1c359aeb1SJohn PowellFIRME 2c359aeb1SJohn Powell===== 3c359aeb1SJohn Powell 4c359aeb1SJohn PowellThis page summarizes the current status of the FIRME implementation in TF-A. 5c359aeb1SJohn Powell 6c359aeb1SJohn PowellBackground 7c359aeb1SJohn Powell---------- 8c359aeb1SJohn Powell 9c359aeb1SJohn PowellFIRME defines standard EL3 firmware interfaces used by software above EL3 to 10c359aeb1SJohn Powellmanage capabilities associated with Arm Confidential Compute Architecture 11c359aeb1SJohn Powell(Arm CCA) and, in particular, the Realm Management Extension (FEAT_RME). 12c359aeb1SJohn PowellThese interfaces cover the EL3 dependencies needed for Realm-related flows such 13c359aeb1SJohn Powellas resource assignment and isolation, Realm construction, and attestation. 14c359aeb1SJohn Powell 15c359aeb1SJohn PowellThe specification groups these interfaces into FIRME services. The service 16c359aeb1SJohn Powellareas defined by the specification are: 17c359aeb1SJohn Powell 18c359aeb1SJohn Powell- granule protection table management 19c359aeb1SJohn Powell- IDE key management for PCIe and CXL root ports 20c359aeb1SJohn Powell- memory encryption context management 21c359aeb1SJohn Powell- attestation token management 22c359aeb1SJohn Powell- integrated device management 23c359aeb1SJohn Powell 24c359aeb1SJohn PowellIn addition to those service-specific interfaces, FIRME defines a base service 25c359aeb1SJohn Powellthat provides common concepts plus version and feature discovery for the other 26c359aeb1SJohn Powellservices. 27c359aeb1SJohn Powell 28c359aeb1SJohn PowellFIRME sits on the EL3 boundary and is intended to be callable from the 29c359aeb1SJohn PowellNon-secure, Realm, and Secure security states. A FIRME implementation is also 30c359aeb1SJohn Powellpermitted on systems that do not implement FEAT_RME, for example when parts of 31c359aeb1SJohn Powellthe interface are still useful independently of Realm support. 32c359aeb1SJohn Powell 33c359aeb1SJohn PowellTF-A currently implements the Arm FIRME specification version ``1.0 alp2`` as 34c359aeb1SJohn Powelldefined by `DEN0149`_. 35c359aeb1SJohn Powell 36c359aeb1SJohn PowellFIRME is exposed as a 64-bit fast SMC standard service. The currently allocated 37c359aeb1SJohn PowellTF-A function ID range is ``0xC4000400`` to ``0xC4000412``. 38c359aeb1SJohn Powell 39c359aeb1SJohn PowellBuild and integration 40c359aeb1SJohn Powell--------------------- 41c359aeb1SJohn Powell 42c359aeb1SJohn PowellFIRME support in TF-A is experimental: 43c359aeb1SJohn Powell 44c359aeb1SJohn Powell- ``FIRME_SUPPORT`` enables support in builds. 45*776edfccSArunachalam Ganapathy- When build with ``FIRME_SUPPORT``, RME supported system will make use of the 46*776edfccSArunachalam Ganapathy FIRME granule management services. 47*776edfccSArunachalam Ganapathy- When FIRME support is enabled in a RMM enabled build, TRP uses 48c359aeb1SJohn Powell ``FIRME_GM_GPI_SET`` for granule transitions instead of the legacy 49c359aeb1SJohn Powell delegate/undelegate interface. 50c359aeb1SJohn Powell 51c359aeb1SJohn PowellCurrent status 52c359aeb1SJohn Powell-------------- 53c359aeb1SJohn Powell 54c359aeb1SJohn Powell- Only a single FIRME version is supported per service. 55c359aeb1SJohn Powell- The FIRME base service implements version and feature discovery through 56c359aeb1SJohn Powell ``FIRME_SERVICE_VERSION`` and ``FIRME_SERVICE_FEATURES``. 57c359aeb1SJohn Powell- ``FIRME_GM_GPI_SET`` is currently the only implemented granule management 58c359aeb1SJohn Powell operation. 59c359aeb1SJohn Powell- The IDE key management, MECID management, attestation, and integrated device 60c359aeb1SJohn Powell management services are not implemented yet. 61c359aeb1SJohn Powell- ``FIRME_GM_GPI_OP_CONTINUE`` is mandatory in the ``1.0 alp2`` specification, 62c359aeb1SJohn Powell but it is not implemented yet. 63c359aeb1SJohn Powell 64c359aeb1SJohn PowellAs a result, the current implementation tracks FIRME ``1.0 alp2`` for 65c359aeb1SJohn Powellversioning purposes, but it does not yet provide all mandatory functionality 66c359aeb1SJohn Powelldefined by that specification revision. 67c359aeb1SJohn Powell 68c359aeb1SJohn PowellImplementation details 69c359aeb1SJohn Powell---------------------- 70c359aeb1SJohn Powell 71c359aeb1SJohn Powell- TF-A currently advertises FIRME support for Secure, Non-secure, and Realm 72c359aeb1SJohn Powell callers. 73c359aeb1SJohn Powell- The base service is the entry point used to discover per-service versions and 74c359aeb1SJohn Powell feature registers. 75c359aeb1SJohn Powell- The granule management service publishes two feature registers: 76c359aeb1SJohn Powell 77c359aeb1SJohn Powell - register 0 advertises ``FIRME_GM_GPI_SET`` support only 78c359aeb1SJohn Powell - register 1 is populated at runtime from ``GPCCR_EL3`` and reports platform 79c359aeb1SJohn Powell granule protection geometry such as page size, ``L0GPTSZ``, and ``PPS`` 80c359aeb1SJohn Powell 81c359aeb1SJohn Powell- ``FIRME_GM_GPI_SET`` is implemented on top of TF-A's generic GPT transition 82c359aeb1SJohn Powell helper and returns the number of successfully transitioned granules. 83c359aeb1SJohn Powell 84c359aeb1SJohn Powell-------------- 85c359aeb1SJohn Powell 86c359aeb1SJohn Powell*Copyright (c) 2026, Arm Limited and Contributors. All rights reserved.* 87c359aeb1SJohn Powell 88c359aeb1SJohn Powell.. _DEN0149: https://developer.arm.com/documentation/den0149/1-0alp2/?lang=en 89