xref: /rk3399_ARM-atf/docs/components/ffa-manifest-binding.rst (revision 32d9e8ec6c1f2889ffeb549007a7569754add5f1) 
1FF-A manifest binding to device tree
2====================================
3
4This document defines the nodes and properties used to define a partition,
5according to the FF-A specification.
6
7Partition Properties
8--------------------
9
10- compatible [mandatory]
11   - value type: <string>
12   - Must be the string "arm,ffa-manifest-X.Y" which specifies the major and
13     minor versions of the device tree binding for the FFA manifest represented
14     by this node. The minor number is incremented if the binding changes in a
15     backwards compatible manner.
16
17      - X is an integer representing the major version number of this document.
18      - Y is an integer representing the minor version number of this document.
19
20- ffa-version [mandatory]
21   - value type: <u32>
22   - Must be two 16 bits values (X, Y), concatenated as 31:16 -> X,
23     15:0 -> Y, where:
24
25      - X is the major version of FF-A expected by the partition at the FFA
26        instance it will execute.
27      - Y is the minor version of FF-A expected by the partition at the FFA
28        instance it will execute.
29
30- uuid [mandatory]
31   - value type: <prop-encoded-array>
32   - An array of comma separated tuples each consisting of 4 <u32> values,
33     identifying the UUID of the services implemented by this partition.
34     The UUID format is described in RFC 4122.
35   - These 4 <u32> values are packed similar to the UUID register mapping
36     specified in section '5.3 Unique Identification format', SMC Calling
37     Convention, DEN0028, v1.6 G BET0
38     (https://developer.arm.com/documentation/den0028/latest/).
39
40- id
41   - value type: <u32>
42   - Pre-allocated partition ID.
43
44- auxiliary-id
45   - value type: <u32>
46   - Pre-allocated ID that could be used in memory management transactions.
47
48- description
49   - value type: <string>
50   - Name of the partition e.g. for debugging purposes.
51
52- execution-ctx-count [mandatory]
53   - value type: <u32>
54   - Number of vCPUs that a VM or SP wants to instantiate.
55
56      - In the absence of virtualization, this is the number of execution
57        contexts that a partition implements.
58      - If value of this field = 1 and number of PEs > 1 then the partition is
59        treated as UP & migrate capable.
60      - If the value of this field > 1 then the partition is treated as a MP
61        capable partition irrespective of the number of PEs.
62
63- exception-level [mandatory]
64   - value type: <u32>
65   - The target exception level for the partition:
66
67      - 0x0: EL1
68      - 0x1: S_EL0
69      - 0x2: S_EL1
70
71- execution-state [mandatory]
72   - value type: <u32>
73   - The target execution state of the partition:
74
75      - 0: AArch64
76      - 1: AArch32
77
78- load-address
79   - value type: <u64>
80   - Physical base address of the partition in memory. Absence of this field
81     indicates that the partition is position independent and can be loaded at
82     any address chosen at boot time.
83
84- entrypoint-offset
85   - value type: <u64>
86   - Offset from the base of the partition's binary image to the entry point of
87     the partition. Absence of this field indicates that the entry point is at
88     offset 0x0 from the base of the partition's binary.
89
90- xlat-granule
91   - value type: <u32>
92   - Translation granule used with the partition:
93
94      - 0x0: 4k
95      - 0x1: 16k
96      - 0x2: 64k
97
98- boot-order
99   - value type: <u32>
100   - A unique number amongst all partitions that specifies if this partition
101     must be booted before others. The partition with the smaller number will be
102     booted first. Highest vlue allowed for this field is 0xFFFF.
103
104- rx-tx-buffer
105   - value type: "memory-regions" node
106   - Specific "memory-regions" nodes that describe the RX/TX buffers expected
107     by the partition.
108     The "compatible" must be the string "arm,ffa-manifest-rx_tx-buffer".
109
110- messaging-method [mandatory]
111   - value type: <u32>
112   - Specifies which messaging methods are supported by the partition, set bit
113     means the feature is supported, clear bit - not supported:
114
115      - Bit[0]: partition can receive direct requests via FFA_MSG_SEND_DIRECT_REQ ABI if set
116      - Bit[1]: partition can send direct requests via FFA_MSG_SEND_DIRECT_REQ ABI if set
117      - Bit[2]: partition can send and receive indirect messages
118      - Bit[9]: partition can receive direct requests via FFA_MSG_SEND_DIRECT_REQ2 ABI if set
119      - Bit[10]: partition can send direct requests via FFA_MSG_SEND_DIRECT_REQ2 ABI if set
120
121- managed-exit
122   - value type: <empty>
123   - Specifies if managed exit is supported.
124   - This field is deprecated in favor of ns-interrupts-action field in the FF-A
125     v1.1 EAC0 spec.
126
127- managed-exit-virq
128   - value type: <empty>
129   - Indicates if the partition needs managed exit, if supported, to be signaled
130     through vIRQ signal.
131
132- ns-interrupts-action [mandatory]
133   - value type: <u32>
134   - Specifies the action that the SPMC must take in response to a Non-secure
135     physical interrupt.
136
137      - 0x0: Non-secure interrupt is queued
138      - 0x1: Non-secure interrupt is signaled after a managed exit
139      - 0x2: Non-secure interrupt is signaled
140
141   - This field supersedes the managed-exit field in the FF-A v1.0 spec.
142
143- other-s-interrupts-action
144   - value type: <u32>
145   - Specifies the action that the SPMC must take in response to a Other-Secure
146     physical interrupt.
147
148      - 0x0: Other-Secure interrupt is queued
149      - 0x1: Other-Secure interrupt is signaled
150
151- has-primary-scheduler
152   - value type: <empty>
153   - Presence of this field indicates that the partition implements the primary
154     scheduler. If so, run-time EL must be EL1.
155
156- time-slice-mem
157   - value type: <empty>
158   - Presence of this field indicates that the partition doesn't expect the
159     partition manager to time slice long running memory management functions.
160
161- gp-register-num
162   - value type: <u32>
163   - The field specifies the general purpose register number but not its width.
164     The width is derived from the partition's execution state, as specified in
165     the partition properties. For example, if the number value is 1 then the
166     general-purpose register used will be x1 in AArch64 state and w1 in AArch32
167     state.
168     Presence of this field indicates that the partition expects the address of
169     the FF-A boot information blob to be passed in the specified general purpose
170     register.
171
172- power-management-messages
173   - value type: <u32>
174   - Specifies which power management messages a partition subscribes to.
175     A set bit means the partition should be informed of the power event, clear
176     bit - should not be informed of event:
177
178      - Bit[0]: CPU_OFF
179      - Bit[1]: CPU_SUSPEND
180      - Bit[2]: CPU_SUSPEND_RESUME
181
182- vm-availability-messages
183   - value type: <u32>
184   - Specifies which VM availability messages a partition subscribes to. A set
185     bit means the partition should be informed of the event, clear bit - should
186     not be informed of event:
187
188      - Bit[0]: VM created
189      - Bit[1]: VM destroyed
190
191.. _memory_region_node:
192
193Memory Regions
194--------------
195
196- compatible [mandatory]
197   - value type: <string>
198   - Must be the string "arm,ffa-manifest-memory-regions".
199
200- description
201   - value type: <string>
202   - Name of the memory region e.g. for debugging purposes.
203
204- pages-count [mandatory]
205   - value type: <u32>
206   - Count of pages of memory region as a multiple of the translation granule
207     size
208
209- attributes [mandatory]
210   - value type: <u32>
211   - Mapping modes: ORed to get required permission
212
213      - 0x1: Read
214      - 0x2: Write
215      - 0x4: Execute
216      - 0x8: Security state
217
218- base-address
219   - value type: <u64>
220   - Base address of the region. The address must be aligned to the translation
221     granule size.
222     The address given may be a Physical Address (PA), Virtual Address (VA), or
223     Intermediate Physical Address (IPA). Refer to the FF-A specification for
224     more information on the restrictions around the address type.
225     If the base address is omitted then the partition manager must map a memory
226     region of the specified size into the partition's translation regime and
227     then communicate the region properties (including the base address chosen
228     by the partition manager) to the partition.
229
230- load-address-relative-offset
231   - value type: <u64>
232   - Offset relative to the load address of the partition.
233     When this is provided in the partition manifest, it should be added to the
234     load address to get the base address of the region. The secure partition
235     manifest can have either "base-address" or "load-address-relative-offset".
236     It cannot have both.
237
238- stream-ids
239   - value type: <prop-encoded-array>
240   - List of IDs belonging to a DMA capable peripheral device that has access to
241     the memory region represented by current node.
242   - Each ID must have been declared in exactly one device region node.
243
244- smmu-id
245   - value type: <u32>
246   - Identifies the SMMU IP that enforces the access control for the DMA device
247     that owns the above stream-ids.
248
249- stream-ids-access-permissions
250   - value type: <prop-encoded-array>
251   - List of attributes representing the instruction and data access permissions
252     used by the DMA device streams to access the memory region represented by
253     current node.
254
255.. _device_region_node:
256
257Device Regions
258--------------
259
260- compatible [mandatory]
261   - value type: <string>
262   - Must be the string "arm,ffa-manifest-device-regions".
263
264- description
265   - value type: <string>
266   - Name of the device region e.g. for debugging purposes.
267
268- pages-count [mandatory]
269   - value type: <u32>
270   - Count of pages of memory region as a multiple of the translation granule
271     size
272
273- attributes [mandatory]
274   - value type: <u32>
275   - Mapping modes: ORed to get required permission
276
277     - 0x1: Read
278     - 0x2: Write
279     - 0x4: Execute
280     - 0x8: Security state
281
282- base-address [mandatory]
283   - value type: <u64>
284   - Base address of the region. The address must be aligned to the translation
285     granule size.
286     The address given may be a Physical Address (PA), Virtual Address (VA), or
287     Intermediate Physical Address (IPA). Refer to the FF-A specification for
288     more information on the restrictions around the address type.
289
290- smmu-id
291   - value type: <u32>
292   - On systems with multiple System Memory Management Units (SMMUs) this
293     identifier is used to inform the partition manager which SMMU the device is
294     upstream of. If the field is omitted then it is assumed that the device is
295     not upstream of any SMMU.
296
297- stream-ids
298   - value type: <prop-encoded-array>
299   - List of IDs where an ID is a unique <u32> value amongst all devices assigned
300     to the partition.
301
302- interrupts
303   - value type: <prop-encoded-array>
304   - A list of (id, attributes) pair describing the device interrupts, where:
305
306      - id: The <u32> interrupt IDs.
307      - attributes: A <u32> value, containing attributes for each interrupt ID:
308
309        +----------------------+----------+
310        |Field                 | Bit(s)   |
311        +----------------------+----------+
312        | Priority	       | 7:0      |
313        +----------------------+----------+
314        | Security state       | 8        |
315        +----------------------+----------+
316        | Config(Edge/Level)   | 9        |
317        +----------------------+----------+
318        | Type(SPI/PPI/SGI)    | 11:10    |
319        +----------------------+----------+
320
321        Security state:
322          - Secure:       1
323          - Non-secure:   0
324
325        Configuration:
326          - Edge triggered:       0
327          - Level triggered:      1
328
329        Type:
330          - SPI:  0b10
331          - PPI:  0b01
332          - SGI:  0b00
333
334- interrupts-target
335   - value type: <prop-encoded-array>
336   - A list of (id, mpdir upper bits, mpidr lower bits) tuples describing which
337     mpidr the interrupt is routed to, where:
338
339      - id: The <u32> interrupt ID. Must be one of those specified in the
340            "interrupts" field.
341      - mpidr upper bits: The <u32> describing the upper bits of the 64 bits
342                          mpidr
343      - mpidr lower bits: The <u32> describing the lower bits of the 64 bits
344                          mpidr
345
346- exclusive-access
347   - value type: <empty>
348   - Presence of this field implies that this endpoint must be granted exclusive
349     access and ownership of this device's MMIO region.
350
351--------------
352
353*Copyright (c) 2019-2024, Arm Limited and Contributors. All rights reserved.*
354