xref: /rk3399_ARM-atf/docs/components/ffa-manifest-binding.rst (revision 657d1da384ee2d4221ab01670ece602b3a1437ca) 
1FF-A manifest binding to device tree
2====================================
3
4This document defines the nodes and properties used to define a partition,
5according to the FF-A specification.
6
7Partition Properties
8--------------------
9
10- compatible [mandatory]
11   - value type: <string>
12   - Must be the string "arm,ffa-manifest-X.Y" which specifies the major and
13     minor versions of the device tree binding for the FFA manifest represented
14     by this node. The minor number is incremented if the binding changes in a
15     backwards compatible manner.
16
17      - X is an integer representing the major version number of this document.
18      - Y is an integer representing the minor version number of this document.
19
20- ffa-version [mandatory]
21   - value type: <u32>
22   - Must be two 16 bits values (X, Y), concatenated as 31:16 -> X,
23     15:0 -> Y, where:
24
25      - X is the major version of FF-A expected by the partition at the FFA
26        instance it will execute.
27      - Y is the minor version of FF-A expected by the partition at the FFA
28        instance it will execute.
29
30- uuid [mandatory]
31   - value type: <prop-encoded-array>
32   - An array consisting of 4 <u32> values, identifying the UUID of the service
33     implemented by this partition. The UUID format is described in RFC 4122.
34   - These 4 <u32> values are packed similar to the UUID register mapping
35     specified in section '5.3 Unique Identification format', SMC Calling
36     Convention, DEN0028, v1.6 G BET0
37     (https://developer.arm.com/documentation/den0028/latest/).
38
39- id
40   - value type: <u32>
41   - Pre-allocated partition ID.
42
43- auxiliary-id
44   - value type: <u32>
45   - Pre-allocated ID that could be used in memory management transactions.
46
47- description
48   - value type: <string>
49   - Name of the partition e.g. for debugging purposes.
50
51- execution-ctx-count [mandatory]
52   - value type: <u32>
53   - Number of vCPUs that a VM or SP wants to instantiate.
54
55      - In the absence of virtualization, this is the number of execution
56        contexts that a partition implements.
57      - If value of this field = 1 and number of PEs > 1 then the partition is
58        treated as UP & migrate capable.
59      - If the value of this field > 1 then the partition is treated as a MP
60        capable partition irrespective of the number of PEs.
61
62- exception-level [mandatory]
63   - value type: <u32>
64   - The target exception level for the partition:
65
66      - 0x0: EL1
67      - 0x1: S_EL0
68      - 0x2: S_EL1
69
70- execution-state [mandatory]
71   - value type: <u32>
72   - The target execution state of the partition:
73
74      - 0: AArch64
75      - 1: AArch32
76
77- load-address
78   - value type: <u64>
79   - Physical base address of the partition in memory. Absence of this field
80     indicates that the partition is position independent and can be loaded at
81     any address chosen at boot time.
82
83- entrypoint-offset
84   - value type: <u64>
85   - Offset from the base of the partition's binary image to the entry point of
86     the partition. Absence of this field indicates that the entry point is at
87     offset 0x0 from the base of the partition's binary.
88
89- xlat-granule
90   - value type: <u32>
91   - Translation granule used with the partition:
92
93      - 0x0: 4k
94      - 0x1: 16k
95      - 0x2: 64k
96
97- boot-order
98   - value type: <u32>
99   - A unique number amongst all partitions that specifies if this partition
100     must be booted before others. The partition with the smaller number will be
101     booted first. Highest vlue allowed for this field is 0xFFFF.
102
103- rx-tx-buffer
104   - value type: "memory-regions" node
105   - Specific "memory-regions" nodes that describe the RX/TX buffers expected
106     by the partition.
107     The "compatible" must be the string "arm,ffa-manifest-rx_tx-buffer".
108
109- messaging-method [mandatory]
110   - value type: <u32>
111   - Specifies which messaging methods are supported by the partition, set bit
112     means the feature is supported, clear bit - not supported:
113
114      - Bit[0]: partition can receive direct requests via FFA_MSG_SEND_DIRECT_REQ ABI if set
115      - Bit[1]: partition can send direct requests via FFA_MSG_SEND_DIRECT_REQ ABI if set
116      - Bit[2]: partition can send and receive indirect messages
117      - Bit[9]: partition can receive direct requests via FFA_MSG_SEND_DIRECT_REQ2 ABI if set
118      - Bit[10]: partition can send direct requests via FFA_MSG_SEND_DIRECT_REQ2 ABI if set
119
120- managed-exit
121   - value type: <empty>
122   - Specifies if managed exit is supported.
123   - This field is deprecated in favor of ns-interrupts-action field in the FF-A
124     v1.1 EAC0 spec.
125
126- managed-exit-virq
127   - value type: <empty>
128   - Indicates if the partition needs managed exit, if supported, to be signaled
129     through vIRQ signal.
130
131- ns-interrupts-action [mandatory]
132   - value type: <u32>
133   - Specifies the action that the SPMC must take in response to a Non-secure
134     physical interrupt.
135
136      - 0x0: Non-secure interrupt is queued
137      - 0x1: Non-secure interrupt is signaled after a managed exit
138      - 0x2: Non-secure interrupt is signaled
139
140   - This field supersedes the managed-exit field in the FF-A v1.0 spec.
141
142- other-s-interrupts-action
143   - value type: <u32>
144   - Specifies the action that the SPMC must take in response to a Other-Secure
145     physical interrupt.
146
147      - 0x0: Other-Secure interrupt is queued
148      - 0x1: Other-Secure interrupt is signaled
149
150- has-primary-scheduler
151   - value type: <empty>
152   - Presence of this field indicates that the partition implements the primary
153     scheduler. If so, run-time EL must be EL1.
154
155- time-slice-mem
156   - value type: <empty>
157   - Presence of this field indicates that the partition doesn't expect the
158     partition manager to time slice long running memory management functions.
159
160- gp-register-num
161   - value type: <u32>
162   - The field specifies the general purpose register number but not its width.
163     The width is derived from the partition's execution state, as specified in
164     the partition properties. For example, if the number value is 1 then the
165     general-purpose register used will be x1 in AArch64 state and w1 in AArch32
166     state.
167     Presence of this field indicates that the partition expects the address of
168     the FF-A boot information blob to be passed in the specified general purpose
169     register.
170
171- power-management-messages
172   - value type: <u32>
173   - Specifies which power management messages a partition subscribes to.
174     A set bit means the partition should be informed of the power event, clear
175     bit - should not be informed of event:
176
177      - Bit[0]: CPU_OFF
178      - Bit[1]: CPU_SUSPEND
179      - Bit[2]: CPU_SUSPEND_RESUME
180
181- vm-availability-messages
182   - value type: <u32>
183   - Specifies which VM availability messages a partition subscribes to. A set
184     bit means the partition should be informed of the event, clear bit - should
185     not be informed of event:
186
187      - Bit[0]: VM created
188      - Bit[1]: VM destroyed
189
190.. _memory_region_node:
191
192Memory Regions
193--------------
194
195- compatible [mandatory]
196   - value type: <string>
197   - Must be the string "arm,ffa-manifest-memory-regions".
198
199- description
200   - value type: <string>
201   - Name of the memory region e.g. for debugging purposes.
202
203- pages-count [mandatory]
204   - value type: <u32>
205   - Count of pages of memory region as a multiple of the translation granule
206     size
207
208- attributes [mandatory]
209   - value type: <u32>
210   - Mapping modes: ORed to get required permission
211
212      - 0x1: Read
213      - 0x2: Write
214      - 0x4: Execute
215      - 0x8: Security state
216
217- base-address
218   - value type: <u64>
219   - Base address of the region. The address must be aligned to the translation
220     granule size.
221     The address given may be a Physical Address (PA), Virtual Address (VA), or
222     Intermediate Physical Address (IPA). Refer to the FF-A specification for
223     more information on the restrictions around the address type.
224     If the base address is omitted then the partition manager must map a memory
225     region of the specified size into the partition's translation regime and
226     then communicate the region properties (including the base address chosen
227     by the partition manager) to the partition.
228
229- load-address-relative-offset
230   - value type: <u64>
231   - Offset relative to the load address of the partition.
232     When this is provided in the partition manifest, it should be added to the
233     load address to get the base address of the region. The secure partition
234     manifest can have either "base-address" or "load-address-relative-offset".
235     It cannot have both.
236
237- stream-ids
238   - value type: <prop-encoded-array>
239   - List of IDs belonging to a DMA capable peripheral device that has access to
240     the memory region represented by current node.
241   - Each ID must have been declared in exactly one device region node.
242
243- smmu-id
244   - value type: <u32>
245   - Identifies the SMMU IP that enforces the access control for the DMA device
246     that owns the above stream-ids.
247
248- stream-ids-access-permissions
249   - value type: <prop-encoded-array>
250   - List of attributes representing the instruction and data access permissions
251     used by the DMA device streams to access the memory region represented by
252     current node.
253
254.. _device_region_node:
255
256Device Regions
257--------------
258
259- compatible [mandatory]
260   - value type: <string>
261   - Must be the string "arm,ffa-manifest-device-regions".
262
263- description
264   - value type: <string>
265   - Name of the device region e.g. for debugging purposes.
266
267- pages-count [mandatory]
268   - value type: <u32>
269   - Count of pages of memory region as a multiple of the translation granule
270     size
271
272- attributes [mandatory]
273   - value type: <u32>
274   - Mapping modes: ORed to get required permission
275
276     - 0x1: Read
277     - 0x2: Write
278     - 0x4: Execute
279     - 0x8: Security state
280
281- base-address [mandatory]
282   - value type: <u64>
283   - Base address of the region. The address must be aligned to the translation
284     granule size.
285     The address given may be a Physical Address (PA), Virtual Address (VA), or
286     Intermediate Physical Address (IPA). Refer to the FF-A specification for
287     more information on the restrictions around the address type.
288
289- smmu-id
290   - value type: <u32>
291   - On systems with multiple System Memory Management Units (SMMUs) this
292     identifier is used to inform the partition manager which SMMU the device is
293     upstream of. If the field is omitted then it is assumed that the device is
294     not upstream of any SMMU.
295
296- stream-ids
297   - value type: <prop-encoded-array>
298   - List of IDs where an ID is a unique <u32> value amongst all devices assigned
299     to the partition.
300
301- interrupts
302   - value type: <prop-encoded-array>
303   - A list of (id, attributes) pair describing the device interrupts, where:
304
305      - id: The <u32> interrupt IDs.
306      - attributes: A <u32> value, containing attributes for each interrupt ID:
307
308        +----------------------+----------+
309        |Field                 | Bit(s)   |
310        +----------------------+----------+
311        | Priority	       | 7:0      |
312        +----------------------+----------+
313        | Security state       | 8        |
314        +----------------------+----------+
315        | Config(Edge/Level)   | 9        |
316        +----------------------+----------+
317        | Type(SPI/PPI/SGI)    | 11:10    |
318        +----------------------+----------+
319
320        Security state:
321          - Secure:       1
322          - Non-secure:   0
323
324        Configuration:
325          - Edge triggered:       0
326          - Level triggered:      1
327
328        Type:
329          - SPI:  0b10
330          - PPI:  0b01
331          - SGI:  0b00
332
333- interrupts-target
334   - value type: <prop-encoded-array>
335   - A list of (id, mpdir upper bits, mpidr lower bits) tuples describing which
336     mpidr the interrupt is routed to, where:
337
338      - id: The <u32> interrupt ID. Must be one of those specified in the
339            "interrupts" field.
340      - mpidr upper bits: The <u32> describing the upper bits of the 64 bits
341                          mpidr
342      - mpidr lower bits: The <u32> describing the lower bits of the 64 bits
343                          mpidr
344
345- exclusive-access
346   - value type: <empty>
347   - Presence of this field implies that this endpoint must be granted exclusive
348     access and ownership of this device's MMIO region.
349
350--------------
351
352*Copyright (c) 2019-2024, Arm Limited and Contributors. All rights reserved.*
353