUwzUG76QbBRPOTB3CEQvE0sqcLCXgnBVzqRPxLd9K?= =?us-ascii?Q?pNgIQFqIuRUYbfBEZDcmnABndZXgPJa53WHqkHgLsgSWFIuK9zomceJW+CH0?= =?us-ascii?Q?2wwCyJ9AOXMjJXvblmqh4kiogfXeNwyAxgme9fXiRfQgUYebT6ouDjJAC8l5?= =?us-ascii?Q?c4lbQYrhze72JY3LQSklSQPXm/zLw7w8qPvAe9wPJlNG90EOoxNsqR3BEhyU?= =?us-ascii?Q?s05GURzgZwWkiU2uRWo8LBAila27B6vx+EVXfn9wDjdh2EVdagOW94SkeYme?= =?us-ascii?Q?0WkXPfI2NNog63tHoddz5RGHa9tNQZGVXc8+p5B1NaxVfhRiN2X0BHD6K2wj?= =?us-ascii?Q?m5bTBBQ4ET3QIxBoNWrWqbtXNU12AGMPZ3hJCMHhutpsVp178R4cFSw15ep4?= =?us-ascii?Q?koQpyb2VDLh24r9oFMxdBRMnkbF9+hLJwtv4c148oMBotSiYHZxAguywa/1v?= =?us-ascii?Q?Xd1RxO5wwtobM6/IgAvnyuGqLogqPDyvi9V86XWUXRFVgqGcs8KqdnA6F8Zn?= =?us-ascii?Q?8Lhaos9vTlP9Q1LTTzwXOxtBYeVrv8fySy862J/8s5jInllNk+GTiYF1oHvA?= =?us-ascii?Q?hTNi5LEHIiH+LKg31RW3SXT0cxliDfvNhIxUgTjdLJIOzsyOqL1LY3BypgT5?= =?us-ascii?Q?sAbLcOIfButs4s0rG+nBQKAU6Hy0wTRj8gIfDeP0iiGgJUfhIolbwSVmzfZX?= =?us-ascii?Q?ieL2nipm3cZoRq3dBTHB84BjeOyzfx7+4MBHKG5FwbOamr1j63yuz/XIdSek?= =?us-ascii?Q?DHMmo1YMoFfgvKkIpeMOH+SwmJFnMiqmI+CBZVDAKvZU9nLInyKUuraiwDxw?= =?us-ascii?Q?0MBJ2NtVGziVdcLMtu5ExrYp5OkIvFbR3zAhqVUuAdZ0wgyiUtfx5A=3D=3D?= X-Forefront-Antispam-Report-Untrusted: CIP:172.205.89.229;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:nebula.arm.com;PTR:InfoDomainNonexistent;CAT:NONE;SFS:(13230040)(376014)(36860700013)(1800799024)(82310400026)(13003099007);DIR:OUT;SFP:1101; X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB5PR08MB10000 X-MS-Exchange-Transport-CrossTenantHeadersStripped: DU2PEPF00028D13.eurprd03.prod.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 8746b4e4-82aa-4599-8cee-08dd7da92603 X-Microsoft-Antispam-Message-Info: =?us-ascii?Q?nSAMrNmbsrJvpyDWT3NAI9y0CU8QDQAWPYEwx70fXzhpWl7A4V3kof+AlF6x?= =?us-ascii?Q?UIEX2l271ZhS8YlrfnYW5vomFLc4PE+O6OaetY2PeQ2avMFfoaUs6/ZLr/gF?= =?us-ascii?Q?1d48CZ+xeASmdUahaWKPZ/zXOW3BFVHkfa2C+75uJ4V0wKcpCbETWxFxcQR1?= =?us-ascii?Q?v5DTFURSZnzl7qu7+JqzWjASZystEdelvyZh3HLciHHGSXeadJcQ0zk5SKZ5?= =?us-ascii?Q?MQIZsyIEZnbuSWbzBvcmhXmIRdHFVD+gT40gUEnBQRJ86jb0uv2prpWrtHC2?= =?us-ascii?Q?tXNUP1rGC7RTb4UPd814O895rQ9eQ79hfuWPHnmRFDbpevlZ55Qj6HIRsy5t?= =?us-ascii?Q?6sHkWbt6vkrLf7QGjuAno5FV+t355jhSZCowmQuJoLA5rQ1LasclH9EboqGG?= =?us-ascii?Q?nvCemIWihZmsMhVmhCNqzK+Min8i0yfpVW9hynCbeWGBNGp7OqEFHnvq00be?= =?us-ascii?Q?D1IN37/iBUwMaJ/t6tyoLO4Pz8dAYFRZEnZ/QcIxfpg2AuqD3BZ43wdhvgGj?= =?us-ascii?Q?+AJ/crjDpQR40OPRekHK8ju57sC3DDUwVOS9/mhNsmGcsRU7dWA5AkCAuzgp?= =?us-ascii?Q?q7jpGxNinQGtHJjyOzvUf2BMfBQMgH1RZ/vFw9P2mC9QQzMxQEVWlfiXPhx5?= =?us-ascii?Q?TkLyi1zq7RBkVf2UR8hkO9rIHLN0LliROAHRQonuxb04qH3fWc7gsnK21VlL?= =?us-ascii?Q?phv47qoOchJuu+OUvby9YxP8VwJ5bYMTTGHPS3FhuwZ3ggUC/XHWAx9LPTCW?= =?us-ascii?Q?ImEBkBjBJuBllThw25kPgH6Fg2/lE4G6xSi7QLieYNNj/sQMaj/gdgo/Q4/q?= =?us-ascii?Q?y50qko3ACN4v7q31M5q03ue11gS7aU0U3+3vfmbURxV9Al6ShzTGpBwoPUDm?= =?us-ascii?Q?7CD0T2lj3CqYpVFRoqPKWf/caU1EsuF+8L1EU3ryqCV4u8fQM0NLIFonGm2x?= =?us-ascii?Q?BlJZPgaBEAvnU6fy8Roy3UKQ9+u86Yt7jL7jqvNLccsHs+bWRiX7yVs6M/qf?= =?us-ascii?Q?oz0832m0XOVRD9vuncrKGKBoG0Iok0De8rj/wKfKv8VeAB2v07sBSqhYMXkW?= =?us-ascii?Q?06aZ2ZZ9WoVP1BnXEVujPI3yaeBSzKb51Kwz90I1aM505EcUP/q5AUUCalxp?= =?us-ascii?Q?Af8SQsd/z5ixuTIsvmeTVa19BqmY3u3FrJM7jMreMjQRytBiUwGDgzi7jLjz?= =?us-ascii?Q?eZndlDPcWZ0FEczokRF1ZkSN7X/wRo7sva27JDyO67Y153Rk0hVziW1DaP33?= =?us-ascii?Q?daqgyHO7Fbto/prAJrq1u9qTbn/4tlTs63ybHHJUrJPToWf7xwR9KVfTnpf2?= =?us-ascii?Q?tMCInqhAfS7+09N1mp8S0K6bbFmrU+A8L4KhUqDMZI7vlBcp8fd7N/YsVfWO?= =?us-ascii?Q?fH6iHLZQFJ4h5O9yc79rOAxB2d6lCIwCuYs4GwTm/h8UMQVmA3D4zAllgLCj?= =?us-ascii?Q?+qiG8KYpX4iDWD9oWRxi6CVq8XbQ+WQNjgjvARxREwhvEPvrbpUaaw=3D=3D?= X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 17 Apr 2025 12:13:13.6773 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 35b8f6a9-6ce2-48b0-400f-08dd7da93a54 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[4.158.2.129];Helo=[outbound-uk1.az.dlp.m.darktrace.com] X-MS-Exchange-CrossTenant-AuthSource: DU2PEPF00028D13.eurprd03.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAVPR08MB9260 Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Thu, 17 Apr 2025 05:13:24 -0700 Resent-From: sami.mujawar@arm.com Reply-To: devel@edk2.groups.io,sami.mujawar@arm.com List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: X-Gm-Message-State: MNQG0EhYGiFMYkl5b78qEBiTx7686176AA= Content-Type: text/plain X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240830 header.b=ZzfHsPmp; dmarc=pass (policy=none) header.from=groups.io; spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.224.7 as permitted sender) smtp.mailfrom=bounce@groups.io Arm Confidential Compute Architecture (CCA) is a reference software architecture and implementation that builds on the Realm Management Extension (RME), enabling the execution of Virtual machines (VMs), while preventing access by more privileged software, such as hypervisor. The 'Realm Guest firmware' is an important part of the Arm CCA reference software stack. Support for Realm Guest firmware is not yet merged in the edk2 mainline and a PR to add initial support for Arm CCA guest firmware is in review at: https://github.com/tianocore/edk2/pull/6480 A staging branch would allow more flexibility for integration and the review process without breaking/impacting the edk2 mainline. This branch will: - be used as an integration branch until the PRs have been satisfactorily reviewed for merging in edk2 mainline - provide a central location for developers to utilise the latest Realm Guest firmware code for testing, and reporting issues - serve as a baseline for developers to add new features - Remove the necessity of maintaining downstream forks. The description is in the Readme.md file. Please create the following branch: 1. edk2-staging Repo URL: https://github.com/tianocore/edk2-staging.git Branch Name: arm-cca Signed-off-by: Sami Mujawar --- Readme.md | 267 ++++++++++++++++++++ 1 file changed, 267 insertions(+) diff --git a/Readme.md b/Readme.md new file mode 100644 index 0000000000000000000000000000000000000000..175154b7cdf8c06455a56af4809770e5a02bab03 --- /dev/null +++ b/Readme.md @@ -0,0 +1,267 @@ +# Introduction + +The **Realm Guest firmware** is an important part of the Arm Confidential +Compute Architecture (CCA) reference software stack. + +Support for *Realm Guest firmware* is not yet merged in the edk2 mainline +and a PR to add initial support for Arm CCA guest firmware is in review +at: https://github.com/tianocore/edk2/pull/6480 + +A staging branch would allow more flexibility for integration and the review +process without breaking/impacting the edk2 mainline. + +This branch will: + - be used as an integration branch until the PRs have been satisfactorily + reviewed for merging in edk2 mainline + - provide a central location for developers to utilise the latest *Realm Guest + firmware* code for testing, and reporting issues + - serve as a baseline for developers to add new features. + +# Goals + + - Streamline development and testing of the Arm CCA Realm Guest Firmware + - Remove the necessity of maintaining downstream forks, e.g. [12] + - Provide a common branch where the developer community can contribute. + +# Arm Confidential Compute Architecture (CCA) + +Arm CCA is a reference software architecture and implementation that +builds on the Realm Management Extension (RME), enabling the execution +of Virtual machines (VMs), while preventing access by more privileged +software, such as hypervisor. Arm CCA allows the hypervisor to control +the VM, but removes the right for access to the code, register state or +data used by VM. + +More information on the architecture is available here [1]. +``` + + Realm World || Normal World || Secure World || + || | || || + EL0 x---------x || x----x | x------x || || + | Realm | || | | | | | || || + | VM* | || | VM | | | | || || + |x-------x| || | | | | | || || + || || || | | | | H | || || + || Guest || || | | | | | || || + ----|| OS ||--------||-| |---| o |-||----------------|| + || || || | | | | | || || + |x-------x| || | | | | s | || || + | ^ | || | | | | | || || + | | | || | | | | t | || || + |+-------+| || | | | | | || || + || REALM || || | | | | | || || + || GUEST || || | | | | O | || || + || UEFI || || | | | | | || || + |+-------+| || | | | | S | || || + EL1 x---------x || x----x | | | || || + ^ || | | | || || + | || | | | || || + -------- R*------------||----------| |-||----------------|| + S || | | || || + I || x-->| | || || + | || | | | || || + | || | x------x || || + | || | ^ || || + v || SMC | || || + x-------x || | x------x || || + | RMM* | || | | HOST | || || + x-------x || | | UEFI | || || + ^ || | x------x || || + EL2 | || | || || + | || | || || + =========|=====================|================================ + | | + x------- *RMI* -------x + + EL3 Root World + EL3 Firmware + =============================================================== +``` + +Where: + RMM - Realm Management Monitor + RMI - Realm Management Interface + RSI - Realm Service Interface + SMC - Secure Monitor Call + +RME introduces two added additional worlds, "Realm world" and "Root +World" in addition to the traditional Secure world and Normal world. +The Arm CCA defines a new component, Realm Management Monitor (RMM) +that runs at R-EL2. This is a standard piece of firmware, verified, +installed and loaded by the EL3 firmware (e.g., TF-A), at system boot. + +The RMM provides a standard interface Realm Management Interface (RMI) +to the Normal world hypervisor to manage the VMs running in the Realm +world (also called Realms). These are exposed via SMC and are routed +through the EL3 firmware. + +The RMM also provides certain services to the Realms via SMC, called +the Realm Service Interface (RSI). These include: + - Realm Guest Configuration + - Attestation & Measurement services + - Managing the state of an Intermediate Physical Address (IPA aka GPA) + page + - Host Call service (Communication with the Normal world Hypervisor). + +The Arm CCA reference software currently aligns with the RMM *v1.0-rel0* specification, and the latest version is available here [2]. + +The Trusted Firmware foundation has an implementation of the RMM - +TF-RMM - available here [4]. + +# Branch Owners + + - Sami Mujawar + - Pierre Gondois + +# Feature Summary + +The *Realm Guest firmware* is intended to be used with the Linux Kernel stack[7] +which is also based on the RMM specification v1.0-rel0[3]. + +The initial support shall have the following features:
+ a) Boot a Linux Kernel in a Realm VM using the Realm Guest UEFI firmware
+ b) Hardware description is provided using ACPI tables
+ c) Support for Virtio v1.0
+ d) All I/O are treated as non-secure/shared
+ e) Load the Linux Kernel and RootFS from a Virtio attached disk + using the Virtio-1.0 PCIe transport.
+ +The initial support is planned for enabling Arm CCA 1.0. However, this branch +shall also be used for integration, testing and development of any new features +introduced in subsequent RMM specification releases. + +# Roadmap + + 1. Since there is an initial Arm CCA Support PR under review at + [PR#6480](https://github.com/tianocore/edk2/pull/6480) it shall be used + as a starting baseline and will be merged in the staging branch. + 2. Once the [PR#6480](https://github.com/tianocore/edk2/pull/6480) is + reviewed and merged in the edk2 mainline, the staging branch shall be + rebased to reflect the edk2 mainline changes. + 3. In the meantime, any new PRs against edk2-staging/arm-cca can be reviewed + and merged. + + +## Merge/integration process + + ``` + +------------+ + | edk2 | + | [mainline] | + +------------+ + | + | +--------------+ + | | edk2-staging | + | | [arm-cca] | + | +--------------+ + | | + | <*PR#6480*> ---- [starting baseline] + | | + | | + | (periodic rebase) | + |--------------------------->| + | | + | | +------+ + | | | Dev1 | + | | +------+ + | | (PR#S1) | + | |<-----------------| + | | | + | | ~review~ | + | | | + | <*PR#S1*> merged | + | | | + | | ~testing~ | + | (PR#S1) | | + |<----------------------------------------------| + | | | + | ~review~ | | + | | | + <*PR#S1*> merged | | + | (rebase) | | + |--------------------------->| | + | | | + ``` + +# Guidelines for contributions + + 1. Follow the standard edk2 coding guidelines for preparing patches.
+ The edk2-staging guidelines can be found at: + https://github.com/tianocore/edk2-staging + + 2. Submit a Github pull request against the edk2-staging repo and + include the branch name in the subject line of the pull request.
+ e.g. **[staging/arm-cca]: Subject** + + 3. Once the **staging/arm-cca** pull request is merged in the staging + branch and sufficient testing has been completed, the developer shall + create a new PR for these changes to be merged in the edk2 mainline. + +# Related Modules + 1. Trusted Firmware RMM - TF-RMM, see [4] + 2. Trusted Firmware for A class, see [6] + 3. Linux kernel support for Arm-CCA, see [7] + 4. kvmtool support for Arm CCA, see [8] + +# Documentation + +The documentation for the Arm CCA Realm guest firmware is planned to +be made available at: + ArmVirtPkg/Readme-ArmCCA.md. + +Additionally, Doxygen style documentation is used in the code. + +# Links + + [1] [Arm CCA Landing page](https://www.arm.com/armcca) (See Key Resources section for various documentations) + + [2] [RMM Specification Latest](https://developer.arm.com/documentation/den0137/latest) + + [3] [RMM v1.0-rel0 specification](https://developer.arm.com/documentation/den0137/1-0rel0) + + [4] [Trusted Firmware RMM - TF-RMM](https://www.trustedfirmware.org/projects/tf-rmm/) + + GIT: https://git.trustedfirmware.org/TF-RMM/tf-rmm.git + TAG: rmm-spec-v1.0-rel0 + + [5] [FVP Base RevC AEM Model](https://developer.arm.com/Tools%20and%20Software/Fixed%20Virtual%20Platforms) (available on x86_64 / Arm64 Linux) + + [6] [Trusted Firmware for A class](https://www.trustedfirmware.org/projects/tf-a/) + + [7] Linux kernel support for Arm-CCA + + https://gitlab.arm.com/linux-arm/linux-cca + Linux Host branch: cca-host/v5 + Linux Guest branch: cca-guest/v6 + Full stack branch: cca-full/v5+v6 + + [8] kvmtool support for Arm CCA + + https://gitlab.arm.com/linux-arm/kvmtool-cca + Branch: cca/v3 + + [9] kvm-unit-tests support for Arm CCA + + https://gitlab.arm.com/linux-arm/kvm-unit-tests-cca + Branch: cca/v2 + + [10] Instructions for Building Firmware components and running the model, see [section 4.19.2 "Building and running TF-A with RME](https://trustedfirmware-a.readthedocs.io/en/latest/components/realm-management-extension.html#building-and-running-tf-a-with-rme) + + [11] RFC series posted previously for adding support for Arm CCA guest firmware: + + v2: https://edk2.groups.io/g/devel/message/117716 + v1: https://edk2.groups.io/g/devel/message/103581 + + [12] UEFI Firmware support for Arm CCA + ``` + Host & Guest Support: + - Repo: + edk2: https://gitlab.arm.com/linux-arm/edk2-cca + edk2-platforms: https://gitlab.arm.com/linux-arm/edk2-platforms-cca + - Branch: 3223_arm_cca_rmm_v1.0_rel0_v3 + - URLs: + edk2: https://gitlab.arm.com/linux-arm/edk2-cca/-/tree/3223_arm_cca_rmm_v1.0_rel0_v3 + edk2-platforms: https://gitlab.arm.com/linux-arm/edk2-platforms-cca/-/tree/3223_arm_cca_rmm_v1.0_rel0_v3 + ``` + +# Miscellaneous -- 'Guid(CE165669-3EF3-493F-B85D-6190EE5B9759)' -=-=-=-=-=-=-=-=-=-=-=- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#121263): https://edk2.groups.io/g/devel/message/121263 Mute This Topic: https://groups.io/mt/112312025/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=-=-=-=-=-=-=-=-=-=-=-