1FIRME 2===== 3 4This page summarizes the current status of the FIRME implementation in TF-A. 5 6Background 7---------- 8 9FIRME defines standard EL3 firmware interfaces used by software above EL3 to 10manage capabilities associated with Arm Confidential Compute Architecture 11(Arm CCA) and, in particular, the Realm Management Extension (FEAT_RME). 12These interfaces cover the EL3 dependencies needed for Realm-related flows such 13as resource assignment and isolation, Realm construction, and attestation. 14 15The specification groups these interfaces into FIRME services. The service 16areas defined by the specification are: 17 18- granule protection table management 19- IDE key management for PCIe and CXL root ports 20- memory encryption context management 21- attestation token management 22- integrated device management 23 24In addition to those service-specific interfaces, FIRME defines a base service 25that provides common concepts plus version and feature discovery for the other 26services. 27 28FIRME sits on the EL3 boundary and is intended to be callable from the 29Non-secure, Realm, and Secure security states. A FIRME implementation is also 30permitted on systems that do not implement FEAT_RME, for example when parts of 31the interface are still useful independently of Realm support. 32 33TF-A currently implements the Arm FIRME specification version ``1.0 alp2`` as 34defined by `DEN0149`_. 35 36FIRME is exposed as a 64-bit fast SMC standard service. The currently allocated 37TF-A function ID range is ``0xC4000400`` to ``0xC4000412``. 38 39Build and integration 40--------------------- 41 42FIRME support in TF-A is experimental: 43 44- ``FIRME_SUPPORT`` enables support in builds. 45- When build with ``FIRME_SUPPORT``, RME supported system will make use of the 46 FIRME granule management services. 47- When FIRME support is enabled in a RMM enabled build, TRP uses 48 ``FIRME_GM_GPI_SET`` for granule transitions instead of the legacy 49 delegate/undelegate interface. 50 51Current status 52-------------- 53 54- Only a single FIRME version is supported per service. 55- The FIRME base service implements version and feature discovery through 56 ``FIRME_SERVICE_VERSION`` and ``FIRME_SERVICE_FEATURES``. 57- ``FIRME_GM_GPI_SET`` is currently the only implemented granule management 58 operation. 59- The IDE key management, MECID management, attestation, and integrated device 60 management services are not implemented yet. 61- ``FIRME_GM_GPI_OP_CONTINUE`` is mandatory in the ``1.0 alp2`` specification, 62 but it is not implemented yet. 63 64As a result, the current implementation tracks FIRME ``1.0 alp2`` for 65versioning purposes, but it does not yet provide all mandatory functionality 66defined by that specification revision. 67 68Implementation details 69---------------------- 70 71- TF-A currently advertises FIRME support for Secure, Non-secure, and Realm 72 callers. 73- The base service is the entry point used to discover per-service versions and 74 feature registers. 75- The granule management service publishes two feature registers: 76 77 - register 0 advertises ``FIRME_GM_GPI_SET`` support only 78 - register 1 is populated at runtime from ``GPCCR_EL3`` and reports platform 79 granule protection geometry such as page size, ``L0GPTSZ``, and ``PPS`` 80 81- ``FIRME_GM_GPI_SET`` is implemented on top of TF-A's generic GPT transition 82 helper and returns the number of successfully transitioned granules. 83 84-------------- 85 86*Copyright (c) 2026, Arm Limited and Contributors. All rights reserved.* 87 88.. _DEN0149: https://developer.arm.com/documentation/den0149/1-0alp2/?lang=en 89