Hafnium Logo
2.14.0
  • Home
  • 1. About
    • 1.1. Active Maintainers
  • 2. Getting Started
    • 2.1. Prerequisites
      • 2.1.1. Build Host
      • 2.1.2. Toolchain
      • 2.1.3. Dependencies
        • 2.1.3.1. Build
        • 2.1.3.2. System and Python Packages for test infrastructure
        • 2.1.3.3. Documentation
    • 2.2. Getting the source code
    • 2.3. Building
      • 2.3.1. Hafnium
        • 2.3.1.1. Most common options
        • 2.3.1.2. Additional options
        • 2.3.1.3. Troubleshoot(Clean Up Artifacts)
      • 2.3.2. Using Docker
      • 2.3.3. Hafnium Documentation
    • 2.4. Coding Style
      • 2.4.1. Clarifications
      • 2.4.2. Naming symbols
      • 2.4.3. Prose
      • 2.4.4. Coding practices
      • 2.4.5. Logging
    • 2.5. Commits Style
      • 2.5.1. Mandated Trailers
      • 2.5.2. Commit Linting
    • 2.6. Project Structure
    • 2.7. Hafnium Tests
      • 2.7.1. Overview of Shrinkwrap for Hafnium Testing
      • 2.7.2. Shrinkwrap Integration in hftest.py
      • 2.7.3. Manual Shrinkwrap Environment Setup
      • 2.7.4. Shrinkwrap at the Core of the hftest Framework
        • 2.7.4.1. Overlay Structure
      • 2.7.5. Testing Hafnium with TFTF
  • 3. Secure Partition Manager
    • 3.1. Foreword
    • 3.2. Terminology
    • 3.3. Sample reference stack
    • 3.4. Integration with TF-A (Bootloader and SPMD)
      • 3.4.1. TF-A build options
      • 3.4.2. FVP model invocation
    • 3.5. SPMC Configuration
      • 3.5.1. SPMC Manifest
      • 3.5.2. Secure Partitions Configuration
        • 3.5.2.1. SP Manifests
        • 3.5.2.2. Platform topology
        • 3.5.2.3. Secure Partition packages
        • 3.5.2.4. Secure Partitions Layout File
    • 3.6. SPMC boot
      • 3.6.1. Secure boot
      • 3.6.2. Boot phases
        • 3.6.2.1. Primary core boot-up
        • 3.6.2.2. Secondary cores boot-up
      • 3.6.3. Loading of SPs
        • 3.6.3.1. SP Boot order
        • 3.6.3.2. Passing boot data to the SP
    • 3.7. SPMC Runtime
      • 3.7.1. Parsing SP partition manifests
      • 3.7.2. Secure partitions scheduling
      • 3.7.3. Mandatory interfaces
        • 3.7.3.1. FFA_VERSION
        • 3.7.3.2. FFA_FEATURES
        • 3.7.3.3. FFA_RXTX_MAP/FFA_RXTX_UNMAP
        • 3.7.3.4. FFA_PARTITION_INFO_GET/FFA_PARTITION_INFO_GET_REGS
        • 3.7.3.5. FFA_ID_GET
        • 3.7.3.6. FFA_MSG_WAIT
        • 3.7.3.7. FFA_MSG_SEND_DIRECT_REQ/FFA_MSG_SEND_DIRECT_RESP
        • 3.7.3.8. FFA_MSG_SEND_DIRECT_REQ2/FFA_MSG_SEND_DIRECT_RESP2
        • 3.7.3.9. FFA_NOTIFICATION_BITMAP_CREATE/FFA_NOTIFICATION_BITMAP_DESTROY
        • 3.7.3.10. FFA_NOTIFICATION_BIND/FFA_NOTIFICATION_UNBIND
        • 3.7.3.11. FFA_NOTIFICATION_SET/FFA_NOTIFICATION_GET
        • 3.7.3.12. FFA_NOTIFICATION_INFO_GET
        • 3.7.3.13. FFA_SPM_ID_GET
        • 3.7.3.14. FFA_SECONDARY_EP_REGISTER
        • 3.7.3.15. FFA_RX_ACQUIRE/FFA_RX_RELEASE
        • 3.7.3.16. FFA_MSG_SEND2
        • 3.7.3.17. FFA_CONSOLE_LOG
      • 3.7.4. Paravirtualized interfaces
        • 3.7.4.1. HF_INTERRUPT_ENABLE
        • 3.7.4.2. HF_INTERRUPT_GET
        • 3.7.4.3. HF_INTERRUPT_DEACTIVATE
        • 3.7.4.4. HF_INTERRUPT_RECONFIGURE
        • 3.7.4.5. HF_INTERRUPT_SEND_IPI
      • 3.7.5. SPMC-SPMD direct requests/responses
      • 3.7.6. Notifications
      • 3.7.7. Memory Sharing
      • 3.7.8. PE MMU configuration
      • 3.7.9. Schedule modes and SP Call chains
      • 3.7.10. Partition runtime models
      • 3.7.11. Interrupt management
        • 3.7.11.1. GIC ownership
        • 3.7.11.2. Non-secure interrupt handling
        • 3.7.11.3. Secure interrupt handling
        • 3.7.11.4. Secure interrupt signaling mechanisms
        • 3.7.11.5. Secure Interrupt Handling policy
        • 3.7.11.6. Secure interrupt completion mechanisms
        • 3.7.11.7. Actions for a secure interrupt triggered while execution is in normal world
        • 3.7.11.8. Actions for a secure interrupt triggered while execution is in secure world
        • 3.7.11.9. EL3 interrupt handling
        • 3.7.11.10. Inter-Processor Interrupts
      • 3.7.12. Power management
      • 3.7.13. Arm architecture extensions for security hardening
      • 3.7.14. SIMD support
        • 3.7.14.1. Supported configurations
        • 3.7.14.2. SIMD save/restore operations
      • 3.7.15. SMMUv3 support in Hafnium
        • 3.7.15.1. SMMUv3 features
        • 3.7.15.2. SMMUv3 Programming Interfaces
        • 3.7.15.3. Peripheral device manifest
      • 3.7.16. DMA isolation
        • 3.7.16.1. SMMUv3 driver limitations
      • 3.7.17. S-EL0 Partition support
      • 3.7.18. Support for arch timer and system counter
      • 3.7.19. Partition Lifecycle support
    • 3.8. References
    • 3.9. FF-A manifest binding to device tree
  • 4. Threat Model
    • 4.1. Introduction
    • 4.2. Target of Evaluation
      • 4.2.1. Data Flow Diagram
    • 4.3. Threat Analysis
      • 4.3.1. Trust boundaries
      • 4.3.2. Assets
      • 4.3.3. Threat Agents
      • 4.3.4. Threat types
      • 4.3.5. Threat Assessment
  • 5. Change Log & Release Notes
    • 5.1. 2.14.0 (2025-11-13)
      • 5.1.1. Highlights
      • 5.1.2. Features
      • 5.1.3. Bug Fixes
      • 5.1.4. Code Refactoring
      • 5.1.5. Tests & Framework
      • 5.1.6. Build & CI
      • 5.1.7. Documentation
      • 5.1.8. Maintenance & Chores
    • 5.2. v2.13
      • 5.2.1. Highlights
    • 5.3. v2.12
      • 5.3.1. Highlights
    • 5.4. v2.11
      • 5.4.1. Highlights
    • 5.5. v2.10
      • 5.5.1. Highlights
    • 5.6. v2.9
      • 5.6.1. Highlights
      • 5.6.2. Known limitations:
    • 5.7. v2.8
      • 5.7.1. Highlights
      • 5.7.2. Known limitations:
    • 5.8. v2.7
      • 5.8.1. Highlights
      • 5.8.2. Known limitations:
    • 5.9. v2.6
      • 5.9.1. Highlights
      • 5.9.2. Known limitations:
    • 5.10. v2.5
      • 5.10.1. Highlights
      • 5.10.2. Known limitations:
    • 5.11. v2.4
      • 5.11.1. Highlights
      • 5.11.2. Known limitations:
  • 6. Appendix
    • 6.1. Hypervisor
      • 6.1.1. Get started
        • 6.1.1.1. Getting the source code
        • 6.1.1.2. Compiling the hypervisor
        • 6.1.1.3. Running on QEMU
        • 6.1.1.4. Running tests
      • 6.1.2. Hafnium architecture
        • 6.1.2.1. Security model
        • 6.1.2.2. Design principles
        • 6.1.2.3. VM model
        • 6.1.2.4. System resources
      • 6.1.3. Code structure
      • 6.1.4. Running Hafnium under Arm FVP
        • 6.1.4.1. Set up
        • 6.1.4.2. Running tests
        • 6.1.4.3. Other resources
      • 6.1.5. Hafnium RAM disk
        • 6.1.5.1. Create a RAM disk for Hafnium
      • 6.1.6. Hermetic build
        • 6.1.6.1. Installing Docker
        • 6.1.6.2. Enabling for local builds
        • 6.1.6.3. Running commands inside the container
        • 6.1.6.4. Building container image
      • 6.1.7. Hafnium Manifest
        • 6.1.7.1. Format
        • 6.1.7.2. Example
        • 6.1.7.3. FF-A partition
        • 6.1.7.4. Compiling
      • 6.1.8. Preparing Linux
        • 6.1.8.1. Build the kernel
        • 6.1.8.2. Build the kernel Module
        • 6.1.8.3. Build Busybox
        • 6.1.8.4. Create a RAM disk for Linux
      • 6.1.9. Scheduler VM expectations
        • 6.1.9.1. Scheduling
        • 6.1.9.2. Interrupt handling
      • 6.1.10. Style guide
        • 6.1.10.1. Clarifications
        • 6.1.10.2. Naming symbols
        • 6.1.10.3. Prose
        • 6.1.10.4. Coding practices
        • 6.1.10.5. Logging
      • 6.1.11. Testing
        • 6.1.11.1. Overview
        • 6.1.11.2. Presubmit
        • 6.1.11.3. QEMU tests
      • 6.1.12. VM interface
        • 6.1.12.1. CPU scheduling
        • 6.1.12.2. PSCI
        • 6.1.12.3. Hardware timers
        • 6.1.12.4. Interrupts
        • 6.1.12.5. Performance counters
        • 6.1.12.6. Debug registers
        • 6.1.12.7. RAS Extension registers
        • 6.1.12.8. Asynchronous message passing
        • 6.1.12.9. Memory
        • 6.1.12.10. Cache
        • 6.1.12.11. Logging
        • 6.1.12.12. Configuration
        • 6.1.12.13. Failure handling
        • 6.1.12.14. TrustZone communication
        • 6.1.12.15. Other SMC calls
  • 7. Glossary
Hafnium
  • Search