xref: /rk3399_ARM-atf/docs/components/ffa-manifest-binding.rst (revision f306cdcda0bf3d0734cd8a1bca57a6394d5df4d1) 
1FF-A manifest binding to device tree
2====================================
3
4This document defines the nodes and properties used to define a partition,
5according to the FF-A specification.
6
7Partition Properties
8--------------------
9
10- compatible [mandatory]
11   - value type: <string>
12   - Must be the string "arm,ffa-manifest-X.Y" which specifies the major and
13     minor versions of the device tree binding for the FFA manifest represented
14     by this node. The minor number is incremented if the binding changes in a
15     backwards compatible manner.
16
17      - X is an integer representing the major version number of this document.
18      - Y is an integer representing the minor version number of this document.
19
20- ffa-version [mandatory]
21   - value type: <u32>
22   - Must be two 16 bits values (X, Y), concatenated as 31:16 -> X,
23     15:0 -> Y, where:
24
25      - X is the major version of FF-A expected by the partition at the FFA
26        instance it will execute.
27      - Y is the minor version of FF-A expected by the partition at the FFA
28        instance it will execute.
29
30- uuid [mandatory]
31   - value type: <prop-encoded-array>
32   - An array of comma separated tuples each consisting of 4 <u32> values,
33     identifying the UUID of the services implemented by this partition.
34     The UUID format is described in RFC 4122.
35   - These 4 <u32> values are packed similar to the UUID register mapping
36     specified in section '5.3 Unique Identification format', SMC Calling
37     Convention, DEN0028, v1.6 G BET0
38     (https://developer.arm.com/documentation/den0028/latest/).
39
40- id
41   - value type: <u32>
42   - Pre-allocated partition ID.
43
44- auxiliary-id
45   - value type: <u32>
46   - Pre-allocated ID that could be used in memory management transactions.
47
48- description
49   - value type: <string>
50   - Name of the partition e.g. for debugging purposes.
51
52- execution-ctx-count [mandatory]
53   - value type: <u32>
54   - Number of vCPUs that a VM or SP wants to instantiate.
55
56      - In the absence of virtualization, this is the number of execution
57        contexts that a partition implements.
58      - If value of this field = 1 and number of PEs > 1 then the partition is
59        treated as UP & migrate capable.
60      - If the value of this field > 1 then the partition is treated as a MP
61        capable partition irrespective of the number of PEs.
62
63- exception-level [mandatory]
64   - value type: <u32>
65   - The target exception level for the partition:
66
67      - 0x0: EL1
68      - 0x1: S_EL0
69      - 0x2: S_EL1
70
71- execution-state [mandatory]
72   - value type: <u32>
73   - The target execution state of the partition:
74
75      - 0: AArch64
76      - 1: AArch32
77
78- load-address
79   - value type: <u64>
80   - Physical base address of the partition in memory. Absence of this field
81     indicates that the partition is position independent and can be loaded at
82     any address chosen at boot time.
83
84- entrypoint-offset
85   - value type: <u64>
86   - Offset from the base of the partition's binary image to the entry point of
87     the partition. Absence of this field indicates that the entry point is at
88     offset 0x0 from the base of the partition's binary.
89
90- xlat-granule
91   - value type: <u32>
92   - Translation granule used with the partition:
93
94      - 0x0: 4k
95      - 0x1: 16k
96      - 0x2: 64k
97
98- boot-order
99   - value type: <u32>
100   - A unique number amongst all partitions that specifies if this partition
101     must be booted before others. The partition with the smaller number will be
102     booted first. Highest vlue allowed for this field is 0xFFFF.
103
104- rx-tx-buffer
105   - value type: "memory-regions" node
106   - Specific "memory-regions" nodes that describe the RX/TX buffers expected
107     by the partition.
108     The "compatible" must be the string "arm,ffa-manifest-rx_tx-buffer".
109
110- messaging-method [mandatory]
111   - value type: <u32>
112   - Specifies which messaging methods are supported by the partition, set bit
113     means the feature is supported, clear bit - not supported:
114
115      - Bit[0]: partition can receive direct requests via FFA_MSG_SEND_DIRECT_REQ ABI if set
116      - Bit[1]: partition can send direct requests via FFA_MSG_SEND_DIRECT_REQ ABI if set
117      - Bit[2]: partition can send and receive indirect messages
118      - Bit[9]: partition can receive direct requests via FFA_MSG_SEND_DIRECT_REQ2 ABI if set
119      - Bit[10]: partition can send direct requests via FFA_MSG_SEND_DIRECT_REQ2 ABI if set
120
121- managed-exit
122   - value type: <empty>
123   - Specifies if managed exit is supported.
124   - This field is deprecated in favor of ns-interrupts-action field in the FF-A
125     v1.1 EAC0 spec.
126
127- managed-exit-virq
128   - value type: <empty>
129   - Indicates if the partition needs managed exit, if supported, to be signaled
130     through vIRQ signal.
131
132- ns-interrupts-action [mandatory]
133   - value type: <u32>
134   - Specifies the action that the SPMC must take in response to a Non-secure
135     physical interrupt.
136
137      - 0x0: Non-secure interrupt is queued
138      - 0x1: Non-secure interrupt is signaled after a managed exit
139      - 0x2: Non-secure interrupt is signaled
140
141   - This field supersedes the managed-exit field in the FF-A v1.0 spec.
142
143- other-s-interrupts-action
144   - value type: <u32>
145   - Specifies the action that the SPMC must take in response to a Other-Secure
146     physical interrupt.
147
148      - 0x0: Other-Secure interrupt is queued
149      - 0x1: Other-Secure interrupt is signaled
150
151- has-primary-scheduler
152   - value type: <empty>
153   - Presence of this field indicates that the partition implements the primary
154     scheduler. If so, run-time EL must be EL1.
155
156- time-slice-mem
157   - value type: <empty>
158   - Presence of this field indicates that the partition doesn't expect the
159     partition manager to time slice long running memory management functions.
160
161- gp-register-num
162   - value type: <u32>
163   - The field specifies the general purpose register number but not its width.
164     The width is derived from the partition's execution state, as specified in
165     the partition properties. For example, if the number value is 1 then the
166     general-purpose register used will be x1 in AArch64 state and w1 in AArch32
167     state.
168     Presence of this field indicates that the partition expects the address of
169     the FF-A boot information blob to be passed in the specified general purpose
170     register.
171
172- power-management-messages
173   - value type: <u32>
174   - Specifies which power management messages a partition subscribes to.
175     A set bit means the partition should be informed of the power event, clear
176     bit - should not be informed of event:
177
178      - Bit[0]: CPU_OFF
179      - Bit[1]: CPU_SUSPEND
180      - Bit[2]: CPU_SUSPEND_RESUME
181
182- vm-availability-messages
183   - value type: <u32>
184   - Specifies which VM availability messages a partition subscribes to. A set
185     bit means the partition should be informed of the event, clear bit - should
186     not be informed of event:
187
188      - Bit[0]: VM created
189      - Bit[1]: VM destroyed
190
191- lifecycle-support
192   - value type: <empty>
193   - Presence of this field indicates support for all partition lifecycle states
194     defined in the FF-A v1.3 ALP2 spec.
195
196- abort-action
197   - value type: <u32>
198   - Specifies the action that the SPMC takes when a partition encounters a fatal
199     error.
200
201      - 0x0: STOP
202      - 0x1: DESTROY
203      - 0x2: RESTART
204      - 0x3: PROPAGATE
205
206   - All other values are unsupported. If a partition does not specify this
207     field in the manifest, the SPMC takes implementation defined action.
208
209.. _memory_region_node:
210
211Memory Regions
212--------------
213
214- compatible [mandatory]
215   - value type: <string>
216   - Must be the string "arm,ffa-manifest-memory-regions".
217
218- description
219   - value type: <string>
220   - Name of the memory region e.g. for debugging purposes.
221
222- pages-count [mandatory]
223   - value type: <u32>
224   - Count of pages of memory region as a multiple of the translation granule
225     size
226
227- attributes [mandatory]
228   - value type: <u32>
229   - Mapping modes: ORed to get required permission
230
231      - 0x1: Read
232      - 0x2: Write
233      - 0x4: Execute
234      - 0x8: Security state
235
236- base-address
237   - value type: <u64>
238   - Base address of the region. The address must be aligned to the translation
239     granule size.
240     The address given may be a Physical Address (PA), Virtual Address (VA), or
241     Intermediate Physical Address (IPA). Refer to the FF-A specification for
242     more information on the restrictions around the address type.
243     If the base address is omitted then the partition manager must map a memory
244     region of the specified size into the partition's translation regime and
245     then communicate the region properties (including the base address chosen
246     by the partition manager) to the partition.
247
248- load-address-relative-offset
249   - value type: <u64>
250   - Offset relative to the load address of the partition.
251     When this is provided in the partition manifest, it should be added to the
252     load address to get the base address of the region. The secure partition
253     manifest can have either "base-address" or "load-address-relative-offset".
254     It cannot have both.
255
256- stream-ids
257   - value type: <prop-encoded-array>
258   - List of IDs belonging to a DMA capable peripheral device that has access to
259     the memory region represented by current node.
260   - Each ID must have been declared in exactly one device region node.
261
262- smmu-id
263   - value type: <u32>
264   - Identifies the SMMU IP that enforces the access control for the DMA device
265     that owns the above stream-ids.
266
267- stream-ids-access-permissions
268   - value type: <prop-encoded-array>
269   - List of attributes representing the instruction and data access permissions
270     used by the DMA device streams to access the memory region represented by
271     current node.
272
273.. _device_region_node:
274
275Device Regions
276--------------
277
278- compatible [mandatory]
279   - value type: <string>
280   - Must be the string "arm,ffa-manifest-device-regions".
281
282- description
283   - value type: <string>
284   - Name of the device region e.g. for debugging purposes.
285
286- pages-count [mandatory]
287   - value type: <u32>
288   - Count of pages of memory region as a multiple of the translation granule
289     size
290
291- attributes [mandatory]
292   - value type: <u32>
293   - Mapping modes: ORed to get required permission
294
295     - 0x1: Read
296     - 0x2: Write
297     - 0x4: Execute
298     - 0x8: Security state
299
300- base-address [mandatory]
301   - value type: <u64>
302   - Base address of the region. The address must be aligned to the translation
303     granule size.
304     The address given may be a Physical Address (PA), Virtual Address (VA), or
305     Intermediate Physical Address (IPA). Refer to the FF-A specification for
306     more information on the restrictions around the address type.
307
308- smmu-id
309   - value type: <u32>
310   - On systems with multiple System Memory Management Units (SMMUs) this
311     identifier is used to inform the partition manager which SMMU the device is
312     upstream of. If the field is omitted then it is assumed that the device is
313     not upstream of any SMMU.
314
315- stream-ids
316   - value type: <prop-encoded-array>
317   - List of IDs where an ID is a unique <u32> value amongst all devices assigned
318     to the partition.
319
320- interrupts
321   - value type: <prop-encoded-array>
322   - A list of (id, attributes) pair describing the device interrupts, where:
323
324      - id: The <u32> interrupt IDs.
325      - attributes: A <u32> value, containing attributes for each interrupt ID:
326
327        +----------------------+----------+
328        |Field                 | Bit(s)   |
329        +----------------------+----------+
330        | Priority	       | 7:0      |
331        +----------------------+----------+
332        | Security state       | 8        |
333        +----------------------+----------+
334        | Config(Edge/Level)   | 9        |
335        +----------------------+----------+
336        | Type(SPI/PPI/SGI)    | 11:10    |
337        +----------------------+----------+
338
339        Security state:
340          - Secure:       1
341          - Non-secure:   0
342
343        Configuration:
344          - Edge triggered:       0
345          - Level triggered:      1
346
347        Type:
348          - SPI:  0b10
349          - PPI:  0b01
350          - SGI:  0b00
351
352- interrupts-target
353   - value type: <prop-encoded-array>
354   - A list of (id, mpdir upper bits, mpidr lower bits) tuples describing which
355     mpidr the interrupt is routed to, where:
356
357      - id: The <u32> interrupt ID. Must be one of those specified in the
358            "interrupts" field.
359      - mpidr upper bits: The <u32> describing the upper bits of the 64 bits
360                          mpidr
361      - mpidr lower bits: The <u32> describing the lower bits of the 64 bits
362                          mpidr
363
364- exclusive-access
365   - value type: <empty>
366   - Presence of this field implies that this endpoint must be granted exclusive
367     access and ownership of this device's MMIO region.
368
369--------------
370
371*Copyright (c) 2019-2025, Arm Limited and Contributors. All rights reserved.*
372