

# Realm Management Monitor specification

| Document number            | DEN0137                 |
|----------------------------|-------------------------|
| Document quality           | EAC                     |
| Document version           | 1.0-eac3                |
| Document confidentiality   | Non-confidential        |
| Document build information | 1b76d699 doctool 0.53.0 |

Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved.

## **Realm Management Monitor specification**

#### **Release information**

#### 1.0-eac3 (20-07-2023)

#### Clarifications

- Clarify which bits of command input / output values should / must be zero (FENIMORE-674)
- Explain distinction between concrete and abstract types (FENIMORE-693)
- Clarify return value from RSI\_IPA\_STATE\_SET when stopping at first DESTROYED entry (FENIMORE-699) [I<sub>GXDDX</sub>]

#### Defects

- PSCI\_SYSTEM\_{OFF,RESET}: change Realm state to SYSTEM\_OFF (FENIMORE-694)
- RMI\_REC\_CREATE: update RIM only if runnable flag is set (FENIMORE-697)
- RMI\_REALM\_CREATE: fix list of measured parameters (FENIMORE-695)
- Remove members from RmmSystemRegisters (FENIMORE-700)
  - State saved / restored depends on architecture features supported by the platform, so defining this type as an empty placeholder
- Avoid use of reserved ASL v1 keyword "entry" in MRS (FENIMORE-702)
  - RmiRecEntry -> RmiRecEnter
  - RmiRecEntryFlags -> RmiRecEnterFlags
  - RmiRecRun::entry -> RmiRecRun::enter
  - RmmRttWalkResult::entry -> RmmRttWalkResult::rtte
- RSI\_IPA\_STATE\_SET: prohibit RSI\_DESTROYED input value (FENIMORE-705)
- RMI\_PSCI\_COMPLETE: PSCI\_CPU\_ON: fix copy of context\_id to target CPU X0 (FENIMORE-703)
- Allow Host to reject request to change RIPAS to RAM (FENIMORE-661)
- Allow Host to reject PSCI\_CPU\_ON request via RMI\_PSCI\_COMPLETE (FENIMORE-706)

#### Relaxations

- Permit folding of level 2 RTT to create level 1 block mapping (FENIMORE-608)
- Remove restriction that attestation token size must not exceed 4KB (FENIMORE-691)

#### 1.0-eac2 (07-06-2023)

#### Clarifications

- Remove reference to triggering ERROR\_INPUT by setting MBZ bit to 1 (FENIMORE-675)
- Clarify constraints on output values in case of command failure [R<sub>TFZMS</sub>] (FENIMORE-676)
- Clarify encoding of RmiRealmParams::sve\_sz (FENIMORE-684)
- Clarify set of SMCCC interfaces available to a Realm [R<sub>NPLKX</sub>] (FENIMORE-685)

#### Defects

- Replace PMU fields in RmiRecExit with single bit indicating the PMU overflow status [R<sub>WXTZF</sub>] (FENIMORE-679)
- RMI\_PSCI\_COMPLETE: failure condition should compare against MPIDR, not RD address (FENIMORE-681)
- RMI\_REC\_CREATE: remove params\_valid failure condition (FENIMORE-686)
- RMI\_RTT\_{INIT,SET}\_RIPAS: check alignment of "top" input value (FENIMORE-687)
- Reduce coupling between HIPAS and RIPAS (FENIMORE-680)
  - Replace HIPAS=DESTROYED with RIPAS=DESTROYED
  - Remove RmiRttEntryState::RMI\_DESTROYED
  - Change encoding of RmiRttEntryState::RMI\_TABLE

- Add RmiRipas::RMI\_DESTROYED
- Add RsiRipas::RSI\_DESTROYED
- RMI\_DATA\_CREATE\_UNKNOWN: remove pre-condition that RIPAS=RAM
- RMI\_DATA\_DESTROY:
  - \* In all cases, post-condition now states that HIPAS=UNASSIGNED
  - \* If pre-condition was RIPAS=RAM, post-condition states that RIPAS=DESTROYED
- RMI\_RTT\_DESTROY:
  - \* Remove post-condition that HIPAS=DESTROYED
  - \* Add post-condition that state of parent RTTE is UNASSIGNED
  - \* Add post-condition that RIPAS=DESTROYED
- RMI\_RTT\_SET\_IPA\_STATE: stop at first DESTROYED entry if "destroyed" flag is set
- RSI\_IPA\_STATE\_SET: add "destroyed" flag
- Clarify distinction between "RTT folding" [D<sub>QPXCP</sub>] and "RTT destruction" [D<sub>VXRZW</sub>]
- RMI\_RTT\_INIT\_RIPAS: success conditions should be bounded by walk\_top, not top

#### Relaxations

• RSI\_REALM\_CONFIG: provide Realm hash algorithm (FENIMORE-678)

#### 1.0-eac1 (31-03-2023)

#### Clarifications

- Unused bits of RmiRecEntry::gicv3\_hcr are SBZ [I<sub>SMHXB</sub>] (FENIMORE-666)
- RMI\_REC\_ENTER: all RMI\_ERROR\_INPUT failure conditions precede all RMI\_ERROR\_REC failure conditions (FENIMORE-668)
- Avoid use of raw Xn values in command conditions where possible (FENIMORE-671)
- Clarify definition of REC exit due to (Non-)emulatable Data Abort [D<sub>CYRMT</sub>, D<sub>MTZMC</sub>] (FENIMORE-673)

#### Defects

- RMI\_RTT\_INIT\_RIPAS: take account of "top" IPA value when calculating RIM contribution (FENIMORE-662)
- RttSkipEntriesWithRipas: fix inverted logic (FENIMORE-663)
- RMI\_RTT\_SET\_RIPAS: on success, modify IPA range [base, walk\_top) (FENIMORE-669)
- RMI\_RTT\_{INIT,SET}\_RIPAS: remove redundant failure conditions (FENIMORE-670)
- Clarify HIPAS=DESTROYED implies RIPAS=UNDEFINED [R<sub>JYDRL</sub>] (FENIMORE-672)

#### Relaxations

• RSI\_HOST\_CALL: relax alignment requirement from 4KB to 256B

#### 1.0-eac0 (31-01-2023)

#### Clarifications

None

#### Defects

- RmiRealmParams: reduce width of integer attributes (FENIMORE-647)
- RSI\_IPA\_STATE\_SET: replace (base, size) with (base, top) (FENIMORE-656)
- RMI\_RTT\_INIT\_RIPAS, RMI\_RTT\_SET\_RIPAS: allow single command to modify multiple RTT entries (FENIMORE-656)

#### Relaxations

• RMI\_RTT\_SET\_RIPAS: remove "ripas" input value (FENIMORE-659)

## 1.0-bet2 (16-12-2022)

#### Clarifications

- Flows: update RMI\_REC\_ENTRY to take a single 'run' input value
- Clarify meaning of "TTD" [I<sub>YMNSR</sub>] (FENIMORE-641)
- Fix typo in reference to "CCA platform token claim map"  $[I_{FJKFY}]$  (FENIMORE-647)
- Fix reference to "RME system architecture spec" (FENIMORE-648)
- Flows: remove stale reference to parameters passed to RMI\_DATA\_CREATE (FENIMORE-649)
- Improve definition and constistency of usage of the term "REC" (FENIMORE-650)
  - Where referring to the RMM data structure "REC object" is now used
- Clarify description of properties of Realm IPA space [I<sub>TPGKW</sub>] (FENIMORE-639)
  - Replace "permitted, under control of host" with statements which refer to particular HIPAS values.
  - Add "Protected IPA, HIPAS=DESTROYED" row, thereby removing contradictory statements regarding SEA taken to Realm, previously in "Protected IPA, RIPAS=EMPTY".
- On assertion of an EL1 timer, the RMM guarantees a REC exit, not only a Realm exit (FENIMORE-651)
- RMI\_RTT\_FOLD: preserve RIPAS value if IPA is Protected (FENIMORE-638)

#### Defects

- Attestation: wrap sub-tokens in byte stream (FENIMORE-643)
- RMI\_DATA\_DESTROY, RMI\_RTT\_{DESTROY,FOLD}: return PA of destroyed object (FENIMORE-563)
- RMI\_REALM\_DESTROY, RMI\_REC\_DESTROY, RMI\_REC\_ENTER, RMI\_RTT\_DESTROY, RMI\_RTT\_FOLD, RMI\_RTT\_SET\_RIPAS: Remove RMI\_ERROR\_IN\_USE (FENIMORE-588)
- RMI\_DATA\_CREATE, RMI\_DATA\_CREATE\_UNKNOWN, RMI\_REC\_CREATE, RMI\_RTT\_CREATE: pass RD pointer in X1 (FENIMORE-655)
- Replace RmiRealmParams::features\_0 with discrete fields (FENIMORE-655)
- RMI\_DATA\_CREATE(\_UNKNOWN): require RIPAS=RAM (FENIMORE-645)
- Apply "must / should be zero" consistently (FENIMORE-619)
  - In command inputs, unused bits are SBZ
  - In command outputs, unused bits are MBZ

#### Relaxations

- RSI\_HOST\_CALL: expand set of GPRs to X0-X30 (FENIMORE-607)
  - This enables the RMM to support any calling convention.
- RMI\_DATA\_DESTROY, RMI\_RTT\_DESTROY, RMI\_RTT\_UNMAP\_UNPROTECTED: return IPA of next live RTT entry (FENIMORE-563)

#### 1.0-bet1 (31-10-2022)

#### Clarifications

- Rename HIPAS VALID\_NS -> UNASSIGNED (FENIMORE-631)
- SEA injection is independent of whether Host emulates MMIO (FENIMORE-632)
- In RIPAS change flow, permit Host to apply the change to zero or more pages of the target IPA region (FENIMORE-633)
- Flows: replace HVC with Host call (FENIMORE-611)
- Clarify behavior of VmidIsValid() function (FENIMORE-630)
- Qualify "all other exit fields are zero" statements [R<sub>GTJRP</sub>, R<sub>LRCFP</sub>] (FENIMORE-634)
   GIC, timer and PMU fields are valid on every REC exit.

#### Defects

- Change size of RsiHostCall type to 256 bytes (FENIMORE-629)
- Correct the set of ESR\_EL2 fields which are returned to the Host on REC exit due to Data abort [R<sub>RYVFL</sub>]
  - On all Data Aborts, add FnV.
  - On Emulatable Data Aborts, add SF.
  - On Non-emulatable Data Abort at an Unprotected IPA, add IL.

#### Relaxations

None

## Arm Non-Confidential Document Licence ("Licence")

This Licence is a legal agreement between you and Arm Limited ("**Arm**") for the use of Arm's intellectual property (including, without limitation, any copyright) embodied in the document accompanying this Licence ("**Document**"). Arm licenses its intellectual property in the Document to you on condition that you agree to the terms of this Licence. By using or copying the Document you indicate that you agree to be bound by the terms of this Licence.

"**Subsidiary**" means any company the majority of whose voting shares is now or hereafter owner or controlled, directly or indirectly, by you. A company shall be a Subsidiary only for the period during which such control exists.

This Document is **NON-CONFIDENTIAL** and any use by you and your Subsidiaries ("Licensee") is subject to the terms of this Licence between you and Arm.

Subject to the terms and conditions of this Licence, Arm hereby grants to Licensee under the intellectual property in the Document owned or controlled by Arm, a non-exclusive, non-transferable, non-sub-licensable, royalty-free, worldwide licence to:

- (i) use and copy the Document for the purpose of designing and having designed products that comply with the Document;
- (ii) manufacture and have manufactured products which have been created under the licence granted in (i) above; and
- (iii) sell, supply and distribute products which have been created under the licence granted in (i) above.

# Licensee hereby agrees that the licences granted above shall not extend to any portion or function of a product that is not itself compliant with part of the Document.

Except as expressly licensed above, Licensee acquires no right, title or interest in any Arm technology or any intellectual property embodied therein.

THE DOCUMENT IS PROVIDED "AS IS". ARM PROVIDES NO REPRESENTATIONS AND NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY, NON-INFRINGEMENT OR FITNESS FOR A PARTICULAR PURPOSE WITH RESPECT TO THE DOCUMENT. Arm may make changes to the Document at any time and without notice. For the avoidance of doubt, Arm makes no representation with respect to, and has undertaken no analysis to identify or understand the scope and content of, third party patents, copyrights, trade secrets, or other rights.

NOTWITHSTANING ANYTHING TO THE CONTRARY CONTAINED IN THIS LICENCE, TO THE FULLEST EXTENT PETMITTED BY LAW, IN NO EVENT WILL ARM BE LIABLE FOR ANY DAMAGES, IN CONTRACT, TORT OR OTHERWISE, IN CONNECTION WITH THE SUBJECT MATTER OF THIS LICENCE (INCLUDING WITHOUT LIMITATION) (I) LICENSEE'S USE OF THE DOCUMENT; AND (II) THE IMPLEMENTATION OF THE DOCUMENT IN ANY PRODUCT CREATED BY LICENSEE UNDER THIS LICENCE). THE EXISTENCE OF MORE THAN ONE CLAIM OR SUIT WILL NOT ENLARGE OR EXTEND THE LIMIT. LICENSEE RELEASES ARM FROM ALL OBLIGATIONS, LIABILITY, CLAIMS OR DEMANDS IN EXCESS OF THIS LIMITATION.

This Licence shall remain in force until terminated by Licensee or by Arm. Without prejudice to any of its other rights, if Licensee is in breach of any of the terms and conditions of this Licence then Arm may terminate this Licence immediately upon giving written notice to Licensee. Licensee may terminate this Licence at any time. Upon termination of this Licence by Licensee or by Arm, Licensee shall stop using the Document and destroy all copies of the Document in its possession. Upon termination of this Licence, all terms shall survive except for the licence grants.

Any breach of this Licence by a Subsidiary shall entitle Arm to terminate this Licence as if you were the party in breach. Any termination of this Licence shall be effective in respect of all Subsidiaries. Any rights granted to any Subsidiary hereunder shall automatically terminate upon such Subsidiary ceasing to be a Subsidiary.

The Document consists solely of commercial items. Licensee shall be responsible for ensuring that any use, duplication or disclosure of the Document complies fully with any relevant export laws and regulations to assure that the Document or any portion thereof is not exported, directly or indirectly, in violation of such export laws.

This Licence may be translated into other languages for convenience, and Licensee agrees that if there is any conflict between the English version of this Licence and any translation, the terms of the English version of this Licence shall prevail.

The Arm corporate logo and words marked with ® or <sup>TM</sup> are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. Other brands and names mentioned in this document may

be the trademarks of their respective owners. No licence, express, implied or otherwise, is granted to Licensee under this Licence, to use the Arm trade marks in connection with the Document or any products based thereon. Visit Arm's website at http://www.arm.com/company/policies/trademarks for more information about Arm's trademarks.

The validity, construction and performance of this Licence shall be governed by English Law.

Copyright © 2022-2023 Arm Limited (or its affiliates). All rights reserved.

Arm Limited. Company 02557590 registered in England.

110 Fulbourn Road, Cambridge, England CB1 9NJ.

LES-PRE-21585 version 4.0

# Contents Realm Management Monitor specification

|         | Realm Management Monitor specification       ii         Release information       iii         Arm Non Confidential Decument Linease ("Linease")       iii |
|---------|-----------------------------------------------------------------------------------------------------------------------------------------------------------|
|         | Arm Non-Confidential Document Licence ("Licence")                                                                                                         |
| Preface |                                                                                                                                                           |
|         | Conventions                                                                                                                                               |
|         | Typographical conventions                                                                                                                                 |
|         | Numbers                                                                                                                                                   |
|         | Pseudocode descriptions                                                                                                                                   |
|         | Addresses                                                                                                                                                 |
|         | Rules-based writing                                                                                                                                       |
|         | Content item identifiers                                                                                                                                  |
|         | Content item rendering                                                                                                                                    |
|         | Content item classes                                                                                                                                      |
|         | Additional reading                                                                                                                                        |
|         | Feedback                                                                                                                                                  |
|         | Feedback on this book                                                                                                                                     |
|         | Open issues                                                                                                                                               |

## Part A Architecture

| Chapter A1 | Overview  |                                     |    |
|------------|-----------|-------------------------------------|----|
| •          | A1.1 Co   | nfidential computing                | 24 |
|            | A1.2 Sv   | stem software components            | 25 |
|            | •         | alm Management Monitor              |    |
| Chapter A2 | Concepts  |                                     |    |
| •          | -         | alm                                 | 28 |
|            | A2.1.1    | l Overview                          | 28 |
|            | A2.1.2    | 2 Realm execution environment       | 28 |
|            | A2.1.3    | B Realm attributes                  | 29 |
|            | A2.1.4    | 4 Realm liveness                    | 30 |
|            | A2.1.5    |                                     | 31 |
|            | A2.1.6    | ,                                   | 32 |
|            | A2.1.7    | •                                   | 32 |
|            | A2.2 Gr   |                                     | 33 |
|            | A2.2.1    | Granule attributes                  | 33 |
|            | A2.2.2    |                                     | 34 |
|            | A2.2.3    | •                                   | 34 |
|            | A2.2.4    | ,                                   | 36 |
|            |           | ealm Execution Context              | 38 |
|            | A2.3.1    |                                     | 38 |
|            | A2.3.2    |                                     | 38 |
|            | A2.3.3    |                                     | 39 |
|            | A2.3.4    |                                     | 40 |
|            | / L.O.    |                                     | 10 |
| Chapter A3 | Realm cre | ation                               |    |
| •          | A3.1 Re   | alm feature discovery and selection | 43 |
|            |           | ,                                   | -  |
|            |           |                                     |    |

|            |                              | A3.1.1                                                                                                                                                                                                                                | Realm hash algorithm                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | 43                                                                                                                         |
|------------|------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
|            |                              | A3.1.2                                                                                                                                                                                                                                | Realm LPA2 and IPA width                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | 43                                                                                                                         |
|            |                              | A3.1.3                                                                                                                                                                                                                                | Realm support for Scalable Vector Extension                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | 44                                                                                                                         |
|            |                              | A3.1.4                                                                                                                                                                                                                                | Realm support for self-hosted debug                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | 44                                                                                                                         |
|            |                              | A3.1.5                                                                                                                                                                                                                                | Realm support for Performance Monitors Extension                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | 44                                                                                                                         |
|            |                              | A3.1.6                                                                                                                                                                                                                                | Realm support for Activity Monitors Extension                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | 45                                                                                                                         |
|            |                              | A3.1.7                                                                                                                                                                                                                                | Realm support for Statistical Profiling Extension                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | 45                                                                                                                         |
|            |                              | A3.1.8                                                                                                                                                                                                                                | Realm support for Trace Buffer Extension                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | 45                                                                                                                         |
| Oberter Ad | Deel                         |                                                                                                                                                                                                                                       | ation model                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |                                                                                                                            |
| Chapter A4 |                              |                                                                                                                                                                                                                                       | ption model                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | 47                                                                                                                         |
|            | A4.1                         |                                                                                                                                                                                                                                       | ption model overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | 47                                                                                                                         |
|            | A4.2                         |                                                                                                                                                                                                                                       | entry                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | 49                                                                                                                         |
|            |                              | A4.2.1                                                                                                                                                                                                                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | 49                                                                                                                         |
|            |                              | A4.2.2                                                                                                                                                                                                                                | General purpose registers restored on REC entry                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | 51                                                                                                                         |
|            |                              | A4.2.3                                                                                                                                                                                                                                | REC entry following REC exit due to Data Abort                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | 51                                                                                                                         |
|            | A4.3                         |                                                                                                                                                                                                                                       | exit                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | 52                                                                                                                         |
|            |                              | A4.3.1                                                                                                                                                                                                                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | 52                                                                                                                         |
|            |                              | A4.3.2                                                                                                                                                                                                                                |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | 54                                                                                                                         |
|            |                              | A4.3.3                                                                                                                                                                                                                                | General purpose registers saved on REC exit                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | 54                                                                                                                         |
|            |                              | A4.3.4                                                                                                                                                                                                                                | REC exit due to synchronous exception                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | 55                                                                                                                         |
|            |                              | A4.3.5                                                                                                                                                                                                                                | REC exit due to IRQ                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | 57                                                                                                                         |
|            |                              | A4.3.6                                                                                                                                                                                                                                | REC exit due to FIQ.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | 57                                                                                                                         |
|            |                              | A4.3.7                                                                                                                                                                                                                                | REC exit due to PSCI                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | 58                                                                                                                         |
|            |                              | A4.3.8                                                                                                                                                                                                                                | REC exit due to RIPAS change pending                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | 59                                                                                                                         |
|            |                              | A4.3.9                                                                                                                                                                                                                                | REC exit due to Host call                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | 59                                                                                                                         |
|            |                              | A4.3.10                                                                                                                                                                                                                               | REC exit due to SError                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | 59                                                                                                                         |
|            | A4.4                         |                                                                                                                                                                                                                                       | ated Data Aborts                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | 61                                                                                                                         |
|            | A4.5                         | Host                                                                                                                                                                                                                                  | call                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | 61                                                                                                                         |
|            |                              |                                                                                                                                                                                                                                       |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |                                                                                                                            |
| Chapter A5 | Real                         | m mem                                                                                                                                                                                                                                 | ory management                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |                                                                                                                            |
| Chapter A5 | <b>Real</b><br>A5.1          |                                                                                                                                                                                                                                       | ory management n memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | 63                                                                                                                         |
| Chapter A5 |                              | Realı                                                                                                                                                                                                                                 | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63                                                                                                                   |
| Chapter A5 | A5.1                         | Realı                                                                                                                                                                                                                                 | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |                                                                                                                            |
| Chapter A5 | A5.1                         | Realı<br>Realı                                                                                                                                                                                                                        | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63                                                                                                                         |
| Chapter A5 | A5.1                         | Realı<br>Realı<br>A5.2.1                                                                                                                                                                                                              | n memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63                                                                                                                   |
| Chapter A5 | A5.1                         | Realı<br>Realı<br>A5.2.1<br>A5.2.2                                                                                                                                                                                                    | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>63<br>64                                                                                                       |
| Chapter A5 | A5.1                         | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4                                                                                                                                                                                | n memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>63<br>64<br>64                                                                                                 |
| Chapter A5 | A5.1                         | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5                                                                                                                                                                      | n memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>63<br>64<br>64<br>64                                                                                           |
| Chapter A5 | A5.1                         | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6                                                                                                                                                  | n memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>64                                                                                           |
| Chapter A5 | A5.1                         | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7                                                                                                                                                  | n memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66                                                                                     |
| Chapter A5 | A5.1                         | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6                                                                                                                                                  | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66                                                                               |
| Chapter A5 | A5.1<br>A5.2                 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9                                                                                                                              | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>67                                                                         |
| Chapter A5 | A5.1                         | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host                                                                                                                      | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>67<br>68                                                                   |
| Chapter A5 | A5.1<br>A5.2                 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1                                                                                                            | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>67<br>68<br>68                                                             |
| Chapter A5 | A5.1<br>A5.2                 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2                                                                                                  | n memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>66<br>67<br>68<br>68<br>69                                                 |
| Chapter A5 | A5.1<br>A5.2                 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2<br>A5.3.3                                                                                        | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>66<br>67<br>68<br>68<br>69<br>70                                           |
| Chapter A5 | A5.1<br>A5.2                 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2<br>A5.3.3<br>A5.3.4                                                                              | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>67<br>68<br>68<br>68<br>69<br>70<br>71                                     |
| Chapter A5 | A5.1<br>A5.2                 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2<br>A5.3.3<br>A5.3.4<br>A5.3.5                                                                    | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>66<br>68<br>68<br>68<br>69<br>70<br>71<br>73                               |
| Chapter A5 | A5.1<br>A5.2<br>A5.3         | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2<br>A5.3.3<br>A5.3.4<br>A5.3.5<br>A5.3.6                                                          | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>66<br>67<br>68<br>68<br>69<br>70<br>71<br>73<br>73                         |
| Chapter A5 | A5.1<br>A5.2<br>A5.3<br>A5.4 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2<br>A5.3.3<br>A5.3.4<br>A5.3.5<br>A5.3.6<br>RIPA                                                  | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>66<br>68<br>68<br>68<br>69<br>70<br>71<br>73<br>73<br>75                   |
| Chapter A5 | A5.1<br>A5.2<br>A5.3         | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2<br>A5.3.3<br>A5.3.4<br>A5.3.5<br>A5.3.6<br>RIPA<br>Reali                                         | m memory management overview n view of memory management Realm IPA space Realm IPA state Realm access to a Protected IPA Changes to RIPAS while Realm state is NEW Changes to RIPAS while Realm state is ACTIVE Realm access to an Unprotected IPA Synchronous External Aborts Realm access outside IPA space Summary of Realm IPA space properties view of memory management Host IPA state Changes to HIPAS while Realm state is NEW Changes to HIPAS while Realm state is NEW Summary of Realm IPA space Summary of Realm IPA space properties View of memory management Host IPA state Changes to HIPAS while Realm state is NEW Changes to HIPAS while Realm state is ACTIVE Summary of changes to HIPAS and RIPAS of a Protected IPA Dependency of RMI command execution on RIPAS and HIPAS values Changes to HIPAS of an Unprotected IPA S change m Translation Table | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>67<br>68<br>68<br>69<br>70<br>71<br>73<br>73<br>75<br>77                   |
| Chapter A5 | A5.1<br>A5.2<br>A5.3<br>A5.4 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2<br>A5.3.3<br>A5.3.4<br>A5.3.5<br>A5.3.6<br>RIPA<br>Reali<br>A5.5.1           | n memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>67<br>68<br>68<br>69<br>70<br>71<br>73<br>73<br>75<br>77<br>77             |
| Chapter A5 | A5.1<br>A5.2<br>A5.3<br>A5.4 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2<br>A5.3.3<br>A5.3.4<br>A5.3.5<br>A5.3.6<br>RIPA<br>Reali<br>A5.5.1<br>A5.5.2 | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>66<br>67<br>68<br>68<br>69<br>70<br>71<br>73<br>73<br>75<br>77<br>77<br>77 |
| Chapter A5 | A5.1<br>A5.2<br>A5.3<br>A5.4 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2<br>A5.3.3<br>A5.3.4<br>A5.3.5<br>A5.3.6<br>RIPA<br>Reali<br>A5.5.1<br>A5.5.2<br>A5.5.3           | n memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>67<br>68<br>68<br>69<br>70<br>71<br>73<br>73<br>75<br>77<br>77<br>77<br>77 |
| Chapter A5 | A5.1<br>A5.2<br>A5.3<br>A5.4 | Reali<br>Reali<br>A5.2.1<br>A5.2.2<br>A5.2.3<br>A5.2.4<br>A5.2.5<br>A5.2.6<br>A5.2.7<br>A5.2.8<br>A5.2.7<br>A5.2.8<br>A5.2.9<br>Host<br>A5.3.1<br>A5.3.2<br>A5.3.3<br>A5.3.4<br>A5.3.5<br>A5.3.6<br>RIPA<br>Reali<br>A5.5.1<br>A5.5.2 | m memory management overview                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | 63<br>63<br>64<br>64<br>64<br>66<br>66<br>66<br>66<br>67<br>68<br>68<br>69<br>70<br>71<br>73<br>73<br>75<br>77<br>77<br>77 |

|            | A5.5.6      | RTT folding                    | ) |
|------------|-------------|--------------------------------|---|
|            | A5.5.7      | RTT unfolding                  | ) |
|            | A5.5.8      | RTTE liveness and RTT liveness | ) |
|            | A5.5.9      | RTT destruction                | ) |
|            | A5.5.10     | RTT walk                       | l |
|            | A5.5.11     | RTT entry attributes           | l |
| Chapter A6 | Realm inter | rupts and timers               |   |
| •          |             | m interrupts                   | 5 |
|            |             | m timers                       | 7 |
| Chapter A7 | Realm meas  | surement and attestation       |   |
| •          | A7.1 Real   | m measurements                 | ) |
|            | A7.1.1      | Realm Initial Measurement      | ) |
|            | A7.1.2      | Realm Extensible Measurement   | ) |
|            | A7.2 Real   | m attestation                  | l |
|            | A7.2.1      | Attestation token              | l |
|            | A7.2.2      | Attestation token generation   | l |
|            | A7.2.3      | Attestation token format 93    | } |
| Chapter A8 | Realm debu  | g and performance monitoring   |   |
|            |             | m PMU                          | 2 |

## Part B Interface

| Chapter B1 | Comma | ands                            |
|------------|-------|---------------------------------|
| -          | B1.1  | Overview                        |
|            | B1.2  | Command definition              |
|            | B1    | .2.1 Example command            |
|            | B1.3  | Command registers               |
|            | B1.4  | Command condition expressions   |
|            | B1.5  | Command context values 118      |
|            | B1.6  | Command failure conditions      |
|            | B1.7  | Command success conditions      |
|            | B1.8  | Concrete and abstract types     |
|            | B1.9  | Command footprint               |
| Chapter B2 | Comma | and condition functions         |
| •          | B2.1  | AddrInRange function            |
|            | B2.2  | AddrlsAligned function          |
|            | B2.3  | AddrlsGranuleAligned function   |
|            | B2.4  | AddrlsProtected function        |
|            | B2.5  | AddrlsRttLevelAligned function  |
|            | B2.6  | AddrRangelsProtected function   |
|            | B2.7  | AlignDownToRttLevel function    |
|            | B2.8  | AlignUpToRttLevel function      |
|            | B2.9  | CurrentRealm function           |
|            | B2.10 | CurrentRec function             |
|            | B2.11 | Equal function                  |
|            | B2.12 | Gicv3ConfigIsValid function 125 |
|            | B2.13 | Granule function                |
|            | B2.14 | MinAddress function             |
|            | B2.15 | MpidrEqual function             |
|            | B2.16 | MpidrlsUsed function            |
|            | B2.17 | PalsDelegable function          |

| B2.18 | PsciReturnCodeEncode function 12            |    |
|-------|---------------------------------------------|----|
| B2.19 | PsciReturnCodePermitted function            |    |
| B2.20 | ReadMemory function                         |    |
| B2.21 | Realm function                              |    |
| B2.22 | RealmConfig function                        |    |
| B2.23 | RealmHostCall function                      |    |
| B2.24 | RealmIsLive function                        |    |
| B2.25 | RealmParams function                        |    |
| B2.26 | RealmParamsSupported function               |    |
| B2.27 | Rec function                                |    |
| B2.28 | RecAuxAlias function                        |    |
| B2.29 | RecAuxAligned function                      |    |
| B2.30 | RecAuxCount function                        |    |
| B2.31 | RecAuxEqual function                        |    |
| B2.32 | RecAuxSort function                         |    |
| B2.33 | RecAuxStateEqual function                   |    |
| B2.34 | RecAuxStates function                       |    |
| B2.35 | RecFromMpidr function                       |    |
| B2.36 | RecIndex function                           |    |
| B2.37 | RecParams function                          |    |
| B2.38 | RecRipasChangeResponse function             | 31 |
| B2.39 | RecRun function                             | 31 |
| B2.40 | RemExtend function                          |    |
| B2.41 | ResultEqual function                        | 32 |
| B2.42 | RimExtendData function                      |    |
| B2.43 | RimExtendRec function                       | 32 |
| B2.44 | RimExtendRipas function                     |    |
| B2.45 | RimExtendRipasForEntry function             | 33 |
| B2.46 | RimInit function                            |    |
| B2.47 | RmiRealmParamsIsValid function              | 33 |
| B2.48 | Rtt function                                |    |
| B2.49 | RttAllEntriesContiguous function            | 33 |
| B2.50 | RttAllEntriesRipas function                 |    |
| B2.51 | RttAllEntriesState function                 | 34 |
| B2.52 | RttConfigIsValid function                   | 34 |
| B2.53 | RttDescriptorIsValidForUnprotected function | 34 |
| B2.54 | RttEntriesInRangeRipas function             | 34 |
| B2.55 | RttEntry function                           | 35 |
| B2.56 | RttEntryFromDescriptor function             | 35 |
| B2.57 | RttEntryIndex function                      | 35 |
| B2.58 | RttEntryState function                      | 35 |
| B2.59 | RttFold function                            | 36 |
| B2.60 | RttlsHomogeneous function                   | 36 |
| B2.61 | RttlsLive function                          | 36 |
| B2.62 | RttLevellsBlockOrPage function              | 36 |
| B2.63 | RttLevellsStarting function                 | 36 |
| B2.64 | RttLevellsValid function                    | 37 |
| B2.65 | RttLevelSize function                       | 37 |
| B2.66 | RttsAllProtectedEntriesRipas function       | 37 |
| B2.67 | RttsAllProtectedEntriesState function       |    |
| B2.68 | RttsAllUnprotectedEntriesState function     |    |
| B2.69 | RttsGranuleState function                   |    |
| B2.70 | RttSkipEntriesUnlessRipas function          |    |
| B2.71 | RttSkipEntriesUnlessState function          |    |
| B2.72 | RttSkipEntriesWithRipas function            |    |
| -     |                                             | 2  |

|            | B2.74 Rt<br>B2.75 Rt<br>B2.76 Tc<br>B2.77 Tc<br>B2.78 Vr | ttSkipNonLiveEntries function139ttSStateEqual function139ttWalk function140oAddress function140bBits64 function140midlsFree function140140140                                                                  |
|------------|----------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Chapter B3 | B3.1 RI<br>B3.2 RI                                       | Imagement Interface       143         MI version       143         MI command return codes       143         MI commands       144         1       RMI_DATA_CREATE command       145                           |
|            | B3.3.<br>B3.3.<br>B3.3.<br>B3.3.<br>B3.3.                | 2       RMI_DATA_CREATE_UNKNOWN command       148         3       RMI_DATA_DESTROY command       151         4       RMI_FEATURES command       154         5       RMI_GRANULE_DELEGATE command       155     |
|            | B3.3.<br>B3.3.<br>B3.3.<br>B3.3.<br>B3.3.<br>B3.3.       | 7       RMI_PSCI_COMPLETE command       159         8       RMI_REALM_ACTIVATE command       163         9       RMI_REALM_CREATE command       165                                                            |
|            | B3.3.<br>B3.3.<br>B3.3.<br>B3.3.                         | 11       RMI_REC_AUX_COUNT command       172         12       RMI_REC_CREATE command       174         13       RMI_REC_DESTROY command       179         14       RMI_REC_ENTER command       181             |
|            | B3.3.<br>B3.3.<br>B3.3.<br>B3.3.<br>B3.3.<br>B3.3.       | 16         RMI_RTT_DESTROY command         187           17         RMI_RTT_FOLD command         191           18         RMI_RTT_INIT_RIPAS command         194                                               |
|            | B3.3.<br>B3.3.<br>B3.3.<br>B3.3.                         | 20       RMI_RTT_READ_ENTRY command       200         21       RMI_RTT_SET_RIPAS command       203         22       RMI_RTT_UNMAP_UNPROTECTED command       206         23       RMI_VERSION command       209 |
|            | B3.4.                                                    | 2       RmiDataFlags type                                                                                                                                                                                      |
|            | B3.4.<br>B3.4.<br>B3.4.<br>B3.4.<br>B3.4.                | 5       RmiFeature type                                                                                                                                                                                        |
|            | B3.4.<br>B3.4.<br>B3.4.<br>B3.4.<br>B3.4.<br>B3.4.       | 10       RmiPmuOverflowStatus type       214         11       RmiRealmFlags type       214         12       RmiRealmParams type       215                                                                      |
|            | B3.4.<br>B3.4.<br>B3.4.<br>B3.4.<br>B3.4.<br>B3.4.       | 14       RmiRecEnter type       216         15       RmiRecEnterFlags type       218         16       RmiRecExit type       218                                                                                |
|            | B3.4.<br>B3.4.                                           | 18 RmiRecMpidr type                                                                                                                                                                                            |

|              |          | B3.4.20  | RmiRecRun type                                                        |
|--------------|----------|----------|-----------------------------------------------------------------------|
|              |          | B3.4.21  | RmiRecRunnable type                                                   |
|              |          | B3.4.22  | RmiResponse type                                                      |
|              |          | B3.4.23  | RmiRipas type         224                                             |
|              |          | B3.4.24  | RmiRttEntryState type                                                 |
|              |          | B3.4.25  | RmiStatusCode type                                                    |
|              |          | B3.4.26  | RmiTrap type         225                                              |
|              |          | 201.120  |                                                                       |
| Chapter B4   | Realı    | m Servi  | ces Interface                                                         |
| -            | B4.1     | RSI v    | ersion                                                                |
|              | B4.2     | RSI c    | ommand return codes                                                   |
|              | B4.3     | RSI c    | ommands                                                               |
|              |          | B4.3.1   | RSI_ATTESTATION_TOKEN_CONTINUE command                                |
|              |          | B4.3.2   | RSI_ATTESTATION_TOKEN_INIT command                                    |
|              |          | B4.3.3   | RSI_HOST_CALL command                                                 |
|              |          | B4.3.4   | RSI_IPA_STATE_GET command                                             |
|              |          | B4.3.5   | RSI_IPA_STATE_SET command                                             |
|              |          | B4.3.6   | RSI_MEASUREMENT_EXTEND command                                        |
|              |          | B4.3.7   | RSI_MEASUREMENT_READ command                                          |
|              |          | B4.3.8   | RSI_REALM_CONFIG command                                              |
|              |          | B4.3.9   | RSI_VERSION command                                                   |
|              | B4.4     | RSI t    | ypes                                                                  |
|              |          | B4.4.1   | RsiCommandReturnCode type                                             |
|              |          | B4.4.2   | RsiHashAlgorithm type                                                 |
|              |          | B4.4.3   | RsiHostCall type                                                      |
|              |          | B4.4.4   | RsiInterfaceVersion type                                              |
|              |          | B4.4.5   | RsiRealmConfig type                                                   |
|              |          | B4.4.6   | RsiResponse type                                                      |
|              |          | B4.4.7   | RsiRipas type                                                         |
|              |          | B4.4.8   | RsiRipasChangeDestroyed type                                          |
|              |          | B4.4.9   | RsiRipasChangeFlags type                                              |
|              | <b>D</b> | <b>.</b> | O sector de la territe e s                                            |
| Chapter B5   |          |          | Control Interface                                                     |
|              | B5.1     |          | overview                                                              |
|              | B5.2     |          | version                                                               |
|              | B5.3     |          | commands         254           PSCI AFFINITY INFO command         255 |
|              |          | B5.3.1   |                                                                       |
|              |          | B5.3.2   | PSCI_CPU_OFF command                                                  |
|              |          | B5.3.3   | PSCI_CPU_ON command                                                   |
|              |          | B5.3.4   | PSCI_CPU_SUSPEND command                                              |
|              |          | B5.3.5   | PSCI_FEATURES command                                                 |
|              |          | B5.3.6   | PSCI_SYSTEM_OFF command                                               |
|              |          | B5.3.7   | PSCI_SYSTEM_RESET command                                             |
|              |          | B5.3.8   | PSCI_VERSION command                                                  |
|              | B5.4     |          | types                                                                 |
|              |          | B5.4.1   | PsciInterfaceVersion type                                             |
|              |          | B5.4.2   | PsciReturnCode type                                                   |
|              |          |          |                                                                       |
| Part C Types |          |          |                                                                       |
|              |          |          |                                                                       |

| Chapter C1 | RMM <sup>·</sup> | RMM types             |     |  |  |  |  |  |
|------------|------------------|-----------------------|-----|--|--|--|--|--|
| -          | C1.1             | RmmGranule type       | 269 |  |  |  |  |  |
|            | C1.2             | RmmGranuleState type  | 269 |  |  |  |  |  |
|            | C1.3             | RmmHashAlgorithm type | 270 |  |  |  |  |  |
|            |                  |                       |     |  |  |  |  |  |

| X1.5       F         X1.6       F         X1.7       F         X1.8       F         X1.9       F         X1.10       F         X1.11       F         X1.12       F         X1.13       F         X1.14       F         X1.15       F         X1.16       F         X1.17       F         X1.18       F         X1.19       F         X1.10       F         X1.12       F         X1.13       F         X1.14       F         X1.15       F         X1.16       F         X1.17       F         X1.20       F         X1.21       F         X1.22       F         X1.23       F         X1.24       F         X1.25       F | RmmHostCallPending type270RmmMeasurementDescriptorData type271RmmMeasurementDescriptorRec type271RmmMeasurementDescriptorRipas type272RmmPhysicalAddressSpace type272RmmPsciPending type273RmmRealm type273RmmRealmMeasurement type273RmmRealmMeasurement type273RmmRealmMeasurement type273RmmRealmMeasurement type273RmmRect type274RmmRect type274RmmRecTate type274RmmRecFlags type275RmmRecResponse type275RmmRecRunnable type276RmmRipas ChangeDestroyed type276RmmRtt type277RmmRttEntry type277RmmRttEntry State type276RmmRttEntry State type276RmmRttEntry State type277RmmRttEntry State type276RmmRttEntry State type276RmmRttEntry State type276RmmRttEntry State type277RmmRttEntry State type278RmmRttEntry State type278RmmSystemRegisters type278 |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 2.2 E<br>2.3 I                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             | types         279           Address type         279           BitsN type         279           ntN type         280           JIntN type         280                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |

## Part D Usage

| Chapter D1 | Flows                                        |     |
|------------|----------------------------------------------|-----|
| •          | D1.1 Granule delegation flows                | 283 |
|            | D1.1.1 Granule delegation flow               |     |
|            | D1.1.2 Granule undelegation flow             |     |
|            | D1.2 Realm lifecycle flows                   |     |
|            | D1.2.1 Realm creation flow                   |     |
|            | D1.2.2 Realm Translation Table creation flow | 285 |
|            | D1.2.3 Initialize memory of New Realm flow   | 286 |
|            | D1.2.4 REC creation flow                     | 288 |
|            | D1.2.5 Realm destruction flow                | 290 |
|            | D1.3 Realm exception model flows             | 292 |
|            | D1.3.1 Realm entry and exit flow             | 292 |
|            | D1.3.2 Host call flow                        | 292 |
|            | D1.3.3 REC exit due to Data Abort fault flow | 293 |
|            | D1.3.4 MMIO emulation flow                   | 294 |
|            | D1.4 PSCI flows                              | 296 |
|            | D1.4.1 PSCI_CPU_ON flow                      | 296 |
|            | D1.5 Realm memory management flows           | 299 |
|            | D1.5.1 Add memory to Active Realm flow       | 299 |
|            | D1.5.2 NS memory flow                        | 299 |
|            | D1.5.3 RIPAS change flow                     | 300 |
|            | D1.6 Realm interrupts and timers flows       |     |
|            |                                              |     |

#### Contents Contents

|            | D1.6.1 Interrupt flow                                               |
|------------|---------------------------------------------------------------------|
|            | D1.6.2 Timer interrupt delivery flow                                |
|            | D1.7 Realm attestation flows                                        |
|            | D1.7.1 Attestation token generation flow                            |
|            | D1.7.2 Handling interrupts during attestation token generation flow |
| Chapter D2 | Realm shared memory protocol                                        |
|            | D2.1 Realm shared memory protocol description                       |
|            | D2.2 Realm shared memory protocol flow                              |

## Glossary

# Preface

## Conventions

#### **Typographical conventions**

The typographical conventions are:

italic

Introduces special terminology, and denotes citations.

monospace

Used for pseudocode and source code examples.

Also used in the main text for instruction mnemonics and for references to other items appearing in pseudocode and source code examples.

#### SMALL CAPITALS

Used for some common terms such as IMPLEMENTATION DEFINED.

Used for a few terms that have specific technical meanings, and are included in the Glossary.

Red text

Indicates an open issue.

#### Blue text

Indicates a link. This can be

- · A cross-reference to another location within the document
- A URL, for example http://developer.arm.com

#### Numbers

Numbers are normally written in decimal. Binary numbers are preceded by 0b, and hexadecimal numbers by 0x. In both cases, the prefix and the associated value are written in a monospace font, for example 0xFFFF0000. To improve readability, long numbers can be written with an underscore separator between every four characters, for example  $0xFFFF_0000_0000_0000$ . Ignore any underscores when interpreting the value of a number.

#### **Pseudocode descriptions**

This book uses a form of pseudocode to provide precise descriptions of the specified functionality. This pseudocode is written in a monospace font. The pseudocode language is described in the Arm Architecture Reference Manual.

#### Addresses

Unless otherwise stated, the term address in this specification refers to a physical address.

## **Rules-based writing**

This specification consists of a set of individual *content items*. A content item is classified as one of the following:

- Declaration
- Rule
- Goal
- Information
- Rationale
- Implementation note
- Software usage

Declarations and Rules are normative statements. An implementation that is compliant with this specification must conform to all Declarations and Rules in this specification that apply to that implementation.

Declarations and Rules must not be read in isolation. Where a particular feature is specified by multiple Declarations and Rules, these are generally grouped into sections and subsections that provide context. Where appropriate, these sections begin with a short introduction.

Arm strongly recommends that implementers read *all* chapters and sections of this document to ensure that an implementation is compliant.

Content items other than Declarations and Rules are informative statements. These are provided as an aid to understanding this specification.

#### **Content item identifiers**

A content item may have an associated identifier which is unique among content items in this specification.

After this specification reaches beta status, a given content item has the same identifier across subsequent versions of the specification.

#### **Content item rendering**

In this document, a content item is rendered with a token of the following format in the left margin:  $L_{iiiii}$ 

- *L* is a label that indicates the content class of the content item.
- *iiiii* is the identifier of the content item.

#### **Content item classes**

#### Declaration

A Declaration is a statement that does one or more of the following:

- · Introduces a concept
- Introduces a term
- Describes the structure of data
- Describes the encoding of data

A Declaration does not describe behaviour.

A Declaration is rendered with the label *D*.

#### Rule

A Rule is a statement that describes the behaviour of a compliant implementation.

- A Rule explains what happens in a particular situation.
- A Rule does not define concepts or terminology.
- A Rule is rendered with the label *R*.

#### Goal

A Goal is a statement about the purpose of a set of rules.

A Goal explains why a particular feature has been included in the specification.

A Goal is comparable to a "business requirement" or an "emergent property."

A Goal is intended to be upheld by the logical conjunction of a set of rules.

A Goal is rendered with the label *G*.

#### Information

An Information statement provides information and guidance as an aid to understanding the specification. An Information statement is rendered with the label *I*.

#### Rationale

A Rationale statement explains why the specification was specified in the way it was.

A Rationale statement is rendered with the label X.

#### Implementation note

An Implementation note provides guidance on implementation of the specification.

An Implementation note is rendered with the label U.

#### Software usage

A Software usage statement provides guidance on how software can make use of the features defined by the specification.

A Software usage statement is rendered with the label S.

## Additional reading

This section lists publications by Arm and by third parties.

See Arm Developer (http://developer.arm.com) for access to Arm documentation.

[1] Introducing Arm CCA. (ARM DEN 0125) Arm Limited.

[2] Arm Architecture Reference Manual Supplement, The Realm Management Extension (RME), for Armv9-A. (ARM DDI 0615 A.d) Arm Ltd.

[3] Arm Architecture Reference Manual for A-Profile architecture. (ARM DDI 0487 I.a) Arm Ltd.

[4] Arm CCA Security model. (ARM DEN 0096) Arm Limited.

[5] *Arm Generic Interrupt Controller (GIC) Architecture Specification version 3 and version 4.* (ARM IHI 0069 G) Arm Ltd.

[6] Concise Binary Object Representation (CBOR).

[7] CBOR Object Signing and Encryption (COSE).

[8] Entity Attestation Token (EAT).

[9] Concise Data Definition Language (CDDL).

[10] IANA Hash Function Textual Names.

[11] SEC 1: Elliptic Curve Cryptography, version 2.0.

[12] RME system architecture spec. (ARM DEN 0129) Arm Ltd.

[13] Arm SMC Calling Convention. (ARM DEN 0028 D) Arm Ltd.

[14] Arm Specification Language Reference Manual. (ARM DDI 0612) Arm Ltd.

[15] Secure Hash Standard (SHS).

[16] Arm Power State Coordination Interface (PSCI). (ARM DEN 0022 D.b) Arm Ltd.

## Feedback

Arm welcomes feedback on its documentation.

#### Feedback on this book

If you have any comments or suggestions for additions and improvements, create a ticket at https://support.developer.arm.com As part of the ticket, include:

- The title (Realm Management Monitor specification).
- The number (DEN0137 1.0-eac3).
- The section name(s) to which your comments refer.
- The page number(s) to which your comments apply.
- The rule identifier(s) to which your comments apply, if applicable.
- A concise explanation of your comments.

Arm also welcomes general suggestions for additions and improvements.

#### Note

Arm tests PDFs only in Adobe Acrobat and Acrobat Reader, and cannot guarantee the appearance or behavior of any document when viewed with any other PDF reader.

# Open issues

The following table lists known open issues in this version of the document.

| Key | Description |
|-----|-------------|
|     |             |

Part A Architecture

# Chapter A1 Overview

The RMM is a software component which forms part of a system which implements the Arm Confidential Compute Architecture (Arm CCA). Arm CCA is an architecture which provides protected execution environments called *Realms*.

The threat model which Arm CCA is designed to address is described in Introducing Arm CCA [1].

The hardware architecture of Arm CCA is called the Realm Management Extension (RME), and is described in *Arm Architecture Reference Manual Supplement, The Realm Management Extension (RME), for Armv9-A* [2].

## A1.1 Confidential computing

The Armv8-A architecture (*Arm Architecture Reference Manual for A-Profile architecture* [3]) includes mechanisms that establish a privilege hierarchy. Software operating at higher privilege levels is responsible for managing the resources (principally memory and processor cycles) that are used by entities at lower privilege levels.

Prior to Arm CCA, resource management was coupled with a right of access. That is, a resource that is managed by a higher-privileged entity is also accessible by it. A *Realm* is a protected execution environment for which this coupling is broken, so that the right to manage resources is separated from the right to access those resources.

The purpose of a Realm is to provide to the Realm owner an environment for confidential computing, without requiring the Realm owner to trust the software components that manage the resources used by the Realm.

Construction of a Realm, and allocation of resources to a Realm at runtime, are the responsibility of the Virtual Machine Monitor (VMM). In this specification, the term *Host* is used to refer to the VMM.

See also:

• A2.1 Realm

## A1.2 System software components



The system software architecture of Arm CCA is summarised in the following figure.

Root Security state

#### Figure A1.1: System software architecture

The components shown in the diagram are listed below.

| Component                      | Description                                                                                                                                    |
|--------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------|
| Monitor                        | The most privileged software component, which is responsible for switching between the Security states used at EL2, EL1 and EL0.               |
| Realm                          | A protected execution environment.                                                                                                             |
| Realm Management Monitor (RMM) | The software component which is responsible for the management of Realms.                                                                      |
| Virtual Machine (VM)           | An execution environment within which an operating system can<br>run. Note that a Realm is a VM which executes in the Realm<br>security state. |
| Hypervisor                     | The software component which is responsible for the management of VMs.                                                                         |
| Secure Partition Manager (SPM) | The software component which is responsible for the management of Secure Partitions.                                                           |
| Trusted OS (TOS)               | An operating system which runs in a Secure Partition.                                                                                          |
| Trusted Application (TA)       | An application hosted by a TOS.                                                                                                                |

## A1.3 Realm Management Monitor

The Realm Management Monitor (RMM) is the system component that is responsible for the management of Realms.

The responsibilities of the RMM are to:

- Provide services that allow the Host to create, populate, execute and destroy Realms.
- Provide services that allow the initial configuration and contents of a Realm to be attested.
- Protect the confidentiality and integrity of Realm state during the lifetime of the Realm.
- Protect the confidentiality of Realm state during and following destruction of the Realm.

The RMM exposes the following interfaces, which are accessed via SMC instructions, to the Host:

• The *Realm Management Interface* (RMI), which provides services for the creation, population, execution and destruction of Realms.

The RMM exposes the following interfaces, which are accessed via SMC instructions, to Realms:

- The *Realm Services Interface* (RSI), which provides services used to manage resources allocated to the Realm, and to request an attestation report.
- The *Power State Coordination Interface* (PSCI), which provides services used to control power states of VPEs within a Realm. Note that the HVC conduit for PSCI is not supported for Realms.

The RMM operates by manipulating data structures which are stored in memory accessible only to the RMM.

See also:

- Chapter B3 Realm Management Interface
- Chapter B4 Realm Services Interface
- Chapter B5 Power State Control Interface

# Chapter A2 Concepts

This chapter introduces the following concepts which are central to the RMM architecture:

- A2.1 Realm
- A2.2 Granule
- A2.3 Realm Execution Context

Chapter A2. Concepts A2.1. Realm

## A2.1 Realm

This section describes the concept of a Realm.

#### A2.1.1 Overview

D<sub>DLRSR</sub> A *Realm* is an execution environment which is protected from agents in the Non-secure and Secure Security states, and from other Realms.

#### A2.1.2 Realm execution environment

 $I_{LQYLY}$  The execution environment of a Realm is an EL0 + EL1 environment, as described in *Arm Architecture Reference Manual for A-Profile architecture* [3].

#### A2.1.2.1 Realm registers

- R<sub>NJHQK</sub> On first entry to a Realm VPE, PE state is initialized according to "PE state on reset to AArch64 state" in *Arm Architecture Reference Manual for A-Profile architecture* [3], except for GPR and PC values which are specified by the Host during Realm creation.
- G<sub>ZFCQX</sub> Confidentiality is guaranteed for a Realm VPE's general purpose and SIMD / floating point registers.
- G<sub>QHZCS</sub> Confidentiality is guaranteed for other Realm VPE register state (including stack pointer, program counter and EL0 / EL1 system registers).
- G<sub>XRMHP</sub> Integrity is guaranteed for a Realm VPE's general purpose and SIMD / floating point registers.
- G<sub>YKRWG</sub> Integrity is guaranteed for other Realm VPE register state (including stack pointer, program counter and EL0 / EL1 system registers).
- I<sub>GPGFB</sub> A Realm can use a Host call to pass arguments to the Host and receive results from the Host.

See also:

- A2.3 Realm Execution Context
- A4.5 Host call
- B3.3.9 RMI\_REALM\_CREATE command

#### A2.1.2.2 Realm memory

- I TQMMZ A Realm is able to determine whether a given IPA is *protected* or *unprotected*.
- $G_{LQFQH}$  Confidentiality is guaranteed for memory contents accessed via a protected address. Informally, this means that a change to the contents of such a memory location is not observable by any agent outside the *CCA platform*.
- G<sub>QMLCJ</sub> Integrity is guaranteed for memory contents accessed via a protected address. Informally, this means that the Realm does not observe the contents of the location to change unless the Realm itself has either written a different value to the location, or provided consent to the RMM for integrity of the location to be violated.

See also:

• A5.2.1 Realm IPA space

#### A2.1.2.3 Realm processor features

- R<sub>JGHYJ</sub> The value returned to a Realm from reading a feature register is architecturally valid and describes the set of features which are present in the Realm's execution environment.
- $I_{KKBDP}$  The RMM may suppress a feature which is supported by the underlying hardware platform, if exposing that feature to a Realm could lead to a security vulnerability.

See also:

• A3.1 Realm feature discovery and selection

#### A2.1.2.4 IMPDEF system registers

R<sub>FQCKH</sub> A Realm read from or write to an IMPLEMENTATION DEFINED system register causes an Unknown exception taken to the Realm.

#### A2.1.3 Realm attributes

This section describes the attributes of a Realm.

- D<sub>JSGFY</sub> A *Realm attribute* is a property of a Realm whose value can be observed or modified either by the Host or by the Realm.
- I<sub>TTDVX</sub> An example of a way in which a Realm attribute may be observable is the outcome of an RMM command.
- D<sub>MHJCK</sub> The attributes of a Realm are summarized in the following table.

| Name            | Туре                   | Description                                         |
|-----------------|------------------------|-----------------------------------------------------|
| ipa_width       | UInt8                  | IPA width in bits                                   |
| measurements    | RmmRealmMeasurement[5] | Realm measurements                                  |
| hash_algo       | RmmHashAlgorithm       | Algorithm used to compute Realm measurements        |
| rec_index       | UInt64                 | Index of next REC to be created                     |
| rtt_base        | Address                | Realm Translation Table base address                |
| rtt_level_start | Int64                  | RTT starting level                                  |
| rtt_num_start   | UInt64                 | Number of physically contiguous starting level RTTs |
| state           | RmmRealmState          | Lifecycle state                                     |
| vmid            | Bits16                 | Virtual Machine Identifier                          |
| rpv             | Bits512                | Realm Personalization Value                         |

- D<sub>MGGPT</sub> A *Realm Initial Measurement* (RIM) is a measurement of the configuration and contents of a Realm at the time of activation.
- D<sub>GRFCS</sub> A *Realm Extensible Measurement* (REM) is a measurement value which can be extended during the lifetime of a Realm.
- $I_{\text{FMPYL}}$  Attributes of a Realm include an array of measurement values. The first entry in this array is a RIM. The remaining entries in this array are REMs.
- XDNDKVDuring Realm creation, the Host provides ipa\_width, rtt\_level\_start and rtt\_num\_start values as Realm parameters.According to the VMSA, the rtt\_num\_start value is architecturally defined as a function of the ipa\_width and rtt\_level\_start values. It would therefore have been possible to design the Realm creation interface such that the

#### Chapter A2. Concepts A2.1. Realm

Host provided only the ipa width and rtt level start values. However, this would potentially allow a Realm to be successfully created, but with a configuration which did not match the Host's intent. For this reason, it was decided that the Host should specify all three values explicitly, and that Realm creation should fail if the values are not consistent. See Arm Architecture Reference Manual for A-Profile architecture [3] for further details. The VMID of a Realm is chosen by the Host. The VMID must be within the range supported by the hardware IORVIT platform. The RMM ensures that every Realm on the system has a unique VMID. A Realm Personalization Value (RPV) is a provided by the Host, to distinguish between Realms which have the DFTWBK same Realm Initial Measurement, but different behavior. Possible uses of the RPV include: SFCNBF • A GUID • Hash of Realm Owner public key • Hash of a "personalisation document" which is provided to the Realm via a side-band (for example, via NS memory) and contains configuration information used by Realm software. The RMM treats the RPV as an opaque value. IZESWC The RPV is included in the Realm attestation report as a separate claim. IBFSRK See also: • A2.1.5 *Realm lifecycle*  A2.3 Realm Execution Context • A3.1.2 Realm LPA2 and IPA width • A5.2.1 Realm IPA space • A5.5 Realm Translation Table • A7.1 Realm measurements • A7.2.3.1.2 Realm Personalization Value claim

• C1.10 *RmmRealm type* 

## A2.1.4 Realm liveness

- D<sub>WTXTJ</sub> *Realm liveness* is a property which means that there exists one or more Granules, other than the RD and the starting level RTTs, which are owned by the Realm.
- If a Realm is live, it cannot be destroyed. IPVPOB

#### A Realm is *live* if any of the following is true: D<sub>PCKRN</sub>

- The number of RECs owned by the Realm is not zero
- A starting level RTT of the Realm is live

If a Realm owns a non-zero number of Data Granules, this implies that it has a starting level RTT which is live, I<sub>vkkp.t</sub> and therefore that the Realm itself is live.

See also:

- A2.1.5 Realm lifecycle
- A2.2.2 Granule ownership
- A2.2.3 Granule lifecycle
- A2.3 Realm Execution Context
- A5.5.8 RTTE liveness and RTT liveness
- B2.24 RealmIsLive function
- B3.3.10 RMI\_REALM\_DESTROY command

#### A2.1.5 Realm lifecycle

See also:

- Chapter A3 Realm creation
- D1.2 Realm lifecycle flows

#### A2.1.5.1 States

 $\mathsf{D}_{\mathsf{GDQPJ}}$ 

The states of a Realm are listed below.

| State      | Description                                             |
|------------|---------------------------------------------------------|
| NEW        | Under construction. Not eligible for execution.         |
| ACTIVE     | Eligible for execution.                                 |
| SYSTEM_OFF | System has been turned off. Not eligible for execution. |

#### A2.1.5.2 State transitions

 $I_{RRHFG}$  Permitted Realm state transitions are shown in the following table. The rightmost column lists the events which can cause the corresponding state transition.

A transition from the pseudo-state *NULL* represents creation of a Realm object. A transition to the pseudo-state *NULL* represents destruction of a Realm object.

| From state | To state   | Events                               |
|------------|------------|--------------------------------------|
| NULL       | NEW        | RMI_REALM_CREATE                     |
| NEW        | NULL       | RMI_REALM_DESTROY                    |
| ACTIVE     | NULL       | RMI_REALM_DESTROY                    |
| SYSTEM_OFF | NULL       | RMI_REALM_DESTROY                    |
| NEW        | ACTIVE     | RMI_REALM_ACTIVATE                   |
| ACTIVE     | SYSTEM_OFF | PSCI_SYSTEM_OFF<br>PSCI_SYSTEM_RESET |

I YCPWWPermitted Realm state transitions are shown in the following figure. Each arc is labeled with the events which can<br/>cause the corresponding state transition.

A transition from the pseudo-state *NULL* represents creation of an RD. A transition to the pseudo-state *NULL* represents destruction of an RD.

Chapter A2. Concepts A2.1. Realm



Figure A2.1: Realm state transitions

See also:

- B3.3.8 RMI\_REALM\_ACTIVATE command
- B3.3.9 RMI\_REALM\_CREATE command
- B3.3.10 RMI\_REALM\_DESTROY command
- B5.3.6 PSCI\_SYSTEM\_OFF command
- B5.3.7 PSCI\_SYSTEM\_RESET command

#### A2.1.6 Realm parameters

D<sub>TGMVZ</sub> A *Realm parameter* is a value which is provided by the Host during Realm creation.

See also:

- A2.1.3 Realm attributes
- A3.1 Realm feature discovery and selection
- B2.25 RealmParams function
- B3.3.9 RMI\_REALM\_CREATE command
- B3.4.12 RmiRealmParams type

## A2.1.7 Realm Descriptor

D<sub>TNSBY</sub> A *Realm Descriptor* (RD) is an RMM data structure which stores attributes of a Realm.

 $D_{GGKWX}$  The size of an RD is one Granule.

See also:

- A2.1.3 Realm attributes
- A2.2.3 Granule lifecycle

Chapter A2. Concepts A2.2. Granule

## A2.2 Granule

 This section describes the concept of a Granule.

 D<sub>NBXXX</sub>
 A *Granule* is a unit of physical memory whose size is 4KB.

 I<sub>DJGZW</sub>
 A Granule may be used to store one of the following:

 Code or data used by the Host
 Code or data used by software in the Secure Security state
 Code or data used by a Realm

Data used by the RMM to manage a Realm

The use of a Granule is reflected in its lifecycle state.

D<sub>ZVRXC</sub> A Granule is *delegable* if it can be delegated by the Host for use by the RMM or by a Realm.

U<sub>KHKLP</sub> In a typical implementation, all memory which is presented to the Host as RAM is delegable. Examples of non-delegable memory may include the following:

- Memory which is carved out for use by the Root world, the RMM or the Secure world
- Device memory

See also:

- A2.2.1 Granule attributes
- A2.2.3 Granule lifecycle

#### A2.2.1 Granule attributes

This section describes the attributes of a Granule.

D<sub>JPBBC</sub> A *Granule attribute* is a property of a Granule whose value can be observed or modified either by the Host or by a Realm.

- I
   Examples of ways in which a Granule attribute may be observable include the outcome of an RMM command, and whether a memory access generates a fault.
- D<sub>DVMRF</sub> The attributes of a Granule are summarized in the following table.

| Name  | Туре                    | Description            |  |
|-------|-------------------------|------------------------|--|
| pas   | RmmPhysicalAddressSpace | Physical Address Space |  |
| state | RmmGranuleState         | Lifecycle state        |  |

- D<sub>QZNGW</sub> The set of Physical Address Spaces is:
  - NS
  - REALM
  - OTHER
- $X_{LQZFB}$  The RMM cannot distinguish whether a Granule is in the Secure or Root PAS, so these two values are combined as OTHER.
- I<sub>YYVSN</sub> If the state of a Granule is not UNDELEGATED then the PAS of the Granule is REALM.
- I<sub>BQDWY</sub> If the state of a Granule is UNDELEGATED then the PAS of the Granule is not REALM.
- $I_{MPGJV}$  If the state of a Granule is UNDELEGATED then the RMM does not prevent the PAS of the Granule from being changed by another agent to any value except REALM.

# Chapter A2. Concepts A2.2. Granule

D<sub>VRSKZ</sub> An *NS Granule* is a Granule whose PAS is NS.

See also:

- A2.1 Realm
- A2.1.7 Realm Descriptor
- A2.2.3 Granule lifecycle
- C1.1 *RmmGranule type*

#### A2.2.2 Granule ownership

| I <sub>DMVQM</sub> | A Granule whose state is neither UNDELEGATED nor DELEGATED is owned by a Realm.                                                                                                                           |
|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| I <sub>prntm</sub> | The owner of a Granule is identified by the address of a Realm Descriptor (RD).                                                                                                                           |
| I <sub>ZXBZM</sub> | For a Granule whose state is RD, the ownership relation is recursive: the owning Realm is identified by the address of the RD itself.                                                                     |
| I <sub>TYHTD</sub> | A Granule whose state is RTT is one of the following:                                                                                                                                                     |
|                    | • A starting level RTT. The address of this RTT is stored in the RD of the owning Realm.                                                                                                                  |
|                    | • A non-starting level RTT. The address of this RTT is stored in its parent RTT, in an RTT entry whose state is TABLE. Recursively following the parent relationship leads to the RD of the owning Realm. |
| I <sub>QCNRM</sub> | A Granule whose state is DATA is mapped at a Protected IPA, in an RTT entry whose state is ASSIGNED. The Realm which owns the RTT is the owner of the DATA Granule.                                       |
| I <sub>hhpvb</sub> | A REC has an "owner" attribute which points to the RD of the owning Realm.                                                                                                                                |
| X <sub>ndnhg</sub> | A REC is not mapped at a Protected IPA. Its ownership therefore needs to be recorded explicitly.                                                                                                          |
|                    | See also:                                                                                                                                                                                                 |
|                    | <ul> <li>A2.1 Realm</li> <li>A2.1.7 Realm Descriptor</li> <li>A2.3 Realm Execution Context</li> <li>A5.2.1 Realm IPA space</li> </ul>                                                                     |

- A5.5 Realm Translation Table
- B3.3.1 RMI\_DATA\_CREATE command
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.12 RMI\_REC\_CREATE command
- B3.3.15 RMI\_RTT\_CREATE command

#### A2.2.3 Granule lifecycle

#### A2.2.3.1 States

D<sub>MPLGT</sub> The states of a Granule are listed below.

| Description                                |
|--------------------------------------------|
| Not delegated for use by the RMM.          |
| Delegated for use by the RMM.              |
| Realm Descriptor.                          |
| Realm Execution Context.                   |
| Realm Execution Context auxiliary Granule. |
|                                            |

#### Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved. Non-confidential

| State | Description              |
|-------|--------------------------|
| DATA  | Realm code or data.      |
| RTT   | Realm Translation Table. |

#### A2.2.3.2 State transitions

IPermitted Granule state transitions are shown in the following table. The rightmost column lists the events which<br/>can cause the corresponding state transition.

| From state  | To state    | Events                                     |
|-------------|-------------|--------------------------------------------|
| UNDELEGATED | DELEGATED   | RMI_GRANULE_DELEGATE                       |
| DELEGATED   | UNDELEGATED | RMI_GRANULE_UNDELEGATE                     |
| DELEGATED   | RD          | RMI_REALM_CREATE                           |
| RD          | DELEGATED   | RMI_REALM_DESTROY                          |
| DELEGATED   | DATA        | RMI_DATA_CREATE<br>RMI_DATA_CREATE_UNKNOWN |
| DATA        | DELEGATED   | RMI_DATA_DESTROY                           |
| DELEGATED   | REC         | RMI_REC_CREATE                             |
| REC         | DELEGATED   | RMI_REC_DESTROY                            |
| DELEGATED   | REC_AUX     | RMI_REC_CREATE                             |
| REC_AUX     | DELEGATED   | RMI_REC_DESTROY                            |
| DELEGATED   | RTT         | RMI_REALM_CREATE<br>RMI_RTT_CREATE         |
| ХТТ         | DELEGATED   | RMI_REALM_DESTROY<br>RMI_RTT_DESTROY       |

 $\mathbb{I}_{VVGVM}$  Permitted Granule state transitions are shown in the following figure. Each arc is labeled with the events which can cause the corresponding state transition.



Figure A2.2: Granule state transitions

#### See also:

- B3.3.1 RMI\_DATA\_CREATE command
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.3 RMI\_DATA\_DESTROY command
- B3.3.5 RMI\_GRANULE\_DELEGATE command
- B3.3.6 RMI\_GRANULE\_UNDELEGATE command
- B3.3.9 RMI\_REALM\_CREATE command
- B3.3.10 RMI\_REALM\_DESTROY command
- B3.3.12 RMI\_REC\_CREATE command
- B3.3.13 RMI\_REC\_DESTROY command
- B3.3.15 RMI\_RTT\_CREATE command
- B3.3.16 RMI\_RTT\_DESTROY command

## A2.2.4 Granule wiping

When the state of a Granule has transitioned from P to DELEGATED and then to any other state, any content R<sub>TMGSL</sub> associated with P has been wiped. Any sequence of Granule state transitions which passes through the DELEGATED state causes the Granule X<sub>CTGOZ</sub> contents to be wiped. This is necessary to ensure that information does not leak from one Realm to another, or from a Realm to the Host. Note that no agent can observe the contents of a Granule while its state is DELEGATED. D<sub>WTWJR</sub> Wiping is an operation which changes the observable value of a memory location from X to Y, such that the value Xcannot be determined from the value Y. Wiping of a memory location does not reveal, directly or indirectly, any confidential Realm data. R<sub>BSXXV</sub> Wiping is not guaranteed to be implemented as zero filling. IMRPCO Realm software should not assume that the initial contents of uninitialized memory (that is, Realm IPA space  $\rm S_{VJWYH}$ which is backed by DATA Granules created using RMI\_DATA\_CREATE\_UNKNOWN) are zero.

See also:

Chapter A2. Concepts A2.2. Granule

- Arm CCA Security model [4]
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.6 RMI\_GRANULE\_UNDELEGATE command

# A2.3 Realm Execution Context

This section describes the concept of a Realm Execution Context (REC).

#### A2.3.1 Overview

D<sub>LRFCP</sub> A *Realm Execution Context* (REC) is an R-EL0&1 execution context which is associated with a Realm VPE.

A REC object is an RMM data structure which is used to store the register state of a REC.

See also:

- A2.1.2 Realm execution environment
- Chapter A4 Realm exception model

### A2.3.2 REC attributes

This section describes the attributes of a REC.

- D<sub>2LGLT</sub> A *REC attribute* is a property of a REC whose value can be observed or modified either by the Host or by the Realm which owns the REC.
- ICSGGTExamples of ways in which a REC attribute may be observable include the outcome of an RMM command, and<br/>the PE state following Realm entry.
- $D_{LQSFT}$  The attributes of a REC are summarized in the following table.

| Name             | Туре                    | Description                                                                    |
|------------------|-------------------------|--------------------------------------------------------------------------------|
| attest_state     | RmmRecAttestState       | Attestation token generation state                                             |
| attest_challenge | Bits512                 | Challenge for under-construction attestation token                             |
| aux              | Address[16]             | Addresses of auxiliary Granules                                                |
| emulatable_abort | RmmRecEmulatableAbort   | Whether the most recent exit from this REC was due to an Emulatable Data Abort |
| flags            | RmmRecFlags             | Flags which control REC behavior                                               |
| gprs             | Bits64[32]              | General-purpose register values                                                |
| mpidr            | Bits64                  | MPIDR value                                                                    |
| owner            | Address                 | PA of RD of Realm which owns this REC                                          |
| pc               | Bits64                  | Program counter value                                                          |
| psci_pending     | RmmPsciPending          | Whether a PSCI request is pending                                              |
| state            | RmmRecState             | Lifecycle state                                                                |
| sysregs          | RmmSystemRegisters      | EL1 and EL0 system register values                                             |
| ripas_addr       | Address                 | Next address to be processed in RIPAS change                                   |
| ripas_top        | Address                 | Top address of pending RIPAS change                                            |
| ripas_value      | RmmRipas                | RIPAS value of pending RIPAS change                                            |
| ripas_destroyed  | RmmRipasChangeDestroyed | Whether a RIPAS change from DESTROYED should be permitted                      |

| Name              | Туре               | Description                           |
|-------------------|--------------------|---------------------------------------|
| ripas_response    | RmmRecResponse     | Host response to RIPAS change request |
| host_call_pending | RmmHostCallPending | Whether a Host call is pending        |

The aux attribute of a REC is a list of auxiliary Granules. IPVMTY The number of auxiliary Granules required for a REC is returned by the RMI\_REC\_AUX\_COUNT command. IRWFZF Depending on the configuration of the CCA platform and of the Realm, the amount of storage space required for a X<sub>LRWHB</sub> REC may exceed a single Granule. The number of auxiliary Granules required for a REC can vary between Realms on a CCA platform. ITGLBK The number of auxiliary Granules required for a REC is a constant for the lifetime of a given Realm. R<sub>MMBNR</sub> The gprs attribute of a REC is the set of general-purpose register values which are saved by the RMM on exit from IBGVRT the REC and restored by the RMM on entry to the REC. The *mpidr* attribute of a REC is a value which can be used to identify the VPE associated with the REC. IFPJDL The pc attribute of a REC is the program counter which is saved by the RMM on exit from the REC and restored I<sub>BLVKZ</sub> by the RMM on entry to the REC. The runnable flag of a REC determines whether the REC is eligible for execution. The RMI\_REC\_ENTER IGHFNQ command results in a REC entry only if the value of the flag is RUNNABLE. I<sub>SCCMH</sub> The runnable flag of a REC is controlled by the Realm. Its initial value is reflected in the Realm Initial Measurement, and during Realm execution its value can be changed by execution of the PSCI\_CPU\_ON and PSCI\_CPU\_OFF commands. The state attribute of a REC is controlled by the Host, by execution of the RMI\_REC\_ENTER command. IPMYBG The sysregs attribute of a REC is the set of system register values which are saved by the RMM on exit from the  $\mathsf{D}_{\mathsf{CDXDZ}}$ REC and restored by the RMM on entry to the REC. See also: • A2.3.3 REC index and MPIDR value • A2.3.4 REC lifecycle • A4.3.4.3 REC exit due to Data Abort

- B3.3.14 RMI\_REC\_ENTER command
- B5.3.2 PSCI\_CPU\_OFF command
- B5.3.3 PSCI\_CPU\_ON command
- C1.13 RmmRec type

#### A2.3.3 REC index and MPIDR value

D<sub>KQVHN</sub> The *REC index* is the unsigned integer value generated by concatenation of MPIDR fields:

index = Aff3:Aff2:Aff1:Aff0[3:0]

This is illustrated by the following table.

| REC<br>index | Aff3 | Aff2 | Aff1 | Aff0[3:0] |
|--------------|------|------|------|-----------|
| 0            | 0    | 0    | 0    | 0         |
| 1            | 0    | 0    | 0    | 1         |

| REC     |      |      |      |           |
|---------|------|------|------|-----------|
| index   | Aff3 | Aff2 | Aff1 | Aff0[3:0] |
|         |      |      |      |           |
| 16      | 0    | 0    | 1    | 0         |
|         |      |      |      |           |
| 4096    | 0    | 1    | 0    | 0         |
|         |      |      |      |           |
| 1048576 | 1    | 0    | 0    | 0         |
|         |      |      |      |           |

I<sub>PVLZY</sub> The Aff0[7:4] field of a REC MPIDR value is RES0 for compatibility with GICv3.

 $I_{TTWVM}$  When creating the *n*th REC in a Realm, the Host is required to use the MPIDR corresponding to REC index *n*. See also:

- B2.36 RecIndex function
- B3.3.12 RMI\_REC\_CREATE command
- B3.4.18 *RmiRecMpidr type*

## A2.3.4 REC lifecycle

#### A2.3.4.1 States

D<sub>HTXQY</sub> The states of a REC are listed below.

| State   | Description                   |
|---------|-------------------------------|
| READY   | REC is not currently running. |
| RUNNING | REC is currently running.     |

# A2.3.4.2 State transitions

I PHMWTPermitted REC state transitions are shown in the following table. The rightmost column lists the events which can<br/>cause the corresponding state transition.

A transition from the pseudo-state *NULL* represents creation of a REC object. A transition to the pseudo-state *NULL* represents destruction of a REC object.

| From state | To state | Events                    |
|------------|----------|---------------------------|
| NULL       | READY    | RMI_REC_CREATE            |
| READY      | NULL     | RMI_REC_DESTROY           |
| READY      | RUNNING  | RMI_REC_ENTER             |
| RUNNING    | READY    | Return from RMI_REC_ENTER |

#### Chapter A2. Concepts A2.3. Realm Execution Context

I<sub>FNSTJ</sub> Permitted REC state transitions are shown in the following figure. Each arc is labeled with the events which can cause the corresponding state transition.

A transition from the pseudo-state *NULL* represents creation of a REC. A transition to the pseudo-state *NULL* represents destruction of a REC.



#### Figure A2.3: REC state transitions

- B3.3.12 RMI\_REC\_CREATE command
- B3.3.13 RMI\_REC\_DESTROY command
- B3.3.14 RMI\_REC\_ENTER command

# Chapter A3 Realm creation

This section describes the process of creating a Realm.

- A2.1 *Realm*
- D1.2 Realm lifecycle flows

# A3.1 Realm feature discovery and selection

- I<sub>GJSMC</sub> RMM implementations across different CCA platforms may support disparate features and may offer disparate configuration options for Realms.
- I
   The features supported by an RMM implementation are discovered by reading feature pseudo-register values using the RMI\_FEATURES command.
- X<sub>WPHWG</sub> The term *pseudo-register* is used because, although these values are stored in memory, their usage model is similar to feature registers specified in the Arm A-profile architecture.
- $I_{QNJTQ}$  On Realm creation, the Host specifies a set of desired features in a Realm parameters structure to the RMI\_REALM\_CREATE command. The RMM checks that the features specified by the Host are supported by the implementation.

I<sub>RRHJJ</sub> The features specified at Realm creation time are included in the Realm Initial Measurement.

See also:

- A2.1.6 *Realm parameters*
- A7.1.1 Realm Initial Measurement
- B3.3.4 RMI\_FEATURES command
- B3.3.9 RMI\_REALM\_CREATE command

## A3.1.1 Realm hash algorithm

 $I_{WMKGX}$  The set of hash algorithms supported by the implementation is reported by the RMI\_FEATURES command in RmiFeatureRegister0.

Requesting an unsupported hash algorithm causes execution of RMI\_REALM\_CREATE to fail.

See also:

- A7.1 *Realm measurements*
- B3.3.9 RMI\_REALM\_CREATE command
- B3.4.6 RmiFeatureRegister0 type

## A3.1.2 Realm LPA2 and IPA width

| I <sub>gvjmz</sub> | Support by the implementation for LPA2 is reported by the RMI_FEATURES command in RmiFeatureRegister0.                                                                         |
|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| I <sub>NKLXQ</sub> | Usage of LPA2 for Realm Translation Tables is an attribute which is set by the Host during Realm creation.                                                                     |
| I <sub>lkjgn</sub> | Realm IPA width is an attribute which is set by the Host during Realm creation.                                                                                                |
| R <sub>szvdk</sub> | Requesting an unsupported IPA width (for example, smaller than the minimum supported, or larger than the maximum supported) causes execution of RMI_REALM_CREATE to fail.      |
| I <sub>GKCCS</sub> | The Host can choose a smaller IPA width than the maximum supported IPA width reported by RMI_FEATURES. This is true regardless of whether LPA2 is enabled for the Realm.       |
| X <sub>ftvxq</sub> | The Host may want to enable LPA2 for a Realm due to either or both of the following reasons:                                                                                   |
|                    | <ul> <li>to allow the Realm to be configured with a larger IPA width</li> <li>to allow access from mappings in the Realm's stage 2 translation to a larger PA space</li> </ul> |
| I <sub>XDBQB</sub> | A Realm can query its IPA width using the RSI_REALM_CONFIG command.                                                                                                            |
|                    | See also:                                                                                                                                                                      |
|                    | • A5.2.1 Realm IPA space                                                                                                                                                       |

DEN0137 1.0-eac3

- B3.3.9 RMI\_REALM\_CREATE command
- B3.4.6 *RmiFeatureRegister0 type*
- B4.3.8 RSI\_REALM\_CONFIG command

## A3.1.3 Realm support for Scalable Vector Extension

- ISupport by the implementation for the Scalable Vector Extension (FEAT\_SVE) is reported by the RMI\_FEATURES<br/>command in RmiFeatureRegister0.
- I<sub>ZJSMJ</sub> Availability of SVE to a Realm is set by the Host during Realm creation.
- I<sub>VNLNH</sub> SVE vector length for a Realm is set by the Host during Realm creation.
- R<sub>FZZDS</sub> Requesting a larger-than-supported SVE vector length causes execution of RMI\_REALM\_CREATE to fail. This is different from the behaviour of the hardware architecture, in which a larger-than-supported SVE vector length value is silently truncated.
- X<sub>YGWTK</sub> The RMI ABI provides a natural mechanism to signal an invalid feature selection, via the return code of RMI\_REALM\_CREATE. The analog in the hardware architecture would be to generate an illegal exception return, which would cause undesirable coupling between two disparate parts of the architecture, namely the exception model and the SVE feature.
- R<sub>NBYKC</sub> If SVE is supported by the platform but is disabled for the Realm via the RMI\_REALM\_CREATE command then a read of ID\_AA64PFR0\_EL1.SVE indicates that SVE is not supported.
- U<sub>ZRJXL</sub> The RMM should trap and emulate reads of ID\_AA64PFR0\_EL1.SVE.
- S<sub>VXRNN</sub> A Realm should discover SVE support by reading ID\_AA64PFR0\_EL1.SVE rather than based on the platform identity read from MIDR\_EL1.

See also:

- B3.3.9 *RMI\_REALM\_CREATE command*
- B3.4.6 *RmiFeatureRegister0 type*

#### A3.1.4 Realm support for self-hosted debug

- I<sub>SSTJD</sub>
   Self-hosted debug is always available in Armv8-A.

   I<sub>LVMFG</sub>
   The number of breakpoints and watchpoints are attributes which are set by the Host during Realm creation.

   R<sub>CJQTB</sub>
   Requesting a number of breakpoints which is different from the number of breakpoints available causes execution of RMI\_REALM\_CREATE to fail.
- R<sub>PLMDH</sub> Requesting a number of watchpoints which is different from the number of watchpoints available causes execution of RMI\_REALM\_CREATE to fail.

See also:

• B3.3.9 RMI\_REALM\_CREATE command

#### A3.1.5 Realm support for Performance Monitors Extension

- $\mathbb{I}_{\mathbb{RVCQD}} \qquad \qquad \text{Support by the implementation for the Performance Monitors Extension (FEAT_PMU) is reported by the RMI_FEATURES command in RmiFeatureRegister0.}$
- $I_{NHCFC}$  Availability of PMU to a Realm is set by the Host during Realm creation.
- I<sub>XZMRC</sub> The number of PMU counters available to a Realm is set by the Host during Realm creation.

R<sub>XVRGD</sub> Requesting a number of PMU counters which is different from the number of PMU counters available causes RMI\_REALM\_CREATE to fail.

See also:

- A8.1 Realm PMU
- B3.3.9 RMI\_REALM\_CREATE command
- B3.4.6 *RmiFeatureRegister0 type*

## A3.1.6 Realm support for Activity Monitors Extension

R<sub>JJVZS</sub> The Activity Monitors Extension (FEAT\_AMUv1) is not available to a Realm.

## A3.1.7 Realm support for Statistical Profiling Extension

R<sub>DCBNL</sub> The Statistical Profiling Extension (FEAT\_SPE) is not available to a Realm.

### A3.1.8 Realm support for Trace Buffer Extension

 $R_{NXDXG}$  The Trace Buffer Extension (FEAT\_TRBE) is not available to a Realm.

# Chapter A4 Realm exception model

This section describes how Realms are executed, and how exceptions which cause exit from a Realm are handled. See also:

• A2.1.2 Realm execution environment

# A4.1 Exception model overview

| D <sub>HCGWL</sub> | A <i>Realm entry</i> is a transfer of control to a Realm.                                                                 |
|--------------------|---------------------------------------------------------------------------------------------------------------------------|
| D <sub>rmgwj</sub> | A <i>Realm exit</i> is a transition of control from a Realm.                                                              |
| I <sub>SMPWB</sub> | When executing in a Realm, an exception taken to R-EL2 or EL3 results in a Realm exit.                                    |
| D <sub>XSNZP</sub> | A REC entry is a Realm entry due to execution of RMI_REC_ENTER.                                                           |
| I <sub>FQZJG</sub> | The Host provides the address of a REC as an input to the RMI_REC_ENTER command.                                          |
| I <sub>MDQWG</sub> | In this chapter, both rec and "the target REC" refer to the REC object which is provided to the RMI_REC_ENTER command.    |
| D <sub>BLJGY</sub> | A <i>RecRun object</i> is a data structure used to pass values between the RMM and the Host on REC entry and on REC exit. |
| I <sub>VCCFV</sub> | A RecRun object is stored in Non-secure memory.                                                                           |
| I <sub>WBHYZ</sub> | The Host provides the address of a RecRun object as an input to the RMI_REC_ENTER command.                                |
| I <sub>HMSQM</sub> | An implementation is permitted to return RMI_SUCCESS from RMI_REC_ENTER without performing a REC                          |

- entry. For example, on observing a pending interrupt, the implementation can generate a REC exit due to IRQ without entering the target REC.
- D<sub>TJCGH</sub> A *REC exit* is return from an execution of RMI\_REC\_ENTER which caused a REC entry.
- $I_{HPWVY}$  The following diagram summarises the possible control flows that result from a Realm exit.



Figure A4.1: Realm exit paths

- a. The exception is taken to EL3. The Monitor handles the exception and returns control to the Realm.
- b. The exception is taken to EL3. The Monitor pre-empts Realm Security state and passes control to the Secure Security state. This may be for example due to an FIQ.
- c. The exception is taken to EL2. The RMM decides to perform a REC exit. The RMM executes an SMC instruction, requesting the Monitor to pass control to the Non-secure Security state.
- d. The exception is taken to EL2. The RMM executes an SMC instruction, requesting the Monitor to perform an operation, then returns control to the Realm.

e. The exception is taken to EL2. The RMM handles the exception and returns control to the Realm.

- A4.2 REC entry
- A4.3 REC exit
- B3.3.14 RMI\_REC\_ENTER command
- B3.4.20 RmiRecRun type

# A4.2 REC entry

This section describes REC entry.

See also:

- A4.3 REC exit
- B3.3.14 RMI\_REC\_ENTER command

## A4.2.1 RecEnter object

- D<sub>SVSJM</sub> A *RecEnter object* is a data structure used to pass values from the Host to the RMM on REC entry.
- IYSKDN
   A RecEnter object is stored in the RecRun object which is passed by the Host as an input to the RMI\_REC\_ENTER command.
- I<sub>TRKKX</sub> On REC entry, execution state is restored from the REC object and from the RecEnter object to the PE.
- I<sub>GHDLM</sub> A RecEnter object contains attributes which are used to manage Realm virtual interrupts.
- $\mathbb{D}_{\texttt{CLNLW}}$  The attributes of a RecEnter object are summarized in the following table.

| Name     | Byte offset | Туре             | Description |
|----------|-------------|------------------|-------------|
| flags    | 0x0         | RmiRecEnterFlags | Flags       |
| gprs[0]  | 0x200       | Bits64           | Registers   |
| gprs[1]  | 0x208       | Bits64           | Registers   |
| gprs[2]  | 0x210       | Bits64           | Registers   |
| gprs[3]  | 0x218       | Bits64           | Registers   |
| gprs[4]  | 0x220       | Bits64           | Registers   |
| gprs[5]  | 0x228       | Bits64           | Registers   |
| gprs[6]  | 0x230       | Bits64           | Registers   |
| gprs[7]  | 0x238       | Bits64           | Registers   |
| gprs[8]  | 0x240       | Bits64           | Registers   |
| gprs[9]  | 0x248       | Bits64           | Registers   |
| gprs[10] | 0x250       | Bits64           | Registers   |
| gprs[11] | 0x258       | Bits64           | Registers   |
| gprs[12] | 0x260       | Bits64           | Registers   |
| gprs[13] | 0x268       | Bits64           | Registers   |
| gprs[14] | 0x270       | Bits64           | Registers   |
| gprs[15] | 0x278       | Bits64           | Registers   |
| gprs[16] | 0x280       | Bits64           | Registers   |
| gprs[17] | 0x288       | Bits64           | Registers   |
| gprs[18] | 0x290       | Bits64           | Registers   |
| gprs[19] | 0x298       | Bits64           | Registers   |
|          |             |                  |             |

| Name          | Byte offset | Туре   | Description                             |
|---------------|-------------|--------|-----------------------------------------|
| gprs[20]      | 0x2a0       | Bits64 | Registers                               |
| gprs[21]      | 0x2a8       | Bits64 | Registers                               |
| gprs[22]      | 0x2b0       | Bits64 | Registers                               |
| gprs[23]      | 0x2b8       | Bits64 | Registers                               |
| gprs[24]      | 0x2c0       | Bits64 | Registers                               |
| gprs[25]      | 0x2c8       | Bits64 | Registers                               |
| gprs[26]      | 0x2d0       | Bits64 | Registers                               |
| gprs[27]      | 0x2d8       | Bits64 | Registers                               |
| gprs[28]      | 0x2e0       | Bits64 | Registers                               |
| gprs[29]      | 0x2e8       | Bits64 | Registers                               |
| gprs[30]      | 0x2f0       | Bits64 | Registers                               |
| gicv3_hcr     | 0x300       | Bits64 | GICv3 Hypervisor Control Register value |
| gicv3_lrs[0]  | 0x308       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[1]  | 0x310       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[2]  | 0x318       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[3]  | 0x320       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[4]  | 0x328       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[5]  | 0x330       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[6]  | 0x338       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[7]  | 0x340       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[8]  | 0x348       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[9]  | 0x350       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[10] | 0x358       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[11] | 0x360       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[12] | 0x368       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[13] | 0x370       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[14] | 0x378       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[15] | 0x380       | Bits64 | GICv3 List Register values              |

In this chapter, both enter and "the RecEnter object" refer to the RecEnter object which is provided to the RMI\_REC\_ENTER command.

 ${\tt I}_{\rm LFYDV}$ 

On REC exit, all enter fields are ignored unless specified otherwise.

- A2.3 Realm Execution Context
- A4.3.1 RecExit object
- Chapter A6 Realm interrupts and timers

#### • B3.4.14 *RmiRecEnter type*

#### A4.2.2 General purpose registers restored on REC entry

| R <sub>NMSFT</sub> | On REC entry, if the most recent exit from the target REC was a REC exit due to PSCI, then all of the following occur:                                                                                         |
|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                    | <ul> <li>X0 to X6 contain the PSCI return code and PSCI output values.</li> <li>GPR values X7 to X30 are restored from the REC object to the PE.</li> </ul>                                                    |
| R <sub>rzrm</sub>  | On REC entry, if either this is the first entry to this REC, or the most recent exit from the target REC was not a REC exit due to PSCI, then GPR values X0 to X30 are restored from the REC object to the PE. |
| R <sub>ysnyq</sub> | On REC entry, if <code>rec.host_call_pending</code> is HOST_CALL_PENDING, then GPR values X0 to X30 are copied from <code>enter.gprs[030]</code> to the RsiHostCall data structure.                            |
| R <sub>YWHKC</sub> | On REC entry, if writing to the RsiHostCall data structure fails due to the target IPA not being mapped then a REC exit to Data Abort results.                                                                 |
| R <sub>tzvnk</sub> | On REC entry, if writing to the RsiHostCall data structure succeeds then <code>rec.host_call_pending</code> is NO_HOST_CALL_PENDING.                                                                           |
| $R_{\rm NLVXB}$    | On REC entry, if RMM access to enter causes a GPF then the RMI_REC_ENTER command fails with RMI_ERROR_INPUT.                                                                                                   |
|                    | See also:                                                                                                                                                                                                      |

- A4.3.3 General purpose registers saved on REC exit
- A4.3.4.3 REC exit due to Data Abort
- A4.3.7 REC exit due to PSCI
- A4.3.9 REC exit due to Host call
- A4.5 Host call

## A4.2.3 REC entry following REC exit due to Data Abort

- R<sub>BWZKH</sub> On REC entry, if the most recent exit from the target REC was a REC exit due to Emulatable Data Abort and enter.flags.emul\_mmio == RMI\_EMULATED\_MMIO, then the return address is the next instruction following the faulting instruction.
- R<sub>SCJWG</sub> On REC entry, if the most recent exit from the target REC was a REC exit due to Emulatable Data Abort and the Realm memory access was a read and enter.flags.emul\_mmio == RMI\_EMULATED\_MMIO, then the register indicated by ESR\_EL2.ISS.SRT is set to enter.gprs[0].

R<sub>LJWRK</sub> On REC entry, if the most recent exit from the target REC was a REC exit due to Data Abort at an Unprotected IPA and enter.flags.inject\_sea == RMI\_INJECT\_SEA, then a Synchronous External Abort is taken to the Realm.

- A4.3.4.3 REC exit due to Data Abort
- A4.4 Emulated Data Aborts
- A5.2.6 Realm access to an Unprotected IPA
- A5.2.7 Synchronous External Aborts

# A4.3 REC exit

This section describes REC exit.

See also:

- A4.2 REC entry
- B3.3.14 RMI\_REC\_ENTER command

## A4.3.1 RecExit object

- D<sub>PBDCB</sub> A *RecExit object* is a data structure used to pass values from the RMM to the Host on REC exit.
- IVHJTL A RecExit object is stored in the RecRun object which is passed by the Host as an input to the RMI\_REC\_ENTER command.
- I<sub>JKWPB</sub> On REC exit, execution state is saved from the PE to the REC object and to the RecExit object.
- I<sub>ZSCNM</sub> A RecExit object contains attributes which are used to manage Realm virtual interrupts and Realm timers.

D<sub>FFCMN</sub> The attributes of a RecExit object are summarized in the following table.

| Name        | Byte offset | Туре             | Description                           |
|-------------|-------------|------------------|---------------------------------------|
| exit_reason | 0x0         | RmiRecExitReason | Exit reason                           |
| esr         | 0x100       | Bits64           | Exception Syndrome Register           |
| far         | 0x108       | Bits64           | Fault Address Register                |
| hpfar       | 0x110       | Bits64           | Hypervisor IPA Fault Address register |
| gprs[0]     | 0x200       | Bits64           | Registers                             |
| gprs[1]     | 0x208       | Bits64           | Registers                             |
| gprs[2]     | 0x210       | Bits64           | Registers                             |
| gprs[3]     | 0x218       | Bits64           | Registers                             |
| gprs[4]     | 0x220       | Bits64           | Registers                             |
| gprs[5]     | 0x228       | Bits64           | Registers                             |
| gprs[6]     | 0x230       | Bits64           | Registers                             |
| gprs[7]     | 0x238       | Bits64           | Registers                             |
| gprs[8]     | 0x240       | Bits64           | Registers                             |
| gprs[9]     | 0x248       | Bits64           | Registers                             |
| gprs[10]    | 0x250       | Bits64           | Registers                             |
| gprs[11]    | 0x258       | Bits64           | Registers                             |
| gprs[12]    | 0x260       | Bits64           | Registers                             |
| gprs[13]    | 0x268       | Bits64           | Registers                             |
| gprs[14]    | 0x270       | Bits64           | Registers                             |
| gprs[15]    | 0x278       | Bits64           | Registers                             |
| gprs[16]    | 0x280       | Bits64           | Registers                             |
|             |             |                  |                                       |

| Name Byte offset |       | Туре   | Description                                         |  |
|------------------|-------|--------|-----------------------------------------------------|--|
| gprs[17]         | 0x288 | Bits64 | Registers                                           |  |
| gprs[18]         | 0x290 | Bits64 | Registers                                           |  |
| gprs[19]         | 0x298 | Bits64 | Registers                                           |  |
| gprs[20]         | 0x2a0 | Bits64 | Registers                                           |  |
| gprs[21]         | 0x2a8 | Bits64 | Registers                                           |  |
| gprs[22]         | 0x2b0 | Bits64 | Registers                                           |  |
| gprs[23]         | 0x2b8 | Bits64 | Registers                                           |  |
| gprs[24]         | 0x2c0 | Bits64 | Registers                                           |  |
| gprs[25]         | 0x2c8 | Bits64 | Registers                                           |  |
| gprs[26]         | 0x2d0 | Bits64 | Registers                                           |  |
| gprs[27]         | 0x2d8 | Bits64 | Registers                                           |  |
| gprs[28]         | 0x2e0 | Bits64 | Registers                                           |  |
| gprs[29]         | 0x2e8 | Bits64 | Registers                                           |  |
| gprs[30]         | 0x2f0 | Bits64 | Registers                                           |  |
| gicv3_hcr        | 0x300 | Bits64 | GICv3 Hypervisor Control Register value             |  |
| gicv3_lrs[0]     | 0x308 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[1]     | 0x310 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[2]     | 0x318 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[3]     | 0x320 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[4]     | 0x328 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[5]     | 0x330 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[6]     | 0x338 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[7]     | 0x340 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[8]     | 0x348 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[9]     | 0x350 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[10]    | 0x358 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[11]    | 0x360 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[12]    | 0x368 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[13]    | 0x370 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[14]    | 0x378 | Bits64 | GICv3 List Register values                          |  |
| gicv3_lrs[15]    | 0x380 | Bits64 | GICv3 List Register values                          |  |
| gicv3_misr       | 0x388 | Bits64 | GICv3 Maintenance Interrupt State<br>Register value |  |
| gicv3_vmcr       | 0x390 | Bits64 | GICv3 Virtual Machine Control Register value        |  |

| Name           | Byte offset | Туре                 | Description                                                 |  |
|----------------|-------------|----------------------|-------------------------------------------------------------|--|
| cntp_ctl       | 0x400       | Bits64               | Counter-timer Physical Timer Control<br>Register value      |  |
| cntp_cval      | 0x408       | Bits64               | Counter-timer Physical Timer<br>CompareValue Register value |  |
| cntv_ctl       | 0x410       | Bits64               | Counter-timer Virtual Timer Control<br>Register value       |  |
| cntv_cval      | 0x418       | Bits64               | Counter-timer Virtual Timer CompareValue<br>Register value  |  |
| ripas_base     | 0x500       | Bits64               | Base address of target region for pending<br>RIPAS change   |  |
| ripas_top      | 0x508       | Bits64               | Top address of target region for pending RIPAS change       |  |
| ripas_value    | 0x510       | RmiRipas             | RIPAS value of pending RIPAS change                         |  |
| imm            | 0x600       | Bits16               | Host call immediate value                                   |  |
| pmu_ovf_status | 0x700       | RmiPmuOverflowStatus | PMU overflow status                                         |  |

 $I_{FQZXZ}$  In this chapter, both exit and "the RecExit object" refer to the RecExit object which is provided to the RMI\_REC\_ENTER command.

 $R_{PNWZV}$  On REC exit, all exit fields are zero unless specified otherwise.

See also:

- A2.3 Realm Execution Context
- A4.2.1 RecEnter object
- A4.5 Host call
- Chapter A6 Realm interrupts and timers
- Chapter A8 Realm debug and performance monitoring
- B3.4.16 *RmiRecExit type*

## A4.3.2 Realm exit reason

I\_DYWHJ On return from the RMI\_REC\_ENTER command, the reason for the REC exit is indicated by exit.exit\_reason and exit.esr.

See also:

• B3.4.17 RmiRecExitReason type

# A4.3.3 General purpose registers saved on REC exit

| $R_{\text{PBKVB}}$ | On REC exit due to PSCI, all of the following are true:                                                                                                                                                                                                                            |
|--------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                    | <ul> <li>exit.gprs[0] contains the PSCI FID.</li> <li>exit.gprs[13] contain the corresponding PSCI arguments. If the PSCI command has fewer than 3 arguments, the remaining values contain zero.</li> <li>GPR values X7 to X30 are saved from the PE to the REC object.</li> </ul> |
| $R_{FNZKM}$        | On REC exit for any reason which is not REC exit due to PSCI, GPR values X0 to X30 are saved from the PE to the REC.                                                                                                                                                               |

R<sub>MZGPT</sub> On REC exit for any reason which is neither REC exit due to Host call nor REC exit due to PSCI, exit.gprs is zero.

R<sub>FRGVT</sub> On REC exit, if RMM access to exit causes a GPF then the RMI\_REC\_ENTER command fails with RMI\_ERROR\_INPUT.

See also:

- A4.2.2 General purpose registers restored on REC entry
- A4.3.7 *REC exit due to PSCI*
- A4.3.9 REC exit due to Host call

#### A4.3.4 REC exit due to synchronous exception

I<sub>SNDHF</sub> A synchronous exception taken to R-EL2 can cause a REC exit.

IRPSNC

<sup>c</sup> The following table summarises the behavior of synchronous exceptions taken to R-EL2.

| Exception class                                                   | Behavior                                                                                                                   |
|-------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------|
| Trapped WFI or WFE instruction execution                          | REC exit due to WFI or WFE                                                                                                 |
| HVC instruction execution in AArch64 state                        | Unknown exception taken to Realm                                                                                           |
| SMC instruction execution in AArch64 state                        | <ul> <li>One of:</li> <li>REC exit due to PSCI</li> <li>RSI command handled by RMM, followed by return to Realm</li> </ul> |
| Trapped MSR, MRS or System instruction execution in AArch64 state | Emulated by RMM, followed by return to Realm                                                                               |
| Instruction Abort from a lower Exception level                    | REC exit due to Instruction Abort                                                                                          |
| Data Abort from a lower Exception level                           | REC exit due to Data Abort                                                                                                 |

R<sub>YLFMD</sub> Realm execution of an SMC which is not part of one of the following ABIs results in a return value of SMCCC\_NOT\_SUPPORTED:

- PSCI
- RSI

See also:

- A4.5 Host call
- Chapter B4 Realm Services Interface
- Chapter B5 Power State Control Interface

#### A4.3.4.1 REC exit due to WFI or WFE

 D<sub>GLHPX</sub>
 A REC exit due to WFI or WFE is a REC exit due to WFI, WFIT, WFE or WFET instruction execution in a Realm.

 R<sub>VTJQF</sub>
 On WFI or WFIT instruction execution in a Realm, a REC exit due to WFI or WFE is caused if enter.trap\_wfi is RMI\_TRAP.

 Person
 On WFE or WFET instruction execution in a Realm a REC exit due to WFI or WFE is caused if enter.trap\_wfa

R<sub>GBNGW</sub> On WFE or WFET instruction execution in a Realm, a REC exit due to WFI or WFE is caused if enter.trap\_wfe is RMI\_TRAP.

| R <sub>yqwst</sub> | On REC exit due to WFI or WFE, all of the following are true:                                                                                                                                                                                                                     |
|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                    | <ul> <li>exit.exit_reason is RMI_EXIT_SYNC.</li> <li>exit.esr.EC contains the value of ESR_EL2.EC at the time of the Realm exit.</li> <li>exit.esr.ISS.TI contains the value of ESR_EL2.ISS.TI at the time of the Realm exit.</li> <li>All other exit fields are zero.</li> </ul> |
| R <sub>bpybc</sub> | On REC exit due to WFI or WFE, if the exit was caused by WFET or WFIT instruction execution then exit.gprs[0] contains the timeout value.                                                                                                                                         |
|                    | A4.3.4.2 REC exit due to Instruction Abort                                                                                                                                                                                                                                        |
| D <sub>gyqxk</sub> | A <i>REC exit due to Instruction Abort</i> is a REC exit due to a Realm instruction fetch from a Protected IPA for which either of the following is true:                                                                                                                         |
|                    | <ul> <li>HIPAS is UNASSIGNED and RIPAS is RAM</li> <li>RIPAS is DESTROYED</li> </ul>                                                                                                                                                                                              |
|                    |                                                                                                                                                                                                                                                                                   |

- exit.exit\_reason is RMI\_EXIT\_SYNC.
- exit.esr.EC contains the value of ESR\_EL2.EC at the time of the Realm exit.
- exit.esr.ISS.SET contains the value of ESR\_EL2.ISS.SET at the time of the Realm exit.
- exit.esr.ISS.EA contains the value of ESR\_EL2.ISS.EA at the time of the Realm exit.
- exit.esr.ISS.IFSC contains the value of ESR\_EL2.ISS.IFSC at the time of the Realm exit.
- exit.hpfar contains the value of HPFAR\_EL2 at the time of the Realm exit.
- All other exit fields are zero.

#### See also:

- A5.2.2 Realm IPA state
- A5.2.3 Realm access to a Protected IPA

#### A4.3.4.3 REC exit due to Data Abort

- D<sub>CYRMT</sub> A *REC exit due to Emulatable Data Abort* is a REC exit due to a Realm data access to one of the following:
  - an Unprotected IPA whose HIPAS is UNASSIGNED\_NS, where the access caused ESR\_EL2.ISS.ISV to be set to '1'
  - an Unprotected IPA whose HIPAS is ASSIGNED\_NS, where the access caused a stage 2 permission fault and caused ESR\_EL2.ISS.ISV to be set to '1'

D<sub>mtzmc</sub>

A REC exit due to Non-emulatable Data Abort is a REC exit due to a Realm data access to one of the following:

- an Unprotected IPA whose HIPAS is UNASSIGNED\_NS, where the access caused ESR\_EL2.ISS.ISV to be set to '0'
- an Unprotected IPA whose HIPAS is ASSIGNED\_NS, where the access caused a stage 2 permission fault and caused ESR\_EL2.ISS.ISV to be set to '0'
- a Protected IPA whose HIPAS is UNASSIGNED and whose RIPAS is RAM
- a Protected IPA whose RIPAS is DESTROYED.

#### R<sub>RYVFL</sub> On REC exit due to Data Abort, all of the following are true:

- exit.exit\_reason is RMI\_EXIT\_SYNC.
- exit.esr.EC contains the value of ESR\_EL2.EC at the time of the Realm exit.
- exit.esr.ISS.SET contains the value of ESR\_EL2.ISS.SET at the time of the Realm exit.
- exit.esr.ISS.FnV contains the value of ESR\_EL2.ISS.FnV at the time of the Realm exit.
- exit.esr.ISS.EA contains the value of ESR\_EL2.ISS.EA at the time of the Realm exit.
- <code>exit.esr.ISS.DFSC</code> contains the value of <code>ESR\_EL2.ISS.DFSC</code> at the time of the Realm exit.
- exit.hpfar contains the value of HPFAR\_EL2 at the time of the Realm exit.

On REC exit due to Emulatable Data Abort, all of the following are true:

- rec.emulatable\_abort is EMULATABLE\_ABORT.
- exit.esr.ISS.ISV contains the value of ESR\_EL2.ISS.ISV at the time of the Realm exit.
- exit.esr.ISS.SAS contains the value of ESR\_EL2.ISS.SAS at the time of the Realm exit.
- <code>exit.esr.ISS.SF</code> contains the value of <code>ESR\_EL2.ISS.SF</code> at the time of the Realm exit.
- <code>exit.esr.ISS.WnR</code> contains the value of <code>ESR\_EL2.ISS.WnR</code> at the time of the Realm exit.
- exit.far contains the value of FAR\_EL2 at the time of the Realm exit, with bits more significant than the size of a Granule masked to zero.

On REC exit due to Non-emulatable Data Abort at an Unprotected IPA, all of the following are true:

• exit.esr.IL contains the value of ESR\_EL2.IL at the time of the Realm exit.

On REC exit due to Data Abort, all of the other exit fields are zero.

- X<sub>XHXJC</sub> On REC exit due to Emulatable Data Abort, ESR\_EL2.ISS.SSE is not propagated to the Host. This is because this field is used to emulate sign extension on loads, which must be performed by the RMM so that the Realm can rely on architecturally correct behavior of the virtual execution environment.
- X<sub>HSWFR</sub> On REC exit due to Emulatable Data Abort, the Host can calculate the faulting IPA from the exit.hpfar and exit.far values.
- RFFNHW
   On REC exit due to Emulatable Data Abort, if the Realm memory access was a write,

   exit.gprs[0] contains the value of the register indicated by ESR\_EL2.ISS.SRT at the time of the Realm exit.

#### R<sub>QBTPR</sub> On REC exit not due to Emulatable Data Abort, rec.emulatable\_abort is NOT\_EMULATABLE\_ABORT.

See also:

- A4.2.3 REC entry following REC exit due to Data Abort
- A4.4 Emulated Data Aborts
- A5.2.1 Realm IPA space
- A5.2.3 Realm access to a Protected IPA
- A5.2.6 Realm access to an Unprotected IPA

## A4.3.5 REC exit due to IRQ

D<sub>YLWXK</sub> A *REC exit due to IRQ* is a REC exit due to an IRQ exception which should be handled by the Host.

R<sub>TYJSX</sub> On REC exit due to IRQ, exit.exit\_reason is RMI\_EXIT\_IRQ.

R<sub>CSQXV</sub> On REC exit due to IRQ, exit.esr is zero.

See also:

• Chapter A6 Realm interrupts and timers

# A4.3.6 REC exit due to FIQ

| D <sub>ztymm</sub> | A REC exit due to FIQ is a REC exit due to an FIQ exception which should be handled by the Host. |
|--------------------|--------------------------------------------------------------------------------------------------|
| ₽ Z I Y MM         | The can use to The is a field of the first.                                                      |

 $R_{\text{PDSBD}} \qquad \text{On REC exit due to FIQ, exit.exit_reason is RMI_EXIT_FIQ.}$ 

R<sub>GXZRF</sub> On REC exit due to FIQ, exit.esr is zero.

See also:

• Chapter A6 Realm interrupts and timers

# A4.3.7 REC exit due to PSCI

 I<sub>ZSGFP</sub>
 A PSCI function executed by a Realm is either:

 • handled by the RMM, returning to the Realm, or

 • forwarded by the RMM to the Host via a *REC exit due to PSCI*.

 D<sub>RFTQD</sub>
 A *REC exit due to PSCI* is a REC exit due to Realm PSCI function execution by SMC instruction which was forwarded by the RMM to the Host.

 $I_{VBJXY}$  The following table summarises the behavior of PSCI function execution by a Realm.

PSCI functions not listed in this table are not supported. Calling a non-supported PSCI function results in a return value of PSCI\_NOT\_SUPPORTED.

| PSCI function      | Can result in REC exit due to PSCI | Requires Host to call<br>RMI_PSCI_COMPLETE |  |
|--------------------|------------------------------------|--------------------------------------------|--|
| PSCI_VERSION       | No                                 | -                                          |  |
| PSCI_FEATURES      | No                                 | -                                          |  |
| PSCI_CPU_SUSPEND   | Yes                                | No                                         |  |
| PSCI_CPU_OFF       | Yes                                | No                                         |  |
| PSCI_CPU_ON        | Yes                                | Yes                                        |  |
| PSCI_AFFINITY_INFO | Yes                                | Yes                                        |  |
| PSCI_SYSTEM_OFF    | Yes                                | No                                         |  |
| PSCI_SYSTEM_RESET  | Yes                                | No                                         |  |

- R<sub>NTZNJ</sub> On REC exit due to PSCI, exit.exit\_reason is RMI\_EXIT\_PSCI.
- R<sub>SXGJK</sub> On REC exit due to PSCI, exit.gprs contains sanitised parameters from the PSCI call.
- R<sub>YTDGT</sub> On REC exit due to PSCI, if the command arguments include an MPIDR value, rec.psci\_pending is set to PSCI\_REQUEST\_PENDING. Otherwise, rec.psci\_pending is set to NO\_PSCI\_REQUEST\_PENDING.
- IKKFMQFollowing REC exit due to PSCI, if rec.psci\_pending is PSCI\_REQUEST\_PENDING, the Host must complete<br/>the request by calling the RMI\_PSCI\_COMPLETE command, prior to re-entering the REC.

In the call to RMI\_PSCI\_COMPLETE, the Host provides the target REC, which corresponds to the MPIDR value provided by the Realm. This is necessary because the RMM does not maintain a mapping from MPIDR values to REC addresses. The RMM validates that the REC provided by the Host matches the MPIDR value.

In the call to RMI\_PSCI\_COMPLETE, the Host provides a PSCI status value, which the RMM handles as follows:

- If the Host provides PSCI\_SUCCESS, the RMM performs the PSCI operation requested by the Realm. The result of the PSCI operation is recorded in the REC and returned to the Realm on the next entry to the calling REC.
- If the Host provides a status value other than PSCI\_SUCCESS, the RMM validates that the status code is permitted for the PSCI operation requested by the Realm. If the status code is permitted, it is recorded in the REC and returned to the Realm on the next entry to the calling REC.

- A4.3.3 General purpose registers saved on REC exit
- B2.19 *PsciReturnCodePermitted function*
- B3.3.7 RMI\_PSCI\_COMPLETE command
- Chapter B5 Power State Control Interface

• •

. . .

#### • D1.4 PSCI flows

| A4.3.8             | REC exit due to RIPAS change pending                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| D <sub>JGCVY</sub> | A REC exit due to RIPAS change pending is a REC exit due to the Realm issuing a RIPAS change request.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| R <sub>qsskk</sub> | On REC exit due to RIPAS change pending, all of the following are true:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                    | <ul> <li>exit.exit_reason is RMI_EXIT_RIPAS_CHANGE.</li> <li>exit.ripas_base is the base address of the region on which a RIPAS change is pending.</li> <li>exit.ripas_top is the top address of the region on which a RIPAS change is pending.</li> <li>exit.ripas_value is the requested RIPAS value.</li> <li>rec.ripas_addr is the base address of the region on which a RIPAS change is pending.</li> <li>rec.ripas_top is the top address of the region on which a RIPAS change is pending.</li> <li>rec.ripas_top is the top address of the region on which a RIPAS change is pending.</li> </ul> |
| I <sub>MCKKH</sub> | On REC exit due to RIPAS change pending:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
|                    | • exit holds the base address and the size of the region on which a RIPAS change is pending. These values inform the Host of the bounds of the RIPAS change request.                                                                                                                                                                                                                                                                                                                                                                                                                                     |
|                    | • rec holds the next address to be processed in a RIPAS change, and the top of the requested RIPAS change region. These values are used by the RMM to enforce that the RMI_RTT_SET_RIPAS command can only apply RIPAS change within the bounds of the RIPAS change request, and to report the progress of the RIPAS change to the Realm on the next REC entry.                                                                                                                                                                                                                                           |
| R <sub>QRMMN</sub> | On REC exit not due to RIPAS change pending, all of the following are true:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |
|                    | <ul> <li>rec.ripas_addr is 0</li> <li>rec.ripas_top is 0</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
|                    | See also:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
|                    | • A2.3.2 <i>REC attributes</i>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |

••

• A5.4 RIPAS change

#### A4.3.9 REC exit due to Host call

D<sub>WFZXK</sub> A *REC exit due to Host call* is a REC exit due to RSI\_HOST\_CALL execution in a Realm.

R<sub>GTJRP</sub> On REC exit due to Host call, all of the following are true:

- rec.host\_call\_pending is HOST\_CALL\_PENDING.
- exit.exit\_reason is RMI\_EXIT\_HOST\_CALL.
- $\bullet$  <code>exit.imm</code> contains the immediate value passed to the RSI\_HOST\_CALL command.
- exit.gprs[0..30] contain the register values passed to the RSI\_HOST\_CALL command.
- All other exit fields except for exit.givc3\_\*, exit\_cnt\* and exit.pmu\_ovf\_status are zero.

See also:

- A4.5 Host call
- B4.3.3 RSI\_HOST\_CALL command

## A4.3.10 REC exit due to SError

D<sub>PGMHP</sub> A *REC exit due to SError* is a REC exit due to an SError interrupt during Realm execution.

R<sub>LRCFP</sub> On REC exit due to SError, all of the following occur:

- exit.exit\_reason is RMI\_EXIT\_SERROR.
- exit.esr.EC contains the value of ESR\_EL2.EC at the time of the Realm exit.
- exit.esr.ISS.IDS contains the value of ESR\_EL2.ISS.IDS at the time of the Realm exit.
- exit.esr.ISS.AET contains the value of ESR\_EL2.ISS.AET at the time of the Realm exit.
- exit.esr.ISS.EA contains the value of ESR\_EL2.ISS.EA at the time of the Realm exit.
- exit.esr.ISS.DFSC contains the value of ESR\_EL2.ISS.DFSC at the time of the Realm exit.
- All other exit fields except for exit.givc3\_\*, exit\_cnt\* and exit.pmu\_ovf\_status are zero.

Chapter A4. Realm exception model A4.4. Emulated Data Aborts

# A4.4 Emulated Data Aborts

I<sub>SVYDC</sub>

On REC exit due to Emulatable Data Abort, sufficient information is provided to the Host to enable it to emulate the access, for example to emulate a virtual peripheral.

On taking the REC exit, the Host can either

- Establish a mapping in the RTT, in which case it would want the Realm to re-attempt the access. In this case, on the next REC entry the Host sets enter.flags.emul\_mmio = RMI\_NOT\_EMULATED\_MMIO, which indicates that instruction emulation was not performed. This causes the return address to be the faulting instruction.
- Emulate the access. For an emulated write, the data is provided in exit.gprs[0]. For an emulated read, the data is provided in enter.gprs[0]. In this case, on the next REC entry the Host sets enter.flags.emul\_mmio = RMI\_EMULATED\_MMIO, which indicates that the instruction was emulated. This causes the return address to be the address of the instruction which generated the Data Abort plus 4 bytes.

See also:

- A4.2.3 REC entry following REC exit due to Data Abort
- A4.3.4.3 REC exit due to Data Abort
- A5.2.1 Realm IPA space

# A4.5 Host call

This section describes the programming model for Realm communication with the Host.

- D<sub>YDJWT</sub> A *Host call* is a call made by the Realm to the Host, by execution of the RSI\_HOST\_CALL command.
- $I_{XNFKZ}$  A Host call can be used by a Realm to make a hypercall.
- R<sub>DNBQF</sub> On Realm execution of HVC, an Unknown exception is taken to the Realm.

- A4.2.2 General purpose registers restored on REC entry
- A4.3.9 REC exit due to Host call
- B4.3.3 *RSI\_HOST\_CALL command*
- D1.3.2 Host call flow

# Chapter A5 Realm memory management

This section describes how Realm memory is managed. This includes:

- How the translation tables which describe the Realm's address space are managed by the Host.
- Properties of the Realm's address space, and of the memory which can be mapped into it.
- How faults caused by Realm memory accesses are handled.

- A2.1.2 Realm execution environment
- D1.5 Realm memory management flows
- Chapter D2 Realm shared memory protocol

# A5.1 Realm memory management overview

Realm memory management can be viewed from one of two standpoints: the Realm and the Host.

From the Realm's point of view, the RMM provides security guarantees regarding the IPA space of the Realm and the memory which is mapped into it. These security guarantees are upheld via RSI commands which the Realm can execute in order to query the initial configuration and contents of its address space, and to modify properties of the address space at runtime.

From the Host's point of view, Realm memory management involves manipulating the stage 2 translation tables which describe the Realm's address space, and handling faults which are caused by Realm memory accesses. These operations are similar to those involved in managing the memory of a normal VM, but in the case of a Realm they are performed via execution of RMI commands.

See also:

- A5.2 Realm view of memory management
- A5.3 Host view of memory management

# A5.2 Realm view of memory management

This section describes memory management from the Realm's point of view.

#### A5.2.1 Realm IPA space

- I<sub>DLRZF</sub> The IPA space of a Realm is divided into two halves: Protected IPA space and Unprotected IPA space.
- S<sub>LZHXC</sub> Software in a Realm should treat the most significant bit of an IPA as a protection attribute.
- D<sub>KXGDV</sub> A *Protected IPA* is an address in the lower half of a Realm's IPA space. The most significant bit of a Protected IPA is 0.
- D<sub>MRWGM</sub> An Unprotected IPA is an address in the upper half of a Realm's IPA space. The most significant bit of an Unprotected IPA is 1.

See also:

- A2.1.3 *Realm attributes*
- A3.1.2 Realm LPA2 and IPA width

#### A5.2.2 Realm IPA state

D<sub>WWCBD</sub> A Protected IPA has an associated *Realm IPA state* (RIPAS).

The RIPAS values are shown in the following table.

| RIPAS     | Description                                                                   |
|-----------|-------------------------------------------------------------------------------|
| EMPTY     | Address where no Realm resources are mapped                                   |
| RAM       | Address where private code or data owned by the Realm is mapped               |
| DESTROYED | Address which is inaccessible to the Realm due to an action taken by the Host |

**I**<sub>VZCZV</sub> **RIPAS** values are stored in an **RTT**.

• A5.5 Realm Translation Table

## A5.2.3 Realm access to a Protected IPA

| to the Realm.RQSQLFRealm data access to a Protected IPA whose RIPAS is RAM does not cause a Synchronous External Abort taken to<br>the Realm.LPGHBTRealm data access to a Protected IPA can cause an REC exit due to Data Abort.RFCJCPRealm instruction fetch from a Protected IPA whose RIPAS is RAM does not cause a Synchronous External Abort<br>taken to the Realm.LRealm instruction fetch from a Protected IPA whose RIPAS is RAM does not cause a Synchronous External Abort<br>taken to the Realm.LRealm instruction fetch from a Protected IPA whose RIPAS is RAM can cause a REC exit due to Instruction Abort<br>Realm data access to a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Data Abort.Destination of the feel form a first of the feel form a Destination of the Realm data access to a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Data Abort. | $R_{JVQQR}$        | Realm data access to a Protected IPA whose RIPAS is EMPTY causes a Synchronous External Abort taken to the Realm.               |
|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------|---------------------------------------------------------------------------------------------------------------------------------|
| the Realm.I PGHBTRealm data access to a Protected IPA can cause an REC exit due to Data Abort.RFCJCPRealm instruction fetch from a Protected IPA whose RIPAS is RAM does not cause a Synchronous External Abort<br>taken to the Realm.I_XHKQYRealm instruction fetch from a Protected IPA whose RIPAS is RAM can cause a REC exit due to Instruction Abort<br>RCLVKFRealm data access to a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Data Abort.RMZYQTRealm instruction fetch from a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Instruction<br>Abort.                                                                                                                                                                                                                                                                                                             | R <sub>MKLSD</sub> | Realm instruction fetch from a Protected IPA whose RIPAS is EMPTY causes a Synchronous External Abort taken to the Realm.       |
| Realm instruction fetch from a Protected IPA whose RIPAS is RAM does not cause a Synchronous External Abort taken to the Realm.         IXHKQY       Realm instruction fetch from a Protected IPA whose RIPAS is RAM can cause a REC exit due to Instruction Abort         RcLVKF       Realm data access to a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Data Abort.         RmZYQT       Realm instruction fetch from a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Instruction Abort.                                                                                                                                                                                                                                                                                                                                                                            | $R_{QSQLF}$        | Realm data access to a Protected IPA whose RIPAS is RAM does not cause a Synchronous External Abort taken to the Realm.         |
| taken to the Realm.         IXHKQY       Realm instruction fetch from a Protected IPA whose RIPAS is RAM can cause a REC exit due to Instruction Abort         R <sub>CLVKF</sub> Realm data access to a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Data Abort.         R <sub>MZYQT</sub> Realm instruction fetch from a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Instruction Abort.                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | I <sub>PGHBT</sub> | Realm data access to a Protected IPA can cause an REC exit due to Data Abort.                                                   |
| RclvKF       Realm data access to a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Data Abort.         RMZYQT       Realm instruction fetch from a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Instruction Abort.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | R <sub>FCJCP</sub> | Realm instruction fetch from a Protected IPA whose RIPAS is RAM does not cause a Synchronous External Abort taken to the Realm. |
| R <sub>MZYQT</sub> Realm instruction fetch from a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Instruction Abort.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | I <sub>XHKQY</sub> | Realm instruction fetch from a Protected IPA whose RIPAS is RAM can cause a REC exit due to Instruction Abort.                  |
| Abort.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | R <sub>CLVKF</sub> | Realm data access to a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Data Abort.                              |
| See also:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | R <sub>MZYQT</sub> | Realm instruction fetch from a Protected IPA whose RIPAS is DESTROYED causes a REC exit due to Instruction Abort.               |
|                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |                    | See also:                                                                                                                       |

- A4.3.4.2 REC exit due to Instruction Abort
- A4.3.4.3 *REC exit due to Data Abort*
- A5.2.7 Synchronous External Aborts

#### A5.2.4 Changes to RIPAS while Realm state is NEW

This section describes how the RIPAS of a Protected IPA can change while the Realm state is NEW.

- IBBBHNFor a Realm in the NEW state, the RIPAS of a Protected IPA can change to RAM due to Host execution of<br/>RMI\_RTT\_INIT\_RIPAS.
- I<sub>BSGSW</sub> For a Realm in the NEW state, changing the RIPAS of a Protected IPA to RAM causes the RIM to be updated.
- I YCPNY
   For a Realm in the NEW state, the RIPAS of a Protected IPA can change to DESTROYED due to Host execution of RMI\_DATA\_DESTROY or RMI\_RTT\_DESTROY.
- I YXLCPFor a Realm in the NEW state, changing the RIPAS of a Protected IPA to DESTROYED does not cause the RIM<br/>to be updated.

See also:

- A5.4 RIPAS change
- A7.1.1 Realm Initial Measurement
- B3.3.3 RMI\_DATA\_DESTROY command
- B3.3.16 RMI\_RTT\_DESTROY command
- B3.3.18 RMI\_RTT\_INIT\_RIPAS command

## A5.2.5 Changes to RIPAS while Realm state is ACTIVE

This section describes how the RIPAS of a Protected IPA can change while the Realm state is ACTIVE.

I<sub>NZXPG</sub> A Realm in the ACTIVE state can request the RIPAS of a region of Protected IPA space to be changed to either EMPTY or RAM.

- I<sub>RXHXF</sub> A Realm in the ACTIVE state cannot request the RIPAS of a region of Protected IPA space to be changed to DESTROYED.
- IFRJJHFor a Realm in the ACTIVE state, the RIPAS of a Protected IPA can change to EMPTY only in response to Realm<br/>execution of RSI\_IPA\_STATE\_SET.
- XHQLVYThe fact that the Host cannot change the RIPAS of a Protected IPA to EMPTY without the Realm having consented<br/>to this change prevents the Host from injecting an SEA at a Protected IPA which has been configured to have a<br/>RIPAS of RAM, which could potentially trigger unexpected behavior in the Realm.
- IFor a Realm in the ACTIVE state, the RIPAS of a Protected IPA can change to RAM only in response to Realm<br/>execution of RSI\_IPA\_STATE\_SET.
- I<sub>VVFMX</sub> On execution of RSI\_IPA\_STATE\_SET, a Realm can optionally specify that the RIPAS change should only succeed if the current RIPAS is not DESTROYED.
- X<sub>VXHBV</sub> An expected pattern for Realm creation is as follows:
  - 1. Host populates an "initial image" range of Realm IPA space with measured content:
    - a. Host executes RMI\_RTT\_INIT\_RIPAS, causing a RIPAS change to RAM.
    - b. Host executes RMI\_DATA\_CREATE, establishing a mapping to physical memory and updating the RIM.
  - 2. Host informs the Realm of the range of IPA space which should be considered by the Realm as DRAM. This is a superset of the IPA range populated in step 1. For unpopulated parts of this IPA range, the RIPAS is EMPTY.
  - 3. Realm executes RSI\_IPA\_STATE\_SET(ripas=RAM) for the DRAM IPA range described to it in step 2. Following this command, the desired state is:
    - a. For the initial image IPA range, the contents match those described by the RIM.
    - b. For the entire DRAM IPA range, RIPAS is RAM.

If at step 2, the Host were to execute RMI\_DATA\_DESTROY on a page within the initial image IPA range, its RIPAS would change to DESTROYED. The Host could then execute RMI\_DATA\_CREATE\_UNKNOWN, with the result that contents of the initial image IPA range no longer match those described by the RIM.

By specifying at step 3 that the RIPAS change should only succeed if the current RIPAS is not DESTROYED, the Realm is able to prevent loss of integrity within the initial image IPA range.

- IKZVDCFor a Realm in the ACTIVE state, the RIPAS of a Protected IPA can change to DESTROYED due to Host execution<br/>of RMI\_DATA\_DESTROY or RMI\_RTT\_DESTROY.
- X<sub>JJPHJ</sub> The result of changing the RIPAS of a Protected IPA to DESTROYED is that subsequent Realm accesses to that address do not make forward progress. This is consistent with the principle that the RMM does not provide an availability guarantee to a Realm.
- I<sub>NMMSG</sub> The following diagram summarizes RIPAS changes which can occur when the Realm state is ACTIVE.



Chapter A5. Realm memory management A5.2. Realm view of memory management

- A5.4 RIPAS change
- B3.3.1 *RMI\_DATA\_CREATE command*
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.3 RMI\_DATA\_DESTROY command
- B3.3.16 RMI\_RTT\_DESTROY command
- B3.3.18 RMI\_RTT\_INIT\_RIPAS command
- B4.3.5 *RSI\_IPA\_STATE\_SET command*

#### A5.2.6 Realm access to an Unprotected IPA

| I <sub>kqjml</sub> | An access by a Realm to an Unprotected IPA can result in a Granule Protection Fault (GPF).                                   |  |  |  |
|--------------------|------------------------------------------------------------------------------------------------------------------------------|--|--|--|
|                    | The RMM does not ensure that the PAS of a Granule mapped at an Unprotected IPA is NS.                                        |  |  |  |
| Szzbof             | Realm software must be able to handle taking a GPF during access to an Unprotected IPA.                                      |  |  |  |
| I <sub>WCVBZ</sub> | Realm data access to an Unprotected IPA can cause a REC exit due to Data Abort.                                              |  |  |  |
| I <sub>rndtj</sub> | On taking a REC exit due to Data Abort at an Unprotected IPA, the Host can inject a Synchronous External Abort to the Realm. |  |  |  |
| X <sub>MGBDH</sub> | The Host can inject an SEA in response to an unexpected Realm data access to an Unprotected IPA.                             |  |  |  |
| I <sub>FVYCM</sub> | Realm data access to an Unprotected IPA which caused $ESR\_EL2.ISS.ISV$ to be set to '1' can be emulated by the Host.        |  |  |  |
| R <sub>XLSKP</sub> | Realm instruction fetch from an Unprotected IPA causes a Synchronous External Abort taken to the Realm.                      |  |  |  |
|                    | See also:                                                                                                                    |  |  |  |
|                    | • A4.2.3 REC entry following REC exit due to Data Abort                                                                      |  |  |  |

- A4.3.4.3 REC exit due to Data Abort
- A4.4 Emulated Data Aborts
- A5.2.7 Synchronous External Aborts

#### A5.2.7 Synchronous External Aborts

 $R_{VKNJW}$  When a Synchronous External Abort is taken to a Realm, ESR\_EL1.EA == '1'.

#### A5.2.8 Realm access outside IPA space

- $\mathbb{R}_{GYVZQ}$  If stage 1 translation is enabled, Realm access to an IPA which is greater than the IPA space of the Realm causes a stage 1 Address Size Fault taken to the Realm, with the fault status code indicating the level at which the fault occurred.
- R<sub>LSJJR</sub> If stage 1 translation is disabled, Realm access to an IPA which is greater than the IPA space of the Realm causes a stage 1 level 0 Address Size Fault taken to the Realm.

# A5.2.9 Summary of Realm IPA space properties

| Realm IPA                     | Data access<br>causes abort to<br>Realm?                          | Data access causes REC exit due to Data Abort? | Instruction<br>fetch causes<br>abort to Realm? | Instruction fetch causes<br>REC exit due to<br>Instruction Abort? |
|-------------------------------|-------------------------------------------------------------------|------------------------------------------------|------------------------------------------------|-------------------------------------------------------------------|
| Protected,<br>RIPAS=EMPTY     | Always (SEA)                                                      | Never                                          | Always (SEA)                                   | Never                                                             |
| Protected,<br>RIPAS=RAM       | Never                                                             | When<br>HIPAS=UNASSIGNED                       | Never                                          | When<br>HIPAS=UNASSIGNED                                          |
| Protected,<br>RIPAS=DESTROYED | Never                                                             | Always                                         | Never                                          | Always                                                            |
| Unprotected                   | Host can inject<br>SEA following<br>REC exit due to<br>Data Abort | When<br>HIPAS=UNASSIGNED_NS                    | Always (SEA)                                   | Never                                                             |
| Outside Realm IPA space       | Always (Address<br>Size Fault)                                    | Never                                          | Always (Address<br>Size Fault)                 | Never                                                             |

 $\mathbb{I}_{\mathtt{TPGKW}}$  The following table summarizes the properties of Realm IPA space.

See also:

• A4.2.3 REC entry following REC exit due to Data Abort

# A5.3 Host view of memory management

This section describes memory management from the Host's point of view.

## A5.3.1 Host IPA state

D<sub>YZTZJ</sub> A Realm IPA has an associated *Host IPA state* (HIPAS).

The HIPAS values for a Protected IPA are shown in the following table.

| HIPAS      | Description                                 |
|------------|---------------------------------------------|
| UNASSIGNED | Address is not associated with any Granule. |
| ASSIGNED   | Address is associated with a DATA Granule.  |

The HIPAS values for an Unprotected IPA are shown in the following table.

| HIPAS         | Description                                  |
|---------------|----------------------------------------------|
| UNASSIGNED_NS | Address is not associated with any Granule.  |
| ASSIGNED_NS   | Host-owned memory is mapped at this address. |

I<sub>TRSKJ</sub> HIPAS values are stored in a Realm Translation Table (RTT).

 $I_{GZMKQ}$  HIPAS transitions are caused by execution of RMI commands.

 $I_{NQCGS}$  A mapping at a Protected IPA is valid if the HIPAS is ASSIGNED and the RIPAS is RAM.

I<sub>YMNSR</sub> The following table summarizes, for each combination of RIPAS and HIPAS for a Protected IPA:

- the translation table entry attributes, and
- the behavior which results from Realm access to that IPA.

Each TTD.X column refers to the value of the corresponding "X" field in the architecturally-defined Stage 2 translation table descriptor which is written by the RMM.

| RIPAS     | HIPAS      | TTD.ADDR | TTD.NS | TTD.VALID | Data access                   | Instruction<br>fetch                    |
|-----------|------------|----------|--------|-----------|-------------------------------|-----------------------------------------|
| EMPTY     | UNASSIGNED |          |        | 0         | SEA to Realm                  | SEA to Realm                            |
| EMPTY     | ASSIGNED   | DATA     |        | 0         | SEA to Realm                  | SEA to Realm                            |
| RAM       | UNASSIGNED |          |        | 0         | REC exit due to<br>Data Abort | REC exit due to<br>Instruction<br>Abort |
| RAM       | ASSIGNED   | DATA     | 0      | 1         | Data access                   | Instruction fetch                       |
| DESTROYED | UNASSIGNED |          |        | 0         | REC exit due to<br>Data Abort | REC exit due to<br>Instruction<br>Abort |
| DESTROYED | ASSIGNED   | DATA     |        | 0         | REC exit due to<br>Data Abort | REC exit due to<br>Instruction<br>Abort |

See also:

• A5.5 Realm Translation Table

## A5.3.2 Changes to HIPAS while Realm state is NEW

This section describes how the HIPAS of a Protected IPA can change while the Realm state is NEW.

 I YNFGD
 The following diagram summarizes HIPAS changes at a Protected IPA which can occur when the Realm state is NEW.



- B3.3.1 RMI\_DATA\_CREATE command
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.3 RMI\_DATA\_DESTROY command
- B3.3.16 RMI\_RTT\_DESTROY command

Chapter A5. Realm memory management A5.3. Host view of memory management

## A5.3.3 Changes to HIPAS while Realm state is ACTIVE

This section describes how the HIPAS of a Protected IPA can change while the Realm state is ACTIVE.

 $I_{WKZXY}$  The following diagram summarizes HIPAS changes at a Protected IPA which can occur when the Realm state is ACTIVE.



- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.3 RMI\_DATA\_DESTROY command
- B3.3.16 RMI\_RTT\_DESTROY command

Chapter A5. Realm memory management A5.3. Host view of memory management

# A5.3.4 Summary of changes to HIPAS and RIPAS of a Protected IPA

I<sub>TJMCP</sub> The following diagram summarizes HIPAS and RIPAS changes at a Protected IPA which can occur when the Realm state is NEW.



# Chapter A5. Realm memory management A5.3. Host view of memory management

 $I_{VGKNJ}$  The following diagram summarizes HIPAS and RIPAS changes at a Protected IPA which can occur when the Realm state is ACTIVE.



- B3.3.1 RMI\_DATA\_CREATE command
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.3 RMI\_DATA\_DESTROY command
- B3.3.16 RMI\_RTT\_DESTROY command
- B3.3.18 RMI\_RTT\_INIT\_RIPAS command
- B3.3.21 RMI\_RTT\_SET\_RIPAS command

## A5.3.5 Dependency of RMI command execution on RIPAS and HIPAS values

| Command                 | Dependency on<br>RIPAS                                             | Dependency on<br>HIPAS             | New RIPAS                | New<br>HIPAS |
|-------------------------|--------------------------------------------------------------------|------------------------------------|--------------------------|--------------|
| RMI_DATA_CREATE         | RIPAS is RAM                                                       | HIPAS is<br>UNASSIGNED             | Unchanged                | ASSIGNED     |
| RMI_DATA_CREATE_UNKNOWN | None                                                               | HIPAS is<br>UNASSIGNED             | Unchanged                | ASSIGNED     |
| RMI_DATA_DESTROY        | If RIPAS is EMPTY                                                  | HIPAS is<br>ASSIGNED               | Unchanged                | UNASSIGNE    |
| RMI_DATA_DESTROY        | If RIPAS is RAM                                                    | HIPAS is<br>ASSIGNED               | DESTROYED                | UNASSIGNE    |
| RMI_RTT_CREATE          | None                                                               | None                               | Unchanged                | Unchanged    |
| RMI_RTT_DESTROY         | None                                                               | HIPAS of all entries is UNASSIGNED | DESTROYED                | Unchanged    |
| RMI_RTT_FOLD            | RIPAS of all entries is identical                                  | HIPAS of all entries is identical  | Unchanged                | Unchanged    |
| RMI_RTT_INIT_RIPAS      | RIPAS is EMPTY                                                     | HIPAS is<br>UNASSIGNED             | RAM                      | Unchanged    |
| RMI_RTT_SET_RIPAS       | Optionally, Realm<br>may specify that<br>RIPAS is not<br>DESTROYED | None                               | As specified<br>by Realm | Unchanged    |

I<sub>HLHZS</sub> The following table summarizes dependencies on RMI command execution on the current Protected IPA.

- IWBRCN
   Successful execution of RMI\_DATA\_CREATE\_UNKNOWN does not depend on the RIPAS value of the target IPA.
- ILCSVH Successful execution of RMI\_DATA\_DESTROY does not depend on the RIPAS value of the target IPA.
- I<sub>MMSBL</sub> Successful execution of RMI\_RTT\_DESTROY does not depend on the RIPAS values of entries in the target RTT.
- I<sub>TJCGT</sub> Successful execution of RMI\_RTT\_FOLD does depend on the RIPAS values of entries in the target RTT.

See also:

- B3.3.1 RMI\_DATA\_CREATE command
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.3 RMI\_DATA\_DESTROY command
- B3.3.15 RMI\_RTT\_CREATE command
- B3.3.16 RMI\_RTT\_DESTROY command
- B3.3.17 RMI\_RTT\_FOLD command
- B3.3.18 RMI\_RTT\_INIT\_RIPAS command
- B3.3.21 RMI\_RTT\_SET\_RIPAS command

## A5.3.6 Changes to HIPAS of an Unprotected IPA

# Chapter A5. Realm memory management A5.3. Host view of memory management

I<sub>YNYBY</sub> The following diagram summarises HIPAS transitions for an Unprotected IPA.



- A5.4 RIPAS change
- A5.5 Realm Translation Table
- B3.3.1 RMI\_DATA\_CREATE command
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.3 RMI\_DATA\_DESTROY command
- B3.3.16 RMI\_RTT\_DESTROY command
- B3.3.18 RMI\_RTT\_INIT\_RIPAS command
- B3.3.21 RMI\_RTT\_SET\_RIPAS command
- B4.3.5 RSI\_IPA\_STATE\_SET command

Chapter A5. Realm memory management A5.4. RIPAS change

# A5.4 RIPAS change

D<sub>BTSQY</sub> A *RIPAS change* is a process via which the RIPAS of a region of Protected IPA space is changed, for a Realm whose state is ACTIVE.

I<sub>KXXBV</sub>

A RIPAS change consists of actions taken by first the Realm, and then the Host:

- The Realm issues a *RIPAS change request* by executing RSI\_IPA\_STATE\_SET.
  - The input values to this command include:
    - \* The requested IPA range: [base, top)
    - \* The requested RIPAS value (either EMPTY or RAM)
    - \* A flag which indicates whether a change from DESTROYED should be permitted
  - The RMM records these values in the REC, and then performs a REC exit due to RIPAS change pending.
- In response, the Host executes zero or more RMI\_RTT\_SET\_RIPAS commands.
- If the requested RIPAS value was RAM, at the next RMI\_REC\_ENTER the Host can optionally indicate that it rejects the RIPAS change request.

Output values from RSI\_IPA\_STATE\_SET indicate:

- The top of the IPA range which has been modified by the command (new\_base).
- If the requested RIPAS value was RAM, whether the Host rejected the Realm request.

 $S_{CTTQV}$  Output values from RSI\_IPA\_STATE\_SET are expected to be handled by the Realm as follows:

| new_base              | response   | Meaning                                                                                                                           | Expected Realm action                                                                           |
|-----------------------|------------|-----------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------|
| new_base == base      | RSI_ACCEPT | RIPAS change incomplete.                                                                                                          | Call RSI_IPA_STATE_SET<br>again, with<br>base = new_base.                                       |
| base < new_base < top | RSI_ACCEPT | RIPAS change incomplete.                                                                                                          | Call RSI_IPA_STATE_SET<br>again, with<br>base = new_base.                                       |
| new_base == top       | RSI_ACCEPT | RIPAS change complete.                                                                                                            | No further Realm action required.                                                               |
| new_base == base      | RSI_REJECT | RIPAS change request rejected.                                                                                                    | Depends on protocol agreed<br>between Realm and Host,<br>out of scope of this<br>specification. |
| base < new_base < top | RSI_REJECT | RIPAS change to partial<br>region<br>[base, new_base).<br>Host rejected request to<br>change RIPAS for region<br>[new_base, top). | Depends on protocol agreed<br>between Realm and Host,<br>out of scope of this<br>specification. |

 IREFUTG
 The RIPAS change process, together with the Realm Initial Measurement ensures that a Realm can always reliably determine the RIPAS of any Protected IPA.

I<sub>LPZWK</sub> A RIPAS change is applied by one or more calls to the RMI\_RTT\_SET\_RIPAS command.

I\_MMHMZ Successful execution of RMI\_RTT\_SET\_RIPAS targets an RTTE at address rec.ripas\_addr.

I<sub>JHJGZ</sub> On successful execution of RMI\_RTT\_SET\_RIPAS, both of the following are set to the address of the next page whose RIPAS is to be modified:

• rec.ripas\_addr

# Chapter A5. Realm memory management A5.4. RIPAS change

|                    | The command output value                                                                                                                                                                   |
|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| I <sub>gxddx</sub> | If both of the following are true on successful execution of RMI_RTT_SET_RIPAS                                                                                                             |
|                    | <ul> <li>The RIPAS change request indicated that a change from DESTROYED should not be permitted</li> <li>A page <i>P</i> within the target IPA range has RIPAS value DESTROYED</li> </ul> |
|                    | then rec.ripas_addr and the command output value are both set to P.                                                                                                                        |
| I <sub>hxkpb</sub> | On REC entry following a REC exit due to RIPAS change, GPR values are updated to indicate for how much of the target IPA range the RIPAS change has been applied.                          |
| S <sub>TZYZV</sub> | To complete a RIPAS change for a given target IPA range, a Realm should execute RSI_IPA_STATE_SET in a loop, until the value of X1 reaches the top of the target IPA range.                |
| R <sub>ldmlc</sub> | On REC entry following a REC exit due to RIPAS change, rec.ripas_response is set to the value of enter.flags.ripas_response.                                                               |
| I <sub>drppk</sub> | If all of the following are true then the output value of RSI_IPA_STATE_SET indicates "Host rejected the request":                                                                         |
|                    | <ul> <li>rec.ripas_value is RAM.</li> <li>rec.ripas_addr is not equal to rec.ripas_top.</li> <li>rec.ripas_response is REJECT.</li> </ul>                                                  |
|                    | Otherwise, the output value of RSI_IPA_STATE_SET indicates "Host accepted the request".                                                                                                    |
|                    | See also:                                                                                                                                                                                  |
|                    | • A2.3.2 <i>REC attributes</i>                                                                                                                                                             |

- A4.2 *REC entry*
- A4.3.8 REC exit due to RIPAS change pending
- A5.2.2 Realm IPA state
- A7.1.1 Realm Initial Measurement
- B2.38 RecRipasChangeResponse function
- B3.3.14 RMI\_REC\_ENTER command
- B3.3.21 RMI\_RTT\_SET\_RIPAS command
- B4.3.5 RSI\_IPA\_STATE\_SET command
- D1.5.3 *RIPAS change flow*

# A5.5 Realm Translation Table

This section introduces the stage 2 translation table used by a Realm.

## A5.5.1 RTT overview

- A Realm Translation Table (RTT) is an abstraction over an Armv8-A stage 2 translation table used by a Realm. D<sub>FRNCX</sub> The attributes and format of an Armv8-A stage 2 translation table are defined by the Armv8-A Virtual Memory IMBCVZ System Architecture (VMSA) Arm Architecture Reference Manual for A-Profile architecture [3]. The translation granule size of an RTT is 4KB. R<sub>PXNHO</sub> ITQVTP The RMM architecture can only be deployed on a hardware platform which implements a translation granule size of 4KB. The contents of an RTT are not directly accessible to the Host. IPHGOO The contents of an RTT are manipulated using RMM commands. These commands allow the Host to manipulate IFPLRI. the contents of the RTT used by a Realm, subject to constraints imposed by the RMM. An RTT entry (RTTE) is an abstraction over an Armv8-A stage 2 translation table descriptor. DOTZDW I<sub>VYLTT</sub> An RTTE contains an output address which can point to one of the following:
  - Another RTT
  - A DATA Granule which is owned by the Realm
  - Non-secure memory which is accessible to both the Realm and the Host

## A5.5.2 RTT structure and configuration

- D\_VHLWFAn RTT tree is a hierarchical data structure composed of RTTs, connected via Table Descriptors.I\_KNPNXAn RTT contains an array of RTTEs.D\_HYTCJAn RTT level is the depth of an RTT within an RTT tree.I\_KKMSXAn RTT does not have an intrinsic "level" attribute. The level of an RTT is determined by its position within an RTT tree.D\_QSYBSThe RTT level of the root of an RTT tree is called the starting level.I\_SSDBTThe maximum depth of an RTT tree depends on all of the following:<br/>• whether LPA2 is selected when the Realm is created
  - the rtt\_level\_start attribute of the Realm
  - the ipa\_width attribute of the Realm.

See also:

- A2.1.3 *Realm attributes*
- A3.1.2 Realm LPA2 and IPA width

## A5.5.3 RTT starting level

 $I_{FDWZF}$  The RTT starting level is set when a Realm is created.

IYCPMFThe number of starting level RTTs is architecturally defined as a function of the Realm IPA width and the RTT<br/>starting level. See Arm Architecture Reference Manual for A-Profile architecture [3] for further details.

# Chapter A5. Realm memory management A5.5. Realm Translation Table

I<sub>RYNXE</sub> The address of the first starting level RTT is stored in the RTT base attribute of the owning Realm.

 $I_{XXWOW}$  The RTT base attribute is set when a Realm is created.

See also:

• A2.1.3 Realm attributes

## A5.5.4 RTT entry

IZBGGZAn RTT entry (RTTE) is an abstraction over an Armv8-A stage 2 translation table descriptor. The attributes and<br/>format of an Armv8-A stage 2 translation table descriptor are defined by the Armv8-A Virtual Memory System<br/>Architecture (VMSA) Arm Architecture Reference Manual for A-Profile architecture [3].

 $D_{BNHQQ}$  An RTTE has a state.

The values of *RTTE state* are:

- TABLE: the output address of the RTTE points to another RTT
- A HIPAS value
- I<sub>QWQSB</sub> The state of an RTTE in a RTT which is not level 2 or level 3 is UNASSIGNED, UNASSIGNED\_NS or TABLE.
- $D_{\text{NSHSL}}$  The output address of an RTTE whose state is TABLE and which is in a level *n* RTT is the physical address of a level *n*+1 RTT.
- I<sub>DJZTM</sub> An RTT whose level *n* is not the starting RTT level is pointed-to by exactly one TABLE RTTE in a level *n-1* RTT.
- I<sub>DXQWZ</sub> The following diagram shows an example RTT tree, annotated with RTTE states.



IFGWQS The function AddrIsRttLevelAligned() is used to evaluate whether an address is aligned to the address range described by an RTTE at a specified RTT level.

See also:

- A5.3.1 Host IPA state
- B1.4 Command condition expressions

## A5.5.5 RTT reading

IKJWKQAttributes of an RTTE, including the RTTE state, can be read by calling the RMI\_RTT\_READ\_ENTRY command.<br/>The set of RTTE attributes which are returned depends on the state of the RTTE.

• B3.3.20 RMI\_RTT\_READ\_ENTRY command

## A5.5.6 RTT folding

D<sub>RMCLC</sub> An RTT is *homogeneous* if its entries satisfy one of the conditions in the following table. If an RTT is homogeneous, the following table specifies the state to which the parent RTTE is set.

| Conditions on child RTT contents                                                                                                                                                                                                                                                                                                                         | Parent RTTE state |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------|
| <ul> <li>All of the following are true:</li> <li>State of all entries is UNASSIGNED</li> <li>RIPAS of all entries is the same</li> </ul>                                                                                                                                                                                                                 | UNASSIGNED        |
| State of all entries is UNASSIGNED_NS                                                                                                                                                                                                                                                                                                                    | UNASSIGNED_NS     |
| <ul> <li>All of the following are true:</li> <li>Level is 2 or 3</li> <li>State of all entries is ASSIGNED</li> <li>Output address of first entry is aligned to size of the address range described by an entry in the parent RTT</li> <li>Output addresses of all entries are contiguous</li> <li>RIPAS of all entries is the same</li> </ul>           | ASSIGNED          |
| <ul> <li>All of the following are true:</li> <li>Level is 2 or 3</li> <li>State of all entries is ASSIGNED_NS</li> <li>Output address of first entry is aligned to size of the address range described by an entry in the parent RTT</li> <li>Output addresses of all entries are contiguous</li> <li>Attributes of all entries are identical</li> </ul> | ASSIGNED_NS       |

I<sub>KDXLT</sub> The function RttIsHomogeneous () is used to evaluate whether an RTT is homogeneous.

D<sub>QPXCP</sub> *RTT folding* is the operation of destroying a homogeneous child RTT, and moving information which was stored in the child RTT into the parent RTTE.

- I<sub>QMGWK</sub> On RTT folding, the state of the parent RTTE is determined from the contents of the child RTTEs.
- ILLWGH The function RttFold() is used to evaluate the parent RTTE state which results from an RTT folding operation.
- I<sub>TPMGT</sub> On RTT folding, if the state of the parent RTTE is ASSIGNED or ASSIGNED\_NS then the attributes of the parent RTTE are copied from the child RTTEs.

See also:

- A5.5.9 RTT destruction
- B2.59 RttFold function
- B2.60 *RttIsHomogeneous function*
- B3.3.17 RMI\_RTT\_FOLD command

## A5.5.7 RTT unfolding

D<sub>HQQMG</sub> *RTT unfolding* is the operation of creating a child RTT, and populating it based on the contents of the parent RTTE.

 $I_{KWZXN}$  On RTT unfolding, the state of all RTTEs in the child RTT are set to the state of the parent RTTE.

- I<sub>HMYSW</sub>
   On RTT unfolding, if the state of the parent RTTE is ASSIGNED or ASSIGNED\_NS, then the output addresses of RTTEs in the child RTT are set to a contiguous range which starts from the address of the parent RTTE.

   See also:
  - B3.3.15 RMI\_RTT\_CREATE command

## A5.5.8 RTTE liveness and RTT liveness

| D <sub>KCMLN</sub>   | RTTE liveness is a property which means that a physical address is stored in the RTTE.                                                                                                                            |
|----------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| D <sub>hgyjz</sub>   | An RTTE is <i>live</i> if the RTTE state is ASSIGNED, ASSIGNED_NS or TABLE.                                                                                                                                       |
| I <sub>RHLYZ</sub>   | The function RttSkipNonLiveEntries() is used to scan an RTT to find the next live RTTE. The resulting IPA is returned to the Host from commands whose successful execution causes a live RTTE to become non-live. |
| X <sub>gqpsf</sub>   | Identifying the next live RTTE allows the Host to avoid calls to RMI_RTT_READ_ENTRY when unmapping ranges of a Realm's IPA space, for example during Realm destruction.                                           |
| $D_{\mathrm{MPWLR}}$ | <i>RTT liveness</i> is a property which means that there exists another RMM data structure which is referenced by the RTT.                                                                                        |
| D <sub>YPSLW</sub>   | An RTT is <i>live</i> if, for any of its entries, either of the following is true:                                                                                                                                |
|                      | <ul><li>The RTTE state is ASSIGNED</li><li>The RTTE state is TABLE.</li></ul>                                                                                                                                     |
| I <sub>MXJNY</sub>   | Note that an RTT can be non-live, even if one of its entries is live. This would be the case for example if the RTT corresponds to an Unprotected IPA range and the state of one of its entries is ASSIGNED_NS.   |
| I <sub>YPLKM</sub>   | The function RttIsLive() is used to evaluate whether an RTT is live.                                                                                                                                              |

See also:

- A5.5.9 RTT destruction
- B2.61 *RttIsLive function*
- B2.73 *RttSkipNonLiveEntries function*
- B3.3.3 *RMI DATA DESTROY command*
- B3.3.16 *RMI\_RTT\_DESTROY command*
- B3.3.22 RMI\_RTT\_UNMAP\_UNPROTECTED command

## A5.5.9 RTT destruction

D<sub>VXRZW</sub> *RTT destruction* is the operation of destroying a child RTT, and discarding information which was stored in the child RTT.

- $I_{PRMFR}$  An RTT cannot be destroyed if it is live.
- $I_{MDFQN}$  An RTT can be destroyed regardless of whether it is homogeneous.
- I<sub>MCKSK</sub> Following RTT destruction, all of the following are true for the parent RTTE:
  - RIPAS is DESTROYED
  - RTTE state is UNASSIGNED

- A5.2 Realm view of memory management
- A5.5.6 RTT folding
- A5.5.8 RTTE liveness and RTT liveness

• B3.3.16 RMI\_RTT\_DESTROY command

## A5.5.10 RTT walk

| I <sub>CBWSX</sub> | An IPA is translated to a PA by walking an RTT tree, starting at the RTT base.                                                                                            |
|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| IFDWYV             | The behaviour of an RTT walk is defined by the Armv8-A Virtual Memory System Architecture (VMSA) <i>Arm Architecture Reference Manual for A-Profile architecture</i> [3]. |
| I <sub>TVGQD</sub> | The inputs to an RTT walk are:                                                                                                                                            |
|                    | <ul> <li>a Realm Descriptor, which contains the address of the initial RTT</li> <li>a target IPA</li> <li>a target RTT level.</li> </ul>                                  |
|                    | The RTT walk terminates when either:                                                                                                                                      |
|                    | • it reaches the target RTT level, or                                                                                                                                     |

• it reaches an RTTE whose state is not TABLE.

D<sub>RBHVQ</sub> The result of an RTT walk performed by the RMM is a data structure of type RmmRttWalkResult.

The attributes of an  ${\tt RmmRttWalkResult}$  are summarized in the following table.

| Name     | Туре        | Description                        |
|----------|-------------|------------------------------------|
| level    | Int8        | RTT level reached by the walk      |
| rtt_addr | Address     | Address of RTT reached by the walk |
| tte      | RmmRttEntry | RTTE reached by the walk           |

I<sub>ZSRCD</sub> The function RmmRttWalkResult RttWalk(rd, addr, level) is used to represent an RTT walk.

 $\mathbb{I}_{\text{FBZPQ}} \qquad \text{The input address to an RTT walk is always less than } 2^w, \text{ where } w \text{ is the IPA width of the target Realm.}$ 

### See also:

- A2.1.3 Realm attributes
- B1.4 Command condition expressions
- B2.75 RttWalk function
- B3.3.1 RMI\_DATA\_CREATE command
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.3 RMI\_DATA\_DESTROY command
- B3.3.15 RMI\_RTT\_CREATE command
- B3.3.16 *RMI\_RTT\_DESTROY command*
- B3.3.19 RMI\_RTT\_MAP\_UNPROTECTED command
- B3.3.22 RMI\_RTT\_UNMAP\_UNPROTECTED command
- C1.25 RmmRttWalkResult type

## A5.5.11 RTT entry attributes

R<sub>KCFCT</sub> The cacheability attributes of an RTT entry which corresponds to a Protected IPA and whose state is ASSIGNED are independent of any stage 1 descriptors and of the state of the stage 1 MMU.

U<sub>NPVGN</sub> The RMM uses FEAT\_S2FWB to ensure that the cacheability attributes of an RTT entry which corresponds to a Protected IPA and whose state is ASSIGNED are independent of stage 1 translation.

# Chapter A5. Realm memory management A5.5. Realm Translation Table

| $R_{JZKMH}$        | The attributes of an RTT entry which corresponds to a Protected IPA and whose state is ASSIGNED include the following:                                      |
|--------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                    | <ul><li>Normal memory</li><li>Inner Write-Back Cacheable</li><li>Inner Shareable</li></ul>                                                                  |
| $D_{\rm FJTMF}$    | The following attributes of an RTT entry which corresponds to an Unprotected IPA and whose state is ASSIGNED_NS are <i>Host-controlled RTT attributes</i> : |
|                    | • ADDR<br>• MemAttr[2:0]<br>• S2AP<br>• SH                                                                                                                  |
| $X_{\rm QHLKB}$    | In an RTT entry which corresponds to an Unprotected IPA and whose state is ASSIGNED_NS, MemAttr[3] is RESO because the RMM uses FEAT_S2FWB.                 |
| R <sub>JRZTL</sub> | Hardware access flag and dirty bit management is disabled for the stage 2 translation used by a Realm.                                                      |
| I <sub>QFGJC</sub> | Hardware access flag and dirty bit management may be enabled by software executing within the Realm, for its own stage 1 translation.                       |
|                    | See also:                                                                                                                                                   |
|                    | <ul> <li>A5.2.1 Realm IPA space</li> <li>B2.53 RttDescriptorIsValidForUnprotected function</li> <li>B3.3.19 RMI_RTT_MAP_UNPROTECTED command</li> </ul>      |

B3.3.19 RMI\_RTT\_MAT\_ONT ROTECTED co.
B3.3.20 RMI\_RTT\_READ\_ENTRY command

# Chapter A6 Realm interrupts and timers

This specification requires that a virtual Generic Interrupt Controller (vGIC) is presented to a Realm. This vGIC should be architecturally compliant with respect to GICv3 with no legacy operation.

The Host is able to inject virtual interrupts using the GIC virtual CPU interface.

The vGIC presented to a Realm is expected to be implemented via a combination of Host emulation and RMM mediation, as follows:

- Management of Non-secure physical interrupts is performed by the Host, via the GIC Interrupt Routing Infrastructure (IRI).
- The Host is responsible for emulating a GICv3 distributor MMIO interface.
- The Host is responsible for emulating a GICv3 redistributor MMIO interface for each REC.
- The GIC MMIO interfaces emulated by the Host must be presented to the Realm via its Unprotected IPA space.
- The Host may optionally provide a virtual Interrupt Translation Service (ITS). The Realm must allocate ITS tables within its Unprotected IPA space.
- The RMM allows the Host to control some of the GIC virtual CPU interface state which is observed by the Realm. This state is designed to be the minimum required to allow the Host to correctly manage interrupts for the Realm, with integrity guaranteed by the RMM for the remainder of the GIC CPU interface state.
- On REC exit, the RMM exposes some of the GIC virtual CPU interface state to the Host. This state is designed to be the minimum required to allow the Host to correctly manage interrupts for the Realm, with confidentiality guaranteed by the RMM for the remainder of the GIC virtual CPU interface state.

On every REC exit, the EL1 timer state is exposed to the Host. The RMM guarantees that a REC exit occurs whenever a Realm EL1 timer asserts or de-asserts its output.

- Arm Generic Interrupt Controller (GIC) Architecture Specification version 3 and version 4 [5]
- A5.2.1 Realm IPA space
- D1.6 Realm interrupts and timers flows

# A6.1 Realm interrupts

|                    | This section describes the programming model for a REC's GIC CPU interface.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| D <sub>XZVGB</sub> | The value of enter.gicv3_lrs[n] is valid if all of the following are true:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
|                    | <ul> <li>The value is an architecturally valid encoding of ICH_LR<n>_EL2 according to Arm Generic Interrupt Controller (GIC) Architecture Specification version 3 and version 4 [5].</n></li> <li>HW == '0'.</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| X <sub>dmsdz</sub> | The GICv3 architecture states that, if $HW == 'l'$ then the virtual interrupt must be linked to a physical interrupt whose state is Active, otherwise behavior is undefined. The RMM is unable to validate that invariant, so it imposes the constraint that $HW == 'l'$ .                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| D <sub>CPLDX</sub> | The value of enter.gicv3_hcr is valid if the value is an architecturally valid encoding of ICH_HCR_EL2 according to Arm Generic Interrupt Controller (GIC) Architecture Specification version 3 and version 4 [5].                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| R <sub>hlfry</sub> | REC entry fails if the value of any enter.gicv3_* attribute is invalid.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| R <sub>WNFRW</sub> | On REC entry, ICH_LR <n>_EL2 is set to enter.gicv3_lrs[n], for all values of n supported by the PE.</n>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
| R <sub>wvgfj</sub> | On REC entry, the following fields in ICH_HCR_EL2 are set to the corresponding values in enter.gicv3_hcr:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
|                    | <ul> <li>UIE</li> <li>LRENPIE</li> <li>NPIE</li> <li>VGrp0EIE</li> <li>VGrp1EIE</li> <li>VGrp1DIE</li> <li>TDIR</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
| I <sub>SMHXB</sub> | On REC entry, fields in enter.gicv3_hcr must be set to '0' except for the following:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
|                    | <ul> <li>UIE</li> <li>LRENPIE</li> <li>NPIE</li> <li>VGrp0EIE</li> <li>VGrp1EIE</li> <li>VGrp1DIE</li> <li>TDIR</li> </ul>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
|                    | If any other field in enter.gicv3_hcr is set to '1', then RMI_REC_ENTER fails.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| X <sub>lmxcx</sub> | The RMM provides access to the GIC virtual CPU interface to the Realm and therefore controls the enable bit<br>and most trap bits in ICH_HCR_EL2. The maintenance interrupt control bits are controlled by the Host, because<br>the maintenance interrupts are provided as hints to the hypervisor to allocate List Registers optimally and to<br>correctly emulate GICv3 behavior. The TDIR bit is also controlled by the Host because it is used when supporting<br>EOImode == '1' in the Realm. This mode is used to allow deactivation of virtual interrupts across RECs. This<br>deactivation must be handled by the Host because the RMM can only operate on a single REC during execution of<br>RMI_REC_ENTER. |
| $R_{LNQRL}$        | A REC exit due to IRQ is not generated for an interrupt which is masked by the value of ICC_PMR_EL1 at the time of REC entry.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
| U <sub>gxchc</sub> | The RMM should preserve the value of ICC_PMR_EL1 during REC entry.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
| R <sub>NKPNC</sub> | On REC exit, exit.gicv3_vmcr contains the value of ICH_VMCR_EL2 at the time of the Realm exit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
| R <sub>skonf</sub> | On REC exit, exit.gicv3_misr contains the value of ICH_MISR_EL2 at the time of the Realm exit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
|                    |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |

- X<sub>DBGXB</sub> The Host could in principle infer the value of ICH\_MISR\_EL2 at the time of the Realm exit from the combination of exit.gicv3\_lrs[n] and exit.gicv3\_hcr. However, this would be cumbersome, error-prone, and diverge from the design of existing hypervisor software.
- R<sub>QKZXD</sub> On REC exit, exit.gicv3\_lrs[n] contains the value of ICH\_LR<n>\_EL2 at the time of the Realm exit, for all values of n supported by the PE.
- R<sub>SNVZH</sub> On REC exit, the following fields in exit.gicv3\_hcr contains the value of the corresponding field in ICH\_HCR\_EL2 at the time of the Realm exit:
  - EOIcount
  - UIE
  - LRENPIE
  - NPIE
  - VGrp0EIE
  - VGrp0DIE
  - VGrp1EIE
  - VGrp1DIE
  - TDIR

#### All other fields contain zero.

### R<sub>FGQXT</sub> On REC exit, the values of the following registers may have changed:

- ICH\_APOR<n>\_EL2
- ICH\_AP1R<n>\_EL2
- ICH\_LR<n>\_EL2
- ICH\_VMCR\_EL2
- ICH\_HCR\_EL2
- S<sub>QMJVJ</sub> It is the responsibility of the caller to save and restore GIC virtualization system control registers if their value needs to be preserved following execution of RMI\_REC\_ENTER.
- X<sub>KDGHF</sub> On REC entry, the values of the GIC virtualization control system registers are overwritten. The Non-secure hypervisor runs at EL2 and therefore does not make direct use of the virtual GIC CPU interface for its own execution. This means that saving / restoring the caller's GIC virtualization control system registers would typically not be required and would add additional runtime overhead for each execution of RMI\_REC\_ENTER.
- R<sub>VSBBS</sub> On REC exit, ICH\_HCR\_EL2.En == '0'.
- X<sub>WLTBX</sub> Disabling the virtual GIC CPU interface ensures that the caller does not receive unexpected GIC maintenance interrupts. A stronger constraint, for example stating that all GIC virtualization control system registers are zero on REC exit, was considered. However, this was rejected on the basis that it may preclude future optimisations, such as returning early from execution of RMI\_REC\_ENTER, without needing to first write zero to all GIC virtualization control system registers, if an interrupt is pending.

- Arm Generic Interrupt Controller (GIC) Architecture Specification version 3 and version 4 [5]
- A4.2 *REC entry*
- A4.3 REC exit
- B3.3.14 RMI\_REC\_ENTER command
- B3.4.14 RmiRecEnter type
- B3.4.16 RmiRecExit type
- D1.6.1 Interrupt flow

Chapter A6. Realm interrupts and timers A6.2. Realm timers

# A6.2 Realm timers

|                    | This section describes the programming model for Realm EL1 timers.                                                                                                                                                                                                                                                                                                                                                                                                                            |
|--------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| R <sub>LKNDV</sub> | Architectural timers are available to a Realm and behave according to their architectural specification.                                                                                                                                                                                                                                                                                                                                                                                      |
| R <sub>YWXTJ</sub> | During Realm execution, if a Realm EL1 timer asserts its output, a Realm exit occurs.                                                                                                                                                                                                                                                                                                                                                                                                         |
| I <sub>VFYJV</sub> | If the Host has programmed an EL1 timer to assert its output during Realm execution, that timer output is not guaranteed to assert.                                                                                                                                                                                                                                                                                                                                                           |
| R <sub>fkchx</sub> | If the Host has programmed an EL2 timer to assert its output during Realm execution, that timer output is guaranteed to assert.                                                                                                                                                                                                                                                                                                                                                               |
| R <sub>rjzrp</sub> | Both the virtual and physical counter values are guaranteed to be monotonically increasing when read by a Realm, in accordance with the architectural counter behavior.                                                                                                                                                                                                                                                                                                                       |
| R <sub>JSMQP</sub> | When read by a Realm, either the virtual or physical counter returns the same value at a given point in time on a given PE.                                                                                                                                                                                                                                                                                                                                                                   |
| X <sub>YCDMW</sub> | In order to ensure that the Realm has a consistent view of time, the virtual timer offset must be fixed for the lifetime of the Realm. The absolute value of the virtual timer offset is not important, so the value zero has been chosen for simplicity of both the specification and the implementation.                                                                                                                                                                                    |
| I <sub>FKMGZ</sub> | The rule that virtual and physical counter values are identical may need to be amended if a future version of the specification supports migration and / or virtualization of time based on the virtual counter differing from the physical counter.                                                                                                                                                                                                                                          |
| R <sub>vwqdh</sub> | On REC exit, Realm EL1 timer state is exposed via the RecExit object:                                                                                                                                                                                                                                                                                                                                                                                                                         |
|                    | <ul> <li>exit.cntv_ctl contains the value of CNTV_CTL_EL0 at the time of the Realm exit.</li> <li>exit.cntv_cval contains the value of CNTV_CVAL_EL0 at the time of the Realm exit, expressed as if the virtual counter offset was zero.</li> <li>exit.cntp_ctl contains the value of CNTP_CTL_EL0 at the time of the Realm exit.</li> <li>exit.cntp_cval contains the value of CNTP_CVAL_EL0 at the time of the Realm exit, expressed as if the physical counter offset was zero.</li> </ul> |
| S <sub>PYWWF</sub> | The Host should check the Realm EL1 timer state on every return from RMI_REC_ENTER, and if a timer condition is met, the Host should inject a virtual interrupt. This is true regardless of the value of exit.exit_reason: even if the return occurred for a reason unrelated to timer state (for example, a REC exit due to Data Abort), the timer condition should be checked.                                                                                                              |
|                    | This is to ensure that the Realm does not miss a timer interrupt if, for example, there is no other event causing a return from RMI_REC_ENTER. In other words, the RMM only guarantees that the Host can observe a change in timer output state during return from RMI_REC_ENTER, but does not guarantee a REC exit specifically indicating an asserted timer output change.                                                                                                                  |
|                    | See also:                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |
|                    |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |

- A4.3 REC exit
- B3.4.16 *RmiRecExit type*
- D1.6.2 *Timer interrupt delivery flow*

# Chapter A7 Realm measurement and attestation

This section describes how the initial state of a Realm is measured and can be attested.

Chapter A7. Realm measurement and attestation A7.1. Realm measurements

## A7.1 Realm measurements

This section describes how Realm measurement values are calculated.

- D<sub>SJWWS</sub> A Realm measurement value is a rolling hash.
- D<sub>YKDBY</sub> A *Realm Hash Algorithm* (RHA) is an algorithm which is used to extend a Realm measurement value.

I<sub>NRKWB</sub> The RHA used by a Realm is selected via the hash\_algo attribute.

See also:

- A2.1.3 Realm attributes
- A3.1.1 Realm hash algorithm
- A7.2.3.1.3 Realm Initial Measurement claim
- A7.2.3.1.4 Realm Extensible Measurements claim

## A7.1.1 Realm Initial Measurement

This section describes how the Realm Initial Measurement (RIM) is calculated.

- I<sub>XKSBZ</sub> The initial RIM value for a Realm is calculated from a subset of the Realm parameters.
- I<sub>NCNDK</sub> A RIM is extended by applying the RHA to the inputs of RMM operations which are executed during Realm construction.

### $I_{NQQTF}$ The following operations cause a RIM to be extended:

- Creation of a DATA Granule during Realm construction
- Creation of a runnable REC
- Changes to RIPAS of Protected IPA during Realm construction
- R<sub>VMPZG</sub> On execution of an operation which requires extension of a RIM, the RMM first constructs a *measurement descriptor* structure. The measurement descriptor contents include the current RIM value. The new RIM value is computed by applying the RHA to the measurement descriptor.

$$desc = MeasurementDescriptor(M_{i-1}, ...)$$
  
$$M_i = RHA(desc)$$

- $I_{FQHFC}$  A RIM is immutable while the state of the Realm is ACTIVE. This implies that a RIM reflects the configuration and contents of the Realm at the moment when it transitioned from the NEW to the ACTIVE state.
- I<sub>DQGPT</sub> A RIM depends upon the order of the RMM operations which are executed during Realm construction.
- SVZNCWThe order in which RMM operations are executed during Realm construction must be agreed between the Realm<br/>owner (or a delegate of the Realm owner which will receive and validate the RIM) and the Host which executes the<br/>RMM commands. This ensures that a correctly-constructed Realm will have the expected measurement.
- $\label{eq:limbla} I_{\texttt{LTWBL}} \qquad \mbox{The value of a RIM can be read using the RSI_MEASUREMENT_READ command.}$

- B3.3.1.4 RMI\_DATA\_CREATE extension of RIM
- B3.3.9.4 RMI\_REALM\_CREATE initialization of RIM
- B3.3.12.4 RMI\_REC\_CREATE extension of RIM
- B3.3.18.4 RMI\_RTT\_INIT\_RIPAS extension of RIM
- B4.3.7 RSI\_MEASUREMENT\_READ command

Chapter A7. Realm measurement and attestation A7.1. Realm measurements

## A7.1.2 Realm Extensible Measurement

This section describes the behavior of a Realm Extensible Measurement (REM).

- $I_{QJDWM}$  A REM is extended using the RSI\_MEASUREMENT\_EXTEND command.
- I<sub>CTMBT</sub> The value of a REM can be read using the RSI\_MEASUREMENT\_READ command.
- I<sub>MDQRP</sub> The initial value of a REM is zero.

- B4.3.6 RSI\_MEASUREMENT\_EXTEND command
- B4.3.7 RSI\_MEASUREMENT\_READ command

# A7.2 Realm attestation

This section describes the primitives which are used to support remote Realm attestation.

## A7.2.1 Attestation token

D<sub>VRRLN</sub> A *CCA attestation token* is a collection of claims about the state of a Realm and of the CCA platform on which the Realm is running.

- I<sub>BXBSD</sub> A CCA attestation token consists of two parts:
  - Realm token

Contains attributes of the Realm, including:

- Realm Initial Measurement
- Realm Extensible Measurements
- CCA platform token

Contains attributes of the CCA platform on which the Realm is running, including:

- CCA platform identity
- CCA platform lifecycle state
- CCA platform software component measurements

 $I_{JKJCQ}$  The size of a CCA attestation token may be greater than 4KB.

See also:

- A7.1.1 Realm Initial Measurement
- A7.1.2 Realm Extensible Measurement

## A7.2.2 Attestation token generation

 $I_{KRMRH}$  The process for a Realm to obtain an attestation token is:

- Call RSI\_ATTESTATION\_TOKEN\_INIT once
- Call RSI\_ATTESTATION\_TOKEN\_CONTINUE in a loop, until the result is not RSI\_INCOMPLETE

Each call to RSI\_ATTESTATION\_TOKEN\_CONTINUE retrieves up to one Granule of the attestation token.

```
The following pseudocode illustrates the process of a Realm obtaining an attestation token.
SXMIME
           int get_attestation_token(...)
           {
                int ret;
                ret = RSI ATTESTATION TOKEN INIT(challenge);
                if (ret) {
                     return ret;
                }
                do { // Retrieve one Granule of data per loop iteration
                     uint64_t granule = alloc_granule();
                     uint64_t offset = 0;
                     do { // Retrieve sub-Granule chunk of data per loop iteration
                         uint64_t size = GRANULE_SIZE - offset;
                          (status, len) = RSI ATTESTATION TOKEN CONTINUE(Granule, offset, size);
                         offset += len;
                     } while (ret == RSI_INCOMPLETE && offset < GRANULE_SIZE);</pre>
                     // "offset" bytes of data are now ready for consumption from "granule"
                } while (ret == RSI_INCOMPLETE);
                return ret;
           }
           Up to one attestation token generation operation may be ongoing on a REC.
IZWOCB
           On execution of RSI_ATTESTATION_TOKEN_INIT, if an attestation token generation operation is ongoing on
ITMJVG
           the calling REC, it is terminated.
           The challenge value provided to RSI_ATTESTATION_TOKEN_INIT is included in the generated attestation token.
IWTKDD
           This allows the relying party to establish freshness of the attestation token.
           If the size of the challenge provided by the relying party is less than 64 bytes, it should be zero-padded prior to
           calling RSI_ATTESTATION_TOKEN_INIT. Arm recommends that the challenge should contain at least 32 bytes
```

- I<sub>GKDJW</sub> Generation of an attestation token can be a long-running operation, during which interrupts may need to be handled.
- I<sub>CXSJP</sub> If a physical interrupt becomes pending during execution of RSI\_ATTESTATION\_TOKEN\_CONTINUE, a REC exit due to IRQ can occur.

On the next entry to the REC:

- If a virtual interrupt is pending on that REC, it is taken to the REC's exception handler
- RSI\_ATTESTATION\_TOKEN\_CONTINUE returns RSI\_INCOMPLETE
- The REC should call RSI\_ATTESTATION\_TOKEN\_CONTINUE again

See also:

of unique data.

- A4.3.5 REC exit due to IRQ
- A6.1 *Realm interrupts*
- A7.2.3.1.1 Realm challenge claim
- B4.3.1 RSI\_ATTESTATION\_TOKEN\_CONTINUE command
- B4.3.2 RSI\_ATTESTATION\_TOKEN\_INIT command
- D1.7.1 Attestation token generation flow
- D1.7.2 Handling interrupts during attestation token generation flow

## A7.2.3 Attestation token format

The CCA attestation token is a profiled IETF Entity Attestation Token (EAT). ITFHGX The CCA attestation token is a Concise Binary Object Representation (CBOR) map, in which the map values are ILPTVH the Realm token and the CCA platform token. The Realm token contains structured data in CBOR, wrapped with a COSE\_Sign1 envelope according to the IYZPHG CBOR Object Signing and Encryption (COSE) standard. The Realm token is signed by the Realm Attestation Key (RAK). IMMOZG The CCA platform token contains structured data in CBOR, wrapped with a COSE\_Sign1 envelope according to IWBGNP the COSE standard. The CCA platform token is signed by the Initial Attestation Key (IAK). I<sub>CGYKX</sub> The CCA platform token contains a hash of RAK\_pub. This establishes a cryptographic binding between the ICCGOH Realm token and the CCA platform token. The CCA attestation token is defined as follows: I<sub>PTKYD</sub> cca-token = #6.399(cca-token-collection) ; EAT token-collection extension cca-platform-token = bstr .cbor COSE\_Sign1\_Tagged cca-realm-delegated-token = bstr .cbor COSE\_Sign1\_Tagged cca-token-collection = { 44234 => cca-platform-token ;  $44234 = 0 \times ACCA$ 44241 => cca-realm-delegated-token } ; EAT standard definitions COSE\_Sign1\_Tagged = #6.18(COSE\_Sign1) ; Deliberately shortcut these definitions until EAT is finalised and able to ; pull in the full set of definitions COSE\_Sign1 = "COSE-Sign1 placeholder"

I<sub>HZNNH</sub> The composition of the CCA attestation token is summarised in the following figure.



Figure A7.1: Attestation token format

- Arm CCA Security model [4]
- Concise Binary Object Representation (CBOR) [6]
- CBOR Object Signing and Encryption (COSE) [7]
- Entity Attestation Token (EAT) [8]
- A7.2.3.1 Realm claims
- A7.2.3.2 CCA platform claims

## A7.2.3.1 Realm claims

This section defines the format of the Realm token claim map. The format is described using a combination of Concise Data Definition Language (CDDL) and text description.

I<sub>HKBHC</sub>

The Realm token claim map is defined as follows:

```
cca-realm-claims = (cca-realm-claim-map)
cca-realm-challenge
    cca-realm-personalization-value
    cca-realm-initial-measurement
    cca-realm-extensible-measurements
    cca-realm-hash-algo-id
    cca-realm-public-key
    cca-realm-public-key-hash-algo-id
}
```

See also:

- Concise Data Definition Language (CDDL) [9]
- A7.2.3.1.1 Realm challenge claim
- A7.2.3.1.2 Realm Personalization Value claim
- A7.2.3.1.3 Realm Initial Measurement claim
- A7.2.3.1.4 Realm Extensible Measurements claim
- A7.2.3.1.5 Realm hash algorithm ID claim
- A7.2.3.1.6 Realm public key claim
- A7.2.3.1.7 Realm public key hash algorithm identifier claim
- A7.2.3.1.8 Collated CDDL for Realm claims
- A7.2.3.1.9 Example Realm claims

#### A7.2.3.1.1 Realm challenge claim

 $I_{TFWXQ}$  The Realm challenge claim is used to carry the challenge provided by the caller to demonstrate freshness of the generated token.

- $I_{RVLZK}$  The Realm challenge claim is identified using the EAT nonce label (10).
- $I_{MNVNP}$  The length of the Realm challenge is 64 bytes.

#### I<sub>PXMXF</sub> The Realm challenge claim must be present in a Realm token.

```
I<sub>BXGFN</sub> The format of the Realm challenge claim is defined as follows:
```

#### See also:

- A7.2.2 Attestation token generation
- B4.3.2 RSI\_ATTESTATION\_TOKEN\_INIT command

#### A7.2.3.1.2 Realm Personalization Value claim

I<sub>SCNXB</sub> The Realm Personalization Value claim contains the RPV which was provided at Realm creation.

 $I_{BKZPD}$  The Realm Personalization Value claim must be present in a Realm token.

• A2.1.3 Realm attributes

### A7.2.3.1.3 Realm Initial Measurement claim

```
I<sub>BXKGD</sub> The Realm Initial Measurement claim contains the values of the Realm Initial Measurement.
```

```
I<sub>FZQSM</sub> The Realm Initial Measurement claim must be present in a Realm token.
```

I<sub>GGTNH</sub>

```
The format of the Realm Initial Measurement claim is defined as follows:
```

```
cca-realm-measurement-type = bytes .size 32 / bytes .size 48 / bytes .size 64
cca-realm-initial-measurement-label = 44238
cca-realm-initial-measurement = (
    cca-realm-initial-measurement-label => cca-realm-measurement-type
)
```

#### See also:

- A7.1 Realm measurements
- A7.2.3.1.4 Realm Extensible Measurements claim

### A7.2.3.1.4 Realm Extensible Measurements claim

```
I_{KFNMV} The Realm Extensible Measurements claim contains the values of the Realm Extensible Measurements.
```

```
I<sub>DSNFB</sub> The Realm Extensible Measurements claim must be present in a Realm token.
```

```
I<sub>ZKVMN</sub> The format of the Realm measurements claim is defined as follows:
```

```
cca-realm-measurement-type = bytes .size 32 / bytes .size 48 / bytes .size 64
cca-realm-extensible-measurements-label = 44239
cca-realm-extensible-measurements = (
    cca-realm-extensible-measurements-label => [ 4*4 cca-realm-measurement-type ]
)
```

See also:

- A7.1 *Realm measurements*
- A7.2.3.1.3 Realm Initial Measurement claim

### A7.2.3.1.5 Realm hash algorithm ID claim

- IDGCGG
   The Realm hash algorithm ID claim identifies the algorithm used to calculate all hash values which are present in the Realm token.
- IPVLCJArm recommends that the value of the Realm hash algorithm ID claim is an IANA Hash Function name IANA<br/>Hash Function Textual Names [10].

```
      IWKVCQ
      The Realm hash algorithm ID claim must be present in a Realm token.

      IPWPLJ
      The format of the Realm hash algorithm ID claim is defined as follows:

      cca-realm-hash-algo-id-label = 44236

      cca-realm-hash-algo-id = (

      cca-realm-hash-algo-id-label => text

      )
```

### A7.2.3.1.6 Realm public key claim

| I <sub>ZCFMQ</sub> | The Realm public key claim identifies the key which is used to sign the Realm token.                                         |  |
|--------------------|------------------------------------------------------------------------------------------------------------------------------|--|
| $I_{\rm WBNHC}$    | The value of the Realm public key claim is RAK_pub, encoded according to SEC 1: Elliptic Curve Cryptograph version 2.0 [11]. |  |
| I <sub>lsnpq</sub> | The Realm public key claim must be present in a Realm token.                                                                 |  |
| I <sub>NNNDS</sub> | The format of the Realm public key claim is defined as follows:                                                              |  |
|                    | cca-realm-public-key-label = 44237                                                                                           |  |
|                    | ; TODO: support public key sizes other than ECC-P384<br>cca-realm-public-key-type = bytes .size 97                           |  |
|                    | <pre>cca-realm-public-key = (     cca-realm-public-key-label =&gt; cca-realm-public-key-type )</pre>                         |  |
|                    |                                                                                                                              |  |

#### See also:

- SEC 1: Elliptic Curve Cryptography, version 2.0 [11]
- A7.2.3.1.7 Realm public key hash algorithm identifier claim
- A7.2.3.2.2 CCA platform challenge claim

### A7.2.3.1.7 Realm public key hash algorithm identifier claim

I<sub>WWSLP</sub> The Realm public key hash algorithm identifier claim identifies the algorithm used to calculate H(RAK\_pub).

I<sub>TNRBN</sub> The Realm public key hash algorithm identifier claim must be present in a Realm token.

INNPVX

```
The format of the Realm public key hash algorithm identifier claim is defined as follows:
```

```
cca-realm-public-key-hash-algo-id-label = 44240
cca-realm-public-key-hash-algo-id = (
    cca-realm-public-key-hash-algo-id-label => text
```

#### )

- SEC 1: Elliptic Curve Cryptography, version 2.0 [11]
- A7.2.3.1.6 Realm public key claim
- A7.2.3.2.2 CCA platform challenge claim

### A7.2.3.1.8 Collated CDDL for Realm claims

```
The format of the Realm token claim map is defined as follows:
D<sub>DCYXZ</sub>
          cca-realm-claims = (cca-realm-claim-map)
          cca-realm-claim-map = {
              cca-realm-challenge
              cca-realm-personalization-value
              cca-realm-initial-measurement
              cca-realm-extensible-measurements
              cca-realm-hash-algo-id
              cca-realm-public-key
              cca-realm-public-key-hash-algo-id
          }
          cca-realm-challenge-label = 10
          cca-realm-challenge-type = bytes .size 64
          cca-realm-challenge = (
              cca-realm-challenge-label => cca-realm-challenge-type
          )
          cca-realm-personalization-value-label = 44235
          cca-realm-personalization-value-type = bytes .size 64
          cca-realm-personalization-value = (
              cca-realm-personalization-value-label => cca-realm-personalization-value-type
          )
          cca-realm-measurement-type = bytes .size 32 / bytes .size 48 / bytes .size 64
          cca-realm-initial-measurement-label = 44238
          cca-realm-initial-measurement = (
              cca-realm-initial-measurement-label => cca-realm-measurement-type
          )
          cca-realm-extensible-measurements-label = 44239
          cca-realm-extensible-measurements = (
              cca-realm-extensible-measurements-label => [ 4*4 cca-realm-measurement-type ]
          )
          cca-realm-hash-algo-id-label = 44236
          cca-realm-hash-algo-id = (
              cca-realm-hash-algo-id-label => text
          )
          cca-realm-public-key-label = 44237
          ; TODO: support public key sizes other than ECC-P384
          cca-realm-public-key-type = bytes .size 97
          cca-realm-public-key = (
              cca-realm-public-key-label => cca-realm-public-key-type
          )
          cca-realm-public-key-hash-algo-id-label = 44240
```

```
cca-realm-public-key-hash-algo-id = (
    cca-realm-public-key-hash-algo-id-label => text
)
```

### A7.2.3.1.9 Example Realm claims

```
An example Realm claim map is shown below in COSE-DIAG format:
ICPTFR
    / Realm claim map /
    {
      / cca-realm-challenge /
      / cca-realm-personalization-value /
      / cca-realm-initial-measurement /
      / cca-realm-extensible-measurements /
      44239: [
        ],
      / cca-realm-hash-algo-id /
      44236: "sha-256",
      / cca-realm-public-key /
      44237: h'0476F988091BE585ED41801AECFAB858548C63057E16B0E676120BBD0D2F9C29
           E056C5D41A0130EB9C21517899DC23146B28E1B062BD3EA4B315FD219F1CBB52
           8CB6E74CA49BE16773734F61A1CA61031B2BBF3D918F2F94FFC4228E50919544
           ΑE',
       / cca-realm-public-key-hash-algo-id /
       44240: "sha-256"
    }
```

## A7.2.3.2 CCA platform claims

This section defines the format of the CCA platform token claim map. The format is described using a combination of Concise Data Definition Language (CDDL) and text description.

```
IFJKFY T
```

The CCA platform token claim map is defined as follows:

```
cca-platform-claims = (cca-platform-claim-map)
cca-platform-profile
    cca-platform-challenge
    cca-platform-instance-id
    cca-platform-instance-id
    cca-platform-lifecycle
    cca-platform-lifecycle
    cca-platform-verification-service
    cca-platform-hash-algo-id
}
```

See also:

- Concise Data Definition Language (CDDL) [9]
- A7.2.3.2.1 CCA platform profile claim
- A7.2.3.2.2 CCA platform challenge claim
- A7.2.3.2.3 CCA platform Implementation ID claim
- A7.2.3.2.4 CCA platform Instance ID claim
- A7.2.3.2.5 CCA platform config claim
- A7.2.3.2.6 CCA platform lifecycle claim
- A7.2.3.2.7 CCA platform software components claim
- A7.2.3.2.8 CCA platform verification service claim
- A7.2.3.2.9 CCA platform hash algorithm ID claim
- A7.2.3.2.10 Collated CDDL for CCA platform claims
- A7.2.3.2.11 Example CCA platform claims

### A7.2.3.2.1 CCA platform profile claim

 $I_{FQYTP}$  The CCA platform profile claim identifies the EAT profile to which the CCA platform token conforms. Note that because the platform token is expected to be issued when bound to a Realm token, the profile document should include a description of the Realm claims.

```
I<sub>XMVFR</sub> The CCA platform profile claim is identified using the EAT profile label (265).
```

```
I<sub>GMKNR</sub> The CCA platform profile claim must be present in a CCA platform token.
```

```
I<sub>MHRTD</sub> The format of the CCA platform profile claim is defined as follows:
```

## A7.2.3.2.2 CCA platform challenge claim

 $I_{TKTWZ}$  The CCA platform challenge claim contains a hash of the public key used to sign the Realm token.

See also:

• A7.2.3.1.6 Realm public key claim

### A7.2.3.2.3 CCA platform Implementation ID claim

```
I SMWND The CCA platform Implementation ID claim uniquely identifies the implementation of the CCA platform.
```

- INDVFBThe value of the CCA platform Implementation ID claim can be used by a verification service to locate the details<br/>of the CCA platform implementation from an endorser or manufacturer. Such details are used by a verification<br/>service to determine the security properties or certification status of the CCA platform implementation.
- $I_{RXPVW}$  The semantics of the CCA platform Implementation ID value are defined by the manufacturer or a particular certification scheme. For example, the ID could take the form of a product serial number, database ID, or other appropriate identifier.
- I<sub>SRPZY</sub> The CCA platform Implementation ID claim does not identify a particular instance of the CCA implementation.
- I<sub>NTCFY</sub> The CCA platform Implementation ID claim must be present in a CCA platform token.

```
I<sub>DHYDG</sub> The format of the CCA platform Implementation ID claim is defined as follows:
```

```
cca-platform-implementation-id-label = 2396 ; PSA implementation ID
cca-platform-implementation-id-type = bytes .size 32
```

```
cca-platform-implementation-id = (
    cca-platform-implementation-id-label => cca-platform-implementation-id-type
)
```

```
See also:
```

- Arm CCA Security model [4]
- A7.2.3.2.4 CCA platform Instance ID claim

## A7.2.3.2.4 CCA platform Instance ID claim

- I\_ZYRZB
   The CCA platform Instance ID claim represents the unique identifier of the Initial Attestation Key (IAK) for the CCA platform.
- $I_{XVLLN}$  The CCA platform Instance ID claim is identified using the EAT ueid label (256).
- $R_{\rm HVTNC}$  The first byte of the CCA platform Instance ID value must be  $0 \times 01$ .
- $\label{eq:stars} \mathbb{I}_{\text{ZNGDF}} \qquad \text{The CCA platform Instance ID claim must be present in a CCA platform token.}$

See also:

- Arm CCA Security model [4]
- A7.2.3.2.3 CCA platform Implementation ID claim

### A7.2.3.2.5 CCA platform config claim

 $\mathbb{I}_{\mathbb{WVQJT}}$  The CCA platform config claim describes the set of chosen implementation options of the CCA platform. As an example, these may include a description of the level of physical memory protection which is provided.

U<sub>GPXWX</sub> The CCA platform config claim is expected to contain the System Properties field which is present in the Root Non-volatile Storage (RNVS) public parameters.

 $I_{MJHQJ}$  The CCA platform config claim must be present in a CCA platform token.

See also:

• *RME system architecture spec* [12]

### A7.2.3.2.6 CCA platform lifecycle claim

| I <sub>sykfy</sub> | The CCA platform lifecycle claim identifies the lifecycle state of the CCA platform.                                                                                                                                                                                                                                                                                                                                                                                           |
|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| R <sub>NBFVV</sub> | The value of the CCA platform lifecycle claim is an integer which is divided as follows:                                                                                                                                                                                                                                                                                                                                                                                       |
|                    | <ul> <li>value[15:8]: CCA platform lifecycle state</li> <li>value[7:0]: IMPLEMENTATION DEFINED</li> </ul>                                                                                                                                                                                                                                                                                                                                                                      |
| I <sub>wfzhv</sub> | The CCA platform lifecycle claim must be present in a CCA platform token.                                                                                                                                                                                                                                                                                                                                                                                                      |
| I <sub>QFYLF</sub> | A non debugged CCA platform will be in psa-lifecycle-secured state. Realm Management Security Domain debug is always recoverable, and would therefore be represented by psa-lifecycle-non-psa-rot-debug state. Root world debug is recoverable on a HES system and would be represented by psa-lifecycle-recoverable-psa-rot state. On a non-HES system Root world debug is usually non-recoverable, and would be represented by psa-lifecycle-lifecycle-decommissioned state. |
| I <sub>HMZLL</sub> | The format of the CCA platform lifecycle claim is defined as follows:                                                                                                                                                                                                                                                                                                                                                                                                          |
|                    | cca-platform-lifecycle-label = 2395 ; PSA lifecycle                                                                                                                                                                                                                                                                                                                                                                                                                            |
|                    | cca-platform-lifecycle-unknown-type = 0x00000x00ff<br>cca-platform-lifecycle-assembly-and-test-type = 0x10000x10ff<br>cca-platform-lifecycle-cca-platform-rot-provisioning-type = 0x20000x20ff                                                                                                                                                                                                                                                                                 |

See also:

• Arm CCA Security model [4]

### A7.2.3.2.7 CCA platform software components claim

I<sub>PJCSC</sub> The CCA platform software components claim is a list of software components which can affect the behavior of the CCA platform. It is expected that an implementation will describe the expected software component values within the profile.

I<sub>TJTXG</sub> The CCA platform software components claim must be present in a CCA platform token.

```
I<sub>DPSKT</sub> The format of the CCA platform software components claim is defined as follows:
```

```
cca-platform-sw-components-label = 2399 ; PSA software components
cca-platform-sw-component = {
 ? 1 => text, ; component type
 2 => cca-hash-type, ; measurement value
 ? 4 => text, ; version
 5 => cca-hash-type, ; signer id
 ? 6 => text, ; hash algorithm identifier
}
cca-platform-sw-components = (
 cca-platform-sw-components-label => [ + cca-platform-sw-component ]
)
```

#### CCA platform software component type

I<sub>PDNCF</sub> The CCA platform software component type is a string which represents the role of the software component.

I<sub>TPSYF</sub> The CCA platform software component type is intended for use as a hint to help the relying party understand how to evaluate the CCA platform software component measurement value.

R<sub>RSNBH</sub> The CCA platform software component type is optional in a CCA platform token.

#### CCA platform software component measurement value

- $I_{RWDKD}$  The CCA platform software component measurement value represents a hash of the state of the software component in memory at the time it was initialized.
- R<sub>TVXRZ</sub> The CCA platform software component measurement value must be a hash of 256 bits or stronger.

| $R_{\rm LGBCM}$    | The CCA platform software component measurement value must be present in a CCA platform token.                                                                                                                                       |
|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                    | CCA platform software component version                                                                                                                                                                                              |
| I <sub>JVJFW</sub> | The CCA platform software component version is a text string whose meaning is defined by the software component vendor.                                                                                                              |
| R <sub>czrxb</sub> | The CCA platform software component version is optional in a CCA platform token.                                                                                                                                                     |
|                    | CCA platform software component signer ID                                                                                                                                                                                            |
| I <sub>DCDMR</sub> | The CCA platform software component signer ID is the hash of a signing authority public key for the software component. It can be used by a verifier to ensure that the software component was signed by an expected trusted source. |
| R <sub>PXRMC</sub> | The CCA platform software component signer ID value must be a hash of 256 bits or stronger.                                                                                                                                          |
| R <sub>XPHQC</sub> | The CCA platform software signer ID must be present in a CCA platform token.                                                                                                                                                         |
|                    | CCA platform software hash algorithm ID                                                                                                                                                                                              |
| I <sub>TQWZX</sub> | The CCA platform software hash algorithm ID identifies the way in which the hash algorithm used to measure the CCA platform software component.                                                                                      |
| I <sub>HHBHG</sub> | Arm recommends that the value of the CCA platform software hash algorithm ID is an IANA Hash Function name <i>IANA Hash Function Textual Names</i> [10].                                                                             |
| I <sub>NJYCM</sub> | Arm recommends that the hash algorithm used to measure the CCA platform software component is one of the algorithms listed in the <i>Arm CCA Security model</i> [4].                                                                 |
| I <sub>HPHCD</sub> | The CCA platform software hash algorithm ID is optional in a CCA platform token.                                                                                                                                                     |
|                    | A7.2.3.2.8 CCA platform verification service claim                                                                                                                                                                                   |
| I <sub>NSTDP</sub> | The CCA platform verification service claim is a hint which can be used by a relying party to locate a verifier for the token.                                                                                                       |
| I <sub>rzjsq</sub> | The value of the CCA platform verification service claim is a text string which can be used to locate the service or a URL specifying the address of the service.                                                                    |
| I <sub>MFYCX</sub> | The CCA platform verification service claim may be ignored by a relying party in favor of other information.                                                                                                                         |
| I <sub>MRSXY</sub> | The CCA platform verification service claim is optional in a CCA platform token.                                                                                                                                                     |
| I <sub>WRJSX</sub> | The format of the CCA platform verification service claim is defined as follows:                                                                                                                                                     |
|                    | <pre>cca-platform-verification-service-label = 2400 ; PSA verification service cca-platform-verification-service-type = text</pre>                                                                                                   |
|                    | <pre>cca-platform-verification-service = (     cca-platform-verification-service-label =&gt;         cca-platform-verification-service-type )</pre>                                                                                  |

## A7.2.3.2.9 CCA platform hash algorithm ID claim

- IVDEXMF
   The CCA platform hash algorithm ID claim identifies the algorithm used to calculate the extended measurements in the CCA platform token.
- IYRPYYArm recommends that the value of the CCA platform hash algorithm ID claim is an IANA Hash Function name<br/>IANA Hash Function Textual Names [10].

I<sub>TQSTK</sub> The CCA platform hash algorithm ID claim must be present in a CCA platform token.

I<sub>RKZJT</sub> The format of the CCA platform hash algorithm ID claim is defined as follows:

### A7.2.3.2.10 Collated CDDL for CCA platform claims

```
The format of the CCA platform token claim map is defined as follows:
D<sub>DVMJZ</sub>
          cca-platform-claims = (cca-platform-claim-map)
          cca-platform-claim-map = {
              cca-platform-profile
              cca-platform-challenge
              cca-platform-implementation-id
              cca-platform-instance-id
              cca-platform-config
              cca-platform-lifecycle
              cca-platform-sw-components
              ? cca-platform-verification-service
              cca-platform-hash-algo-id
          }
          cca-platform-profile-label = 265 ; EAT profile
          cca-profile-type = "http://arm.com/CCA-SSD/1.0.0"
          cca-platform-profile = (
              cca-platform-profile-label => cca-profile-type
          )
          cca-hash-type = bytes .size 32 / bytes .size 48 / bytes .size 64
          cca-platform-challenge-label = 10
          cca-platform-challenge = (
              cca-platform-challenge-label => cca-hash-type
          )
          cca-platform-implementation-id-label = 2396 ; PSA implementation ID
          cca-platform-implementation-id-type = bytes .size 32
          cca-platform-implementation-id = (
              cca-platform-implementation-id-label => cca-platform-implementation-id-type
          )
          cca-platform-instance-id-label = 256 ; EAT ueid
          ; TODO: require that the first byte of cca-platform-instance-id-type is 0x01
          ; EAT UEIDs need to be 7 - 33 bytes
          cca-platform-instance-id-type = bytes .size 33
          cca-platform-instance-id = (
              cca-platform-instance-id-label => cca-platform-instance-id-type
          )
          cca-platform-config-label = 2401 ; PSA platform range
                                            ; TBD: add to IANA registration
          cca-platform-config-type = bytes
          cca-platform-config = (
              cca-platform-config-label => cca-platform-config-type
          )
          cca-platform-lifecycle-label = 2395 ; PSA lifecycle
```

```
cca-platform-lifecycle-unknown-type = 0x0000..0x00ff
cca-platform-lifecycle-assembly-and-test-type = 0x1000..0x10ff
cca-platform-lifecycle-cca-platform-rot-provisioning-type = 0x2000..0x20ff
cca-platform-lifecycle-secured-type = 0x3000..0x30ff
cca-platform-lifecycle-non-cca-platform-rot-debug-type = 0x4000..0x40ff
cca-platform-lifecycle-recoverable-cca-platform-rot-debug-type = 0x5000..0x50ff
cca-platform-lifecycle-decommissioned-type = 0x6000..0x60ff
cca-platform-lifecycle-type =
    cca-platform-lifecycle-unknown-type /
    cca-platform-lifecycle-assembly-and-test-type /
    cca-platform-lifecycle-cca-platform-rot-provisioning-type /
    cca-platform-lifecycle-secured-type /
    cca-platform-lifecycle-non-cca-platform-rot-debug-type /
    cca-platform-lifecycle-recoverable-cca-platform-rot-debug-type /
    cca-platform-lifecycle-decommissioned-type
cca-platform-lifecycle = (
    cca-platform-lifecycle-label => cca-platform-lifecycle-type
)
cca-platform-sw-components-label = 2399 ; PSA software components
cca-platform-sw-component = {
                ; component type
  ? 1 => text,
   2 => cca-hash-type, ; measurement value
  ? 4 => text, ; version
    5 => cca-hash-type, ; signer id
  ? 6 => text,
                      ; hash algorithm identifier
}
cca-platform-sw-components = (
   cca-platform-sw-components-label => [ + cca-platform-sw-component ]
)
cca-platform-verification-service-label = 2400 ; PSA verification service
cca-platform-verification-service-type = text
cca-platform-verification-service = (
    cca-platform-verification-service-label =>
        cca-platform-verification-service-type
)
cca-platform-hash-algo-id-label = 2402 ; PSA platform range
                                       ; TBD: add to IANA registration
cca-platform-hash-algo-id = (
    cca-platform-hash-algo-id-label => text
)
```

#### A7.2.3.2.11 Example CCA platform claims

```
An example CCA platform claim map is shown below in COSE-DIAG format:
ITVHKL
    / CCA platform claim map /
    {
      / cca-platform-profile /
      265: "http://arm.com/CCA-SSD/1.0.0",
      / cca-platform-challenge /
      / cca-platform-implementation-id /
      / cca-platform-instance-id /
      ΒВ',
      / cca-platform-config /
      2401: h'CFCFCFCF',
      / cca-platform-lifecycle /
      2395: 12288,
      / cca-platform-sw-components /
      2399: [
       {
         / measurement value /
         / signer id /
         / version /
         4: "1.0.0",
         / hash algorithm identifier /
         6: "sha-256"
       },
       {
         / measurement value /
         / signer id /
         / version /
         4: "1.0.0",
         / hash algorithm identifier /
         6: "sha-256"
       }
      ],
```

# Chapter A7. Realm measurement and attestation A7.2. Realm attestation

```
/ cca-platform-verification-service /
2400: "https://cca_verifier.org",
/ cca-platform-hash-algo-id /
2402: "sha-256"
}
```

# Chapter A8 Realm debug and performance monitoring

This section describes the debug and performance monitoring features which are available to a Realm.

Chapter A8. Realm debug and performance monitoring A8.1. Realm PMU

# A8.1 Realm PMU

This section describes the programming model for usage of PMU by a Realm.

- R<sub>DNNQQ</sub> On REC entry, Realm PMU state is restored from the REC object.
- R<sub>LHRYJ</sub> On REC exit, all Realm PMU state is saved to the REC object.

R<sub>WXTZF</sub> On REC exit, exit.pmu\_ovf\_status indicates the status of the PMU overflow at the time of the Realm exit. See also:

- A3.1.5 Realm support for Performance Monitors Extension
- A4.3 REC exit
- B3.4.16 *RmiRecExit type*

Part B Interface

# Chapter B1 Commands

This chapter describes how RMM commands are defined in this specification.

Chapter B1. Commands B1.1. Overview

## **B1.1 Overview**

| R <sub>vzrkz</sub> | The RMM exposes the following interfaces to the Host:                                                                                                                    |
|--------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|                    | The Realm Management Interface (RMI)                                                                                                                                     |
| R <sub>NPLKX</sub> | The RMM exposes the following interfaces to a Realm:                                                                                                                     |
|                    | <ul> <li>The <i>Realm Services Interface</i> (RSI)</li> <li>The <i>Power State Coordination Interface</i> (PSCI)</li> </ul>                                              |
|                    | Any other SMC executed by a Realm returns SMCCC_NOT_SUPPORTED.                                                                                                           |
| I <sub>tkoxf</sub> | An RMM interface consists of a set of RMM commands.                                                                                                                      |
| I <sub>rtryt</sub> | An RMM interface is compliant with the SMC Calling Convention (SMCCC).                                                                                                   |
| R <sub>NNFPH</sub> | SMCCC version $\geq 1.2$ is required.                                                                                                                                    |
| X <sub>FDXJG</sub> | SMCCC version 1.2 increases the number of SMC64 arguments and return values from 4 to 17. Some RMM commands use more than 4 input or output values.                      |
| R <sub>vxjjq</sub> | On a CCA platform which implements FEAT_SVE, SMCCC version >= 1.3 is required.                                                                                           |
| X <sub>kcmsy</sub> | SMCCC version 1.3 introduces a bit in the FID which a caller can use to indicate that SVE state does not need to be preserved across the SMC call.                       |
| $R_{JNVJQ}$        | On a CCA platform which implements FEAT_SME, SMCCC version >= 1.4 is required.                                                                                           |
| X <sub>QXMZL</sub> | SMCCC version 1.4 adds support for preservation of SME state across an SMC call.                                                                                         |
| R <sub>kwmvx</sub> | An RMM command uses the SMC64 calling convention.                                                                                                                        |
| $S_{\text{DFNMZ}}$ | To determine whether an RMM interface is implemented, software should use the following flow:                                                                            |
|                    | 1. Determine whether the SMCCC_VERSION command is implemented, following the procedure described in <i>Arm SMC Calling Convention</i> [13].                              |
|                    | 2. Check that the SMCCC version is $\geq 1.1$ .                                                                                                                          |
|                    | 3. Execute the <interface>.Version command, which returns:</interface>                                                                                                   |
|                    | <ul> <li>SMCCC_NOT_SUPPORTED (-1) if <interface> is not implemented.</interface></li> <li>A version number (&gt;0) if <interface> is implemented.</interface></li> </ul> |
| R <sub>ybxkr</sub> | All data types defined in this specification are little-endian.                                                                                                          |
|                    | See also:                                                                                                                                                                |
|                    | <ul> <li>Chapter B3 Realm Management Interface</li> <li>Chapter B4 Realm Services Interface</li> <li>Chapter B5 Power State Control Interface</li> </ul>                 |

# **B1.2 Command definition**

 $I_{WBMVP}$  The definition of an RMM command consists of:

- A function identifier (FID)
- A set of *input values* (referred to as "arguments" in SMCCC)
- A set of *output values* (referred to as "results" in SMCCC)
- A set of *context values*
- A partially-ordered set of failure conditions
- A set of success conditions
- A set of *footprint items*

 $I_{GCVWC}$  Each failure condition, success condition and footprint item has an associated identifier. Identifiers are unique within each of the above groups, within each command.

An identifier has no meaning. It is only a label by which a given condition or footprint item can be referred to.

See also:

SMCCC Arm SMC Calling Convention [13]

#### B1.2.1 Example command

I<sub>NFVGF</sub> The following command, EXAMPLE\_ADD, is an example of how the components of an RMM command definition are presented in this document.

This command takes as an input value the address  $params_ptr$  of an NS Granule which contains two integer values x and y. On successful execution of the command:

- The output value sum contains the sum of x and y
- The output value zero indicates whether either of x or y is zero

EXAMPLE\_ADD is defined as follows:

#### Interface

FID

0x042

Input values

| Name       | Register | Field  | Туре    | Description      |
|------------|----------|--------|---------|------------------|
| fid        | X0       | [63:0] | UInt64  | Command FID      |
| params_ptr | X1       | [63:0] | Address | PA of parameters |

#### Context

The EXAMPLE\_ADD command operates on the following context.

| Name   | Туре          | Value              | Before | Description |
|--------|---------------|--------------------|--------|-------------|
| params | ExampleParams | Params(params_ptr) | false  | Parameters  |

#### **Output values**

| Name   | Register | Field  | Туре              | Description                    |
|--------|----------|--------|-------------------|--------------------------------|
| result | X0       | [15:0] | CommandReturnCode | Command return status          |
| sum    | Xl       | [63:0] | UInt64            | Sum of x and y                 |
| zero   | X2       | [63:0] | UInt64            | Whether either x or y was zero |

#### Failure conditions

| ID           | Condition                                                                                |
|--------------|------------------------------------------------------------------------------------------|
| params_align | <pre>pre: !AddrIsGranuleAligned(params_ptr) post: ResultEqual(result, ERROR_INPUT)</pre> |
| params_state | <pre>pre: Granule(params_ptr).state != NS post: ResultEqual(result, ERROR_MEMORY)</pre>  |

#### Success conditions

| ID   | Post-condition                                        |
|------|-------------------------------------------------------|
| sum  | <pre>sum == params.x + params.y</pre>                 |
| zero | <pre>zero == (params.x == 0)    (params.y == 0)</pre> |

# **B1.3 Command registers**

| D <sub>zdgnm</sub> | An FID is a value which identifies a particular RMM command.                                 |
|--------------------|----------------------------------------------------------------------------------------------|
| I <sub>mjqgk</sub> | The FID of an RMM command is unique among the RMM commands in an RMM interface.              |
| I <sub>rvpgy</sub> | An FID is read from general-purpose register X0.                                             |
| D <sub>XLSFS</sub> | An <i>input value</i> is a value read by an RMM command from general-purpose registers.      |
| D <sub>VCDCW</sub> | An output value is a value written by an RMM command to general-purpose registers.           |
| D <sub>CZLVJ</sub> | A command return code is a value which specifies whether an RMM command succeeded or failed. |
| I <sub>frzft</sub> | A command return code is written to general-purpose register X0.                             |

# **B1.4 Command condition expressions**

- D<sub>CHRYB</sub>
   A condition expression is an expression which evaluates to a boolean value.

   I<sub>BNPKQ</sub>
   Following expansion of macros, a condition expression is a valid expression in Arm Specification Language (ASL).

   See also:
  - Arm Specification Language Reference Manual [14]

• Chapter B2 Command condition functions

### B1.5 Command context values

- D<sub>DLBYC</sub> A *context value* is a value which is derived from the value of a command input register and which is used by a command condition expression.
- $I_{VKKKY}$  A context value can be thought of as a local variable for use by command condition expressions.

For example, consider the following example command condition expression:

!AddrIsGranuleAligned(RealmParams(params\_ptr).rtt\_base)

By introducing a context value params with the value RealmParams (params\_ptr), this command condition expression can be re-written as:

!AddrIsGranuleAligned(params.rtt\_base)

- $D_{QDFNW}$  The before property of a context value indicates whether its expression is re-evaluated after the command has executed.
  - before = true: the expression is not re-evaluated after the command has executed
  - before = false: the expression is re-evaluated after the command has executed
- $I_{LTLQN}$  Specifying before = true for a context value allows system state to be sampled before command execution, and then used after command execution in a command success condition.

For example, the RMI\_REALM\_DESTROY command takes as an input value the address rd of a Realm Descriptor. Successful execution of the command results observable effects including the following:

- The state of the RD Granule changes from RD to DELEGATED
- The state of the RTT base Granule, whose address was previously held in the RD, changes from RTT to DELEGATED

The address of the RTT base Granule is not included in the input values of the command.

A context value is defined as follows:

| Name     | Туре    | Value              | Before | Description      |
|----------|---------|--------------------|--------|------------------|
| rtt_base | Address | Realm(rd).rtt_base | true   | RTT base address |

The state change of the RTT Granule can then be expressed as:

```
Granule(rtt_base).state == DELEGATED
```

I<sub>YNDGD</sub> The *before* property of a context value has no effect if the value is only used in command failure conditions.

An *in-memory value* is a value passed to a command via an in-memory data structure, the address of which is passed in an input register.

I<sub>ZTYSS</sub> An in-memory value is a context value.

See also:

• B3.3.9 RMI\_REALM\_CREATE command

 $\mathsf{D}_{\mathsf{XBHPB}}$ 

# **B1.6 Command failure conditions**

| D <sub>DNQQC</sub> | An RMM command <i>failure condition</i> defines a way in which the command can fail.                                                                                                            |
|--------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| I <sub>GVBBZ</sub> | A failure condition consists of a pre-condition and a post-condition.                                                                                                                           |
| I <sub>WTSZH</sub> | A failure pre-condition can be thought of as the "trigger" of the failure: if the pre-condition is true then the command fails.                                                                 |
| I <sub>KJHNX</sub> | A failure post-condition can be thought of as the "effect" of the failure: if the command failed due to a particular trigger, then the post-condition defines the error code which is returned. |
| I <sub>CVTGY</sub> | A failure pre-condition is a condition expression whose terms can include input values and context values.                                                                                      |
| I <sub>hndnn</sub> | A failure post-condition is a condition expression whose terms can include input values and context values.                                                                                     |
| I <sub>KHJDY</sub> | Observability of the checking of command failure conditions is subject to a partial order.                                                                                                      |

An ordering relation "A precedes B" means either of the following:

- The pre-condition of B is well-formed only if the pre-condition of A is false. This is referred to as a *well-formedness ordering*.
- If the pre-conditions of *A* and *B* are both true, then the post-condition of *A* is observed. This is referred to as a *behavioral ordering*.

The absence of an ordering relation "A precedes B" means that, if the pre-conditions of A and B are both true then either the post-condition of A is observed or the post-condition of B is observed.

Orderings are specified between groups of failure conditions. For example, the expression [A, B] < [C, D] means that both conditions A and B precede both conditions C and D.

The same information is also presented graphically, with failure conditions represented as nodes and ordering relations represented as edges.



The specification does not state whether an individual ordering relation is a well-formedness ordering or a behavioral ordering.

I\_JMTTYA given implementation of the RMM is expected to have deterministic behavior. That is, for a runtime instance of<br/>the RMM in a particular state, two executions of a command without an interleaving of other commands, with the<br/>same input values, results in the same outcome (either success, or the same failure condition.)

#### Chapter B1. Commands B1.7. Command success conditions

| R <sub>WXZJJ</sub> | If a failure pre-condition evaluates to true then the corresponding failure post-condition evaluates to true. |
|--------------------|---------------------------------------------------------------------------------------------------------------|
| R <sub>ddgdw</sub> | If a failure pre-condition evaluates to true then the command is aborted.                                     |
| R <sub>tfzms</sub> | If a command fails then all output values except for X0 are UNDEFINED, unless stated otherwise.               |
| $R_{\rm VHFHD}$    | If no failure pre-condition evaluates to true then the command succeeds.                                      |

# B1.7 Command success conditions

D\_SZGNZAn RMM command success condition defines an observable effect of a successful execution of the command.I\_LZXHBA success condition is a condition expression whose terms can include input values, context values and output<br/>values.I\_NMCSFThe order in which success conditions are listed has no architectural significance.I\_NJQFGIf an RMM command succeeds then the return code is <Interface>\_SUCCESS.R\_MKRVVIf an RMM command succeeds then all of its success conditions evaluate to true.

# B1.8 Concrete and abstract types

D<sub>0001</sub> A *concrete type* is a type which has a defined encoding.

Examples of concrete types include:

- An integer which has a defined bit width.
- An enumeration within which each label is associated with a unique binary value.
- A struct which has a defined width, and within which each member has a defined position. The type of each member of a concrete struct is a concrete type.
- I<sub>0002</sub> Concrete types are used to define command input values and output values.
- D<sub>0003</sub> An *abstract type* is a type which does not have a defined encoding.

Examples of concrete types include:

- An integer which does not have a defined bit width.
- An enumeration which has a set of labels, but which does not define a binary value for each label.
- A struct which has a set of members, but which does not define a struct width nor a position for each member. The type of each member of an abstract struct is an abstract type.

#### $I_{0004}$ Abstract types are used to model the internal state of the RMM.

IA command failure condition or success condition may need to test for logical equality between a concrete type<br/>and a corresponding abstract type. For example, the command may set the value of an internal RMM variable to<br/>match the value of a command input. To enable such comparisons, the specification defines an Equal() function<br/>for each pair of corresponding concrete and abstract types.

See also:

• B2.11 Equal function

# **B1.9 Command footprint**

D<sub>ZDJDB</sub> The *footprint* of an RMM command defines the set of state items which successful execution of the command can modify.

# Chapter B1. Commands B1.9. Command footprint

| I <sub>XMZYS</sub> | The footprint of an RMM command may include state items which are not modified by successful execution of the command.                                                    |
|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| I <sub>RWQMJ</sub> | If an RMM command changes the state of a Granule then the footprint typically does not include all attributes of the object which is created or destroyed.                |
|                    | For example, the footprint of RMI_REALM_CREATE includes the state of the RD Granule, but does not include attributes of the newly-created Realm.                          |
| $R_{WZYBV}$        | Except for items in the footprint of an RMM command and registers in the output values of the RMM command, execution of the command does not have any observable effects. |

# Chapter B2 Command condition functions

This chapter describes functions which are used in command condition expressions.

See also:

• B1.4 Command condition expressions

## **B2.1 AddrInRange function**

Returns TRUE if addr is within [base, base+size].

### **B2.2 AddrlsAligned function**

Returns TRUE if address addr is aligned to an n byte boundary.

```
func AddrIsAligned(
    addr : Address,
    n : integer) => boolean
```

# B2.3 AddrlsGranuleAligned function

Returns TRUE if address addr is aligned to the size of a Granule.

```
func AddrIsGranuleAligned(
    addr : Address) => boolean
func AddrIsGranuleAligned(
    addr : integer) => boolean
```

See also:

• A2.2 Granule

# **B2.4 AddrlsProtected function**

Returns TRUE if address addr is a Protected IPA for realm.

```
func AddrIsProtected(
    addr : Address,
    realm : RmmRealm) => boolean
begin
    return UInt(addr) < 2^(realm.ipa_width - 1);
end</pre>
```

# B2.5 AddrlsRttLevelAligned function

Returns TRUE if Address addr is aligned to the size of the address range described by an RTTE in a level level RTT.

Returns FALSE if level is invalid.

```
func AddrIsRttLevelAligned(
    addr : Address,
    level : integer) => boolean
```

# B2.6 AddrRangelsProtected function

Returns TRUE if all addresses in range [base, top) are Protected IPAs for realm.

# B2.7 AlignDownToRttLevel function

Round down addr to align to the size of the address range described by an RTTE in a level level RTT.

```
func AlignDownToRttLevel(
    addr : Address,
    level : integer) => Address
```

# B2.8 AlignUpToRttLevel function

Round up addr to align to the size of the address range described by an RTTE in a level level RTT.

```
func AlignUpToRttLevel(
    addr : Address,
    level : integer) => Address
```

#### **B2.9 CurrentRealm function**

Returns the current Realm.

func CurrentRealm() => RmmRealm

### **B2.10 CurrentRec function**

Returns the current REC.

func CurrentRec() => RmmRec

#### **B2.11 Equal function**

Check whether concrete and abstract values are equal

```
func Equal(
    abstract : RmmHashAlgorithm,
    concrete : RmiHashAlgorithm) => boolean
func Equal(
    concrete : RmiHashAlgorithm,
    abstract : RmmHashAlgorithm) => boolean
func Equal(
   abstract : RmmRecRunnable,
    concrete : RmiRecRunnable) => boolean
func Equal(
    concrete : RmiRecRunnable,
    abstract : RmmRecRunnable) => boolean
func Equal(
   abstract : RmmRipas,
   concrete : RmiRipas) => boolean
func Equal(
   concrete : RmiRipas,
    abstract : RmmRipas) => boolean
func Equal(
   abstract : RmmHashAlgorithm,
   concrete : RsiHashAlgorithm) => boolean
```

```
func Equal(
    concrete : RsiHashAlgorithm,
    abstract : RmmHashAlgorithm) => boolean

func Equal(
    abstract : RmmRipas,
    concrete : RsiRipas) => boolean

func Equal(
    concrete : RsiRipas) => boolean

func Equal(
    abstract : RmmRipasChangeDestroyed,
    concrete : RsiRipasChangeDestroyed) => boolean

func Equal(
    concrete : RsiRipasChangeDestroyed,
    abstract : RmmRipasChangeDestroyed,
    abstract : RmmRipasChangeDestroyed) => boolean
```

See also:

• B1.8 Concrete and abstract types

### B2.12 Gicv3ConfigIsValid function

Returns TRUE if the values of all gicv3\_\* attributes are valid.

```
func Gicv3ConfigIsValid(
    gicv3_hcr : bits(64),
    gicv3_lrs : array [16] of bits(64)) => boolean
```

See also:

- A6.1 Realm interrupts
- B3.4.14 *RmiRecEnter type*

#### B2.13 Granule function

Returns the Granule located at physical address addr.

```
func Granule(
    addr : Address) => RmmGranule
```

See also:

• A2.2 Granule

### **B2.14 MinAddress function**

Returns the smaller of two addresses.

```
func MinAddress(
    addr1 : Address,
    addr2 : Address) => Address
begin
```

```
return ToAddress(Min(UInt(addr1), UInt(addr2)));
end
```

# **B2.15 MpidrEqual function**

Returns TRUE if the specified MPIDR values are logically equivalent.

```
func MpidrEqual(
    rmm_mpidr : bits(64),
    rmi_mpidr : RmiRecMpidr) => boolean
begin
    return (rmm_mpidr[ 3: 0] == rmi_mpidr.aff0
         && rmm_mpidr[15: 8] == rmi_mpidr.aff1
         && rmm_mpidr[23:16] == rmi_mpidr.aff2
         && rmm_mpidr[31:24] == rmi_mpidr.aff3);
end
```

## B2.16 MpidrIsUsed function

Returns TRUE if the specified MPIDR value identifies a REC in the current Realm.

```
func MpidrIsUsed(
    mpidr : bits(64)) => boolean
```

## **B2.17** PalsDelegable function

Returns TRUE if the Granule located at physical address addr is delegable.

```
func PaIsDelegable(
    addr : Address) => boolean
```

### B2.18 PsciReturnCodeEncode function

Return encoding for a PsciReturnCode value.

```
func PsciReturnCodeEncode(
    value : PsciReturnCode) => bits(64)
```

### B2.19 PsciReturnCodePermitted function

Whether a PSCI return code is permitted.

```
func PsciReturnCodePermitted(
    calling_rec : RmmRec,
    target_rec : RmmRec,
    value : PsciReturnCode) => boolean
begin
    if value == PSCI_SUCCESS then
        return TRUE;
    end
    var fid : bits(64) = calling_rec.gprs[0];
    // Host is permitted to deny a PSCI_CPU_ON request, if the target
    // CPU is not already on.
```

See also:

- A4.3.7 REC exit due to PSCI
- B3.3.7 RMI\_PSCI\_COMPLETE command

### **B2.20 ReadMemory function**

Read contents of memory at address range [addr + offset, addr + offset + size)

offset and size are both numbers of bytes.

```
func ReadMemory(
    addr : bits(64),
    offset : integer,
    size : integer) => bits(size * 8)
```

### **B2.21 Realm function**

Returns the Realm whose RD is located at physical address addr.

```
func Realm(
    addr : Address) => RmmRealm
```

See also:

```
• A2.1 Realm
```

# B2.22 RealmConfig function

Returns Realm configuration stored at IPA addr, mapped in the current Realm.

```
func RealmConfig(
    addr : Address) => RsiRealmConfig
```

# B2.23 RealmHostCall function

Returns Host call data stored at IPA addr, mapped in the current Realm.

```
func RealmHostCall(
    addr : Address) => RsiHostCall
```

# B2.24 RealmIsLive function

Returns TRUE if the Realm whose RD is located at physical address addr is live.

```
func RealmIsLive(
    addr : Address) => boolean
```

See also:

• A2.1.4 Realm liveness

### **B2.25 RealmParams function**

Returns Realm parameters stored at physical address addr.

If the PAS of addr is not NS, the return value is UNKNOWN.

```
func RealmParams(
    addr : Address) => RmiRealmParams
```

See also:

• A2.1.6 Realm parameters

#### B2.26 RealmParamsSupported function

Returns TRUE if the Realm parameters are supported by the implementation.

```
func RealmParamsSupported(
    value : RmiRealmParams) => boolean
```

### B2.27 Rec function

Returns the REC object located at physical address addr.

```
func Rec(
    addr : Address) => RmmRec
```

See also:

• A2.3 Realm Execution Context

#### **B2.28 RecAuxAlias function**

Returns TRUE if any of the first count entries in a list of REC auxiliary Granule addresses are aliased - either among themselves, or with the REC address itself.

```
func RecAuxAlias(
    rec : Address,
    aux : array [16] of Address,
    count : integer) => boolean
begin
    assert 0 <= count && count <= 16;
    var sorted = RecAuxSort(aux, count);
    for i = 0 to count - 1 do
        if sorted[i] == rec then
            return TRUE;
        end</pre>
```

```
if i >= 1 && sorted[i] == sorted[i - 1] then
        return TRUE;
    end
    end
    return FALSE;
end
```

## **B2.29 RecAuxAligned function**

Returns TRUE if the first count entries in a list of REC auxiliary Granule addresses are aligned to the size of a Granule.

```
func RecAuxAligned(
    aux : array [16] of Address,
    count : integer) => boolean
begin
    assert 0 <= count && count <= 16;
    for i = 0 to count - 1 do
        if !AddrIsGranuleAligned(aux[i]) then
            return FALSE;
        end
    end
    return TRUE;
end</pre>
```

### B2.30 RecAuxCount function

Returns the number of auxiliary Granules required for a REC in the Realm described by rd.

func RecAuxCount(
 rd : Address) => integer

### **B2.31 RecAuxEqual function**

Returns TRUE if the first count entries in two lists of REC auxiliary Granule addresses are equal.

```
func RecAuxEqual(
    aux1 : array [16] of Address,
    aux2 : array [16] of Address,
    count : integer) => boolean
begin
    assert 0 <= count && count <= 16;
    for i = 0 to count - 1 do
        if aux1[i] != aux2[i] then
            return FALSE;
        end
    end
    return TRUE;
end</pre>
```

#### **B2.32 RecAuxSort function**

Sort first count entries in array of auxiliary Granule addresses.

```
func RecAuxSort(
    addrs : array [16] of Address,
```

```
count : integer) => array [16] of Address
```

# B2.33 RecAuxStateEqual function

Returns TRUE if the state of the first count entries in a list of REC auxiliary Granule addresses is equal to state.

### **B2.34 RecAuxStates function**

Inductive function which identifies the states of the first count entries in a list of REC auxiliary Granules.

This function is used in the definition of command footprint.

```
func RecAuxStates(
    aux : array [16] of Address,
    count : integer)
```

# B2.35 RecFromMpidr function

Returns the REC object identified by the specified MPIDR value, in the current Realm.

```
func RecFromMpidr(
    mpidr : bits(64)) => RmmRec
```

# **B2.36 RecIndex function**

Returns the REC index which corresponds to mpidr.

See also:

• A2.3.3 REC index and MPIDR value

Chapter B2. Command condition functions B2.37. RecParams function

### B2.37 RecParams function

Returns REC parameters stored at physical address addr.

If the PAS of addr is not NS, the return value is UNKNOWN.

```
func RecParams(
    addr : Address) => RmiRecParams
```

#### B2.38 RecRipasChangeResponse function

```
Returns response to RIPAS change request.
```

See also:

• A5.4 RIPAS change

### B2.39 RecRun function

Returns the RecRun object stored at physical address addr.

```
func RecRun(
    addr : Address) => RmiRecRun
```

See also:

- A4.2 REC entry
- A4.3 REC exit

### **B2.40 RemExtend function**

Extend REM, using size LSBs from new\_value, with the remaining bits zero-padded to form a 512-bit value.

```
func RemExtend(
    hash_algo : RmmHashAlgorithm,
    old_value : RmmRealmMeasurement,
    new_value : RmmRealmMeasurement,
    size : integer) => RmmRealmMeasurement
```

See also:

• A7.1.2 Realm Extensible Measurement

Chapter B2. Command condition functions B2.41. ResultEqual function

# **B2.41 ResultEqual function**

Returns TRUE if command result matches the stated value.

```
func ResultEqual(
    result : RmiCommandReturnCode,
    status : RmiStatusCode) => boolean
func ResultEqual(
    result : RmiCommandReturnCode,
    status : RmiStatusCode,
    index : integer) => boolean
```

### B2.42 RimExtendData function

Extend RIM with contribution from DATA creation.

```
func RimExtendData(
    realm : RmmRealm,
    ipa : Address,
    data : Address,
    flags : RmiDataFlags) => RmmRealmMeasurement
```

See also:

• B3.3.1.4 RMI\_DATA\_CREATE extension of RIM

#### B2.43 RimExtendRec function

Extend RIM with contribution from REC creation.

```
func RimExtendRec(
    realm : RmmRealm,
    params : RmiRecParams) => RmmRealmMeasurement
```

See also:

• B3.3.12.4 RMI\_REC\_CREATE extension of RIM

### **B2.44 RimExtendRipas function**

Extend RIM with contribution from RIPAS change for an IPA range.

```
func RimExtendRipas(
    realm : RmmRealm,
    base : Address,
    top : Address,
    level : integer) => RmmRealmMeasurement
begin
    var rim = realm.measurements[0];
    var size = RttLevelSize(level);
    var addr = base;
    while (UInt(addr) < UInt(top)) do
        rim = RimExtendRipasForEntry(rim, addr, level);
        addr = ToAddress(UInt(addr) + size);</pre>
```

end

```
return rim;
end
```

See also:

• B3.3.18.4 RMI\_RTT\_INIT\_RIPAS extension of RIM

#### B2.45 RimExtendRipasForEntry function

Extend RIM with contribution from RIPAS change for a single RTT entry.

```
func RimExtendRipasForEntry(
    rim : RmmRealmMeasurement,
    ipa : Address,
    level : integer) => RmmRealmMeasurement
```

#### B2.46 RimInit function

#### Initialize RIM.

```
func RimInit(
    hash_algo : RmmHashAlgorithm,
    params : RmiRealmParams) => RmmRealmMeasurement
```

See also:

• B3.3.9.4 RMI\_REALM\_CREATE initialization of RIM

#### B2.47 RmiRealmParamsIsValid function

Returns TRUE if the memory location contains a valid encoding of the RmiRealmParams type.

```
func RmiRealmParamsIsValid(
    addr : Address) => boolean
```

#### B2.48 Rtt function

Returns the RTT at address rtt.

func Rtt(
 addr : Address) => RmmRtt

#### **B2.49 RttAllEntriesContiguous function**

Returns TRUE if all entries in the RTT at address rtt at level level have contiguous output addresses, starting with addr.

```
func RttAllEntriesContiguous(
    rtt : RmmRtt,
    addr : Address,
    level : integer) => boolean
```

See also:

• A5.5 Realm Translation Table

# B2.50 RttAllEntriesRipas function

Returns TRUE if all entries in the RTT at address rtt have RIPAS ripas.

```
func RttAllEntriesRipas(
    rtt : RmmRtt,
    ripas : RmmRipas) => boolean
```

# **B2.51 RttAllEntriesState function**

Returns TRUE if all entries in the RTT at address rtt have state state.

```
func RttAllEntriesState(
    rtt : RmmRtt,
    state : RmmRttEntryState) => boolean
```

See also:

• A5.5 Realm Translation Table

# B2.52 RttConfigIsValid function

Returns TRUE if the RTT configuration values provided are self-consistent and are supported by the platform.

```
func RttConfigIsValid(
    ipa_width : integer,
    rtt_level_start : integer,
    rtt_num_start : integer) => boolean
```

See also:

• A5.5 Realm Translation Table

# B2.53 RttDescriptorIsValidForUnprotected function

Returns TRUE if, within the descriptor desc, all of the following are true:

- All fields which are Host-controlled RTT attributes are set to architecturally valid values.
- All fields which are not Host-controlled RTT attributes are set to zero.

```
func RttDescriptorIsValidForUnprotected(
    desc : bits(64)) => boolean
```

See also:

• A5.5.11 RTT entry attributes

# B2.54 RttEntriesInRangeRipas function

 $Returns \ TRUE \ if \ all \ entries \ in \ the \ RTT \ at \ address \ {\tt rtt} \ at \ level \ {\tt level}, \ within \ IPA \ range \ [base, \ top), \ have \ RIPAS$ 

#### ripas.

```
func RttEntriesInRangeRipas(
   rtt : RmmRtt,
   level : integer,
   base : Address,
   top : Address,
   ripas : RmmRipas) => boolean
```

#### **B2.55 RttEntry function**

Returns the ith entry in the RTT at address rtt.

```
func RttEntry(
    addr : Address,
    i : integer) => RmmRttEntry
```

See also:

• A5.5 Realm Translation Table

### B2.56 RttEntryFromDescriptor function

Converts a descriptor to an RmmRttEntry object.

```
func RttEntryFromDescriptor(
    desc : bits(64)) => RmmRttEntry
```

# **B2.57 RttEntryIndex function**

Returns the index of the entry in a level level RTT which is identified by addr.

```
func RttEntryIndex(
    addr : Address,
    level : integer) => integer
```

See also:

• A5.5 Realm Translation Table

### B2.58 RttEntryState function

Encodes the state of an RTTE.

```
func RttEntryState(
    state : RmmRttEntryState) => RmiRttEntryState
begin
    case state of
        when UNASSIGNED => return RMI_UNASSIGNED;
        when ASSIGNED => return RMI_ASSIGNED;
        when UNASSIGNED_NS => return RMI_UNASSIGNED;
        when ASSIGNED_NS => return RMI_ASSIGNED;
        when TABLE => return RMI_TABLE;
    end
end
```

Chapter B2. Command condition functions B2.59. RttFold function

### B2.59 RttFold function

Returns the RTTE which results from folding the homogeneous RTT at address rtt.

```
func RttFold(
    rtt : RmmRtt) => RmmRttEntry
```

See also:

• A5.5.6 *RTT folding* 

#### B2.60 RttlsHomogeneous function

Returns TRUE if the RTT at address rtt is homogeneous.

```
func RttIsHomogeneous(
    rtt : RmmRtt) => boolean
```

See also:

• A5.5.6 RTT folding

#### **B2.61 RttlsLive function**

Returns TRUE if the RTT at address rtt is live.

func RttIsLive(
 rtt : RmmRtt) => boolean

See also:

- A5.5.8 RTTE liveness and RTT liveness
- A5.5.9 *RTT destruction*

#### B2.62 RttLevellsBlockOrPage function

Returns TRUE if level is either a block or page RTT level for the Realm described by rd.

```
func RttLevelIsBlockOrPage(
   rd : Address,
   level : integer) => boolean
```

See also:

• A5.5 Realm Translation Table

# B2.63 RttLevellsStarting function

Returns TRUE if level is the starting level of the RTT for the Realm described by rd.

```
func RttLevelIsStarting(
   rd : Address,
   level : integer) => boolean
```

See also:

• A5.5 Realm Translation Table

#### B2.64 RttLevellsValid function

Returns TRUE if level is a valid RTT level for the Realm described by rd.

```
func RttLevelIsValid(
  rd : Address,
  level : integer) => boolean
```

See also:

• A5.5 Realm Translation Table

### B2.65 RttLevelSize function

Returns the size of the address space described by each entry in an RTT at level.

If level is invalid, the return value is UNKNOWN.

```
func RttLevelSize(
    level : integer) => integer
```

See also:

• A5.5 Realm Translation Table

### B2.66 RttsAllProtectedEntriesRipas function

Returns TRUE if the RIPAS of all entries identified by Protected IPAs in all of the starting-level RTT Granules is equal to ripas.

```
func RttsAllProtectedEntriesRipas(
    rtt_base : Address,
    rtt_num_start : integer,
    ripas : RmmRipas) => boolean
```

### B2.67 RttsAllProtectedEntriesState function

Returns TRUE if the state of all entries identified by Protected IPAs in all of the starting-level RTT Granules is equal to state.

```
func RttsAllProtectedEntriesState(
    rtt_base : Address,
    rtt_num_start : integer,
    state : RmmRttEntryState) => boolean
```

# B2.68 RttsAllUnprotectedEntriesState function

Returns TRUE if the state of all entries identified by Unprotected IPAs in all of the starting-level RTT Granules is equal to state.

```
func RttsAllUnprotectedEntriesState(
    rtt_base : Address,
    rtt_num_start : integer,
    state : RmmRttEntryState) => boolean
```

# B2.69 RttsGranuleState function

Inductive function which identifies the states of the starting-level RTT Granules.

This function is used in the definition of command footprint.

```
func RttsGranuleState(
    rtt_base : Address,
    rtt_num_start : integer)
```

### B2.70 RttSkipEntriesUnlessRipas function

Scanning rtt starting from ipa, returns the IPA of the first entry whose RIPAS is ripas.

If no entry is found whose RIPAS is ripas, returns the next IPA after the last entry in rtt.

The return value is aligned to the size of the address range described by an entry at RTT level.

```
func RttSkipEntriesUnlessRipas(
    rtt : RmmRtt,
    level : integer,
    ipa : Address,
    ripas : RmmRipas) => Address
```

### B2.71 RttSkipEntriesUnlessState function

Scanning rtt starting from ipa, returns the IPA of the first entry whose state is state.

If no entry is found whose state is state, returns the next IPA after the last entry in rtt.

The return value is aligned to the size of the address range described by an entry at RTT level.

```
func RttSkipEntriesUnlessState(
   rtt : RmmRtt,
   level : integer,
   ipa : Address,
   state : RmmRttEntryState) => Address
```

### B2.72 RttSkipEntriesWithRipas function

Scan rtt starting from base and terminating at top.

- If stop\_at\_destroyed is FALSE then return IPA of the first entry whose state is TABLE.
- If stop\_at\_destroyed is TRUE then return IPA of the first entry whose state is TABLE or whose RIPAS is DESTROYED.

If no such entry is found, returns the smaller of:

- The next IPA after the last entry in rtt
- The top argument.

The return value is aligned to the size of the address range described by an entry at RTT level.

```
func RttSkipEntriesWithRipas(
    rtt : RmmRtt,
    level : integer,
    base : Address,
    top : Address,
    stop_at_destroyed : boolean) => Address
begin
    var result : Address = RttSkipEntriesUnlessState(
                rtt, level, base, TABLE);
    if stop_at_destroyed then
        result = MinAddress(result,
            RttSkipEntriesUnlessRipas(
                rtt, level, base, DESTROYED));
    end
    result = MinAddress(result, top);
    return AlignDownToRttLevel(result, level);
end
```

## B2.73 RttSkipNonLiveEntries function

Scanning rtt starting from ipa, returns the IPA of the first live entry.

If no live entry is found, returns the next IPA after the last entry in rtt.

The return value is aligned to the size of the address range described by an entry at RTT level.

See also:

• A5.5.8 RTTE liveness and RTT liveness

### B2.74 RttsStateEqual function

Returns TRUE if the state of all of the starting-level RTT Granules is equal to state.

# Chapter B2. Command condition functions B2.75. RttWalk function

#### B2.75 RttWalk function

Returns the result of an RTT walk from the RTT base of rd to address addr.

If level is provided, the walk terminates at level.

```
func RttWalk(
   rd : Address,
   addr : Address) => RmmRttWalkResult
```

```
func RttWalk(
   rd : Address,
   addr : Address,
   level : integer) => RmmRttWalkResult
```

See also:

• A5.5.10 RTT walk

# **B2.76 ToAddress function**

Convert integer to Address.

```
func ToAddress(value : integer) => Address
begin
    return value[(ADDRESS_WIDTH-1):0];
end
```

# B2.77 ToBits64 function

Convert integer to Bits64.

```
func ToBits64(value : integer) => bits(64)
begin
    return value[63:0];
end
```

# B2.78 VmidIsFree function

Returns TRUE if vmid is unused.

```
func VmidIsFree(
    vmid : bits(16)) => boolean
```

# B2.79 VmidlsValid function

Returns TRUE if vmid is valid on the platform.

func VmidIsValid(
 vmid : bits(16)) => boolean

If the underlying hardware platform does not implement FEAT\_VMID16 then a VMID value with vmid[15:8] != 0 is invalid.

See also:

- A2.1.3 Realm attributes
- B3.3.9 RMI\_REALM\_CREATE command

# Chapter B3 Realm Management Interface

This chapter defines the interface used by the Host to manage Realms.

## **B3.1 RMI version**

R<sub>NCFDX</sub> This specification defines version 1.0 of the Realm Management Interface.

See also:

• B3.3.23 RMI\_VERSION command

### B3.2 RMI command return codes

| I <sub>JOMBN</sub> | The return code of an RMI command is a tuple which contains <i>status</i> and <i>index</i> fields. |
|--------------------|----------------------------------------------------------------------------------------------------|
| 0 QLIDIN           |                                                                                                    |

I<sub>YCHQV</sub> The *status* field of an RMI command return code indicates whether the command

- succeeded, or
- failed, and the reason for the failure.
- I<sub>PPNST</sub> If an RMI command succeeds then the status of its return code is RMI\_SUCCESS.
- $I_{MBVPG}$  The *index* field of an RMI command return code can provide additional information about the reason for a command failure. The meaning of the index field depends on the status, and is described by the following table.

| Status          | Description                                                                                              | Meaning of index                                                  |
|-----------------|----------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------|
| RMI_SUCCESS     | Command completed successfully                                                                           | None: index is zero.                                              |
| RMI_ERROR_INPUT | The value of a command input value caused the command to fail                                            | None: index is zero.                                              |
| RMI_ERROR_REALM | An attribute of a Realm does not match the expected value                                                | Varies between usages.<br>See individual commands<br>for details. |
| RMI_ERROR_REC   | An attribute of a REC does not match the expected value                                                  | None: index is zero.                                              |
| RMI_ERROR_RTT   | An RTT walk terminated before reaching the target RTT level, or reached an RTTE with an unexpected value | RTT level at which the walk terminated.                           |

 $I_{QQQNB}$  Multiple failure conditions in an RMI command may return the same error code - that is, the same status and index values.

R<sub>XRDYQ</sub> If an input to an RMI command uses an invalid encoding then the command fails and returns RMI\_ERROR\_INPUT.

Command inputs include registers and in-memory data structures.

Invalid encodings include:

• using a reserved encoding in an enumeration

See also:

• B3.4.1 RmiCommandReturnCode type

Chapter B3. Realm Management Interface B3.3. RMI commands

### B3.3 RMI commands

The following table summarizes the FIDs of commands in the RMI interface.

| FID        | Command                   |  |
|------------|---------------------------|--|
| 0xC4000153 | RMI_DATA_CREATE           |  |
| 0xC4000154 | RMI_DATA_CREATE_UNKNOWN   |  |
| 0xC4000155 | RMI_DATA_DESTROY          |  |
| 0xC4000165 | RMI_FEATURES              |  |
| 0xC4000151 | RMI_GRANULE_DELEGATE      |  |
| 0xC4000152 | RMI_GRANULE_UNDELEGATE    |  |
| 0xC4000164 | RMI_PSCI_COMPLETE         |  |
| 0xC4000157 | RMI_REALM_ACTIVATE        |  |
| 0xC4000158 | RMI_REALM_CREATE          |  |
| 0xC4000159 | RMI_REALM_DESTROY         |  |
| 0xC4000167 | RMI_REC_AUX_COUNT         |  |
| 0xC400015A | RMI_REC_CREATE            |  |
| 0xC400015B | RMI_REC_DESTROY           |  |
| 0xC400015C | RMI_REC_ENTER             |  |
| 0xC400015D | RMI_RTT_CREATE            |  |
| 0xC400015E | RMI_RTT_DESTROY           |  |
| 0xC4000166 | RMI_RTT_FOLD              |  |
| 0xC4000168 | RMI_RTT_INIT_RIPAS        |  |
| 0xC400015F | RMI_RTT_MAP_UNPROTECTED   |  |
| 0xC4000161 | RMI_RTT_READ_ENTRY        |  |
| 0xC4000169 | RMI_RTT_SET_RIPAS         |  |
| 0xC4000162 | RMI_RTT_UNMAP_UNPROTECTED |  |
| 0xC4000150 | RMI_VERSION               |  |

# B3.3.1 RMI\_DATA\_CREATE command

Creates a Data Granule, copying contents from a Non-secure Granule provided by the caller.

See also:

- Chapter A5 Realm memory management
- B3.3.3 RMI\_DATA\_DESTROY command
- D1.2.3 Initialize memory of New Realm flow

#### B3.3.1.1 Interface

#### B3.3.1.1.1 Input values

| Name  | Register | Bits | Туре         | Description                                                 |
|-------|----------|------|--------------|-------------------------------------------------------------|
| fid   | X0       | 63:0 | UInt64       | <b>FID, value</b> 0xC4000153                                |
| rd    | X1       | 63:0 | Address      | PA of the RD for the target Realm                           |
| data  | X2       | 63:0 | Address      | PA of the target Data                                       |
| ipa   | X3       | 63:0 | Address      | IPA at which the Granule will be mapped in the target Realm |
| src   | X4       | 63:0 | Address      | PA of the source Granule                                    |
| flags | X5       | 63:0 | RmiDataFlags | Flags                                                       |

#### B3.3.1.1.2 Context

The RMI\_DATA\_CREATE command operates on the following context.

| Name      | Туре             | Value                                       | Before | Description     |
|-----------|------------------|---------------------------------------------|--------|-----------------|
| realm     | RmmRealm         | Realm(rd)                                   | true   | Realm           |
| walk      | RmmRttWalkResult | RttWalk(<br>rd, ipa,<br>RMM_RTT_PAGE_LEVEL) | false  | RTT walk result |
| entry_idx | UInt64           | RttEntryIndex(<br>ipa, walk.level)          | false  | RTTE index      |

#### B3.3.1.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

# B3.3.1.2 Failure conditions

| ID          | Condition                                                                                               |
|-------------|---------------------------------------------------------------------------------------------------------|
| src_align   | <pre>pre: !AddrIsGranuleAligned(src) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                   |
| src_bound   | <pre>pre: !PaIsDelegable(src) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                          |
| src_pas     | <pre>pre: Granule(src).pas != NS post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                       |
| data_align  | <pre>pre: !AddrIsGranuleAligned(data) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                  |
| data_bound  | <pre>pre: !PaIsDelegable(data) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                         |
| data_state  | <pre>pre: Granule(data).state != DELEGATED post: ResultEqual(result, RMI_ERROR_INPUT)</pre>             |
| rd_align    | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                    |
| rd_bound    | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                           |
| rd_state    | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                      |
| ipa_align   | <pre>pre: !AddrIsGranuleAligned(ipa) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                   |
| ipa_bound   | <pre>pre: !AddrIsProtected(ipa, realm) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                 |
| realm_state | pre: realm.state != NEW<br>post: ResultEqual(result, RMI_ERROR_REALM)                                   |
| rtt_walk    | <pre>pre: walk.level &lt; RMM_RTT_PAGE_LEVEL post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre> |
| rtte_state  | <pre>pre: walk.rtte.state != UNASSIGNED post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>      |
| rtte_ripas  | <pre>pre: walk.rtte.ripas != RAM post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>             |

#### B3.3.1.2.1 Failure condition ordering

```
[rd_bound, rd_state] < [realm_state]
[rd_bound, rd_state] < [rtt_walk, rtte_state, rtte_ripas]
[ipa_bound] < [rtt_walk, rtte_state, rtte_ripas]</pre>
```

(ipa\_align) (rd\_align) (data\_state) (data\_bound) (data\_align) (src\_pas) (src\_bound) (rd\_state) (rd\_bound) (rd\_ (ipa\_bound -\_\_\_\_ \_\_\_\_ realm\_state tre\_ripas rtte\_state rtt\_walk RMI\_ERROR\_REALM

| B3.3.1.3 | Success | conditions |
|----------|---------|------------|
|----------|---------|------------|

| ID         | Condition                                                                           |  |  |  |
|------------|-------------------------------------------------------------------------------------|--|--|--|
| data_state | <pre>Granule(data).state == DATA</pre>                                              |  |  |  |
| rtte_state | <pre>walk.rtte.state == ASSIGNED</pre>                                              |  |  |  |
| rtte_addr  | <pre>walk.rtte.addr == data</pre>                                                   |  |  |  |
| rim        | <pre>Realm(rd).measurements[0] == RimExtendData(     realm, ipa, data, flags)</pre> |  |  |  |

## B3.3.1.4 RMI\_DATA\_CREATE extension of RIM

On successful execution of RMI\_DATA\_CREATE, the new RIM value of the target Realm is calculated by the RMM as follows:

- 1. If flags.measure == RMI\_MEASURE\_CONTENT then using the RHA of the target Realm, compute the hash of the contents of the DATA Granule.
- 2. Allocate an RmmMeasurementDescriptorData data structure.
- 3. Populate the measurement descriptor:
- Set the desc\_type field to the descriptor type.
- Set the len field to the descriptor length.
- Set the rim field to the current RIM value of the target Realm.
- Set the ipa field to the IPA at which the DATA Granule is mapped in the target Realm.
- Set the flags field to the flags provided by the Host.
- If flags.measure == RMI\_MEASURE\_CONTENT then set the content field to the hash of the contents of the DATA Granule. Otherwise, set the content field to zero.
- 4. Using the RHA of the target Realm, compute the hash of the measurement descriptor. Set the RIM of the target Realm to this value, zero filling upper bytes if the RHA output is smaller than the size of the RIM.

See also:

- A7.1.1 Realm Initial Measurement
- B2.42 RimExtendData function
- C1.5 RmmMeasurementDescriptorData type

# B3.3.1.5 Footprint

| ID         | Value                                         |
|------------|-----------------------------------------------|
| data_state | Granule(data).state                           |
| rim        | <pre>Realm(rd).measurements[0]</pre>          |
| rtte       | <pre>RttEntry(walk.rtt_addr, entry_idx)</pre> |

# B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command

Creates a Data Granule with unknown contents.

See also:

- A2.2.4 Granule wiping
- Chapter A5 Realm memory management
- B3.3.3 RMI\_DATA\_DESTROY command
- D1.5.1 Add memory to Active Realm flow

#### B3.3.2.1 Interface

| Name | Register | Bits | Туре    | Description                                                 |  |
|------|----------|------|---------|-------------------------------------------------------------|--|
| fid  | X0       | 63:0 | UInt64  | FID, value 0xC4000154                                       |  |
| rd   | X1       | 63:0 | Address | PA of the RD for the target Realm                           |  |
| data | X2       | 63:0 | Address | PA of the target Data                                       |  |
| ipa  | X3       | 63:0 | Address | IPA at which the Granule will be mapped in the target Realm |  |

#### B3.3.2.1.2 Context

The RMI\_DATA\_CREATE\_UNKNOWN command operates on the following context.

| Name      | Туре             | Value                                       | Before | Description     |
|-----------|------------------|---------------------------------------------|--------|-----------------|
| walk      | RmmRttWalkResult | RttWalk(<br>rd, ipa,<br>RMM_RTT_PAGE_LEVEL) | false  | RTT walk result |
| entry_idx | UInt64           | RttEntryIndex(<br>ipa, walk.level)          | false  | RTTE index      |

#### B3.3.2.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

## **B3.3.2.2** Failure conditions

| ID             | Condition                                                                                     |     |  |
|----------------|-----------------------------------------------------------------------------------------------|-----|--|
| data_align     | <pre>pre: !AddrIsGranuleAligned(data) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>        |     |  |
| N0137<br>-eac3 | Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved.<br>Non-confidential | 148 |  |

| ID         | Condition                                                                                               |
|------------|---------------------------------------------------------------------------------------------------------|
| data_bound | <pre>pre: !PaIsDelegable(data) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                         |
| data_state | <pre>pre: Granule(data).state != DELEGATED post: ResultEqual(result, RMI_ERROR_INPUT)</pre>             |
| rd_align   | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                    |
| rd_bound   | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                           |
| rd_state   | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                      |
| ipa_align  | <pre>pre: !AddrIsGranuleAligned(ipa) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                   |
| ipa_bound  | <pre>pre: !AddrIsProtected(ipa, Realm(rd)) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>             |
| rtt_walk   | <pre>pre: walk.level &lt; RMM_RTT_PAGE_LEVEL post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre> |
| rtte_state | <pre>pre: walk.rtte.state != UNASSIGNED post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>      |

#### B3.3.2.2.1 Failure condition ordering

[rd\_bound, rd\_state] < [rtt\_walk, rtte\_state]
[ipa\_bound] < [rtt\_walk, rtte\_state]</pre>



# B3.3.2.3 Success conditions

| ID           | Condition                              |
|--------------|----------------------------------------|
| data_state   | <pre>Granule(data).state == DATA</pre> |
| data_content | Contents of target Granule are wiped.  |
| rtte_state   | <pre>walk.rtte.state == ASSIGNED</pre> |
| rtte_addr    | <pre>walk.rtte.addr == data</pre>      |

# B3.3.2.4 Footprint

| ID         | Value                                         |
|------------|-----------------------------------------------|
| data_state | Granule(data).state                           |
| rtte       | <pre>RttEntry(walk.rtt_addr, entry_idx)</pre> |

# B3.3.3 RMI\_DATA\_DESTROY command

Destroys a Data Granule.

See also:

- Chapter A5 Realm memory management
- B3.3.1 RMI\_DATA\_CREATE command
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- D1.2.5 Realm destruction flow

#### B3.3.3.1 Interface

| Name | Register | Bits | Туре    | Description                                            |
|------|----------|------|---------|--------------------------------------------------------|
| fid  | X0       | 63:0 | UInt64  | <b>FID, value</b> 0xC4000155                           |
| rd   | X1       | 63:0 | Address | PA of the RD which owns the target Data                |
| ipa  | X2       | 63:0 | Address | IPA at which the Granule is mapped in the target Realm |

#### B3.3.3.1.2 Context

The RMI\_DATA\_DESTROY command operates on the following context.

| Name      | Туре             | Value                                                                              | Before | Description                                                                              |
|-----------|------------------|------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------|
| walk      | RmmRttWalkResult | RttWalk(<br>rd, ipa,<br>RMM_RTT_PAGE_LEVEL)                                        | false  | RTT walk result                                                                          |
| entry_idx | UInt64           | RttEntryIndex(<br>ipa, walk.level)                                                 | false  | RTTE index                                                                               |
| walk_top  | Address          | <pre>RttSkipNonLiveEntries(     Rtt(walk.rtt_addr),     walk.level,     ipa)</pre> | false  | Top IPA of non-live<br>RTT entries, from<br>entry at which the<br>RTT walk<br>terminated |

#### B3.3.3.1.3 Output values

| Name   | Register | Bits | Туре                 | Description                                |
|--------|----------|------|----------------------|--------------------------------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status                      |
| data   | X1       | 63:0 | Address              | PA of the Data Granule which was destroyed |

| Name | Register | Bits | Туре    | Description                                                                        |
|------|----------|------|---------|------------------------------------------------------------------------------------|
| top  | X2       | 63:0 | Address | Top IPA of non-live RTT entries, from<br>entry at which the RTT walk<br>terminated |

The data output value is valid only when the command result is  $RMI\_SUCCESS$ .

The values of the <code>result</code> and <code>top</code> output values for different command outcomes are summarized in the following table.

| Scenario                                                           | result                | top    | walk.rtte.state                                                                        |
|--------------------------------------------------------------------|-----------------------|--------|----------------------------------------------------------------------------------------|
| ipa is mapped as a page                                            | RMI_SUCCESS           | > ipa  | Before execution: ASSIGNED<br>After execution:<br>UNASSIGNED and RIPAS is<br>DESTROYED |
| ipa is not mapped                                                  | (RMI_ERROR_RTT, <= 3) | > ipa  | UNASSIGNED                                                                             |
| ipa is mapped as a block                                           | (RMI_ERROR_RTT, 2)    | == ipa | ASSIGNED                                                                               |
| RTT walk was not performed,<br>due to any other command<br>failure | Another error code    | 0      | Unknown                                                                                |

See also:

• A5.5.8 RTTE liveness and RTT liveness

#### B3.3.3.2 Failure conditions

| ID         | Condition                                                                                                |
|------------|----------------------------------------------------------------------------------------------------------|
| rd_align   | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                     |
| rd_bound   | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                            |
| rd_state   | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                       |
| ipa_align  | <pre>pre: !AddrIsGranuleAligned(ipa) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                    |
| ipa_bound  | <pre>pre: !AddrIsProtected(ipa, Realm(rd)) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>              |
| rtt_walk   | <pre>pre: walk.level &lt; RMM_RTT_PAGE_LEVEL post: (ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre> |
| rtte_state | <pre>pre: walk.rtte.state != ASSIGNED post: (ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>        |

B3.3.3.2.1 Failure condition ordering

```
[rd_bound, rd_state] < [rtt_walk, rtte_state]
[ipa_bound] < [rtt_walk, rtte_state]</pre>
```



#### B3.3.3.3 Success conditions

| ID         | Condition                                                                 |
|------------|---------------------------------------------------------------------------|
| data_state | <pre>Granule(walk.rtte.addr).state == DELEGATED</pre>                     |
| rtte_state | <pre>walk.rtte.state == UNASSIGNED</pre>                                  |
| ripas_ram  | <pre>pre: walk.rtte.ripas == RAM post: walk.rtte.ripas == DESTROYED</pre> |
| data       | data == walk.rtte.addr                                                    |
| top        | <pre>top == walk_top</pre>                                                |

# B3.3.3.4 Footprint

| ID         | Value                                         |
|------------|-----------------------------------------------|
| data_state | <pre>Granule(walk.rtte.addr).state</pre>      |
| rtte       | <pre>RttEntry(walk.rtt_addr, entry_idx)</pre> |

## B3.3.4 RMI\_FEATURES command

#### Read feature register.

The following table indicates which feature register is returned depending on the index provided.

| Index | Feature register   |  |  |
|-------|--------------------|--|--|
| 0     | Feature register 0 |  |  |

See also:

• A3.1 Realm feature discovery and selection

#### B3.3.4.1 Interface

#### B3.3.4.1.1 Input values

| Name  | Register | Bits | Туре   | Description            |
|-------|----------|------|--------|------------------------|
| fid   | X0       | 63:0 | UInt64 | FID, value 0xC4000165  |
| index | X1       | 63:0 | UInt64 | Feature register index |

#### B3.3.4.1.2 Output values

| Name   | Register | Bits | Туре                 | Description            |
|--------|----------|------|----------------------|------------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status  |
| value  | X1       | 63:0 | Bits64               | Feature register value |

#### B3.3.4.2 Failure conditions

The RMI\_FEATURES command does not have any failure conditions.

#### B3.3.4.3 Success conditions

| ID    | Condition                                         |  |  |
|-------|---------------------------------------------------|--|--|
| index | <pre>pre: index != 0 post: value == Zeros()</pre> |  |  |

#### B3.3.4.4 Footprint

The RMI\_FEATURES command does not have any footprint.

# B3.3.5 RMI\_GRANULE\_DELEGATE command

Delegates a Granule.

See also:

- A2.2 Granule
- B3.3.6 RMI\_GRANULE\_UNDELEGATE command
- D1.2.1 Realm creation flow

#### B3.3.5.1 Interface

#### B3.3.5.1.1 Input values

| Name | Register | Bits | Туре    | Description                  |
|------|----------|------|---------|------------------------------|
| fid  | X0       | 63:0 | UInt64  | <b>FID, value</b> 0xC4000151 |
| addr | X1       | 63:0 | Address | PA of the target Granule     |

#### B3.3.5.1.2 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

# B3.3.5.2 Failure conditions

| ID         | Condition                                                                                     |
|------------|-----------------------------------------------------------------------------------------------|
| gran_align | <pre>pre: !AddrIsGranuleAligned(addr) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>        |
| gran_bound | <pre>pre: !PaIsDelegable(addr) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>               |
| gran_state | <pre>pre: Granule(addr).state != UNDELEGATED post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |
| gran_pas   | <pre>pre: Granule(addr).pas != NS post: ResultEqual(result, RMI_ERROR_INPUT)</pre>            |

#### B3.3.5.2.1 Failure condition ordering

The RMI\_GRANULE\_DELEGATE command does not have any failure condition orderings.

# B3.3.5.3 Success conditions

| ID         | Condition                                   |
|------------|---------------------------------------------|
| gran_state | <pre>Granule(addr).state == DELEGATED</pre> |
| gran_pas   | <pre>Granule(addr).pas == REALM</pre>       |

# B3.3.5.4 Footprint

| ID         | Value               |
|------------|---------------------|
| gran_pas   | Granule(addr).pas   |
| gran_state | Granule(addr).state |

# B3.3.6 RMI\_GRANULE\_UNDELEGATE command

Undelegates a Granule.

See also:

- A2.2 Granule
- B3.3.5 RMI\_GRANULE\_DELEGATE command
- D1.2.5 Realm destruction flow

#### B3.3.6.1 Interface

#### B3.3.6.1.1 Input values

| Name | Register | Bits | Туре    | Description              |
|------|----------|------|---------|--------------------------|
| fid  | X0       | 63:0 | UInt64  | FID, value 0xC4000152    |
| addr | X1       | 63:0 | Address | PA of the target Granule |

#### B3.3.6.1.2 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

# B3.3.6.2 Failure conditions

| ID         | Condition                                                                                   |
|------------|---------------------------------------------------------------------------------------------|
| gran_align | <pre>pre: !AddrIsGranuleAligned(addr) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>      |
| gran_bound | <pre>pre: !PaIsDelegable(addr) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>             |
| gran_state | <pre>pre: Granule(addr).state != DELEGATED post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |

#### B3.3.6.2.1 Failure condition ordering

The RMI\_GRANULE\_UNDELEGATE command does not have any failure condition orderings.

#### B3.3.6.3 Success conditions

| ID       | Condition                          |
|----------|------------------------------------|
| gran_pas | <pre>Granule(addr).pas == NS</pre> |

| ID           | Condition                                     |
|--------------|-----------------------------------------------|
| gran_state   | <pre>Granule(addr).state == UNDELEGATED</pre> |
| gran_content | Contents of target Granule are wiped.         |

See also:

• A2.2.4 Granule wiping

# B3.3.6.4 Footprint

| ID         | Value               |
|------------|---------------------|
| gran_pas   | Granule(addr).pas   |
| gran_state | Granule(addr).state |

# B3.3.7 RMI\_PSCI\_COMPLETE command

Completes a pending PSCI command which was called with an MPIDR argument, by providing the corresponding REC.

See also:

- A4.3.7 REC exit due to PSCI
- B5.3.1 PSCI\_AFFINITY\_INFO command
- B5.3.3 PSCI\_CPU\_ON command
- D1.4 PSCI flows

#### B3.3.7.1 Interface

#### B3.3.7.1.1 Input values

| Name        | Register | Bits | Туре           | Description                  |
|-------------|----------|------|----------------|------------------------------|
| fid         | X0       | 63:0 | UInt64         | <b>FID, value</b> 0xC4000164 |
| calling_rec | X1       | 63:0 | Address        | PA of the calling REC        |
| target_rec  | X2       | 63:0 | Address        | PA of the target REC         |
| status      | X3       | 31:0 | PsciReturnCode | Status of the PSCI request   |

The following unused bits of RMI\_PSCI\_COMPLETE input values should be zero: X3[63:32].

#### B3.3.7.1.2 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

# B3.3.7.2 Failure conditions

| ID            | Condition                                                                                     |  |  |  |
|---------------|-----------------------------------------------------------------------------------------------|--|--|--|
| alias         | <pre>pre: calling_rec == target_rec post: ResultEqual(result, RMI_ERROR_INPUT)</pre>          |  |  |  |
| calling_align | <pre>pre: !AddrIsGranuleAligned(calling_rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |  |  |  |
| calling_bound | <pre>pre: !PaIsDelegable(calling_rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>        |  |  |  |
| calling_state | <pre>pre: Granule(calling_rec).state != REC post: ResultEqual(result, RMI_ERROR_INPUT)</pre>  |  |  |  |
| target_align  | <pre>pre: !AddrIsGranuleAligned(target_rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>  |  |  |  |

| ID           | Condition                                                                                                        |
|--------------|------------------------------------------------------------------------------------------------------------------|
| target_bound | <pre>pre: !PaIsDelegable(target_rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                            |
| target_state | <pre>pre: Granule(target_rec).state != REC post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                      |
| pending      | <pre>pre: Rec(calling_rec).psci_pending != PSCI_REQUEST_PENDING post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |
| owner        | <pre>pre: Rec(target_rec).owner != Rec(calling_rec).owner post: ResultEqual(result, RMI_ERROR_INPUT)</pre>       |
| target       | <pre>pre: Rec(target_rec).mpidr != Rec(calling_rec).gprs[1] post: ResultEqual(result, RMI_ERROR_INPUT)</pre>     |
| status       | <pre>pre: !PsciReturnCodePermitted(</pre>                                                                        |

#### B3.3.7.2.1 Failure condition ordering

The RMI\_PSCI\_COMPLETE command does not have any failure condition orderings.

## B3.3.7.3 Success conditions

| ID         | Condition                                                           |
|------------|---------------------------------------------------------------------|
| pending    | <pre>Rec(calling_rec).psci_pending == NO_PSCI_REQUEST_PENDING</pre> |
| on_already | <pre>pre: (status == PSCI_SUCCESS</pre>                             |

| ID           | Condition                                                                                                |
|--------------|----------------------------------------------------------------------------------------------------------|
| on_success   | <pre>pre: (status == PSCI_SUCCESS</pre>                                                                  |
| -            | && Rec(calling_rec).gprs[0] == FID_PSCI_CPU_ON                                                           |
|              | <pre>&amp;&amp; Rec(target_rec).flags.runnable != RUNNABLE)</pre>                                        |
|              | <pre>post: (Rec(target_rec).gprs[0] == Rec(calling_rec).gprs[3]</pre>                                    |
|              | && Rec(target_rec).gprs[1] == Zeros()                                                                    |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[2] == Zeros()</pre>                                                 |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[3] == Zeros()</pre>                                                 |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[4] == Zeros()</pre>                                                 |
|              | && Rec(target_rec).gprs[5] == Zeros()                                                                    |
|              | && Rec(target_rec).gprs[6] == Zeros()                                                                    |
|              | && Rec(target_rec).gprs[7] == Zeros()                                                                    |
|              | && Rec(target_rec).gprs[8] == Zeros()                                                                    |
|              | && Rec(target_rec).gprs[9] == Zeros()                                                                    |
|              | && Rec(target_rec).gprs[10] == Zeros()                                                                   |
|              | && Rec(target_rec).gprs[11] == Zeros()                                                                   |
|              | && Rec(target_rec).gprs[12] == Zeros()                                                                   |
|              | && Rec(target_rec).gprs[13] == Zeros()                                                                   |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[13] == Zeros() &amp;&amp; Rec(target_rec).gprs[14] == Zeros()</pre> |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[14] == Zeros() &amp;&amp; Rec(target_rec).gprs[15] == Zeros()</pre> |
|              | <pre>&amp;&amp; Rec(larget_rec).gprs[15] == Zeros() &amp;&amp; Rec(target_rec).gprs[16] == Zeros()</pre> |
|              |                                                                                                          |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[17] == Zeros() </pre>                                               |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[18] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[19] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[20] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[21] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[22] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[23] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[24] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[25] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[26] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[27] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[28] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[29] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[30] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).gprs[31] == Zeros()</pre>                                                |
|              | <pre>&amp;&amp; Rec(target_rec).pc == Rec(calling_rec).gprs[2]</pre>                                     |
|              | && Rec(target_rec).flags.runnable == RUNNABLE                                                            |
|              | && Rec(calling_rec).gprs[0] ==                                                                           |
|              | PsciReturnCodeEncode (PSCI_SUCCESS))                                                                     |
| offinity on  | prot (status DCCL SUCCESS                                                                                |
| affinity_on  | pre: (status == PSCI_SUCCESS                                                                             |
|              | <pre>&amp;&amp; Rec(calling_rec).gprs[0] == FID_PSCI_AFFINITY_INFO</pre>                                 |
|              | <pre>&amp;&amp; Rec(target_rec).flags.runnable == RUNNABLE)</pre>                                        |
|              | <pre>post: (Rec(calling_rec).gprs[0] ==</pre>                                                            |
|              | <pre>PsciReturnCodeEncode(PSCI_SUCCESS))</pre>                                                           |
| affinity_off | <pre>pre: (status == PSCI_SUCCESS</pre>                                                                  |
| -            | <pre>&amp;&amp; Rec(calling_rec).gprs[0] == FID_PSCI_AFFINITY_INFO</pre>                                 |
|              | && Rec(target_rec).flags.runnable != RUNNABLE)                                                           |
|              | <pre>post: (Rec(calling_rec).gprs[0] ==</pre>                                                            |
|              | PsciReturnCodeEncode (PSCI_OFF))                                                                         |
|              |                                                                                                          |
| status       | prot status - DECI SUCCESS                                                                               |
| status       | <pre>pre: status != PSCI_SUCCESS post: (Rec(calling_rec).gprs[0] ==</pre>                                |

| ID   | Condition                                                                                                                                                      |
|------|----------------------------------------------------------------------------------------------------------------------------------------------------------------|
| args | <pre>(Rec(calling_rec).gprs[1] == Zeros()         &amp;&amp; Rec(calling_rec).gprs[2] == Zeros()         &amp;&amp; Rec(calling_rec).gprs[3] == Zeros())</pre> |

# B3.3.7.4 Footprint

| ID           | Value                                    |
|--------------|------------------------------------------|
| target_flags | Rec(target_rec).flags                    |
| target_gprs  | <pre>Rec(target_rec).gprs</pre>          |
| target_pc    | Rec(target_rec).pc                       |
| calling_pend | <pre>Rec(calling_rec).psci_pending</pre> |
| calling_gprs | <pre>Rec(calling_rec).gprs</pre>         |

# B3.3.8 RMI\_REALM\_ACTIVATE command

Activates a Realm.

See also:

• A2.1 Realm

#### B3.3.8.1 Interface

#### B3.3.8.1.1 Input values

| Name | Register | Bits | Туре    | Description           |
|------|----------|------|---------|-----------------------|
| fid  | X0       | 63:0 | UInt64  | FID, value 0xC4000157 |
| rd   | X1       | 63:0 | Address | PA of the RD          |

#### B3.3.8.1.2 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

#### B3.3.8.2 Failure conditions

| ID          | Condition                                                                            |
|-------------|--------------------------------------------------------------------------------------|
| rd_align    | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |
| rd_bound    | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>        |
| rd_state    | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>   |
| realm_state | <pre>pre: Realm(rd).state != NEW post: ResultEqual(result, RMI_ERROR_REALM)</pre>    |

#### B3.3.8.2.1 Failure condition ordering

[rd\_bound, rd\_state] < [realm\_state]</pre>



# B3.3.8.3 Success conditions

| ID          | Condition                            |
|-------------|--------------------------------------|
| realm_state | <pre>Realm(rd).state == ACTIVE</pre> |

# B3.3.8.4 Footprint

| ID          | Value           |
|-------------|-----------------|
| realm_state | Realm(rd).state |

## B3.3.9 RMI\_REALM\_CREATE command

Creates a Realm.

See also:

- A2.1 Realm
- A2.1.6 Realm parameters
- B3.3.10 RMI\_REALM\_DESTROY command
- D1.2.1 Realm creation flow

#### B3.3.9.1 Interface

#### B3.3.9.1.1 Input values

| Name       | Register | Bits | Туре    | Description            |
|------------|----------|------|---------|------------------------|
| fid        | X0       | 63:0 | UInt64  | FID, value 0xC4000158  |
| rd         | X1       | 63:0 | Address | PA of the RD           |
| params_ptr | X2       | 63:0 | Address | PA of Realm parameters |

#### B3.3.9.1.2 Context

The RMI\_REALM\_CREATE command operates on the following context.

| Name   | Туре           | Value                              | Before | Description      |
|--------|----------------|------------------------------------|--------|------------------|
| params | RmiRealmParams | <pre>RealmParams(params_ptr)</pre> | false  | Realm parameters |

#### B3.3.9.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

#### B3.3.9.2 Failure conditions

| ID           | Condition                                                                                    |  |
|--------------|----------------------------------------------------------------------------------------------|--|
| params_align | <pre>pre: !AddrIsGranuleAligned(params_ptr) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |  |
| params_bound | <pre>pre: !PaIsDelegable(params_ptr) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>        |  |
| params_pas   | <pre>pre: Granule(params_ptr).pas != NS post: ResultEqual(result, RMI_ERROR_INPUT)</pre>     |  |

| ID            | Condition                                                                                                        |
|---------------|------------------------------------------------------------------------------------------------------------------|
| params_valid  | <pre>pre: !RmiRealmParamsIsValid(params_ptr) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                    |
| params_supp   | <pre>pre: !RealmParamsSupported(params) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                         |
| alias         | <pre>pre: AddrInRange(rd, params.rtt_base,</pre>                                                                 |
| rd_align      | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                             |
| rd_bound      | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                                    |
| rd_state      | <pre>pre: Granule(rd).state != DELEGATED post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                        |
| rtt_align     | <pre>pre: !AddrIsAligned(params.rtt_base,</pre>                                                                  |
| rtt_num_level | <pre>pre: !RttConfigIsValid(</pre>                                                                               |
| rtt_state     | <pre>pre: !RttsStateEqual(</pre>                                                                                 |
| vmid_valid    | <pre>pre: !VmidIsValid(params.vmid)    !VmidIsFree(params.vmid) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |

#### B3.3.9.2.1 Failure condition ordering

The RMI\_REALM\_CREATE command does not have any failure condition orderings.

# B3.3.9.3 Success conditions

| ID            | Condition                                                                                                 |     |  |
|---------------|-----------------------------------------------------------------------------------------------------------|-----|--|
| rd_state      | <pre>Granule(rd).state == RD</pre>                                                                        |     |  |
| realm_state   | <pre>Realm(rd).state == NEW</pre>                                                                         |     |  |
| rec_index     | <pre>Realm(rd).rec_index == 0</pre>                                                                       |     |  |
| rtt_base      | <pre>Realm(rd).rtt_base == params.rtt_base</pre>                                                          |     |  |
| rtt_state     | <pre>RttsStateEqual(     Realm(rd).rtt_base, Realm(rd).rtt_num_start, RTT)</pre>                          |     |  |
| rtte_p_states | <pre>RttsAllProtectedEntriesState(     Realm(rd).rtt_base, Realm(rd).rtt_num_start,     UNASSIGNED)</pre> |     |  |
| 37            | Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved.                                 | 166 |  |

#### opyrig ıg Non-confidential

| ID             | Condition                                                                                                                                                                                                     |  |
|----------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|
| rtte_up_states | <pre>RttsAllUnprotectedEntriesState(     Realm(rd).rtt_base, Realm(rd).rtt_num_start,     UNASSIGNED_NS)</pre>                                                                                                |  |
| rtte_ripas     | <pre>RttsAllProtectedEntriesRipas(     Realm(rd).rtt_base, Realm(rd).rtt_num_start,     EMPTY)</pre>                                                                                                          |  |
| ipa_width      | <pre>Realm(rd).ipa_width == params.s2sz</pre>                                                                                                                                                                 |  |
| hash_algo      | <pre>Equal(Realm(rd).hash_algo, params.hash_algo)</pre>                                                                                                                                                       |  |
| rim            | <pre>Realm(rd).measurements[0] == RimInit(      Realm(rd).hash_algo, params)</pre>                                                                                                                            |  |
| rem            | <pre>(Realm(rd).measurements[1] == Zeros()     &amp;&amp; Realm(rd).measurements[2] == Zeros()     &amp;&amp; Realm(rd).measurements[3] == Zeros()     &amp;&amp; Realm(rd).measurements[4] == Zeros())</pre> |  |
| rtt_level      | <pre>Realm(rd).rtt_level_start == params.rtt_level_start</pre>                                                                                                                                                |  |
| rtt_num        | <pre>Realm(rd).rtt_num_start == params.rtt_num_start</pre>                                                                                                                                                    |  |
| vmid           | <pre>Realm(rd).vmid == params.vmid</pre>                                                                                                                                                                      |  |
| rpv            | <pre>Realm(rd).rpv == params.rpv</pre>                                                                                                                                                                        |  |

# B3.3.9.4 RMI\_REALM\_CREATE initialization of RIM

On successful execution of RMI\_REALM\_CREATE, the initial RIM value of the target Realm is calculated by the RMM as follows:

- 1. Allocate a zero-filled RmiRealmParams data structure to hold the measured Realm parameters.
- 2. Copy the following attributes from the Host-provided RmiRealmParams data structure into the measured Realm parameters data structure:
- flags
- s2sz
- sve\_vl
- num\_bps
- num\_wps
- pmu\_num\_ctrs
- hash\_algo
- 3. Using the RHA of the target Realm, compute the hash of the measured Realm parameters data structure. Set the RIM of the target Realm to this value, zero filling upper bytes if the RHA output is smaller than the size of the RIM.

See also:

- A7.1.1 Realm Initial Measurement
- B2.46 RimInit function
- B3.4.12 RmiRealmParams type

# B3.3.9.5 Footprint

| ID        | Value                                                                         |
|-----------|-------------------------------------------------------------------------------|
| rd_state  | Granule(rd).state                                                             |
| rtt_state | <pre>RttsGranuleState( Realm(rd).rtt_base,<br/>Realm(rd).rtt_num_start)</pre> |

# B3.3.10 RMI\_REALM\_DESTROY command

Destroys a Realm.

See also:

- A2.1 *Realm*
- B3.3.9 RMI\_REALM\_CREATE command
- D1.2.5 Realm destruction flow

#### B3.3.10.1 Interface

#### B3.3.10.1.1 Input values

| Name | Register | Bits | Туре    | Description                  |
|------|----------|------|---------|------------------------------|
| fid  | X0       | 63:0 | UInt64  | <b>FID, value</b> 0xC4000159 |
| rd   | X1       | 63:0 | Address | PA of the RD                 |

#### B3.3.10.1.2 Context

The RMI\_REALM\_DESTROY command operates on the following context.

| Name  | Туре     | Value     | Before | Description |
|-------|----------|-----------|--------|-------------|
| realm | RmmRealm | Realm(rd) | true   | Realm       |

#### B3.3.10.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

## B3.3.10.2 Failure conditions

| ID         | Condition                                                                            |  |  |
|------------|--------------------------------------------------------------------------------------|--|--|
| rd_align   | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |  |  |
| rd_bound   | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>        |  |  |
| rd_state   | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>   |  |  |
| realm_live | <pre>pre: RealmIsLive(rd) post: ResultEqual(result, RMI_ERROR_REALM)</pre>           |  |  |

B3.3.10.2.1 Failure condition ordering

[rd\_bound, rd\_state] < [realm\_live]</pre>



## B3.3.10.3 Success conditions

| ID        | Condition                                                                      |  |
|-----------|--------------------------------------------------------------------------------|--|
| rtt_state | <pre>RttsStateEqual(     realm.rtt_base, realm.rtt_num_start, DELEGATED)</pre> |  |
| rd_state  | <pre>Granule(rd).state == DELEGATED</pre>                                      |  |
| vmid      | VmidIsFree(realm.vmid)                                                         |  |

# B3.3.10.4 Footprint

| ID        | Value                                                                 |
|-----------|-----------------------------------------------------------------------|
| rd_state  | Granule(rd).state                                                     |
| rtt_state | <pre>RttsGranuleState(     realm.rtt_base, realm.rtt_num_start)</pre> |

# B3.3.11 RMI\_REC\_AUX\_COUNT command

Get number of auxiliary Granules required for a REC.

See also:

- A2.3 Realm Execution Context
- B3.3.12 RMI\_REC\_CREATE command
- B3.4.19 *RmiRecParams type*
- D1.2.4 *REC creation flow*

### B3.3.11.1 Interface

| Name | Register | Bits | Туре    | Description                       |
|------|----------|------|---------|-----------------------------------|
| fid  | X0       | 63:0 | UInt64  | FID, value 0xC4000167             |
| rd   | X1       | 63:0 | Address | PA of the RD for the target Realm |

#### B3.3.11.1.2 Output values

| Name      | Register | Bits | Туре                 | Description                                     |
|-----------|----------|------|----------------------|-------------------------------------------------|
| result    | X0       | 63:0 | RmiCommandReturnCode | Command return status                           |
| aux_count | X1       | 63:0 | UInt64               | Number of auxiliary Granules required for a REC |

# B3.3.11.2 Failure conditions

| ID       | Condition                                                                            |  |  |
|----------|--------------------------------------------------------------------------------------|--|--|
| rd_align | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |  |  |
| rd_bound | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>        |  |  |
| rd_state | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>   |  |  |

#### B3.3.11.2.1 Failure condition ordering

The RMI\_REC\_AUX\_COUNT command does not have any failure condition orderings.

# B3.3.11.3 Success conditions

| ID        | Condition                               |
|-----------|-----------------------------------------|
| aux_count | <pre>aux_count == RecAuxCount(rd)</pre> |

# B3.3.11.4 Footprint

The RMI\_REC\_AUX\_COUNT command does not have any footprint.

# B3.3.12 RMI\_REC\_CREATE command

Creates a REC.

See also:

- A2.3 Realm Execution Context
- A2.3.3 REC index and MPIDR value
- B3.3.11 RMI\_REC\_AUX\_COUNT command
- B3.3.13 RMI\_REC\_DESTROY command
- D1.2.4 REC creation flow

#### B3.3.12.1 Interface

| Name       | Register | Bits | Туре    | Description                       |
|------------|----------|------|---------|-----------------------------------|
| fid        | X0       | 63:0 | UInt64  | FID, value 0xC400015A             |
| rd         | X1       | 63:0 | Address | PA of the RD for the target Realm |
| rec        | X2       | 63:0 | Address | PA of the target REC              |
| params_ptr | X3       | 63:0 | Address | PA of REC parameters              |

#### B3.3.12.1.2 Context

The RMI\_REC\_CREATE command operates on the following context.

| Name      | Туре         | Value                             | Before | Description    |
|-----------|--------------|-----------------------------------|--------|----------------|
| realm     | RmmRealm     | Realm(rd)                         | true   | Realm          |
| params    | RmiRecParams | <pre>RecParams (params_ptr)</pre> | false  | REC parameters |
| rec_index | UInt64       | <pre>Realm(rd).rec_index</pre>    | true   | REC index      |

#### B3.3.12.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

# B3.3.12.2 Failure conditions

| ID           | Condition                                                                                    |
|--------------|----------------------------------------------------------------------------------------------|
| params_align | <pre>pre: !AddrIsGranuleAligned(params_ptr) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |

| ID           | Condition                                                                                               |
|--------------|---------------------------------------------------------------------------------------------------------|
| params_bound | <pre>pre: !PaIsDelegable(params_ptr) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                   |
| params_pas   | <pre>pre: Granule(params_ptr).pas != NS post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                |
| rec_align    | <pre>pre: !AddrIsGranuleAligned(rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                   |
| rec_bound    | <pre>pre: !PaIsDelegable(rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                          |
| rec_state    | <pre>pre: Granule(rec).state != DELEGATED post: ResultEqual(result, RMI_ERROR_INPUT)</pre>              |
| rd_align     | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                    |
| rd_bound     | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                           |
| rd_state     | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                      |
| realm_state  | pre: realm.state != NEW<br>post: ResultEqual(result, RMI_ERROR_REALM)                                   |
| mpidr_index  | <pre>pre: RecIndex(params.mpidr) != realm.rec_index post: ResultEqual(result, RMI_ERROR_INPUT)</pre>    |
| num_aux      | <pre>pre: params.num_aux != RecAuxCount(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>            |
| aux_align    | <pre>pre: !RecAuxAligned(params.aux, params.num_aux) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>   |
| aux_alias    | <pre>pre: RecAuxAlias(rec, params.aux, params.num_aux) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |
| aux_state    | <pre>pre: !RecAuxStateEqual(</pre>                                                                      |

#### B3.3.12.2.1 Failure condition ordering

[rd\_bound, rd\_state] < [realm\_state]</pre>

aux\_state aux\_alias aux\_align num\_aux mpidr\_index (rd\_align (rec\_state (rec\_bound) (rec\_align params\_pas) params\_bound (params\_align (rd\_state) (rd\_bound)

# B3.3.12.3 Success conditions

| ID             | Condition                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |  |  |  |  |  |
|----------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|--|--|
| rec_index      | <pre>Realm(rd).rec_index == rec_index + 1</pre>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |  |  |  |  |  |
| rec_gran_state | <pre>Granule(rec).state == REC</pre>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |  |  |  |  |  |
| rec_owner      | Rec(rec).owner == rd                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |  |  |  |  |  |
| rec_attest     | <pre>Rec(rec).attest_state == NO_ATTEST_IN_PROGRESS</pre>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |  |  |  |  |  |
| rec_mpidr      | <pre>MpidrEqual(Rec(rec).mpidr, params.mpidr)</pre>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |  |  |  |  |  |
| rec_state      | <pre>Rec(rec).state == READY</pre>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |  |  |  |  |  |
| runnable       | <pre>pre: params.flags.runnable == RMI_RUNNABLE post: Rec(rec).flags.runnable == RUNNABLE</pre>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |  |  |  |  |  |
| not_runnable   | <pre>pre: params.flags.runnable == RMI_NOT_RUNNABLE post: Rec(rec).flags.runnable == NOT_RUNNABLE</pre>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |  |  |  |  |  |
| rec_gprs       | <pre>(Rec(rec).gprs[0] == params.gprs[0]<br/>&amp;&amp; Rec(rec).gprs[1] == params.gprs[2]<br/>&amp;&amp; Rec(rec).gprs[3] == params.gprs[3]<br/>&amp;&amp; Rec(rec).gprs[4] == params.gprs[4]<br/>&amp;&amp; Rec(rec).gprs[5] == params.gprs[6]<br/>&amp;&amp; Rec(rec).gprs[6] == params.gprs[7]<br/>&amp;&amp; Rec(rec).gprs[8] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[10] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[11] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[12] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[13] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[14] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[15] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[16] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[17] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[17] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[18] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[19] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[21] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[21] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[21] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[22] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[22] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[23] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[24] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[25] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[26] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[27] == Zeros()<br/>&amp;&amp; Rec(rec).gprs[26] == Zero</pre> |  |  |  |  |  |
| rec_pc         | <pre>Rec(rec).pc == params.pc</pre>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |  |  |  |  |  |
| rim            | <pre>pre: params.flags.runnable == RMI_RUNNABLE post: Realm(rd).measurements[0] == RimExtendRec(</pre>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |  |  |  |  |  |

| ID            | Condition                                                     |  |  |  |
|---------------|---------------------------------------------------------------|--|--|--|
| rec_aux       | RecAuxEqual(<br>Rec(rec).aux, params.aux,<br>RecAuxCount(rd)) |  |  |  |
| rec_aux_state | RecAuxStateEqual(<br>Rec(rec).aux, RecAuxCount(rd), REC_AUX)  |  |  |  |
| ripas_addr    | <pre>Rec(rec).ripas_addr == Zeros()</pre>                     |  |  |  |
| ripas_top     | <pre>Rec(rec).ripas_top == Zeros()</pre>                      |  |  |  |
| host_call     | <pre>Rec(rec).host_call_pending == NO_HOST_CALL_PENDING</pre> |  |  |  |

# B3.3.12.4 RMI\_REC\_CREATE extension of RIM

On successful execution of RMI\_REC\_CREATE, if the new REC is runnable then the new RIM value of the target Realm is calculated by the RMM as follows:

- 1. Allocate a zero-filled RmiRecParams data structure to hold the measured REC parameters.
- 2. Copy the following attributes from the Host-provided RmiRecParams data structure into the measured REC parameters data structure:
- gprs
- pc
- flags
- 3. Using the RHA of the target Realm, compute the hash of the measured REC parameters data structure.
- 4. Allocate an RmmMeasurementDescriptorRec data structure.
- 5. Populate the measurement descriptor:
- Set the desc\_type field to the descriptor type.
- Set the len field to the descriptor length.
- Set the rim field to the current RIM value of the target Realm.
- Set the content field to the hash of the measured REC parameters.
- 6. Using the RHA of the target Realm, compute the hash of the measurement descriptor. Set the RIM of the target Realm to this value, zero filling upper bytes if the RHA output is smaller than the size of the RIM.

See also:

- A7.1.1 Realm Initial Measurement
- B2.43 RimExtendRec function
- B3.4.19 RmiRecParams type
- C1.6 RmmMeasurementDescriptorRec type

#### B3.3.12.5 Footprint

| ID        | Value                         |
|-----------|-------------------------------|
| rec_index | Realm(rd).rec_index           |
| rec_state | <pre>Granule(rec).state</pre> |

| ID            | Value                                          |
|---------------|------------------------------------------------|
| rec_aux_state | RecAuxStates(Rec(rec).aux,<br>RecAuxCount(rd)) |
| rim           | <pre>Realm(rd).measurements[0]</pre>           |

# B3.3.13 RMI\_REC\_DESTROY command

Destroys a REC.

See also:

- A2.3 Realm Execution Context
- B3.3.12 RMI\_REC\_CREATE command
- D1.2.5 Realm destruction flow

#### B3.3.13.1 Interface

#### B3.3.13.1.1 Input values

| Name | Register | Bits | Туре    | Description           |
|------|----------|------|---------|-----------------------|
| fid  | X0       | 63:0 | UInt64  | FID, value 0xC400015B |
| rec  | X1       | 63:0 | Address | PA of the target REC  |

#### B3.3.13.1.2 Context

The RMI\_REC\_DESTROY command operates on the following context.

| Name    | Туре    | Value          | Before | Description |
|---------|---------|----------------|--------|-------------|
| rd      | Address | Rec(rec).owner | true   | RD address  |
| rec_obj | RmmRec  | Rec(rec)       | true   | REC         |

#### B3.3.13.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

# B3.3.13.2 Failure conditions

| ID             | Condition                                                                             |
|----------------|---------------------------------------------------------------------------------------|
| rec_align      | <pre>pre: !AddrIsGranuleAligned(rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |
| rec_bound      | <pre>pre: !PaIsDelegable(rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>        |
| rec_gran_state | <pre>pre: Granule(rec).state != REC post: ResultEqual(result, RMI_ERROR_INPUT)</pre>  |

| ID        | Condition                                                                          |
|-----------|------------------------------------------------------------------------------------|
| rec_state | <pre>pre: Rec(rec).state == RUNNING post: ResultEqual(result, RMI_ERROR_REC)</pre> |

#### B3.3.13.2.1 Failure condition ordering

| ound, rec_gran_state] < [rec_state] |
|-------------------------------------|
|-------------------------------------|



#### B3.3.13.3 Success conditions

| ID             | Condition                                                     |
|----------------|---------------------------------------------------------------|
| rec_gran_state | <pre>Granule(rec).state == DELEGATED</pre>                    |
| rec_aux_state  | RecAuxStateEqual(<br>rec_obj.aux, RecAuxCount(rd), DELEGATED) |

# B3.3.13.4 Footprint

| ID            | Value                                                 |
|---------------|-------------------------------------------------------|
| rec_state     | Granule(rec).state                                    |
| rec_aux_state | <pre>RecAuxStates(rec_obj.aux, RecAuxCount(rd))</pre> |

# B3.3.14 RMI\_REC\_ENTER command

Enter a REC.

See also:

- A2.3 Realm Execution Context
- Chapter A4 Realm exception model
- D1.3.1 Realm entry and exit flow

# B3.3.14.1 Interface

| B3.3.14.1.1 | Input values |
|-------------|--------------|
|-------------|--------------|

| Name    | Register | Bits | Туре    | Description           |
|---------|----------|------|---------|-----------------------|
| fid     | X0       | 63:0 | UInt64  | FID, value 0xC400015C |
| rec     | X1       | 63:0 | Address | PA of the target REC  |
| run_ptr | X2       | 63:0 | Address | PA of RecRun object   |

## B3.3.14.1.2 Context

The RMI\_REC\_ENTER command operates on the following context.

| Name | Туре      | Value           | Before | Description   |
|------|-----------|-----------------|--------|---------------|
| run  | RmiRecRun | RecRun(run_ptr) | false  | RecRun object |

#### B3.3.14.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

## B3.3.14.2 Failure conditions

| ID        | Condition                                                                 |     |
|-----------|---------------------------------------------------------------------------|-----|
| run_align | <pre>pre: !AddrIsGranuleAligned(run_ptr)</pre>                            |     |
| _ 0       | <pre>post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                     |     |
| run_bound | <pre>pre: !PaIsDelegable(run_ptr)</pre>                                   |     |
|           | <pre>post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                     |     |
| run_pas   | <pre>pre: Granule(run_ptr).pas != NS</pre>                                |     |
| -         | <pre>post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                     |     |
| rec_align | <pre>pre: !AddrIsGranuleAligned(rec)</pre>                                |     |
| _ 0       | <pre>post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                     |     |
| 137       | Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved. | 181 |

Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved. Non-confidential

| ID             | Condition                                                                                               |
|----------------|---------------------------------------------------------------------------------------------------------|
| rec_bound      | <pre>pre: !PaIsDelegable(rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                          |
| rec_gran_state | <pre>pre: Granule(rec).state != REC post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                    |
| realm_new      | <pre>pre: Realm(Rec(rec).owner).state == NEW post: ResultEqual(result, RMI_ERROR_REALM, 0)</pre>        |
| system_off     | <pre>pre: Realm(Rec(rec).owner).state == SYSTEM_OFF post: ResultEqual(result, RMI_ERROR_REALM, 1)</pre> |
| rec_state      | <pre>pre: Rec(rec).state == RUNNING post: ResultEqual(result, RMI_ERROR_REC)</pre>                      |
| rec_runnable   | <pre>pre: Rec(rec).flags.runnable == NOT_RUNNABLE post: ResultEqual(result, RMI_ERROR_REC)</pre>        |
| rec_mmio       | <pre>pre: (run.enter.flags.emul_mmio == RMI_EMULATED_MMIO</pre>                                         |
| rec_gicv3      | <pre>pre: !Gicv3ConfigIsValid(</pre>                                                                    |
| rec_psci       | <pre>pre: Rec(rec).psci_pending == PSCI_REQUEST_PENDING post: ResultEqual(result, RMI_ERROR_REC)</pre>  |

#### B3.3.14.2.1 Failure condition ordering



## B3.3.14.3 Success conditions

| ID           | Condition                                          |
|--------------|----------------------------------------------------|
| rec_exit     | run.exit contains Realm exit syndrome information. |
| rec_emul_abt | rec.emulatable_abort is updated.                   |

# B3.3.14.4 Footprint

| ID       | Value                    |
|----------|--------------------------|
| emul_abt | Rec(rd).emulatable_abort |

# B3.3.15 RMI\_RTT\_CREATE command

Creates an RTT.

See also:

- A5.5 Realm Translation Table
- A5.5.7 RTT unfolding
- B3.3.16 RMI\_RTT\_DESTROY command
- B3.3.17 RMI\_RTT\_FOLD command

## B3.3.15.1 Interface

| B3.3.15.1.1 | nput values |
|-------------|-------------|
|-------------|-------------|

| Name  | Register | Bits | Туре    | Description                                |
|-------|----------|------|---------|--------------------------------------------|
| fid   | X0       | 63:0 | UInt64  | FID, value 0xC400015D                      |
| rd    | X1       | 63:0 | Address | PA of the RD for the target Realm          |
| rtt   | X2       | 63:0 | Address | PA of the target RTT                       |
| ipa   | X3       | 63:0 | Address | Base of the IPA range described by the RTT |
| level | X4       | 63:0 | Int64   | RTT level                                  |

## B3.3.15.1.2 Context

The RMI\_RTT\_CREATE command operates on the following context.

| Name      | Туре             | Value                                   | Before | Description                   |
|-----------|------------------|-----------------------------------------|--------|-------------------------------|
| realm     | RmmRealm         | Realm(rd)                               | true   | Realm                         |
| walk      | RmmRttWalkResult | RttWalk(<br>rd, ipa,<br>level - 1)      | false  | RTT walk result               |
| entry_idx | UInt64           | RttEntryIndex(<br>ipa, walk.level)      | false  | RTTE index                    |
| unfold    | RmmRttEntry      | RttWalk(<br>rd, ipa,<br>level - 1).rtte | true   | RTTE before command execution |

#### B3.3.15.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

| ID          | Condition                                                                                            |
|-------------|------------------------------------------------------------------------------------------------------|
| rd_align    | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                 |
| rd_bound    | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                        |
| rd_state    | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                   |
| level_bound | <pre>pre: (!RttLevelIsValid(rd, level)</pre>                                                         |
| ipa_align   | <pre>pre: !AddrIsRttLevelAligned(ipa, level - 1) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>    |
| ipa_bound   | <pre>pre: UInt(ipa) &gt;= (2 ^ Realm(rd).ipa_width) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |
| rtt_align   | <pre>pre: !AddrIsGranuleAligned(rtt) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                |
| rtt_bound   | <pre>pre: !PaIsDelegable(rtt) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                       |
| rtt_state   | <pre>pre: Granule(rtt).state != DELEGATED post: ResultEqual(result, RMI_ERROR_INPUT)</pre>           |
| rtt_walk    | <pre>pre: walk.level &lt; level - 1 post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>       |
| rtte_state  | <pre>pre: walk.rtte.state == TABLE post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>        |

# B3.3.15.2 Failure conditions

#### B3.3.15.2.1 Failure condition ordering

```
[rd_bound, rd_state] < [rtt_walk, rtte_state]
[level_bound, ipa_bound] < [rtt_walk, rtte_state]</pre>
```



## B3.3.15.3 Success conditions

| ID           | Condition                                                                            |
|--------------|--------------------------------------------------------------------------------------|
| rtt_state    | <pre>Granule(rtt).state == RTT</pre>                                                 |
| rtte_state   | <pre>walk.rtte.state == TABLE</pre>                                                  |
| rtte_addr    | <pre>walk.rtte.addr == rtt</pre>                                                     |
| rtte_c_ripas | pre: AddrIsProtected(ipa, realm)<br>post: RttAllEntriesRipas(Rtt(rtt), unfold.ripas) |
| rtte_c_state | <pre>RttAllEntriesState(Rtt(rtt), unfold.state)</pre>                                |
| rtte_c_addr  | <pre>pre: (unfold.state != UNASSIGNED</pre>                                          |

# B3.3.15.4 Footprint

| ID        | Value                                         |
|-----------|-----------------------------------------------|
| rtt_state | Granule(rtt).state                            |
| rtte      | <pre>RttEntry(walk.rtt_addr, entry_idx)</pre> |

# B3.3.16 RMI\_RTT\_DESTROY command

Destroys an RTT.

See also:

- A5.5 Realm Translation Table
- A5.5.9 RTT destruction
- B3.3.15 RMI\_RTT\_CREATE command
- B3.3.17 *RMI\_RTT\_FOLD command*

## B3.3.16.1 Interface

| B3.3.16.1.1 Input valu | ues |
|------------------------|-----|
|------------------------|-----|

| Name  | Register | Bits | Туре    | Description                                |
|-------|----------|------|---------|--------------------------------------------|
| fid   | X0       | 63:0 | UInt64  | <b>FID, value</b> 0xC400015E               |
| rd    | X1       | 63:0 | Address | PA of the RD for the target Realm          |
| ipa   | X2       | 63:0 | Address | Base of the IPA range described by the RTT |
| level | X3       | 63:0 | Int64   | RTT level                                  |

#### B3.3.16.1.2 Context

The RMI\_RTT\_DESTROY command operates on the following context.

| Name      | Туре             | Value                                                                              | Before | Description                                                                              |
|-----------|------------------|------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------|
| walk      | RmmRttWalkResult | RttWalk(<br>rd, ipa,<br>level - 1)                                                 | false  | RTT walk result                                                                          |
| entry_idx | UInt64           | RttEntryIndex(<br>ipa, walk.level)                                                 | false  | RTTE index                                                                               |
| walk_top  | Address          | <pre>RttSkipNonLiveEntries(     Rtt(walk.rtt_addr),     walk.level,     ipa)</pre> | false  | Top IPA of non-live<br>RTT entries, from<br>entry at which the<br>RTT walk<br>terminated |

#### B3.3.16.1.3 Output values

| Name   | Register | Bits | Туре                 | Description                       |  |
|--------|----------|------|----------------------|-----------------------------------|--|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status             |  |
| rtt    | X1       | 63:0 | Address              | PA of the RTT which was destroyed |  |

| Name | Register | Bits | Туре    | Description                                                                        |
|------|----------|------|---------|------------------------------------------------------------------------------------|
| top  | X2       | 63:0 | Address | Top IPA of non-live RTT entries, from<br>entry at which the RTT walk<br>terminated |

The rtt output value is valid only when the command result is RMI\_SUCCESS.

The values of the  ${\tt result}$  and  ${\tt top}$  output values for different command outcomes are summarized in the following table.

| Scenario                                                           | result                   | top    | walk.rtte.state                                                                     |
|--------------------------------------------------------------------|--------------------------|--------|-------------------------------------------------------------------------------------|
| Target RTT exists and is not live                                  | RMI_SUCCESS              | > ipa  | Before execution: TABLE<br>After execution:<br>UNASSIGNED and RIPAS is<br>DESTROYED |
| Missing RTT                                                        | (RMI_ERROR_RTT, < level) | > ipa  | UNASSIGNED or<br>UNASSIGNED_NS                                                      |
| Block mapping at lower level                                       | (RMI_ERROR_RTT, < level) | == ipa | ASSIGNED or ASSIGNED_NS                                                             |
| Live RTT at target level                                           | (RMI_ERROR_RTT, level)   | == ipa | TABLE                                                                               |
| RTT walk was not performed,<br>due to any other command<br>failure | Another error code       | 0      | Unknown                                                                             |

See also:

• A5.5.8 RTTE liveness and RTT liveness

# B3.3.16.2 Failure conditions

| ID          | Condition                                                                                            |
|-------------|------------------------------------------------------------------------------------------------------|
| rd_align    | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                 |
| rd_bound    | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                        |
| rd_state    | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                   |
| level_bound | <pre>pre: (!RttLevelIsValid(rd, level)</pre>                                                         |
| ipa_align   | <pre>pre: !AddrIsRttLevelAligned(ipa, level - 1) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>    |
| ipa_bound   | <pre>pre: UInt(ipa) &gt;= (2 ^ Realm(rd).ipa_width) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |

| ID         | Condition                                                                                                                         |
|------------|-----------------------------------------------------------------------------------------------------------------------------------|
| rtt_walk   | <pre>pre: walk.level &lt; level - 1 post: (ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>                                   |
| rtte_state | <pre>pre: walk.rtte.state != TABLE post: (ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>                                    |
| rtt_live   | <pre>pre: RttIsLive(Rtt(walk.rtte.addr)) post: (ResultEqual(result, RMI_ERROR_RTT, level)          &amp;&amp; (top == ipa))</pre> |

## B3.3.16.2.1 Failure condition ordering

```
[rd_bound, rd_state] < [rtt_walk, rtte_state, rtt_live]
[level_bound, ipa_bound] < [rtt_walk, rtte_state]</pre>
```



## B3.3.16.3 Success conditions

| ID         | Condition                                             |
|------------|-------------------------------------------------------|
| rtte_state | <pre>walk.rtte.state == UNASSIGNED</pre>              |
| ripas      | <pre>walk.rtte.ripas == DESTROYED</pre>               |
| rtt_state  | <pre>Granule(walk.rtte.addr).state == DELEGATED</pre> |
| rtt        | <pre>rtt == walk.rtte.addr</pre>                      |
| top        | <pre>top == walk_top</pre>                            |

# B3.3.16.4 Footprint

| ID        | Value                                    |
|-----------|------------------------------------------|
| rtt_state | <pre>Granule(walk.rtte.addr).state</pre> |

| ID   | Value                                         |
|------|-----------------------------------------------|
| rtte | <pre>RttEntry(walk.rtt_addr, entry_idx)</pre> |

# B3.3.17 RMI\_RTT\_FOLD command

Destroys a homogeneous RTT.

See also:

- A5.5 Realm Translation Table
- A5.5.6 RTT folding
- B3.3.15 RMI\_RTT\_CREATE command
- B3.3.16 RMI\_RTT\_DESTROY command

## B3.3.17.1 Interface

|  | B3.3. | 17.1.1 | Input | values |
|--|-------|--------|-------|--------|
|--|-------|--------|-------|--------|

| Name  | Register | Bits | Туре    | Description                                |
|-------|----------|------|---------|--------------------------------------------|
| fid   | X0       | 63:0 | UInt64  | <b>FID</b> , value 0xC4000166              |
| rd    | X1       | 63:0 | Address | PA of the RD for the target Realm          |
| ipa   | X2       | 63:0 | Address | Base of the IPA range described by the RTT |
| level | X3       | 63:0 | Int64   | RTT level                                  |

#### B3.3.17.1.2 Context

The RMI\_RTT\_FOLD command operates on the following context.

| Name      | Туре             | Value                              | Before | Description              |
|-----------|------------------|------------------------------------|--------|--------------------------|
| walk      | RmmRttWalkResult | RttWalk(<br>rd, ipa,<br>level - 1) | false  | RTT walk result          |
| entry_idx | UInt64           | RttEntryIndex(<br>ipa, walk.level) | false  | RTTE index               |
| fold      | RmmRttEntry      | RttFold(<br>Rtt(walk.rtte.addr))   | true   | Result of folding<br>RTT |

## B3.3.17.1.3 Output values

| Name   | Register | Bits | Туре                 | Description                       |
|--------|----------|------|----------------------|-----------------------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status             |
| rtt    | X1       | 63:0 | Address              | PA of the RTT which was destroyed |

The rtt output value is valid only when the command result is RMI\_SUCCESS.

| ID          | Condition                                                                                              |
|-------------|--------------------------------------------------------------------------------------------------------|
| rd_align    | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                   |
| rd_bound    | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                          |
| rd_state    | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                     |
| level_bound | <pre>pre: (!RttLevelIsValid(rd, level)</pre>                                                           |
| ipa_align   | <pre>pre: !AddrIsRttLevelAligned(ipa, level - 1) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>      |
| ipa_bound   | <pre>pre: UInt(ipa) &gt;= (2 ^ Realm(rd).ipa_width) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>   |
| rtt_walk    | <pre>pre: walk.level &lt; level - 1 post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>         |
| rtte_state  | <pre>pre: walk.rtte.state != TABLE post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>          |
| rtt_homo    | <pre>pre: !RttIsHomogeneous(Rtt(walk.rtte.addr)) post: ResultEqual(result, RMI_ERROR_RTT, level)</pre> |

# B3.3.17.2 Failure conditions

### B3.3.17.2.1 Failure condition ordering

```
[rd_bound, rd_state] < [rtt_walk, rtte_state, rtt_homo]
[level_bound, ipa_bound] < [rtt_walk, rtte_state]</pre>
```



# B3.3.17.3 Success conditions

| ID                  | Condition                                                                                     |     |
|---------------------|-----------------------------------------------------------------------------------------------|-----|
| rtte_state          | <pre>walk.rtte.state == fold.state</pre>                                                      |     |
| DEN0137<br>1.0-eac3 | Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved.<br>Non-confidential | 192 |

| ID         | Condition                                                                           |
|------------|-------------------------------------------------------------------------------------|
| rtte_addr  | <pre>pre: (fold.state != UNASSIGNED</pre>                                           |
| rtte_attr  | <pre>pre: (fold.state == ASSIGNED</pre>                                             |
| rtte_ripas | <pre>pre: AddrIsProtected(ipa, Realm(rd)) post: walk.rtte.ripas == fold.ripas</pre> |
| rtt_state  | <pre>Granule(walk.rtte.addr).state == DELEGATED</pre>                               |
| rtt        | <pre>rtt == walk.rtte.addr</pre>                                                    |

# B3.3.17.4 Footprint

| ID        | Value                                         |
|-----------|-----------------------------------------------|
| rtt_state | Granule(walk.rtte.addr).state                 |
| rtte      | <pre>RttEntry(walk.rtt_addr, entry_idx)</pre> |

# B3.3.18 RMI\_RTT\_INIT\_RIPAS command

Set the RIPAS of a target IPA range to RAM, for a Realm in the NEW state.

See also:

- A5.2.2 Realm IPA state
- D1.2.3 Initialize memory of New Realm flow

## B3.3.18.1 Interface

#### B3.3.18.1.1 Input values

| Name | Register | Bits | Туре    | Description                       |
|------|----------|------|---------|-----------------------------------|
| fid  | X0       | 63:0 | UInt64  | <b>FID, value</b> 0xC4000168      |
| rd   | X1       | 63:0 | Address | PA of the RD for the target Realm |
| base | X2       | 63:0 | Address | Base of target IPA region         |
| top  | X3       | 63:0 | Address | Top of target IPA region          |

#### B3.3.18.1.2 Context

The RMI\_RTT\_INIT\_RIPAS command operates on the following context.

| Name     | Туре             | Value                                                                                             | Before | Description                                                                                                                   |
|----------|------------------|---------------------------------------------------------------------------------------------------|--------|-------------------------------------------------------------------------------------------------------------------------------|
| realm    | RmmRealm         | Realm(rd)                                                                                         | true   | Realm                                                                                                                         |
| walk     | RmmRttWalkResult | RttWalk(rd, base,<br>RMM_RTT_PAGE_LEVEL)                                                          | false  | RTT walk result                                                                                                               |
| walk_top | Address          | <pre>RttSkipEntriesWithRipas(     Rtt(walk.rtt_addr),     walk.level,     base, top, FALSE)</pre> | false  | Top IPA of entries<br>which have<br>associated RIPAS<br>values, starting from<br>entry at which the<br>RTT walk<br>terminated |

#### B3.3.18.1.3 Output values

| Name    | Register | Bits | Туре                 | Description                               |
|---------|----------|------|----------------------|-------------------------------------------|
| result  | X0       | 63:0 | RmiCommandReturnCode | Command return status                     |
| out_top | X1       | 63:0 | Address              | Top IPA of range whose RIPAS was modified |

The out\_top output value is valid only when the command result is RMI\_SUCCESS.

When the  $out_top$  output value is valid, it is aligned to the size of the address range described by the RTT entry at the level where the RTT walk terminated.

| ID          | Condition                                                                                                                                    |
|-------------|----------------------------------------------------------------------------------------------------------------------------------------------|
| rd_align    | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                                                         |
| rd_bound    | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                                                                |
| rd_state    | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                                                           |
| size_valid  | pre: UInt(top) <= UInt(base)<br>post: ResultEqual(result, RMI_ERROR_INPUT)                                                                   |
| top_bound   | <pre>pre: !AddrIsProtected(         ToAddress(UInt(top) - RMM_GRANULE_SIZE),         realm) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |
| realm_state | pre: realm.state != NEW<br>post: ResultEqual(result, RMI_ERROR_REALM)                                                                        |
| base_align  | <pre>pre: !AddrIsRttLevelAligned(base, walk.level) post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>                                |
| rtte_state  | <pre>pre: walk.rtte.state != UNASSIGNED post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>                                           |
| top_align   | <pre>pre: UInt(top) &lt; UInt(</pre>                                                                                                         |
|             | <pre>post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>                                                                              |

# B3.3.18.2 Failure conditions

### B3.3.18.2.1 Failure condition ordering

[rd\_bound, rd\_state] < [realm\_state] [rd\_bound, rd\_state] < [base\_align, rtte\_state] [rd\_bound, rd\_state] < [top\_align]</pre>



| B3.3.18.3 | Success | conditions |
|-----------|---------|------------|
|-----------|---------|------------|

| ID         | Condition                                                                                               |
|------------|---------------------------------------------------------------------------------------------------------|
| rtte_ripas | <pre>RttEntriesInRangeRipas(     Rtt(walk.rtt_addr),     walk.level,     base, walk_top,     RAM)</pre> |
| rim        | <pre>Realm(rd).measurements[0] == RimExtendRipas(     realm, base, walk_top, walk.level)</pre>          |
| out_top    | <pre>out_top == walk_top</pre>                                                                          |

# B3.3.18.4 RMI\_RTT\_INIT\_RIPAS extension of RIM

On successful execution of RMI\_RTT\_INIT\_RIPAS, the new RIM value of the target Realm is calculated by the RMM as follows:

- 1. Allocate an RmmMeasurementDescriptorRipas data structure.
- 2. For each RTT entry in the range [base, top) described by the RMI\_RTT\_INIT\_RIPAS input values:
- a. Populate the measurement descriptor:
- Set the desc\_type field to the descriptor type.
- Set the len field to the descriptor length.
- Set the base field to the IPA of the RTT entry.
- Set the top field to Min(ipa + size, top), where
  - ipa is the IPA of the RTT entry
  - size is the size in bytes of the IPA region described by the RTT entry
  - top is the input value provided to the command
- b. Using the RHA of the target Realm, compute the hash of the measurement descriptor. Set the RIM of the target Realm to this value, zero filling upper bytes if the RHA output is smaller than the size of the RIM.

See also:

- A7.1.1 Realm Initial Measurement
- B2.44 RimExtendRipas function
- C1.7 RmmMeasurementDescriptorRipas type

# B3.3.18.5 Footprint

| ID   | Value                                |
|------|--------------------------------------|
| rtte | Rtt(walk.rtt_addr)                   |
| rim  | <pre>Realm(rd).measurements[0]</pre> |

# B3.3.19 RMI\_RTT\_MAP\_UNPROTECTED command

Creates a mapping from an Unprotected IPA to a Non-secure PA.

See also:

- A5.5 Realm Translation Table
- B3.3.22 RMI\_RTT\_UNMAP\_UNPROTECTED command

#### B3.3.19.1 Interface

| Name  | Register | Bits | Туре    | Description                                                 |
|-------|----------|------|---------|-------------------------------------------------------------|
| fid   | X0       | 63:0 | UInt64  | FID, value 0xC400015F                                       |
| rd    | X1       | 63:0 | Address | PA of the RD for the target Realm                           |
| ipa   | X2       | 63:0 | Address | IPA at which the Granule will be mapped in the target Realm |
| level | X3       | 63:0 | Int64   | RTT level                                                   |
| desc  | X4       | 63:0 | Bits64  | RTTE descriptor                                             |

#### B3.3.19.1.1 Input values

The layout and encoding of fields in the desc input value match "Attribute fields in stage 2 VMSAv8-64 Block and Page descriptors" in *Arm Architecture Reference Manual for A-Profile architecture* [3].

See also:

- Arm Architecture Reference Manual for A-Profile architecture [3]
- A5.5.11 *RTT entry attributes*
- B2.53 RttDescriptorIsValidForUnprotected function

#### B3.3.19.1.2 Context

The RMI\_RTT\_MAP\_UNPROTECTED command operates on the following context.

| Name      | Туре             | Value                              | Before | Description     |
|-----------|------------------|------------------------------------|--------|-----------------|
| walk      | RmmRttWalkResult | RttWalk(<br>rd, ipa, level)        | false  | RTT walk result |
| entry_idx | UInt64           | RttEntryIndex(<br>ipa, walk.level) | false  | RTTE index      |
| rtte      | RmmRttEntry      | RttEntryFromDescriptor(<br>↔desc)  | false  | RTT entry       |

#### B3.3.19.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status |

# B3.3.19.2 Failure conditions

| ID          | Condition                                                                                             |  |
|-------------|-------------------------------------------------------------------------------------------------------|--|
| attr_valid  | <pre>pre: !RttDescriptorIsValidForUnprotected(desc) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>  |  |
| rd_align    | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                  |  |
| rd_bound    | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                         |  |
| rd_state    | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                    |  |
| level_bound | <pre>pre: !RttLevelIsBlockOrPage(rd, level) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>          |  |
| addr_align  | <pre>pre: !AddrIsRttLevelAligned(rtte.addr, level) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>   |  |
| ipa_align   | <pre>pre: !AddrIsRttLevelAligned(ipa, level) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>         |  |
| ipa_bound   | <pre>pre: (UInt(ipa) &gt;= (2 ^ Realm(rd).ipa_width)</pre>                                            |  |
| rtt_walk    | <pre>pre: walk.level &lt; level post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>            |  |
| rtte_state  | <pre>pre: walk.rtte.state != UNASSIGNED_NS post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre> |  |

#### B3.3.19.2.1 Failure condition ordering

[rd\_bound, rd\_state] < [rtt\_walk, rtte\_state]
[level\_bound, ipa\_bound] < [rtt\_walk, rtte\_state]</pre>



| ID | Condition |  |
|----|-----------|--|

# B3.3.19.3 Success conditions

| rtte_state    | <pre>walk.rtte.state == ASSIGNED_NS</pre>                                                                                                                                   |
|---------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| rtte_contents | <pre>(walk.rtte.MemAttr == rtte.MemAttr     &amp;&amp; walk.rtte.S2AP == rtte.S2AP     &amp;&amp; walk.rtte.SH == rtte.SH     &amp;&amp; walk.rtte.addr == rtte.addr)</pre> |

# B3.3.19.4 Footprint

| ID   | Value                                         |
|------|-----------------------------------------------|
| rtte | <pre>RttEntry(walk.rtt_addr, entry_idx)</pre> |

# B3.3.20 RMI\_RTT\_READ\_ENTRY command

Reads an RTTE.

See also:

• A5.5 Realm Translation Table

## B3.3.20.1 Interface

|  | B3.3.20.1.1 | Input | values |
|--|-------------|-------|--------|
|--|-------------|-------|--------|

| Name  | Register | Bits | Туре    | Description                              |
|-------|----------|------|---------|------------------------------------------|
| fid   | X0       | 63:0 | UInt64  | FID, value 0xC4000161                    |
| rd    | X1       | 63:0 | Address | PA of the RD for the target Realm        |
| ipa   | X2       | 63:0 | Address | Realm Address for which to read the RTTE |
| level | X3       | 63:0 | Int64   | RTT level at which to read the RTTE      |

#### B3.3.20.1.2 Context

The RMI\_RTT\_READ\_ENTRY command operates on the following context.

| Name | Туре             | Value                             | Before | Description     |
|------|------------------|-----------------------------------|--------|-----------------|
| walk | RmmRttWalkResult | RttWalk(<br>rd, ipa, level)       | false  | RTT walk result |
| rtte | RmmRttEntry      | RttEntryFromDescriptor(<br>↔desc) | false  | RTT entry       |

### B3.3.20.1.3 Output values

| Name       | Register | Bits | Туре                 | Description                       |
|------------|----------|------|----------------------|-----------------------------------|
| result     | X0       | 63:0 | RmiCommandReturnCode | Command return status             |
| walk_level | X1       | 63:0 | UInt64               | RTT level reached by the RTT walk |
| state      | X2       | 7:0  | RmiRttEntryState     | State of RTTE reached by the walk |
| desc       | X3       | 63:0 | Bits64               | RTTE descriptor                   |
| ripas      | X4       | 7:0  | RmiRipas             | RIPAS of RTTE reached by the walk |

The following unused bits of RMI\_RTT\_READ\_ENTRY output values must be zero: X2[63:8], X4[63:8].

The layout and encoding of fields in the rtte output value match "Attribute fields in stage 2 VMSAv8-64 Block and Page descriptors" in *Arm Architecture Reference Manual for A-Profile architecture* [3].

See also:

- Arm Architecture Reference Manual for A-Profile architecture [3]
- A5.5.11 RTT entry attributes

| ID          | Condition                                                                                            |
|-------------|------------------------------------------------------------------------------------------------------|
| rd_align    | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                 |
| rd_bound    | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                        |
| rd_state    | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                   |
| level_bound | <pre>pre: !RttLevelIsValid(rd, level) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>               |
| ipa_align   | <pre>pre: !AddrIsRttLevelAligned(ipa, level) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>        |
| ipa_bound   | <pre>pre: UInt(ipa) &gt;= (2 ^ Realm(rd).ipa_width) post: ResultEqual(result, RMI_ERROR_INPUT)</pre> |

## B3.3.20.2 Failure conditions

#### B3.3.20.2.1 Failure condition ordering

The RMI\_RTT\_READ\_ENTRY command does not have any failure condition orderings.

| ID            | Condition                                                                               |  |
|---------------|-----------------------------------------------------------------------------------------|--|
| state         | <pre>state == RttEntryState(walk.rtte.state)</pre>                                      |  |
| state_invalid | <pre>pre: (walk.rtte.state == UNASSIGNED</pre>                                          |  |
| state_prot    | <pre>pre: (walk.rtte.state == ASSIGNED</pre>                                            |  |
| state_unprot  | <pre>pre: walk.rtte.state == ASSIGNED_NS post: (rtte.MemAttr == walk.rtte.MemAttr</pre> |  |

## B3.3.20.3 Success conditions

| ID           | Condition                                      |
|--------------|------------------------------------------------|
| ripas_unprot | <pre>pre: (walk.rtte.state != UNASSIGNED</pre> |

# B3.3.20.4 Footprint

The RMI\_RTT\_READ\_ENTRY command does not have any footprint.

# B3.3.21 RMI\_RTT\_SET\_RIPAS command

Completes a request made by the Realm to change the RIPAS of a target IPA range.

See also:

• A5.4 RIPAS change

## B3.3.21.1 Interface

| $D_{3,3,2,1,1,1}$ Input values | B3.3.21.1.1 | Input values |
|--------------------------------|-------------|--------------|
|--------------------------------|-------------|--------------|

| Name | Register | Bits | Туре    | Description                       |
|------|----------|------|---------|-----------------------------------|
| fid  | X0       | 63:0 | UInt64  | FID, value 0xC4000169             |
| rd   | X1       | 63:0 | Address | PA of the RD for the target Realm |
| rec  | X2       | 63:0 | Address | PA of the target REC              |
| base | X3       | 63:0 | Address | Base of target IPA region         |
| top  | X4       | 63:0 | Address | Top of target IPA region          |

#### B3.3.21.1.2 Context

The RMI\_RTT\_SET\_RIPAS command operates on the following context.

| Name     | Туре             | Value                                                                                                                                                             | Before | Description                                                                                                                   |
|----------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------|-------------------------------------------------------------------------------------------------------------------------------|
| walk     | RmmRttWalkResult | RttWalk(<br>rd, base,<br>RMM_RTT_PAGE_LEVEL)                                                                                                                      | false  | RTT walk result                                                                                                               |
| walk_top | Address          | <pre>RttSkipEntriesWithRipas(     Rtt(walk.rtt_addr),     walk.level,     base, top,     Rec(rec).         ripas_destroyed     !=         CHANGE_DESTROYED)</pre> | true   | Top IPA of entries<br>which have<br>associated RIPAS<br>values, starting from<br>entry at which the<br>RTT walk<br>terminated |

#### B3.3.21.1.3 Output values

| Name    | Register | Bits | Туре                 | Description                               |
|---------|----------|------|----------------------|-------------------------------------------|
| result  | X0       | 63:0 | RmiCommandReturnCode | Command return status                     |
| out_top | X1       | 63:0 | Address              | Top IPA of range whose RIPAS was modified |

The out\_top output value is valid only when the command result is RMI\_SUCCESS.

When the  $out_top$  output value is valid, it is aligned to the size of the address range described by the RTT entry at the level where the RTT walk terminated.

| ID             | Condition                                                                                                     |
|----------------|---------------------------------------------------------------------------------------------------------------|
| rd_align       | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                          |
| rd_bound       | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                                 |
| rd_state       | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                            |
| rec_align      | <pre>pre: !AddrIsGranuleAligned(rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                         |
| rec_bound      | <pre>pre: !PaIsDelegable(rec) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                                |
| rec_gran_state | <pre>pre: Granule(rec).state != REC post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                          |
| rec_state      | <pre>pre: Rec(rec).state == RUNNING post: ResultEqual(result, RMI_ERROR_REC)</pre>                            |
| rec_owner      | <pre>pre: Rec(rec).owner != rd post: ResultEqual(result, RMI_ERROR_REC)</pre>                                 |
| size_valid     | <pre>pre: UInt(top) &lt;= UInt(base) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                         |
| base_bound     | pre: base != Rec(rec).ripas_addr<br>post: ResultEqual(result, RMI_ERROR_INPUT)                                |
| top_bound      | <pre>pre: UInt(top) &gt; UInt(Rec(rec).ripas_top) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>            |
| base_align     | <pre>pre: !AddrIsRttLevelAligned(base, walk.level) post: ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre> |
| top_align      | <pre>pre: UInt(top) &lt; UInt(</pre>                                                                          |

# B3.3.21.2 Failure conditions

# B3.3.21.2.1 Failure condition ordering

```
[rd_bound, rd_state] < [base_align]
[rd_bound, rd_state] < [top_align]
[rec_bound, rec_gran_state] < [rec_state, rec_owner]
[base_bound] < [base_align]</pre>
```



# B3.3.21.3 Success conditions

| ID         | Condition                                                                                                                |  |  |  |
|------------|--------------------------------------------------------------------------------------------------------------------------|--|--|--|
| rtte_ripas | <pre>RttEntriesInRangeRipas(     Rtt(walk.rtt_addr),     walk.level,     base, walk_top,     Rec(rec).ripas_value)</pre> |  |  |  |
| ripas_addr | <pre>Rec(rec).ripas_addr == walk_top</pre>                                                                               |  |  |  |
| out_top    | <pre>out_top == walk_top</pre>                                                                                           |  |  |  |

# B3.3.21.4 Footprint

| ID         | Value               |
|------------|---------------------|
| rtte       | Rtt(walk.rtt_addr)  |
| ripas_addr | Rec(rec).ripas_addr |

# B3.3.22 RMI\_RTT\_UNMAP\_UNPROTECTED command

Removes a mapping at an Unprotected IPA.

See also:

- A5.5 Realm Translation Table
- B3.3.19 RMI\_RTT\_MAP\_UNPROTECTED command

#### B3.3.22.1 Interface

#### B3.3.22.1.1 Input values

| Name  | Register | Bits | Туре    | Description                                            |
|-------|----------|------|---------|--------------------------------------------------------|
| fid   | X0       | 63:0 | UInt64  | FID, value 0xC4000162                                  |
| rd    | X1       | 63:0 | Address | PA of the RD for the target Realm                      |
| ipa   | X2       | 63:0 | Address | IPA at which the Granule is mapped in the target Realm |
| level | X3       | 63:0 | Int64   | RTT level                                              |

#### B3.3.22.1.2 Context

The RMI\_RTT\_UNMAP\_UNPROTECTED command operates on the following context.

| Name      | Туре             | Value                                                                              | Before | Description                                                                              |
|-----------|------------------|------------------------------------------------------------------------------------|--------|------------------------------------------------------------------------------------------|
| walk      | RmmRttWalkResult | RttWalk(<br>rd, ipa, level)                                                        | false  | RTT walk result                                                                          |
| entry_idx | UInt64           | RttEntryIndex(<br>ipa, walk.level)                                                 | false  | RTTE index                                                                               |
| walk_top  | Address          | <pre>RttSkipNonLiveEntries(     Rtt(walk.rtt_addr),     walk.level,     ipa)</pre> | false  | Top IPA of non-live<br>RTT entries, from<br>entry at which the<br>RTT walk<br>terminated |

#### B3.3.22.1.3 Output values

| Name   | Register | Bits | Туре                 | Description                                                                        |
|--------|----------|------|----------------------|------------------------------------------------------------------------------------|
| result | X0       | 63:0 | RmiCommandReturnCode | Command return status                                                              |
| top    | X1       | 63:0 | Address              | Top IPA of non-live RTT entries, from<br>entry at which the RTT walk<br>terminated |

The nl output value is valid both when the command result is RMI\_SUCCESS and when it is RMI\_ERROR\_RTT.

The values of the result and top output values for different command outcomes are summarized in the following table.

| Scenario                                                           | result                    | top    | walk.rtte.state                                                       |
|--------------------------------------------------------------------|---------------------------|--------|-----------------------------------------------------------------------|
| ipa is mapped at the target level                                  | RMI_SUCCESS               | > ipa  | Before execution:<br>ASSIGNED_NS<br>After execution:<br>UNASSIGNED_NS |
| ipa is not mapped                                                  | (RMI_ERROR_RTT, <= level) | > ipa  | UNASSIGNED_NS                                                         |
| ipa is mapped at a lower level                                     | (RMI_ERROR_RTT, < level)  | == ipa | ASSIGNED_NS                                                           |
| RTT walk was not performed,<br>due to any other command<br>failure | Another error code        | 0      | Unknown                                                               |

See also:

• A5.5.8 RTTE liveness and RTT liveness

## B3.3.22.2 Failure conditions

| ID          | Condition                                                                                            |
|-------------|------------------------------------------------------------------------------------------------------|
| rd_align    | <pre>pre: !AddrIsGranuleAligned(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                 |
| rd_bound    | <pre>pre: !PaIsDelegable(rd) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                        |
| rd_state    | <pre>pre: Granule(rd).state != RD post: ResultEqual(result, RMI_ERROR_INPUT)</pre>                   |
| level_bound | <pre>pre: !RttLevelIsBlockOrPage(rd, level) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>         |
| ipa_align   | <pre>pre: !AddrIsRttLevelAligned(ipa, level) post: ResultEqual(result, RMI_ERROR_INPUT)</pre>        |
| ipa_bound   | <pre>pre: (UInt(ipa) &gt;= (2 ^ Realm(rd).ipa_width)</pre>                                           |
| rtt_walk    | <pre>pre: walk.level &lt; level post: (ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre>          |
| rtte_state  | <pre>pre: walk.rtte.state != ASSIGNED_NS post: (ResultEqual(result, RMI_ERROR_RTT, walk.level)</pre> |

#### B3.3.22.2.1 Failure condition ordering

```
[rd_bound, rd_state] < [rtt_walk, rtte_state]
[level_bound, ipa_bound] < [rtt_walk, rtte_state]</pre>
```



# B3.3.22.3 Success conditions

| ID         | Condition                                   |  |  |  |
|------------|---------------------------------------------|--|--|--|
| rtte_state | <pre>walk.rtte.state == UNASSIGNED_NS</pre> |  |  |  |
| top        | <pre>top == walk_top</pre>                  |  |  |  |

# B3.3.22.4 Footprint

| ID   | Value                                         |
|------|-----------------------------------------------|
| rtte | <pre>RttEntry(walk.rtt_addr, entry_idx)</pre> |

# B3.3.23 RMI\_VERSION command

Returns RMI version.

#### B3.3.23.1 Interface

#### B3.3.23.1.1 Input values

| Name | Register | Bits | Туре   | Description                  |
|------|----------|------|--------|------------------------------|
| fid  | X0       | 63:0 | UInt64 | <b>FID, value</b> 0xC4000150 |

#### B3.3.23.1.2 Output values

| Name   | Register | Bits | Туре                | Description       |
|--------|----------|------|---------------------|-------------------|
| result | X0       | 63:0 | RmiInterfaceVersion | Interface version |

#### See also:

• B3.1 RMI version

#### B3.3.23.2 Failure conditions

The RMI\_VERSION command does not have any failure conditions.

#### B3.3.23.3 Success conditions

The RMI\_VERSION command does not have any success conditions.

## B3.3.23.4 Footprint

The RMI\_VERSION command does not have any footprint.

Chapter B3. Realm Management Interface B3.4. RMI types

# B3.4 RMI types

This section defines types which are used in the RMI interface.

## B3.4.1 RmiCommandReturnCode type

The RmiCommandReturnCode fieldset contains a return code from an RMI command.

The RmiCommandReturnCode fieldset is a concrete type.

The width of the RmiCommandReturnCode fieldset is 64 bits.

See also:

• Chapter B1 Commands

The fields of the RmiCommandReturnCode fieldset are shown in the following diagram.

| L | 63    |                   |       |        | 32 |
|---|-------|-------------------|-------|--------|----|
|   | R     | ES0               |       |        |    |
| 1 | 31 16 | 5 <sub>1</sub> 15 | 8     | 7      | 0  |
|   | RESO  |                   | index | status |    |

The fields of the RmiCommandReturnCode fieldset are shown in the following table.

| Name   | Bits                                                         | Description           | Value         |
|--------|--------------------------------------------------------------|-----------------------|---------------|
| status | 7:0                                                          | Status of the command | RmiStatusCode |
| index  | 15:8 Index which identifies the reason for a command failure |                       | UInt8         |
|        | 63:16                                                        | Reserved              | Must be zero  |

## B3.4.2 RmiDataFlags type

The RmiDataFlags fieldset contains flags provided by the Host during DATA Granule creation.

The RmiDataFlags fieldset is a concrete type.

The width of the RmiDataFlags fieldset is 64 bits.

The fields of the RmiDataFlags fieldset are shown in the following diagram.

| 63 | RESO | 32       |
|----|------|----------|
| 31 |      | 1   0    |
|    | RESO |          |
|    |      | Lmeasure |

The fields of the RmiDataFlags fieldset are shown in the following table.

| Name    | Bits | Description                              | Value                 |
|---------|------|------------------------------------------|-----------------------|
| measure | 0:0  | Whether to measure DATA Granule contents | RmiDataMeasureContent |

| Name | Bits | Description | Value          |
|------|------|-------------|----------------|
|      | 63:1 | Reserved    | Should be zero |

# B3.4.3 RmiDataMeasureContent type

The RmiDataMeasureContent enumeration represents whether to measure DATA Granule contents.

The RmiDataMeasureContent enumeration is a concrete type.

The width of the RmiDataMeasureContent enumeration is 1 bits.

The values of the RmiDataMeasureContent enumeration are shown in the following table.

| Encoding | Name                  | Description                             |
|----------|-----------------------|-----------------------------------------|
| 0        | RMI_NO_MEASURE_CONTEN | Γ Do not measure DATA Granule contents. |
| 1        | RMI_MEASURE_CONTENT   | Measure DATA Granule contents.          |

# B3.4.4 RmiEmulatedMmio type

The RmiEmulatedMmio enumeration represents whether the host has completed emulation for an Emulatable Abort.

The RmiEmulatedMmio enumeration is a concrete type.

The width of the RmiEmulatedMmio enumeration is 1 bits.

The values of the RmiEmulatedMmio enumeration are shown in the following table.

| Encoding | Name                  | Description                                               |
|----------|-----------------------|-----------------------------------------------------------|
| 0        | RMI_NOT_EMULATED_MMIO | Host has not completed emulation for an Emulatable Abort. |
| 1        | RMI_EMULATED_MMIO     | Host has completed emulation for an Emulatable Abort.     |

## B3.4.5 RmiFeature type

The RmiFeature enumeration represents whether a feature is supported or enabled.

The RmiFeature enumeration is a concrete type.

The width of the RmiFeature enumeration is 1 bits.

The values of the RmiFeature enumeration are shown in the following table.

| Encoding | Name              | Description                                   |
|----------|-------------------|-----------------------------------------------|
| 0        | RMI_FEATURE_FALSE | • During discovery: Feature is not supported. |

• During selection: Feature is not enabled.

| Encoding | Name             | Description                                                                                             |
|----------|------------------|---------------------------------------------------------------------------------------------------------|
| 1        | RMI_FEATURE_TRUE | <ul><li>During discovery: Feature is supported.</li><li>During selection: Feature is enabled.</li></ul> |

# B3.4.6 RmiFeatureRegister0 type

The RmiFeatureRegister0 fieldset contains feature register 0.

The RmiFeatureRegister0 fieldset is a concrete type.

The width of the RmiFeatureRegister0 fieldset is 64 bits.

See also:

- A3.1 Realm feature discovery and selection
- B3.3.4 RMI\_FEATURES command

The fields of the RmiFeatureRegister0 fieldset are shown in the following diagram.



The fields of the RmiFeatureRegister0 fieldset are shown in the following table.

| Name         | Bits                                                                                                                                                                                | Description                                                                                                                                                                                                                                            | Value      |
|--------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|------------|
| S2SZ         | 7:0                                                                                                                                                                                 | Maximum Realm IPA width supported by the<br>RMM.<br>Specifies the input address size for stage 2<br>translation to be 2 ^ S2SZ. Note this format<br>expresses the IPA width directly and is<br>therefore different from the VTCR_EL2.TOSZ<br>encoding. | UInt8      |
| LPA2         | 8:8                                                                                                                                                                                 | Whether LPA2 is supported.                                                                                                                                                                                                                             | RmiFeature |
| SVE_EN       | 9:9                                                                                                                                                                                 | Whether SVE is supported.                                                                                                                                                                                                                              | RmiFeature |
| SVE_VL       | VE_VL 13:10 Maximum SVE vector length supported by<br>the RMM.<br>The effective vector length supported by the<br>RMM is (SVE_VL + 1) *128, similar to the<br>value of ZCR_ELX.LEN. |                                                                                                                                                                                                                                                        | UInt4      |
| NUM_BPS      | 17:14                                                                                                                                                                               | Number of breakpoints available                                                                                                                                                                                                                        | UInt4      |
| NUM_WPS      | 21:18                                                                                                                                                                               | Number of watchpoints available                                                                                                                                                                                                                        | UInt4      |
| PMU_EN       | 22:22                                                                                                                                                                               | Whether PMU is supported                                                                                                                                                                                                                               | RmiFeature |
| PMU_NUM_CTRS | 27:23                                                                                                                                                                               | Number of PMU counters available                                                                                                                                                                                                                       | UInt5      |
| HASH_SHA_256 | 28:28                                                                                                                                                                               | Whether SHA-256 is supported                                                                                                                                                                                                                           | RmiFeature |

| Name         | Bits  | Description                  | Value        |
|--------------|-------|------------------------------|--------------|
| HASH_SHA_512 | 29:29 | Whether SHA-512 is supported | RmiFeature   |
|              | 63:30 | Reserved                     | Must be zero |

# B3.4.7 RmiHashAlgorithm type

The RmiHashAlgorithm enumeration represents hash algorithm.

The RmiHashAlgorithm enumeration is a concrete type.

The width of the RmiHashAlgorithm enumeration is 8 bits.

The values of the RmiHashAlgorithm enumeration are shown in the following table.

| Encoding | Name             | Description                               |
|----------|------------------|-------------------------------------------|
| 0        | RMI_HASH_SHA_256 | SHA-256 (Secure Hash Standard (SHS) [15]) |
| 1        | RMI_HASH_SHA_512 | SHA-512 (Secure Hash Standard (SHS) [15]) |

Unused encodings for the RmiHashAlgorithm enumeration are reserved for use by future versions of this specification.

## B3.4.8 RmilnjectSea type

The RmiInjectSea enumeration represents whether to inject a Synchronous External Abort into the Realm.

The RmiInjectSea enumeration is a concrete type.

The width of the RmiInjectSea enumeration is 1 bits.

The values of the RmiInjectSea enumeration are shown in the following table.

| Encoding | Name              | Description                          |
|----------|-------------------|--------------------------------------|
| 0        | RMI_NO_INJECT_SEA | Do not inject an SEA into the Realm. |
| 1        | RMI_INJECT_SEA    | Inject an SEA into the Realm.        |

## B3.4.9 RmiInterfaceVersion type

The RmiInterfaceVersion fieldset contains an RMI interface version.

The RmiInterfaceVersion fieldset is a concrete type.

The width of the RmiInterfaceVersion fieldset is 64 bits.

See also:

- B3.1 RMI version
- B3.3.23 RMI\_VERSION command

The fields of the RmiInterfaceVersion fieldset are shown in the following diagram.

# Chapter B3. Realm Management Interface B3.4. RMI types

| 63           |       |    |    |       | 32 |
|--------------|-------|----|----|-------|----|
|              |       | RE | 50 |       |    |
| <b>31</b> 30 |       | 16 | 15 |       | 0  |
|              | major |    | n  | ninor |    |
| LRES0        |       |    |    |       |    |

The fields of the RmiInterfaceVersion fieldset are shown in the following table.

| Name  | Bits  | Description                                                                      | Value        |
|-------|-------|----------------------------------------------------------------------------------|--------------|
| minor | 15:0  | Interface minor version number (the value $y$ in interface version x.y)          | UInt16       |
| major | 30:16 | Interface major version number (the value $x$ in interface version $x \cdot y$ ) | UInt15       |
|       | 63:31 | Reserved                                                                         | Must be zero |

## B3.4.10 RmiPmuOverflowStatus type

The RmiPmuOverflowStatus enumeration represents PMU overflow status.

The RmiPmuOverflowStatus enumeration is a concrete type.

The width of the RmiPmuOverflowStatus enumeration is 8 bits.

The values of the RmiPmuOverflowStatus enumeration are shown in the following table.

| Encoding | Name                        | Description                 |
|----------|-----------------------------|-----------------------------|
| 0        | RMI_PMU_OVERFLOW_NOT_ACTIVE | PMU overflow is not active. |
| 1        | RMI_PMU_OVERFLOW_ACTIVE     | PMU overflow is active.     |

Unused encodings for the RmiPmuOverflowStatus enumeration are reserved for use by future versions of this specification.

## B3.4.11 RmiRealmFlags type

The RmiRealmFlags fieldset contains flags provided by the Host during Realm creation.

The RmiRealmFlags fieldset is a concrete type.

The width of the RmiRealmFlags fieldset is 64 bits.

The fields of the RmiRealmFlags fieldset are shown in the following diagram.



The fields of the RmiRealmFlags fieldset are shown in the following table.

| Name | Bits | Description             | Value          |
|------|------|-------------------------|----------------|
| lpa2 | 0:0  | Whether LPA2 is enabled | RmiFeature     |
| sve  | 1:1  | Whether SVE is enabled  | RmiFeature     |
| pmu  | 2:2  | Whether PMU is enabled  | RmiFeature     |
|      | 63:3 | Reserved                | Should be zero |

# B3.4.12 RmiRealmParams type

The RmiRealmParams structure contains parameters provided by the Host during Realm creation.

The RmiRealmParams structure is a concrete type.

The width of the RmiRealmParams structure is 4096 (0x1000) bytes.

See also:

- A2.1.6 Realm parameters
- B3.3.9 RMI\_REALM\_CREATE command

The members of the RmiRealmParams structure are shown in the following table.

| Name            | Byte offset | Туре             | Description                                                                                                                                                                                                                |
|-----------------|-------------|------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| flags           | 0x0         | RmiRealmFlags    | Flags                                                                                                                                                                                                                      |
| s2sz            | 0x8         | UInt8            | Requested IPA width.<br>Specifies the input address size for stage 2<br>translation to be 2 ^ S2SZ. Note this<br>format expresses the IPA width directly and<br>is therefore different from the<br>VTCR_EL2.TOSZ encoding. |
| sve_vl          | 0x10        | UInt8            | Requested SVE vector length.<br>The effective vector length requested is<br>(sve_v1 + 1) *128, similar to the value<br>of ZCR_ELx.LEN.                                                                                     |
| num_bps         | 0x18        | UInt8            | Requested number of breakpoints                                                                                                                                                                                            |
| num_wps         | 0x20        | UInt8            | Requested number of watchpoints                                                                                                                                                                                            |
| pmu_num_ctrs    | 0x28        | UInt8            | Requested number of PMU counters                                                                                                                                                                                           |
| hash_algo       | 0x30        | RmiHashAlgorithm | Algorithm used to measure the initial state of the Realm                                                                                                                                                                   |
| rpv             | 0x400       | Bits512          | Realm Personalization Value                                                                                                                                                                                                |
| vmid            | 0x800       | Bits16           | Virtual Machine Identifier                                                                                                                                                                                                 |
| rtt_base        | 0x808       | Address          | Realm Translation Table base                                                                                                                                                                                               |
| rtt_level_start | 0x810       | Int64            | RTT starting level                                                                                                                                                                                                         |
| rtt_num_start   | 0x818       | UInt32           | Number of starting level RTTs                                                                                                                                                                                              |

Unused bits of the RmiRealmParams structure should be zero.

Chapter B3. Realm Management Interface B3.4. RMI types

## B3.4.13 RmiRecCreateFlags type

The RmiRecCreateFlags fieldset contains flags provided by the Host during REC creation.

The RmiRecCreateFlags fieldset is a concrete type.

The width of the RmiRecCreateFlags fieldset is 64 bits.

The fields of the RmiRecCreateFlags fieldset are shown in the following diagram.

| 63 |      | 32       |
|----|------|----------|
|    | RESO |          |
| 31 |      | 1   0    |
|    | RESO |          |
|    |      | runnable |

The fields of the RmiRecCreateFlags fieldset are shown in the following table.

| Name     | Bits | Description                           | Value          |
|----------|------|---------------------------------------|----------------|
| runnable | 0:0  | Whether REC is eligible for execution | RmiRecRunnable |
|          | 63:1 | Reserved                              | Should be zero |

## B3.4.14 RmiRecEnter type

The RmiRecEnter structure contains data passed from the Host to the RMM on REC entry.

The RmiRecEnter structure is a concrete type.

The width of the RmiRecEnter structure is 2048 (0x800) bytes.

See also:

- A4.2.1 *RecEnter object*
- B3.3.14 RMI\_REC\_ENTER command
- B3.4.16 *RmiRecExit type*

The members of the RmiRecEnter structure are shown in the following table.

| Name    | Byte offset | Туре             | Description |  |
|---------|-------------|------------------|-------------|--|
| flags   | 0x0         | RmiRecEnterFlags | Flags       |  |
| gprs[0] | 0x200       | Bits64           | Registers   |  |
| gprs[1] | 0x208       | Bits64           | Registers   |  |
| gprs[2] | 0x210       | Bits64           | Registers   |  |
| gprs[3] | 0x218       | Bits64           | Registers   |  |
| gprs[4] | 0x220       | Bits64           | Registers   |  |
| gprs[5] | 0x228       | Bits64           | Registers   |  |
| gprs[6] | 0x230       | Bits64           | Registers   |  |
| gprs[7] | 0x238       | Bits64           | Registers   |  |
| gprs[8] | 0x240       | Bits64           | Registers   |  |

# Chapter B3. Realm Management Interface B3.4. RMI types

| Name          | Byte offset | Туре   | Description                             |
|---------------|-------------|--------|-----------------------------------------|
| gprs[9]       | 0x248       | Bits64 | Registers                               |
| gprs[10]      | 0x250       | Bits64 | Registers                               |
| gprs[11]      | 0x258       | Bits64 | Registers                               |
| gprs[12]      | 0x260       | Bits64 | Registers                               |
| gprs[13]      | 0x268       | Bits64 | Registers                               |
| gprs[14]      | 0x270       | Bits64 | Registers                               |
| gprs[15]      | 0x278       | Bits64 | Registers                               |
| gprs[16]      | 0x280       | Bits64 | Registers                               |
| gprs[17]      | 0x288       | Bits64 | Registers                               |
| gprs[18]      | 0x290       | Bits64 | Registers                               |
| gprs[19]      | 0x298       | Bits64 | Registers                               |
| gprs[20]      | 0x2a0       | Bits64 | Registers                               |
| gprs[21]      | 0x2a8       | Bits64 | Registers                               |
| gprs[22]      | 0x2b0       | Bits64 | Registers                               |
| gprs[23]      | 0x2b8       | Bits64 | Registers                               |
| gprs[24]      | 0x2c0       | Bits64 | Registers                               |
| gprs[25]      | 0x2c8       | Bits64 | Registers                               |
| gprs[26]      | 0x2d0       | Bits64 | Registers                               |
| gprs[27]      | 0x2d8       | Bits64 | Registers                               |
| gprs[28]      | 0x2e0       | Bits64 | Registers                               |
| gprs[29]      | 0x2e8       | Bits64 | Registers                               |
| gprs[30]      | 0x2f0       | Bits64 | Registers                               |
| gicv3_hcr     | 0x300       | Bits64 | GICv3 Hypervisor Control Register value |
| gicv3_lrs[0]  | 0x308       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[1]  | 0x310       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[2]  | 0x318       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[3]  | 0x320       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[4]  | 0x328       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[5]  | 0x330       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[6]  | 0x338       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[7]  | 0x340       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[8]  | 0x348       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[9]  | 0x350       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[10] | 0x358       | Bits64 | GICv3 List Register values              |
| gicv3_lrs[11] | 0x360       | Bits64 | GICv3 List Register values              |

| Name          | Byte offset | Туре   | Description                |
|---------------|-------------|--------|----------------------------|
| gicv3_lrs[12] | 0x368       | Bits64 | GICv3 List Register values |
| gicv3_lrs[13] | 0x370       | Bits64 | GICv3 List Register values |
| gicv3_lrs[14] | 0x378       | Bits64 | GICv3 List Register values |
| gicv3_lrs[15] | 0x380       | Bits64 | GICv3 List Register values |

Unused bits of the RmiRecEnter structure should be zero.

#### B3.4.15 RmiRecEnterFlags type

The RmiRecEnterFlags fieldset contains flags provided by the Host during REC entry.

The RmiRecEnterFlags fieldset is a concrete type.

The width of the RmiRecEnterFlags fieldset is 64 bits.

The fields of the RmiRecEnterFlags fieldset are shown in the following diagram.



The fields of the RmiRecEnterFlags fieldset are shown in the following table.

| Name           | Bits | Description                                                           | Value           |
|----------------|------|-----------------------------------------------------------------------|-----------------|
| emul_mmio      | 0:0  | Whether the host has completed emulation for an Emulatable Data Abort | RmiEmulatedMmio |
| inject_sea     | 1:1  | Whether to inject a Synchronous External Abort into the Realm.        | RmiInjectSea    |
| trap_wfi       | 2:2  | Whether to trap WFI execution by the Realm.                           | RmiTrap         |
| trap_wfe       | 3:3  | Whether to trap WFE execution by the Realm.                           | RmiTrap         |
| ripas_response | 4:4  | Host response to RIPAS change request.                                | RmiResponse     |
|                | 63:5 | Reserved                                                              | Should be zero  |

## B3.4.16 RmiRecExit type

The RmiRecExit structure contains data passed from the RMM to the Host on REC exit.

The RmiRecExit structure is a concrete type.

The width of the RmiRecExit structure is 2048 (0x800) bytes.

See also:

• A4.3.1 RecExit object

# Chapter B3. Realm Management Interface B3.4. RMI types

#### • B3.3.14 RMI\_REC\_ENTER command

• B3.4.14 *RmiRecEnter type* 

The members of the RmiRecExit structure are shown in the following table.

| Name        | Byte offset | Туре             | Description                           |
|-------------|-------------|------------------|---------------------------------------|
| exit_reason | 0x0         | RmiRecExitReason | Exit reason                           |
| esr         | 0x100       | Bits64           | Exception Syndrome Register           |
| far         | 0x108       | Bits64           | Fault Address Register                |
| hpfar       | 0x110       | Bits64           | Hypervisor IPA Fault Address register |
| gprs[0]     | 0x200       | Bits64           | Registers                             |
| gprs[1]     | 0x208       | Bits64           | Registers                             |
| gprs[2]     | 0x210       | Bits64           | Registers                             |
| gprs[3]     | 0x218       | Bits64           | Registers                             |
| gprs[4]     | 0x220       | Bits64           | Registers                             |
| gprs[5]     | 0x228       | Bits64           | Registers                             |
| gprs[6]     | 0x230       | Bits64           | Registers                             |
| gprs[7]     | 0x238       | Bits64           | Registers                             |
| gprs[8]     | 0x240       | Bits64           | Registers                             |
| gprs[9]     | 0x248       | Bits64           | Registers                             |
| gprs[10]    | 0x250       | Bits64           | Registers                             |
| gprs[11]    | 0x258       | Bits64           | Registers                             |
| gprs[12]    | 0x260       | Bits64           | Registers                             |
| gprs[13]    | 0x268       | Bits64           | Registers                             |
| gprs[14]    | 0x270       | Bits64           | Registers                             |
| gprs[15]    | 0x278       | Bits64           | Registers                             |
| gprs[16]    | 0x280       | Bits64           | Registers                             |
| gprs[17]    | 0x288       | Bits64           | Registers                             |
| gprs[18]    | 0x290       | Bits64           | Registers                             |
| gprs[19]    | 0x298       | Bits64           | Registers                             |
| gprs[20]    | 0x2a0       | Bits64           | Registers                             |
| gprs[21]    | 0x2a8       | Bits64           | Registers                             |
| gprs[22]    | 0x2b0       | Bits64           | Registers                             |
| gprs[23]    | 0x2b8       | Bits64           | Registers                             |
| gprs[24]    | 0x2c0       | Bits64           | Registers                             |
| gprs[25]    | 0x2c8       | Bits64           | Registers                             |
| gprs[26]    | 0x2d0       | Bits64           | Registers                             |
| gprs[27]    | 0x2d8       | Bits64           | Registers                             |

# Chapter B3. Realm Management Interface B3.4. RMI types

| Name          | Byte offset | Туре     | Description                                                 |
|---------------|-------------|----------|-------------------------------------------------------------|
| gprs[28]      | 0x2e0       | Bits64   | Registers                                                   |
| gprs[29]      | 0x2e8       | Bits64   | Registers                                                   |
| gprs[30]      | 0x2f0       | Bits64   | Registers                                                   |
| gicv3_hcr     | 0x300       | Bits64   | GICv3 Hypervisor Control Register value                     |
| gicv3_lrs[0]  | 0x308       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[1]  | 0x310       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[2]  | 0x318       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[3]  | 0x320       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[4]  | 0x328       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[5]  | 0x330       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[6]  | 0x338       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[7]  | 0x340       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[8]  | 0x348       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[9]  | 0x350       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[10] | 0x358       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[11] | 0x360       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[12] | 0x368       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[13] | 0x370       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[14] | 0x378       | Bits64   | GICv3 List Register values                                  |
| gicv3_lrs[15] | 0x380       | Bits64   | GICv3 List Register values                                  |
| gicv3_misr    | 0x388       | Bits64   | GICv3 Maintenance Interrupt State<br>Register value         |
| gicv3_vmcr    | 0x390       | Bits64   | GICv3 Virtual Machine Control Register value                |
| cntp_ctl      | 0x400       | Bits64   | Counter-timer Physical Timer Control<br>Register value      |
| cntp_cval     | 0x408       | Bits64   | Counter-timer Physical Timer<br>CompareValue Register value |
| cntv_ctl      | 0x410       | Bits64   | Counter-timer Virtual Timer Control<br>Register value       |
| cntv_cval     | 0x418       | Bits64   | Counter-timer Virtual Timer CompareValue<br>Register value  |
| ripas_base    | 0x500       | Bits64   | Base address of target region for pending RIPAS change      |
| ripas_top     | 0x508       | Bits64   | Top address of target region for pending RIPAS change       |
| ripas_value   | 0x510       | RmiRipas | RIPAS value of pending RIPAS change                         |
| imm           | 0x600       | Bits16   | Host call immediate value                                   |

| Name           | Byte offset | Туре                 | Description         |
|----------------|-------------|----------------------|---------------------|
| pmu_ovf_status | 0x700       | RmiPmuOverflowStatus | PMU overflow status |

Unused bits of the RmiRecExit structure must be zero.

#### B3.4.17 RmiRecExitReason type

The RmiRecExitReason enumeration represents the reason for a REC exit.

The RmiRecExitReason enumeration is a concrete type.

The width of the RmiRecExitReason enumeration is 8 bits.

The values of the RmiRecExitReason enumeration are shown in the following table.

| Encoding | Name                  | Description                           |
|----------|-----------------------|---------------------------------------|
| 0        | RMI_EXIT_SYNC         | REC exit due to synchronous exception |
| 1        | RMI_EXIT_IRQ          | REC exit due to IRQ                   |
| 2        | RMI_EXIT_FIQ          | REC exit due to FIQ                   |
| 3        | RMI_EXIT_PSCI         | REC exit due to PSCI                  |
| 4        | RMI_EXIT_RIPAS_CHANGE | REC exit due to RIPAS change pending  |
| 5        | RMI_EXIT_HOST_CALL    | REC exit due to Host call             |
| 6        | RMI_EXIT_SERROR       | REC exit due to SError                |

Unused encodings for the RmiRecExitReason enumeration are reserved for use by future versions of this specification.

#### B3.4.18 RmiRecMpidr type

The RmiRecMpidr fieldset contains MPIDR value which identifies a REC.

The RmiRecMpidr fieldset is a concrete type.

The width of the RmiRecMpidr fieldset is 64 bits.

See also:

- A2.3.3 *REC index and MPIDR value*
- B3.3.12 RMI\_REC\_CREATE command

The fields of the RmiRecMpidr fieldset are shown in the following diagram.

| I | 63    |       |      |      | 32   |
|---|-------|-------|------|------|------|
|   |       | RE    | S0   |      |      |
|   | 31 24 | 23 16 | 15 8 | 7 4  | 3 0  |
|   | aff3  | aff2  | aff1 | RES0 | aff0 |

The fields of the RmiRecMpidr fieldset are shown in the following table.

| Name | Bits  | Description      | Value          |
|------|-------|------------------|----------------|
| aff0 | 3:0   | Affinity level 0 | Bits4          |
|      | 7:4   | Reserved         | Should be zero |
| aff1 | 15:8  | Affinity level 1 | Bits8          |
| aff2 | 23:16 | Affinity level 2 | Bits8          |
| aff3 | 31:24 | Affinity level 3 | Bits8          |
|      | 63:32 | Reserved         | Should be zero |

#### B3.4.19 RmiRecParams type

The RmiRecParams structure contains parameters provided by the Host during REC creation.

The RmiRecParams structure is a concrete type.

The width of the RmiRecParams structure is 4096 (0x1000) bytes.

The number of valid entries in the aux array is determined by the return value from the RMI\_REC\_AUX\_COUNT command.

See also:

#### • B3.3.11 RMI\_REC\_AUX\_COUNT command

The members of the RmiRecParams structure are shown in the following table.

| Name    | Byte offset | Туре              | Description                     |
|---------|-------------|-------------------|---------------------------------|
| flags   | 0x0         | RmiRecCreateFlags | Flags                           |
| mpidr   | 0x100       | RmiRecMpidr       | MPIDR of the REC                |
| pc      | 0x200       | Bits64            | Program counter                 |
| gprs[0] | 0x300       | Bits64            | General-purpose registers       |
| gprs[1] | 0x308       | Bits64            | General-purpose registers       |
| gprs[2] | 0x310       | Bits64            | General-purpose registers       |
| gprs[3] | 0x318       | Bits64            | General-purpose registers       |
| gprs[4] | 0x320       | Bits64            | General-purpose registers       |
| gprs[5] | 0x328       | Bits64            | General-purpose registers       |
| gprs[6] | 0x330       | Bits64            | General-purpose registers       |
| gprs[7] | 0x338       | Bits64            | General-purpose registers       |
| num_aux | 0x800       | UInt64            | Number of auxiliary Granules    |
| aux[0]  | 0x808       | Address           | Addresses of auxiliary Granules |
| aux[1]  | 0x810       | Address           | Addresses of auxiliary Granules |
| aux[2]  | 0x818       | Address           | Addresses of auxiliary Granules |
| aux[3]  | 0x820       | Address           | Addresses of auxiliary Granules |
| aux[4]  | 0x828       | Address           | Addresses of auxiliary Granules |
|         |             |                   |                                 |

Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved. Non-confidential

| Name    | Byte offset | Туре    | Description                     |
|---------|-------------|---------|---------------------------------|
| aux[5]  | 0x830       | Address | Addresses of auxiliary Granules |
| aux[6]  | 0x838       | Address | Addresses of auxiliary Granules |
| aux[7]  | 0x840       | Address | Addresses of auxiliary Granules |
| aux[8]  | 0x848       | Address | Addresses of auxiliary Granules |
| aux[9]  | 0x850       | Address | Addresses of auxiliary Granules |
| aux[10] | 0x858       | Address | Addresses of auxiliary Granules |
| aux[11] | 0x860       | Address | Addresses of auxiliary Granules |
| aux[12] | 0x868       | Address | Addresses of auxiliary Granules |
| aux[13] | 0x870       | Address | Addresses of auxiliary Granules |
| aux[14] | 0x878       | Address | Addresses of auxiliary Granules |
| aux[15] | 0x880       | Address | Addresses of auxiliary Granules |

Unused bits of the RmiRecParams structure should be zero.

## B3.4.20 RmiRecRun type

The RmiRecRun structure contains fields used to share information between RMM and Host during REC entry and REC exit.

The RmiRecRun structure is a concrete type.

The width of the RmiRecRun structure is 4096 (0x1000) bytes.

See also:

- A4.2.1 RecEnter object
- A4.3.1 *RecExit object*
- B3.3.14 RMI\_REC\_ENTER command

The members of the RmiRecRun structure are shown in the following table.

| Name  | Byte offset | Туре        | Description       |
|-------|-------------|-------------|-------------------|
| enter | 0x0         | RmiRecEnter | Entry information |
| exit  | 0x800       | RmiRecExit  | Exit information  |

## B3.4.21 RmiRecRunnable type

The RmiRecRunnable enumeration represents whether a REC is eligible for execution.

The RmiRecRunnable enumeration is a concrete type.

The width of the RmiRecRunnable enumeration is 1 bits.

The values of the RmiRecRunnable enumeration are shown in the following table.

| Encoding | Name             | Description                 |
|----------|------------------|-----------------------------|
| 0        | RMI_NOT_RUNNABLE | Not eligible for execution. |
| 1        | RMI_RUNNABLE     | Eligible for execution.     |

## B3.4.22 RmiResponse type

The RmiResponse enumeration represents whether the Host accepted or rejected a Realm request.

The RmiResponse enumeration is a concrete type.

The width of the RmiResponse enumeration is 1 bits.

The values of the RmiResponse enumeration are shown in the following table.

| Encoding | Name       | Description                      |
|----------|------------|----------------------------------|
| 0        | RMI_ACCEPT | Host accepted the Realm request. |
| 1        | RMI_REJECT | Host rejected the Realm request. |

## B3.4.23 RmiRipas type

The RmiRipas enumeration represents realm IPA state.

The RmiRipas enumeration is a concrete type.

The width of the RmiRipas enumeration is 8 bits.

The values of the RmiRipas enumeration are shown in the following table.

| Encoding | Name          | Description                                                                    |
|----------|---------------|--------------------------------------------------------------------------------|
| 0        | RMI_EMPTY     | Address where no Realm resources are mapped.                                   |
| 1        | RMI_RAM       | Address where private code or data owned by the Realm is mapped.               |
| 2        | RMI_DESTROYED | Address which is inaccessible to the Realm due to an action taken by the Host. |

Unused encodings for the RmiRipas enumeration are reserved for use by future versions of this specification.

## B3.4.24 RmiRttEntryState type

The RmiRttEntryState enumeration represents the state of an RTTE.

The RmiRttEntryState enumeration is a concrete type.

The width of the RmiRttEntryState enumeration is 8 bits.

The values of the RmiRttEntryState enumeration are shown in the following table.

| Encoding | Name           | Description                                     |     |
|----------|----------------|-------------------------------------------------|-----|
| 0        | RMI_UNASSIGNED | This RTTE is not associated with any Granule.   |     |
|          |                | Limited or its affiliates. All rights reserved. | 224 |

| Encoding | Name         | me Description                                                                                                                                                                                         |  |  |
|----------|--------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|
| 1        | RMI_ASSIGNED | <ul> <li>The output address of this RTTE points to:</li> <li>a DATA Granule, if the input address is a Protected IPA or</li> <li>an NS Granule, if the input address is an Unprotected IPA.</li> </ul> |  |  |
| 2        | RMI_TABLE    | The output address of this RTTE points to the next-level RTT.                                                                                                                                          |  |  |

Unused encodings for the RmiRttEntryState enumeration are reserved for use by future versions of this specification.

## B3.4.25 RmiStatusCode type

The RmiStatusCode enumeration represents the status of an RMI operation.

The RmiStatusCode enumeration is a concrete type.

The width of the RmiStatusCode enumeration is 8 bits.

See also:

- B1.3 Command registers
- B1.5 Command context values

The values of the RmiStatusCode enumeration are shown in the following table.

| Encoding Name Descr |                 | Description                                                                                              |
|---------------------|-----------------|----------------------------------------------------------------------------------------------------------|
| 0                   | RMI_SUCCESS     | Command completed successfully                                                                           |
| 1                   | RMI_ERROR_INPUT | The value of a command input value caused the command to fail                                            |
| 2                   | RMI_ERROR_REALM | An attribute of a Realm does not match the expected value                                                |
| 3                   | RMI_ERROR_REC   | An attribute of a REC does not match the expected value                                                  |
| 4                   | RMI_ERROR_RTT   | An RTT walk terminated before reaching the target RTT level, or reached an RTTE with an unexpected value |

Unused encodings for the RmiStatusCode enumeration are reserved for use by future versions of this specification.

## B3.4.26 RmiTrap type

The RmiTrap enumeration represents whether a trap is enabled.

The RmiTrap enumeration is a concrete type.

The width of the RmiTrap enumeration is 1 bits.

The values of the RmiTrap enumeration are shown in the following table.

| Encoding | Name        | Description       |
|----------|-------------|-------------------|
| 0        | RMI_NO_TRAP | Trap is disabled. |

# Chapter B3. Realm Management Interface B3.4. RMI types

| Encoding | Name     | Description      |
|----------|----------|------------------|
| 1        | RMI_TRAP | Trap is enabled. |

# Chapter B4 Realm Services Interface

This chapter defines the interface used by Realm software to request services from the RMM.

Chapter B4. Realm Services Interface B4.1. RSI version

## B4.1 RSI version

R<sub>QKLGZ</sub>

This specification defines version 1.0 of the Realm Services Interface.

See also:

• B4.3.9 RSI\_VERSION command

## B4.2 RSI command return codes

| I <sub>cyqdj</sub> | An RSI command return code indicates whether the command |
|--------------------|----------------------------------------------------------|
|                    |                                                          |

- succeeded, orfailed, and the reason for the failure.
- I<sub>DOJSP</sub> If an RSI command succeeds then it returns RSI\_SUCCESS.
- I<sub>YMHKC</sub> Multiple failure conditions in an RSI command may return the same return code.
- R<sub>MLBDM</sub> If an input to an RSI command uses an invalid encoding then the command fails and returns RSI\_ERROR\_INPUT.

Command inputs include registers and in-memory data structures.

Invalid encodings include:

• using a reserved encoding in an enumeration

See also:

• B4.4.1 RsiCommandReturnCode type

Chapter B4. Realm Services Interface B4.3. RSI commands

## B4.3 RSI commands

The following table summarizes the FIDs of commands in the RSI interface.

| FID        | Command                        |
|------------|--------------------------------|
| 0xC4000195 | RSI_ATTESTATION_TOKEN_CONTINUE |
| 0xC4000194 | RSI_ATTESTATION_TOKEN_INIT     |
| 0xC4000199 | RSI_HOST_CALL                  |
| 0xC4000198 | RSI_IPA_STATE_GET              |
| 0xC4000197 | RSI_IPA_STATE_SET              |
| 0xC4000193 | RSI_MEASUREMENT_EXTEND         |
| 0xC4000192 | RSI_MEASUREMENT_READ           |
| 0xC4000196 | RSI_REALM_CONFIG               |
| 0xC4000190 | RSI_VERSION                    |

## B4.3.1 RSI\_ATTESTATION\_TOKEN\_CONTINUE command

Continue the operation to retrieve an attestation token.

See also:

- A7.2 Realm attestation
- B4.3.2 RSI\_ATTESTATION\_TOKEN\_INIT command

#### B4.3.1.1 Interface

#### B4.3.1.1.1 Input values

| Name   | Register | Bits | Туре    | Description                                           |
|--------|----------|------|---------|-------------------------------------------------------|
| fid    | X0       | 63:0 | UInt64  | FID, value 0xC4000195                                 |
| addr   | X1       | 63:0 | Address | IPA of the Granule to which the token will be written |
| offset | X2       | 63:0 | UInt64  | Offset within Granule to start of buffer in bytes     |
| size   | X3       | 63:0 | UInt64  | Size of buffer in bytes                               |

#### B4.3.1.1.2 Context

The RSI\_ATTESTATION\_TOKEN\_CONTINUE command operates on the following context.

| Name  | Туре     | Value          | Before | Description   |
|-------|----------|----------------|--------|---------------|
| realm | RmmRealm | CurrentRealm() | false  | Current Realm |
| rec   | RmmRec   | CurrentRec()   | false  | Current REC   |

#### B4.3.1.1.3 Output values

| Name   | Register | Bits | Туре                 | Description                       |
|--------|----------|------|----------------------|-----------------------------------|
| result | X0       | 63:0 | RsiCommandReturnCode | Command return status             |
| len    | X1       | 63:0 | UInt64               | Number of bytes written to buffer |

## B4.3.1.2 Failure conditions

| ID         | Condition                                                                                                    |     |  |
|------------|--------------------------------------------------------------------------------------------------------------|-----|--|
| addr_align | <pre>pre: !AddrIsGranuleAligned(addr) post: result == RSI_ERROR_INPUT</pre>                                  |     |  |
| addr_bound | pre: !AddrIsProtected(addr, realm)                                                                           |     |  |
| )137       | post: result == RSI_ERROR_INPUT<br>Copyright © 2022-2023 Arm Limited or its affiliates. All rights reserved. | 230 |  |

#### opyng Non-confidential

| ID           | Condition                                                                              |  |  |
|--------------|----------------------------------------------------------------------------------------|--|--|
| offset_bound | <pre>pre: offset &gt;= RMM_GRANULE_SIZE post: result == RSI_ERROR_INPUT</pre>          |  |  |
| size_bound   | pre: offset + size > RMM_GRANULE_SIZE<br>post: result == RSI_ERROR_INPUT               |  |  |
| state        | <pre>pre: rec.attest_state != ATTEST_IN_PROGRESS post: result == RSI_ERROR_STATE</pre> |  |  |

#### B4.3.1.2.1 Failure condition ordering

The RSI\_ATTESTATION\_TOKEN\_CONTINUE command does not have any failure condition orderings.

## B4.3.1.3 Success conditions

| ID         | Condition                                                                                     |  |
|------------|-----------------------------------------------------------------------------------------------|--|
| incomplete | pre: Token generation is not complete.<br>post: result == RSI_INCOMPLETE                      |  |
| complete   | <pre>pre: Token generation is complete. post: rec.attest_state == NO_ATTEST_IN_PROGRESS</pre> |  |

## B4.3.1.4 Footprint

| ID    | Value            |
|-------|------------------|
| state | rec.attest_state |

## B4.3.2 RSI\_ATTESTATION\_TOKEN\_INIT command

Initialize the operation to retrieve an attestation token.

See also:

- A7.2 Realm attestation
- B4.3.1 RSI\_ATTESTATION\_TOKEN\_CONTINUE command

#### B4.3.2.1 Interface

#### B4.3.2.1.1 Input values

| Name        | Register | Bits | Туре   | Description                         |
|-------------|----------|------|--------|-------------------------------------|
| fid         | X0       | 63:0 | UInt64 | <b>FID, value</b> 0xC4000194        |
| challenge_0 | X1       | 63:0 | Bits64 | Doubleword 0 of the challenge value |
| challenge_1 | X2       | 63:0 | Bits64 | Doubleword 1 of the challenge value |
| challenge_2 | X3       | 63:0 | Bits64 | Doubleword 2 of the challenge value |
| challenge_3 | X4       | 63:0 | Bits64 | Doubleword 3 of the challenge value |
| challenge_4 | X5       | 63:0 | Bits64 | Doubleword 4 of the challenge value |
| challenge_5 | X6       | 63:0 | Bits64 | Doubleword 5 of the challenge value |
| challenge_6 | X7       | 63:0 | Bits64 | Doubleword 6 of the challenge value |
| challenge_7 | X8       | 63:0 | Bits64 | Doubleword 7 of the challenge value |

#### B4.3.2.1.2 Context

The RSI\_ATTESTATION\_TOKEN\_INIT command operates on the following context.

| Name  | Туре     | Value          | Before | Description   |
|-------|----------|----------------|--------|---------------|
| realm | RmmRealm | CurrentRealm() | false  | Current Realm |
| rec   | RmmRec   | CurrentRec()   | false  | Current REC   |

#### B4.3.2.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RsiCommandReturnCode | Command return status |

## B4.3.2.2 Failure conditions

The RSI\_ATTESTATION\_TOKEN\_INIT command does not have any failure conditions.

| ID        | Condition                                                                                                                                                                   |  |  |  |
|-----------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--|--|--|
| state     | <pre>rec.attest_state == ATTEST_IN_PROGRESS</pre>                                                                                                                           |  |  |  |
| challenge | <pre>rec.attest_challenge == [     challenge_0,     challenge_1,     challenge_2,     challenge_3,     challenge_4,     challenge_5,     challenge_6,     challenge_7</pre> |  |  |  |

## B4.3.2.3 Success conditions

## B4.3.2.4 Footprint

| ID        | Value                |
|-----------|----------------------|
| state     | rec.attest_state     |
| challenge | rec.attest_challenge |

Chapter B4. Realm Services Interface B4.3. RSI commands

## B4.3.3 RSI\_HOST\_CALL command

Make a Host call.

See also:

• A4.5 Host call

#### B4.3.3.1 Interface

| B4.3.3.1.1 | Input values |
|------------|--------------|
|------------|--------------|

| Name | Register | Bits | Туре    | Description                         |
|------|----------|------|---------|-------------------------------------|
| fid  | X0       | 63:0 | UInt64  | FID, value 0xC4000199               |
| addr | X1       | 63:0 | Address | IPA of the Host call data structure |

#### B4.3.3.1.2 Context

The RSI\_HOST\_CALL command operates on the following context.

| Name  | Туре        | Value               | Before | Description              |
|-------|-------------|---------------------|--------|--------------------------|
| realm | RmmRealm    | CurrentRealm()      | false  | Current Realm            |
| rec   | RmmRec      | CurrentRec()        | false  | Current REC              |
| data  | RsiHostCall | RealmHostCall(addr) | false  | Host call data structure |

#### B4.3.3.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RsiCommandReturnCode | Command return status |

## B4.3.3.2 Failure conditions

| ID         | Condition                                                                     |  |
|------------|-------------------------------------------------------------------------------|--|
| addr_align | <pre>pre: !AddrIsAligned(addr, 256) post: result == RSI_ERROR_INPUT</pre>     |  |
| addr_bound | <pre>pre: !AddrIsProtected(addr, realm) post: result == RSI_ERROR_INPUT</pre> |  |

#### B4.3.3.2.1 Failure condition ordering

The RSI\_HOST\_CALL command does not have any failure condition orderings.

#### B4.3.3.3 Success conditions

The RSI\_HOST\_CALL command does not have any success conditions.

#### B4.3.3.4 Footprint

| ID        | Value                 |
|-----------|-----------------------|
| host_call | rec.host_call_pending |

## B4.3.4 RSI\_IPA\_STATE\_GET command

Get RIPAS of a target page.

See also:

- A5.2 Realm view of memory management
- B4.3.5 *RSI\_IPA\_STATE\_SET command*

#### B4.3.4.1 Interface

#### B4.3.4.1.1 Input values

| Name | Register | Bits | Туре    | Description           |
|------|----------|------|---------|-----------------------|
| fid  | X0       | 63:0 | UInt64  | FID, value 0xC4000198 |
| addr | X1       | 63:0 | Address | IPA of target page    |

#### B4.3.4.1.2 Context

The RSI\_IPA\_STATE\_GET command operates on the following context.

| Name  | Туре     | Value          | Before | Description   |
|-------|----------|----------------|--------|---------------|
| realm | RmmRealm | CurrentRealm() | false  | Current Realm |

#### B4.3.4.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RsiCommandReturnCode | Command return status |
| ripas  | X1       | 7:0  | RsiRipas             | RIPAS value           |

The following unused bits of RSI\_IPA\_STATE\_GET output values must be zero: X1[63:8].

Note that the RIPAS of a Protected IPA can change at any time to DESTROYED without the Realm taking any action.

See also:

• A5.2.5 Changes to RIPAS while Realm state is ACTIVE

## B4.3.4.2 Failure conditions

| ID         | Condition                                                                   |
|------------|-----------------------------------------------------------------------------|
| addr_align | <pre>pre: !AddrIsGranuleAligned(addr) post: result == RSI_ERROR_INPUT</pre> |

| ID         | Condition                                                                     |  |
|------------|-------------------------------------------------------------------------------|--|
| addr_bound | <pre>pre: !AddrIsProtected(addr, realm) post: result == RSI_ERROR_INPUT</pre> |  |

#### B4.3.4.2.1 Failure condition ordering

The RSI\_IPA\_STATE\_GET command does not have any failure condition orderings.

#### B4.3.4.3 Success conditions

The RSI\_IPA\_STATE\_GET command does not have any success conditions.

#### B4.3.4.4 Footprint

The RSI\_IPA\_STATE\_GET command does not have any footprint.

## B4.3.5 RSI\_IPA\_STATE\_SET command

Request RIPAS of a target IPA range to be changed to a specified value.

See also:

- A5.2 Realm view of memory management
- A5.4 RIPAS change
- B4.3.4 RSI\_IPA\_STATE\_GET command

#### B4.3.5.1 Interface

| B4.3.5.1.1 | Input values |
|------------|--------------|
|------------|--------------|

| Name  | Register | Bits | Туре                | Description                  |
|-------|----------|------|---------------------|------------------------------|
| fid   | X0       | 63:0 | UInt64              | <b>FID, value</b> 0xC4000197 |
| base  | X1       | 63:0 | Address             | Base of target IPA region    |
| top   | X2       | 63:0 | Address             | Top of target IPA region     |
| ripas | X3       | 7:0  | RsiRipas            | RIPAS value                  |
| flags | X4       | 63:0 | RsiRipasChangeFlags | Flags                        |

The following unused bits of RSI\_IPA\_STATE\_SET input values should be zero: X3[63:8].

#### B4.3.5.1.2 Context

The RSI\_IPA\_STATE\_SET command operates on the following context.

| Name  | Туре     | Value          | Before | Description   |
|-------|----------|----------------|--------|---------------|
| realm | RmmRealm | CurrentRealm() | false  | Current Realm |
| rec   | RmmRec   | CurrentRec()   | false  | Current REC   |

#### B4.3.5.1.3 Output values

| Name     | Register | Bits | Туре                 | Description                                              |
|----------|----------|------|----------------------|----------------------------------------------------------|
| result   | X0       | 63:0 | RsiCommandReturnCode | Command return status                                    |
| new_base | X1       | 63:0 | Address              | Base of IPA region which was not modified by the command |
| response | X2       | 0:0  | RsiResponse          | Whether the Host accepted or rejected the request        |

The following unused bits of RSI\_IPA\_STATE\_SET output values must be zero: X2[63:1].

| B4.3.5.2 | Failure | conditions |
|----------|---------|------------|
|----------|---------|------------|

| ID          | Condition                                                                               |  |  |  |  |
|-------------|-----------------------------------------------------------------------------------------|--|--|--|--|
| base_align  | <pre>pre: !AddrIsGranuleAligned(base) post: result == RSI_ERROR_INPUT</pre>             |  |  |  |  |
| top_align   | <pre>pre: !AddrIsGranuleAligned(top) post: result == RSI_ERROR_INPUT</pre>              |  |  |  |  |
| size_valid  | <pre>pre: UInt(top) &lt;= UInt(base) post: result == RSI_ERROR_INPUT</pre>              |  |  |  |  |
| rgn_bound   | <pre>pre: !AddrRangeIsProtected(base, top, realm) post: result == RSI_ERROR_INPUT</pre> |  |  |  |  |
| ripas_valid | pre: (ripas != RSI_EMPTY) && (ripas != RSI_RAM)<br>post: result == RSI_ERROR_INPUT      |  |  |  |  |

#### B4.3.5.2.1 Failure condition ordering

The RSI\_IPA\_STATE\_SET command does not have any failure condition orderings.

## B4.3.5.3 Success conditions

| ID       | Condition                                          |
|----------|----------------------------------------------------|
| new_base | new_base == rec.ripas_addr                         |
| response | <pre>response == RecRipasChangeResponse(rec)</pre> |

## B4.3.5.4 Footprint

The RSI\_IPA\_STATE\_SET command does not have any footprint.

## B4.3.6 RSI\_MEASUREMENT\_EXTEND command

Extend Realm Extensible Measurement (REM) value.

#### B4.3.6.1 Interface

#### B4.3.6.1.1 Input values

| Name    | Register | Bits | Туре   | Description                           |
|---------|----------|------|--------|---------------------------------------|
| fid     | X0       | 63:0 | UInt64 | <b>FID, value</b> 0xC4000193          |
| index   | X1       | 63:0 | UInt64 | Measurement index                     |
| size    | X2       | 63:0 | UInt64 | Measurement size in bytes             |
| value_0 | X3       | 63:0 | Bits64 | Doubleword 0 of the measurement value |
| value_1 | X4       | 63:0 | Bits64 | Doubleword 1 of the measurement value |
| value_2 | X5       | 63:0 | Bits64 | Doubleword 2 of the measurement value |
| value_3 | X6       | 63:0 | Bits64 | Doubleword 3 of the measurement value |
| value_4 | X7       | 63:0 | Bits64 | Doubleword 4 of the measurement value |
| value_5 | X8       | 63:0 | Bits64 | Doubleword 5 of the measurement value |
| value_6 | X9       | 63:0 | Bits64 | Doubleword 6 of the measurement value |
| value_7 | X10      | 63:0 | Bits64 | Doubleword 7 of the measurement value |

#### B4.3.6.1.2 Context

The RSI\_MEASUREMENT\_EXTEND command operates on the following context.

| Name     | Туре              | Value                        | Before | Description                   |
|----------|-------------------|------------------------------|--------|-------------------------------|
| realm    | RmmRealm          | CurrentRealm()               | false  | Current Realm                 |
| meas_old | RmmRealmMeasureme | <pre>enCurrentRealm().</pre> | true   | Previous<br>measurement value |

#### B4.3.6.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RsiCommandReturnCode | Command return status |

## B4.3.6.2 Failure conditions

| ID          | Condition                                                                    |
|-------------|------------------------------------------------------------------------------|
| index_bound | <pre>pre: index &lt; 1    index &gt; 4 post: result == RSI_ERROR_INPUT</pre> |
| size_bound  | <pre>pre: size &gt; 64 post: result == RSI_ERROR_INPUT</pre>                 |

## B4.3.6.2.1 Failure condition ordering

The RSI\_MEASUREMENT\_EXTEND command does not have any failure condition orderings.

## B4.3.6.3 Success conditions

| ID         | Condition                                                                                                                                                                                                                 |
|------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| realm_meas | <pre>realm.measurements[index] == RemExtend(     realm.hash_algo, meas_old,     [value_0, value_1, value_2, value_3,     value_4, value_5, value_6, value_7][         (RMM_REALM_MEASUREMENT_WIDTH-1):0],     size)</pre> |

## B4.3.6.4 Footprint

| ID         | Value                                |
|------------|--------------------------------------|
| realm_meas | <pre>realm.measurements[index]</pre> |

## B4.3.7 RSI\_MEASUREMENT\_READ command

Read measurement for the current Realm.

See also:

- A7.1 Realm measurements
- D1.2.1 Realm creation flow

#### B4.3.7.1 Interface

#### B4.3.7.1.1 Input values

| Name  | Register | Bits | Туре   | Description           |
|-------|----------|------|--------|-----------------------|
| fid   | X0       | 63:0 | UInt64 | FID, value 0xC4000192 |
| index | X1       | 63:0 | UInt64 | Measurement index     |

index 0 selects the RIM. An index of 1 or greater selects the corresponding REM.

| Name    | Register | Bits | Туре                 | Description                                                 |
|---------|----------|------|----------------------|-------------------------------------------------------------|
| result  | X0       | 63:0 | RsiCommandReturnCode | Command return status                                       |
| value_0 | X1       | 63:0 | Bits64               | Doubleword 0 of the Realm measurement identified by "index" |
| value_1 | X2       | 63:0 | Bits64               | Doubleword 1 of the Realm measurement identified by "index" |
| value_2 | X3       | 63:0 | Bits64               | Doubleword 2 of the Realm measurement identified by "index" |
| value_3 | X4       | 63:0 | Bits64               | Doubleword 3 of the Realm measurement identified by "index" |
| value_4 | X5       | 63:0 | Bits64               | Doubleword 4 of the Realm measurement identified by "index" |
| value_5 | X6       | 63:0 | Bits64               | Doubleword 5 of the Realm measurement identified by "index" |
| value_6 | X7       | 63:0 | Bits64               | Doubleword 6 of the Realm measurement identified by "index" |
| value_7 | X8       | 63:0 | Bits64               | Doubleword 7 of the Realm measurement identified by "index" |

#### B4.3.7.1.2 Output values

If the size of the measurement value is smaller than 512 bits, the output values are padded with zeroes.

## B4.3.7.2 Failure conditions

| ID          | Condition                                                    |  |
|-------------|--------------------------------------------------------------|--|
| index_bound | <pre>pre: index &gt; 4 post: result == RSI_ERROR_INPUT</pre> |  |

## B4.3.7.3 Success conditions

The RSI\_MEASUREMENT\_READ command does not have any success conditions.

## B4.3.7.4 Footprint

The RSI\_MEASUREMENT\_READ command does not have any footprint.

## B4.3.8 RSI\_REALM\_CONFIG command

Read configuration for the current Realm.

#### B4.3.8.1 Interface

#### B4.3.8.1.1 Input values

| Name | Register | Bits | Туре    | Description                                                        |
|------|----------|------|---------|--------------------------------------------------------------------|
| fid  | X0       | 63:0 | UInt64  | FID, value 0xC4000196                                              |
| addr | X1       | 63:0 | Address | IPA of the Granule to which the configuration data will be written |

#### B4.3.8.1.2 Context

The RSI\_REALM\_CONFIG command operates on the following context.

| Name  | Туре           | Value             | Before | Description         |
|-------|----------------|-------------------|--------|---------------------|
| realm | RmmRealm       | CurrentRealm()    | false  | Current Realm       |
| cfg   | RsiRealmConfig | RealmConfig(addr) | false  | Realm configuration |

#### B4.3.8.1.3 Output values

| Name   | Register | Bits | Туре                 | Description           |
|--------|----------|------|----------------------|-----------------------|
| result | X0       | 63:0 | RsiCommandReturnCode | Command return status |

## B4.3.8.2 Failure conditions

| ID         | Condition                                                                     |  |  |
|------------|-------------------------------------------------------------------------------|--|--|
| addr_align | <pre>pre: !AddrIsGranuleAligned(addr) post: result == RSI_ERROR_INPUT</pre>   |  |  |
| addr_bound | <pre>pre: !AddrIsProtected(addr, realm) post: result == RSI_ERROR_INPUT</pre> |  |  |

#### B4.3.8.2.1 Failure condition ordering

The RSI\_REALM\_CONFIG command does not have any failure condition orderings.

## B4.3.8.3 Success conditions

| ID        | Condition                                        |
|-----------|--------------------------------------------------|
| ipa_width | cfg.ipa_width == realm.ipa_width                 |
| hash_algo | <pre>Equal(cfg.hash_algo, realm.hash_algo)</pre> |

## B4.3.8.4 Footprint

The RSI\_REALM\_CONFIG command does not have any footprint.

Chapter B4. Realm Services Interface B4.3. RSI commands

## B4.3.9 RSI\_VERSION command

Returns RSI version.

## B4.3.9.1 Interface

#### B4.3.9.1.1 Input values

| Name | Register | Bits | Туре   | Description                  |
|------|----------|------|--------|------------------------------|
| fid  | X0       | 63:0 | UInt64 | <b>FID, value</b> 0xC4000190 |

#### B4.3.9.1.2 Output values

| Name   | Register | Bits | Туре                | Description       |
|--------|----------|------|---------------------|-------------------|
| result | X0       | 63:0 | RsiInterfaceVersion | Interface version |

#### See also:

• B4.1 RSI version

#### B4.3.9.2 Failure conditions

The RSI\_VERSION command does not have any failure conditions.

#### B4.3.9.3 Success conditions

The RSI\_VERSION command does not have any success conditions.

#### B4.3.9.4 Footprint

The RSI\_VERSION command does not have any footprint.

Chapter B4. Realm Services Interface B4.4. RSI types

## B4.4 RSI types

This section defines types which are used in the RSI interface.

## B4.4.1 RsiCommandReturnCode type

The RsiCommandReturnCode enumeration represents a return code from an RSI command.

The RsiCommandReturnCode enumeration is a concrete type.

The width of the RsiCommandReturnCode enumeration is 64 bits.

See also:

• Chapter B1 Commands

The values of the RsiCommandReturnCode enumeration are shown in the following table.

| Encoding | Name            | Description                                                                                       |
|----------|-----------------|---------------------------------------------------------------------------------------------------|
| 0        | RSI_SUCCESS     | Command completed successfully                                                                    |
| 1        | RSI_ERROR_INPUT | The value of a command input value caused the command to fail                                     |
| 2        | RSI_ERROR_STATE | The state of the current Realm or current REC does not match<br>the state expected by the command |
| 3        | RSI_INCOMPLETE  | The operation requested by the command is not complete                                            |

Unused encodings for the RsiCommandReturnCode enumeration are reserved for use by future versions of this specification.

## B4.4.2 RsiHashAlgorithm type

The RsiHashAlgorithm enumeration represents hash algorithm.

The RsiHashAlgorithm enumeration is a concrete type.

The width of the RsiHashAlgorithm enumeration is 8 bits.

See also:

#### • B4.3.8 RSI\_REALM\_CONFIG command

The values of the RsiHashAlgorithm enumeration are shown in the following table.

| Encoding | Name             | Description                               |
|----------|------------------|-------------------------------------------|
| 0        | RSI_HASH_SHA_256 | SHA-256 (Secure Hash Standard (SHS) [15]) |
| 1        | RSI_HASH_SHA_512 | SHA-512 (Secure Hash Standard (SHS) [15]) |

Unused encodings for the RsiHashAlgorithm enumeration are reserved for use by future versions of this specification.

## B4.4.3 RsiHostCall type

The RsiHostCall structure contains data structure used to pass Host call arguments and return values.

The RsiHostCall structure is a concrete type.

The width of the RsiHostCall structure is 256 (0x100) bytes.

See also:

- A4.5 Host call
- B4.3.3 RSI\_HOST\_CALL command

The members of the RsiHostCall structure are shown in the following table.

| Name     | Byte offset | Туре   | Description     |
|----------|-------------|--------|-----------------|
| imm      | 0x0         | UInt16 | Immediate value |
| gprs[0]  | 0x8         | Bits64 | Registers       |
| gprs[1]  | 0x10        | Bits64 | Registers       |
| gprs[2]  | 0x18        | Bits64 | Registers       |
| gprs[3]  | 0x20        | Bits64 | Registers       |
| gprs[4]  | 0x28        | Bits64 | Registers       |
| gprs[5]  | 0x30        | Bits64 | Registers       |
| gprs[6]  | 0x38        | Bits64 | Registers       |
| gprs[7]  | 0x40        | Bits64 | Registers       |
| gprs[8]  | 0x48        | Bits64 | Registers       |
| gprs[9]  | 0x50        | Bits64 | Registers       |
| gprs[10] | 0x58        | Bits64 | Registers       |
| gprs[11] | 0x60        | Bits64 | Registers       |
| gprs[12] | 0x68        | Bits64 | Registers       |
| gprs[13] | 0x70        | Bits64 | Registers       |
| gprs[14] | 0x78        | Bits64 | Registers       |
| gprs[15] | 0x80        | Bits64 | Registers       |
| gprs[16] | 0x88        | Bits64 | Registers       |
| gprs[17] | 0x90        | Bits64 | Registers       |
| gprs[18] | 0x98        | Bits64 | Registers       |
| gprs[19] | 0xa0        | Bits64 | Registers       |
| gprs[20] | 0xa8        | Bits64 | Registers       |
| gprs[21] | 0xb0        | Bits64 | Registers       |
| gprs[22] | 0xb8        | Bits64 | Registers       |
| gprs[23] | 0xc0        | Bits64 | Registers       |
| gprs[24] | 0xc8        | Bits64 | Registers       |
| gprs[25] | 0xd0        | Bits64 | Registers       |
|          |             |        |                 |

| Name     | Byte offset | Туре   | Description |
|----------|-------------|--------|-------------|
| gprs[26] | 0xd8        | Bits64 | Registers   |
| gprs[27] | 0xe0        | Bits64 | Registers   |
| gprs[28] | 0xe8        | Bits64 | Registers   |
| gprs[29] | 0xf0        | Bits64 | Registers   |
| gprs[30] | 0xf8        | Bits64 | Registers   |

Unused bits of the RsiHostCall structure should be zero.

## B4.4.4 RsiInterfaceVersion type

The RsiInterfaceVersion fieldset contains an RSI interface version.

The RsiInterfaceVersion fieldset is a concrete type.

The width of the RsiInterfaceVersion fieldset is 64 bits.

See also:

- B4.1 RSI version
- B4.3.9 RSI\_VERSION command

The fields of the RsiInterfaceVersion fieldset are shown in the following diagram.

| ł | 63             | RES0  |       | 32 |
|---|----------------|-------|-------|----|
|   | <b>31</b>   30 | 16 15 |       | 0  |
|   | major          |       | minor |    |
|   | LRES0          |       |       |    |

The fields of the RsiInterfaceVersion fieldset are shown in the following table.

| Name  | Bits  | Description                                                                      | Value          |
|-------|-------|----------------------------------------------------------------------------------|----------------|
| minor | 15:0  | Interface minor version number (the value $y$ in interface version x.y)          | UInt16         |
| major | 30:16 | Interface major version number (the value $x$ in interface version $x \cdot y$ ) | UInt15         |
|       | 63:31 | Reserved                                                                         | Should be zero |

## B4.4.5 RsiRealmConfig type

The RsiRealmConfig structure contains realm configuration.

The RsiRealmConfig structure is a concrete type.

The width of the RsiRealmConfig structure is 4096 (0x1000) bytes.

See also:

• B4.3.8 RSI\_REALM\_CONFIG command

| The members of the RsiRealmConfig structure are shown in the following table. |
|-------------------------------------------------------------------------------|
|-------------------------------------------------------------------------------|

| Name      | Byte offset | Туре             | Description       |
|-----------|-------------|------------------|-------------------|
| ipa_width | 0x0         | UInt64           | IPA width in bits |
| hash_algo | 0x8         | RsiHashAlgorithm | Hash algorithm    |

Unused bits of the RsiRealmConfig structure must be zero.

## B4.4.6 RsiResponse type

The RsiResponse enumeration represents whether the Host accepted or rejected a Realm request.

The RsiResponse enumeration is a concrete type.

The width of the RsiResponse enumeration is 1 bits.

The values of the RsiResponse enumeration are shown in the following table.

| Encoding | Name       | Description                      |
|----------|------------|----------------------------------|
| 0        | RSI_ACCEPT | Host accepted the Realm request. |
| 1        | RSI_REJECT | Host rejected the Realm request. |

## B4.4.7 RsiRipas type

The RsiRipas enumeration represents realm IPA state.

The RsiRipas enumeration is a concrete type.

The width of the RsiRipas enumeration is 8 bits.

See also:

- A5.4 RIPAS change
- B4.3.4 RSI\_IPA\_STATE\_GET command
- B4.3.5 RSI\_IPA\_STATE\_SET command

The values of the RsiRipas enumeration are shown in the following table.

| Encoding | Name          | Description                                                                    |
|----------|---------------|--------------------------------------------------------------------------------|
| 0        | RSI_EMPTY     | Address where no Realm resources are mapped.                                   |
| 1        | RSI_RAM       | Address where private code or data owned by the Realm is mapped.               |
| 2        | RSI_DESTROYED | Address which is inaccessible to the Realm due to an action taken by the Host. |

Unused encodings for the RsiRipas enumeration are reserved for use by future versions of this specification.

## B4.4.8 RsiRipasChangeDestroyed type

The RsiRipasChangeDestroyed enumeration represents whether a RIPAS change from DESTROYED should be permitted.

The RsiRipasChangeDestroyed enumeration is a concrete type.

The width of the RsiRipasChangeDestroyed enumeration is 1 bits.

The values of the RsiRipasChangeDestroyed enumeration are shown in the following table.

| Encoding | Name                    | Description                                            |
|----------|-------------------------|--------------------------------------------------------|
| 0        | RSI_NO_CHANGE_DESTROYED | A RIPAS change from DESTROYED should not be permitted. |
| 1        | RSI_CHANGE_DESTROYED    | A RIPAS change from DESTROYED should be permitted.     |

## B4.4.9 RsiRipasChangeFlags type

The RsiRipasChangeFlags fieldset contains flags provided by the Realm when requesting a RIPAS change.

The RsiRipasChangeFlags fieldset is a concrete type.

The width of the RsiRipasChangeFlags fieldset is 64 bits.

The fields of the RsiRipasChangeFlags fieldset are shown in the following diagram.



The fields of the RsiRipasChangeFlags fieldset are shown in the following table.

| Name      | Bits | Description                                               | Value                   |
|-----------|------|-----------------------------------------------------------|-------------------------|
| destroyed | 0:0  | Whether a RIPAS change from DESTROYED should be permitted | RsiRipasChangeDestroyed |
|           | 63:1 | Reserved                                                  | Should be zero          |

# Chapter B5 Power State Control Interface

This section describes how Power State Control Interface (PSCI) function execution by a Realm execution of SMC instructions is handled.

Chapter B5. Power State Control Interface B5.1. PSCI overview

# **B5.1 PSCI overview**

I<sub>GBVWX</sub> In this section,

- rec refers to the currently executing REC
- exit refer to the RecExit object which was provided to the RMI\_REC\_ENTER command
- target\_rec refers to the REC object identified by an MPIDR value passed to a PSCI function.
- IGHKCJThe RMM provides a trusted implementation of parts of the PSCI ABI. This section describes the checks performed<br/>by the RMM when a Realm executes a PSCI command, and the internal RMM state changes which result from a<br/>successful PSCI command execution. Successful execution by the RMM of some PSCI commands results in a<br/>*REC exit due to PSCI*, which allows the Host to perform further processing of the command.

#### $I_{XHDQF}$ The HVC conduit for PSCI is not supported for Realms.

See also:

- Arm Power State Coordination Interface (PSCI) [16]
- A2.3.2 *REC attributes*
- A4.3.7 REC exit due to PSCI
- A4.5 Host call
- D1.4 PSCI flows

# **B5.2 PSCI version**

 $R_{TFCVF}$  The RMM must support version >= 1.1 of the Power State Control Interface.

See also:

• B5.3.8 PSCI\_VERSION command

# **B5.3 PSCI commands**

The following table summarizes the FIDs of commands in the PSCI interface.

| FID        | Command            |
|------------|--------------------|
| 0xC4000004 | PSCI_AFFINITY_INFO |
| 0x84000002 | PSCI_CPU_OFF       |
| 0xC4000003 | PSCI_CPU_ON        |
| 0xC4000001 | PSCI_CPU_SUSPEND   |
| 0x8400000A | PSCI_FEATURES      |
| 0x84000008 | PSCI_SYSTEM_OFF    |
| 0x84000009 | PSCI_SYSTEM_RESET  |
| 0x84000000 | PSCI_VERSION       |

## B5.3.1 PSCI\_AFFINITY\_INFO command

#### Query status of a VPE.

This command causes a REC exit due to PSCI. In response, the Host should provide the target REC (identified by  $target\_affinity$ ) by calling RMI\_PSCI\_COMPLETE.

See also:

- A2.3.2 REC attributes
- A4.3.7 REC exit due to PSCI
- B3.3.7 RMI\_PSCI\_COMPLETE command
- B5.3.2 PSCI\_CPU\_OFF command
- B5.3.3 PSCI\_CPU\_ON command

#### B5.3.1.1 Interface

#### B5.3.1.1.1 Input values

| Name                   | Register | Bits | Туре   | Description                                                                                  |
|------------------------|----------|------|--------|----------------------------------------------------------------------------------------------|
| fid                    | X0       | 63:0 | UInt64 | <b>FID, value</b> 0xC4000004                                                                 |
| target_affinity        | X1       | 63:0 | Bits64 | This parameter contains a copy of the affinity fields of the MPIDR register                  |
| lowest_affinity_leve l | X2       | 31:0 | UInt32 | Denotes the lowest affinity level field<br>that is valid in the target_affinity<br>parameter |

The following unused bits of PSCI\_AFFINITY\_INFO input values should be zero: X2[63:32].

#### B5.3.1.1.2 Context

The PSCI\_AFFINITY\_INFO command operates on the following context.

| Name       | Туре   | Value                                         | Before | Description |
|------------|--------|-----------------------------------------------|--------|-------------|
| target_rec | RmmRec | <pre>RecFromMpidr(     target_affinity)</pre> | false  | Target REC  |

#### B5.3.1.1.3 Output values

| Name   | Register | Bits | Туре           | Description         |
|--------|----------|------|----------------|---------------------|
| result | X0       | 31:0 | PsciReturnCode | Command return code |

The following unused bits of PSCI\_AFFINITY\_INFO output values must be zero: X0[63:32].

## B5.3.1.2 Failure conditions

| ID           | Condition                                                                             |
|--------------|---------------------------------------------------------------------------------------|
| target_bound | <pre>pre: lowest_affinity_level != 0 post: result == PSCI_INVALID_PARAMETERS</pre>    |
| target_match | <pre>pre: !MpidrIsUsed(target_affinity) post: result == PSCI_INVALID_PARAMETERS</pre> |

#### B5.3.1.2.1 Failure condition ordering

The PSCI\_AFFINITY\_INFO command does not have any failure condition orderings.

## B5.3.1.3 Success conditions

| ID           | Condition                                                                          |
|--------------|------------------------------------------------------------------------------------|
| runnable     | <pre>pre: target_rec.flags.runnable == RUNNABLE post: result == PSCI_SUCCESS</pre> |
| not_runnable | <pre>pre: target_rec.flags.runnable == NOT_RUNNABLE post: result == PSCI_OFF</pre> |

## B5.3.1.4 Footprint

The PSCI\_AFFINITY\_INFO command does not have any footprint.

## B5.3.2 PSCI\_CPU\_OFF command

Power down the calling core.

This command causes a REC exit due to PSCI.

See also:

- A2.3.2 *REC attributes*
- A4.3.7 REC exit due to PSCI
- B5.3.3 PSCI\_CPU\_ON command
- B5.3.4 PSCI\_CPU\_SUSPEND command

#### B5.3.2.1 Interface

#### B5.3.2.1.1 Input values

| Name | Register | Bits | Туре   | Description           |
|------|----------|------|--------|-----------------------|
| fid  | X0       | 63:0 | UInt64 | FID, value 0x84000002 |

#### B5.3.2.1.2 Context

The PSCI\_CPU\_OFF command operates on the following context.

| Name | Туре   | Value        | Before | Description |
|------|--------|--------------|--------|-------------|
| rec  | RmmRec | CurrentRec() | false  | Current REC |

#### B5.3.2.1.3 Output values

The PSCI\_CPU\_OFF command does not have any output values.

Following execution of PSCI\_CPU\_OFF, control does not return to the caller.

## B5.3.2.2 Failure conditions

The PSCI\_CPU\_OFF command does not have any failure conditions.

## B5.3.2.3 Success conditions

The PSCI\_CPU\_OFF command does not have any success conditions.

Following execution of PSCI\_CPU\_OFF, control does not return to the caller.

## B5.3.2.4 Footprint

The PSCI\_CPU\_OFF command does not have any footprint.

## B5.3.3 PSCI\_CPU\_ON command

#### Power up a core.

This command causes a REC exit due to PSCI. In response, the Host should provide the target REC (identified by target\_cpu) by calling RMI\_PSCI\_COMPLETE.

See also:

- A2.3.2 REC attributes
- A4.3.7 REC exit due to PSCI
- B3.3.7 RMI\_PSCI\_COMPLETE command
- B5.3.2 PSCI\_CPU\_OFF command
- B5.3.4 PSCI\_CPU\_SUSPEND command
- D1.4.1 PSCI\_CPU\_ON flow

#### B5.3.3.1 Interface

#### B5.3.3.1.1 Input values

| Name                | Register | Bits | Туре    | Description                                                                                                                                      |
|---------------------|----------|------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------|
| fid                 | X0       | 63:0 | UInt64  | FID, value 0xC4000003                                                                                                                            |
| target_cpu          | X1       | 63:0 | Bits64  | This parameter contains a copy of the affinity fields of the MPIDR register                                                                      |
| entry_point_address | X2       | 63:0 | Address | Address at which the core must resume execution                                                                                                  |
| context_id          | X3       | 31:0 | UInt32  | This parameter is only meaningful to<br>the caller (must be present in X0 of<br>the target PE upon first entry to<br>Non-Secure exception level) |

The following unused bits of PSCI\_CPU\_ON input values should be zero: X3[63:32].

#### B5.3.3.1.2 Context

The PSCI\_CPU\_ON command operates on the following context.

| Name       | Туре     | Value                               | Before | Description   |
|------------|----------|-------------------------------------|--------|---------------|
| realm      | RmmRealm | CurrentRealm()                      | false  | Current Realm |
| target_rec | RmmRec   | <pre>RecFromMpidr(target_cpu)</pre> | false  | Target REC    |

#### B5.3.3.1.3 Output values

| Name   | Register | Bits | Туре           | Description         |
|--------|----------|------|----------------|---------------------|
| result | X0       | 31:0 | PsciReturnCode | Command return code |

The following unused bits of PSCI\_CPU\_ON output values must be zero: X0[63:32].

| ID       | Condition                                                                                         |  |  |  |  |
|----------|---------------------------------------------------------------------------------------------------|--|--|--|--|
| entry    | <pre>pre: !AddrIsProtected(entry_point_address, realm) post: result == PSCI_INVALID_ADDRESS</pre> |  |  |  |  |
| mpidr    | <pre>pre: !MpidrIsUsed(target_cpu) post: result == PSCI_INVALID_PARAMETERS</pre>                  |  |  |  |  |
| runnable | <pre>pre: target_rec.flags.runnable == RUNNABLE post: result == PSCI_ALREADY_ON</pre>             |  |  |  |  |

## B5.3.3.2 Failure conditions

#### B5.3.3.2.1 Failure condition ordering

The PSCI\_CPU\_ON command does not have any failure condition orderings.

## B5.3.3.3 Success conditions

| ID       | Condition                                                       |
|----------|-----------------------------------------------------------------|
| entry    | <pre>target_rec.pc == ToBits64(UInt(entry_point_address))</pre> |
| runnable | <pre>target_rec.flags.runnable == RUNNABLE</pre>                |

## B5.3.3.4 Footprint

| ID       | Value                                |
|----------|--------------------------------------|
| runnable | <pre>target_rec.flags.runnable</pre> |

## B5.3.4 PSCI\_CPU\_SUSPEND command

Suspend execution on the calling VPE.

This command causes a REC exit due to PSCI.

See also:

- A4.3.7 *REC exit due to PSCI*
- B5.3.2 PSCI\_CPU\_OFF command
- B5.3.3 PSCI\_CPU\_ON command

## B5.3.4.1 Interface

#### B5.3.4.1.1 Input values

| Name                | Register | Bits | Туре    | Description                                                                                                                      |
|---------------------|----------|------|---------|----------------------------------------------------------------------------------------------------------------------------------|
| fid                 | X0       | 63:0 | UInt64  | FID, value 0xC4000001                                                                                                            |
| power_state         | X1       | 31:0 | UInt32  | Identifier for a specific local state                                                                                            |
| entry_point_address | X2       | 63:0 | Address | Address at which the core must resume execution                                                                                  |
| context_id          | X3       | 63:0 | UInt64  | This parameter is only meaningful to<br>the caller (must be present in X0 upon<br>first entry to Non- Secure exception<br>level) |

The following unused bits of PSCI\_CPU\_SUSPEND input values should be zero: X1[63:32].

The RMM treats all target power states as suspend requests, and therefore the <code>entry\_point\_address</code> and <code>context\_id</code> arguments are ignored.

## B5.3.4.1.2 Output values

The PSCI\_CPU\_SUSPEND command does not have any output values.

Following execution of PSCI\_CPU\_SUSPEND, control does not return to the caller.

## B5.3.4.2 Failure conditions

The PSCI\_CPU\_SUSPEND command does not have any failure conditions.

## B5.3.4.3 Success conditions

The PSCI\_CPU\_SUSPEND command does not have any success conditions.

Following execution of PSCI\_CPU\_SUSPEND, control does not return to the caller.

## B5.3.4.4 Footprint

The PSCI\_CPU\_SUSPEND command does not have any footprint.

## B5.3.5 PSCI\_FEATURES command

Query whether a specific PSCI feature is implemented.

See also:

- B5.3.1 PSCI\_AFFINITY\_INFO command
- B5.3.2 PSCI\_CPU\_OFF command
- B5.3.3 PSCI\_CPU\_ON command
- B5.3.4 PSCI\_CPU\_SUSPEND command
- B5.3.6 PSCI\_SYSTEM\_OFF command
- B5.3.7 PSCI\_SYSTEM\_RESET command

#### B5.3.5.1 Interface

#### B5.3.5.1.1 Input values

| Name         | Register | Bits | Туре   | Description                     |
|--------------|----------|------|--------|---------------------------------|
| fid          | X0       | 63:0 | UInt64 | FID, value 0x8400000A           |
| psci_func_id | X1       | 31:0 | UInt32 | Function ID for a PSCI Function |

The following unused bits of PSCI\_FEATURES input values should be zero: X1[63:32].

#### B5.3.5.1.2 Output values

| Name   | Register | Bits | Туре           | Description         |
|--------|----------|------|----------------|---------------------|
| result | X0       | 31:0 | PsciReturnCode | Command return code |

The following unused bits of PSCI\_FEATURES output values must be zero: X0[63:32].

#### B5.3.5.2 Failure conditions

The PSCI\_FEATURES command does not have any failure conditions.

## B5.3.5.3 Success conditions

| ID          | Condition                                                                                         |
|-------------|---------------------------------------------------------------------------------------------------|
| func_ok     | <pre>pre: psci_func_id is a supported PSCI function. post: result == PSCI_SUCCESS</pre>           |
| func_not_ok | <pre>pre: psci_func_id is not a supported PSCI function. post: result == PSCI_NOT_SUPPORTED</pre> |

## B5.3.5.4 Footprint

The PSCI\_FEATURES command does not have any footprint.

## B5.3.6 PSCI\_SYSTEM\_OFF command

Shut down the system.

This command causes a REC exit due to PSCI.

See also:

- A2.3.2 *REC attributes*
- A4.3.7 REC exit due to PSCI
- B5.3.7 PSCI\_SYSTEM\_RESET command

#### B5.3.6.1 Interface

#### B5.3.6.1.1 Input values

| Name | Register | Bits | Туре   | Description           |
|------|----------|------|--------|-----------------------|
| fid  | X0       | 63:0 | UInt64 | FID, value 0x84000008 |

#### B5.3.6.1.2 Context

The PSCI\_SYSTEM\_OFF command operates on the following context.

| Name  | Туре     | Value          | Before | Description   |
|-------|----------|----------------|--------|---------------|
| realm | RmmRealm | CurrentRealm() | false  | Current Realm |

#### B5.3.6.1.3 Output values

The PSCI\_SYSTEM\_OFF command does not have any output values.

Following execution of PSCI\_SYSTEM\_OFF, control does not return to the caller.

#### B5.3.6.2 Failure conditions

The PSCI\_SYSTEM\_OFF command does not have any failure conditions.

#### B5.3.6.3 Success conditions

| ID    | Condition                            |
|-------|--------------------------------------|
| state | <pre>realm.state == SYSTEM_OFF</pre> |

Following execution of PSCI\_SYSTEM\_OFF, control does not return to the caller.

## B5.3.6.4 Footprint

The PSCI\_SYSTEM\_OFF command does not have any footprint.

## B5.3.7 PSCI\_SYSTEM\_RESET command

Shut down the system.

This command causes a REC exit due to PSCI.

See also:

- A2.3.2 *REC attributes*
- A4.3.7 REC exit due to PSCI
- B5.3.6 PSCI\_SYSTEM\_OFF command

#### B5.3.7.1 Interface

#### B5.3.7.1.1 Input values

| Name | Register | Bits | Туре   | Description           |
|------|----------|------|--------|-----------------------|
| fid  | X0       | 63:0 | UInt64 | FID, value 0x84000009 |

#### B5.3.7.1.2 Context

The PSCI\_SYSTEM\_RESET command operates on the following context.

| Name  | Туре     | Value          | Before | Description   |
|-------|----------|----------------|--------|---------------|
| realm | RmmRealm | CurrentRealm() | false  | Current Realm |

#### B5.3.7.1.3 Output values

The PSCI\_SYSTEM\_RESET command does not have any output values.

Following execution of PSCI\_SYSTEM\_RESET, control does not return to the caller.

#### B5.3.7.2 Failure conditions

The PSCI\_SYSTEM\_RESET command does not have any failure conditions.

#### B5.3.7.3 Success conditions

| ID    | Condition                            |
|-------|--------------------------------------|
| state | <pre>realm.state == SYSTEM_OFF</pre> |

Following execution of PSCI\_SYSTEM\_RESET, control does not return to the caller.

## B5.3.7.4 Footprint

The PSCI\_SYSTEM\_RESET command does not have any footprint.

## B5.3.8 PSCI\_VERSION command

Query the version of PSCI implemented.

#### B5.3.8.1 Interface

#### B5.3.8.1.1 Input values

| Name | Register | Bits | Туре   | Description           |
|------|----------|------|--------|-----------------------|
| fid  | X0       | 63:0 | UInt64 | FID, value 0x84000000 |

#### B5.3.8.1.2 Output values

| Name   | Register | Bits | Туре             | Description         |
|--------|----------|------|------------------|---------------------|
| result | X0       | 63:0 | PsciInterfaceVer | sidnterface version |

#### See also:

• B5.2 PSCI version

#### B5.3.8.2 Failure conditions

The PSCI\_VERSION command does not have any failure conditions.

#### B5.3.8.3 Success conditions

The PSCI\_VERSION command does not have any success conditions.

#### B5.3.8.4 Footprint

The PSCI\_VERSION command does not have any footprint.

Chapter B5. Power State Control Interface B5.4. PSCI types

# **B5.4 PSCI types**

This section defines types which are used in the PSCI interface.

## **B5.4.1** PsciInterfaceVersion type

The PsciInterfaceVersion fieldset contains an PSCI interface version.

The PsciInterfaceVersion fieldset is a concrete type.

The width of the PsciInterfaceVersion fieldset is 64 bits.

The fields of the PsciInterfaceVersion fieldset are shown in the following diagram.



The fields of the PsciInterfaceVersion fieldset are shown in the following table.

| Name  | Bits  | Description                                                                      | Value        |
|-------|-------|----------------------------------------------------------------------------------|--------------|
| minor | 15:0  | Interface minor version number (the value $y$ in interface version x.y)          | UInt16       |
| major | 30:16 | Interface major version number (the value $x$ in interface version $x \cdot y$ ) | UInt15       |
|       | 63:31 | Reserved                                                                         | Must be zero |

## B5.4.2 PsciReturnCode type

The PsciReturnCode enumeration represents the return code of a PSCI command.

The PsciReturnCode enumeration is a concrete type.

The width of the PsciReturnCode enumeration is 32 bits.

The values of the PsciReturnCode enumeration are shown in the following table.

| Encoding | Name                    | Description                 |
|----------|-------------------------|-----------------------------|
| -9       | PSCI_INVALID_ADDRESS    | Refer to PSCI specification |
| -8       | PSCI_DISABLED           | Refer to PSCI specification |
| -7       | PSCI_NOT_PRESENT        | Refer to PSCI specification |
| -6       | PSCI_INTERNAL_FAILURE   | Refer to PSCI specification |
| -5       | PSCI_ON_PENDING         | Refer to PSCI specification |
| -4       | PSCI_ALREADY_ON         | Refer to PSCI specification |
| -3       | PSCI_DENIED             | Refer to PSCI specification |
| -2       | PSCI_INVALID_PARAMETERS | Refer to PSCI specification |

| Encoding | Name               | Description                 |
|----------|--------------------|-----------------------------|
| -1       | PSCI_NOT_SUPPORTED | Refer to PSCI specification |
| 0        | PSCI_SUCCESS       | Refer to PSCI specification |
| 1        | PSCI_OFF           | Refer to PSCI specification |

Unused encodings for the PsciReturnCode enumeration are reserved for use by future versions of this specification.

Part C Types

# Chapter C1 RMM types

This section describes types which are used to model the abstract state of the RMM.

# C1.1 RmmGranule type

The RmmGranule structure contains attributes of a Granule.

The RmmGranule structure is an abstract type.

The members of the RmmGranule structure are shown in the following table.

| Name  | Туре                    | Description            |  |
|-------|-------------------------|------------------------|--|
| pas   | RmmPhysicalAddressSpace | Physical Address Space |  |
| state | RmmGranuleState         | Lifecycle state        |  |

# C1.2 RmmGranuleState type

The RmmGranuleState enumeration represents the state of a granule.

The RmmGranuleState enumeration is an abstract type.

The values of the RmmGranuleState enumeration are shown in the following table.

| Name        | Description                                |  |
|-------------|--------------------------------------------|--|
| DATA        | Realm code or data.                        |  |
| DELEGATED   | Delegated for use by the RMM.              |  |
| RD          | Realm Descriptor.                          |  |
| REC         | Realm Execution Context.                   |  |
| REC_AUX     | Realm Execution Context auxiliary Granule. |  |
| RTT         | Realm Translation Table.                   |  |
| UNDELEGATED | Not delegated for use by the RMM.          |  |

# C1.3 RmmHashAlgorithm type

The RmmHashAlgorithm enumeration represents hash algorithm.

The RmmHashAlgorithm enumeration is an abstract type.

The values of the RmmHashAlgorithm enumeration are shown in the following table.

| Name         | Description                               |
|--------------|-------------------------------------------|
| HASH_SHA_256 | SHA-256 (Secure Hash Standard (SHS) [15]) |
| HASH_SHA_512 | SHA-512 (Secure Hash Standard (SHS) [15]) |

# C1.4 RmmHostCallPending type

The RmmHostCallPending enumeration represents whether a Host call is pending.

The RmmHostCallPending enumeration is an abstract type.

The values of the RmmHostCallPending enumeration are shown in the following table.

| Name                 | Description              |
|----------------------|--------------------------|
| HOST_CALL_PENDING    | No Host call is pending. |
| NO_HOST_CALL_PENDING | A Host call is pending.  |

# C1.5 RmmMeasurementDescriptorData type

The RmmMeasurementDescriptorData structure contains data structure used to calculate the contribution to the RIM of a DATA Granule.

The RmmMeasurementDescriptorData structure is a concrete type.

The width of the RmmMeasurementDescriptorData structure is 256 (0x100) bytes.

See also:

#### • B3.3.1.4 RMI\_DATA\_CREATE extension of RIM

The members of the RmmMeasurementDescriptorData structure are shown in the following table.

| Name      | Byte offset | Туре                | Description                                                                                      |
|-----------|-------------|---------------------|--------------------------------------------------------------------------------------------------|
| desc_type | 0x0         | Bits8               | Measurement descriptor type, value 0x0                                                           |
| len       | 0x8         | UInt64              | Length of this data structure in bytes                                                           |
| rim       | 0x10        | RmmRealmMeasurement | Current RIM value                                                                                |
| ipa       | 0x50        | Address             | IPA at which the DATA Granule is mapped in the Realm                                             |
| flags     | 0x58        | RmiDataFlags        | Flags provided by Host                                                                           |
| content   | 0x60        | RmmRealmMeasurement | Hash of contents of DATA Granule, or zero if flags indicate DATA Granule contents are unmeasured |

Unused bits of the RmmMeasurementDescriptorData structure must be zero.

# C1.6 RmmMeasurementDescriptorRec type

The RmmMeasurementDescriptorRec structure contains data structure used to calculate the contribution to the RIM of a REC.

The RmmMeasurementDescriptorRec structure is a concrete type.

The width of the RmmMeasurementDescriptorRec structure is 256 (0x100) bytes.

See also:

#### • B3.3.12.4 RMI\_REC\_CREATE extension of RIM

The members of the RmmMeasurementDescriptorRec structure are shown in the following table.

| Name      | Byte offset | Туре                | Description                                                   |
|-----------|-------------|---------------------|---------------------------------------------------------------|
| desc_type | 0x0         | Bits8               | Measurement descriptor type, value 0x1                        |
| len       | 0x8         | UInt64              | Length of this data structure in bytes                        |
| rim       | 0x10        | RmmRealmMeasurement | Current RIM value                                             |
| content   | 0x50        | RmmRealmMeasurement | Hash of 4KB page which contains REC parameters data structure |

Unused bits of the RmmMeasurementDescriptorRec structure must be zero.

# C1.7 RmmMeasurementDescriptorRipas type

The RmmMeasurementDescriptorRipas structure contains data structure used to calculate the contribution to the RIM of a RIPAS change.

The RmmMeasurementDescriptorRipas structure is a concrete type.

The width of the RmmMeasurementDescriptorRipas structure is 256 (0x100) bytes.

See also:

#### • B3.3.18.4 RMI\_RTT\_INIT\_RIPAS extension of RIM

The members of the RmmMeasurementDescriptorRipas structure are shown in the following table.

| Name      | Byte offset | Туре                | Description                            |
|-----------|-------------|---------------------|----------------------------------------|
| desc_type | 0x0         | Bits8               | Measurement descriptor type, value 0x2 |
| len       | 0x8         | UInt64              | Length of this data structure in bytes |
| rim       | 0x10        | RmmRealmMeasurement | Current RIM value                      |
| base      | 0x50        | Address             | Base IPA of the RIPAS change           |
| top       | 0x58        | Address             | Top IPA of the RIPAS change            |

Unused bits of the RmmMeasurementDescriptorRipas structure must be zero.

# C1.8 RmmPhysicalAddressSpace type

The RmmPhysicalAddressSpace enumeration represents the PAS of a Granule.

The RmmPhysicalAddressSpace enumeration is an abstract type.

The values of the RmmPhysicalAddressSpace enumeration are shown in the following table.

| Name  | Description                         |
|-------|-------------------------------------|
| NS    | Non-secure PAS.                     |
| OTHER | PAS other than Non-secure or Realm. |
| REALM | Realm PAS.                          |

# C1.9 RmmPsciPending type

The RmmPsciPending enumeration represents whether a PSCI request is pending.

The RmmPsciPending enumeration is an abstract type.

The values of the RmmPsciPending enumeration are shown in the following table.

| Name                    | Description                 |
|-------------------------|-----------------------------|
| NO_PSCI_REQUEST_PENDING | A PSCI request is pending.  |
| PSCI_REQUEST_PENDING    | No PSCI request is pending. |

Chapter C1. RMM types C1.12. RmmRealmState type

# C1.10 RmmRealm type

The RmmRealm structure contains attributes of a Realm.

The RmmRealm structure is an abstract type.

See also:

• A2.1 Realm

The members of the RmmRealm structure are shown in the following table.

| Name            | Туре                   | Description                                         |
|-----------------|------------------------|-----------------------------------------------------|
| ipa_width       | UInt8                  | IPA width in bits                                   |
| measurements    | RmmRealmMeasurement[5] | Realm measurements                                  |
| hash_algo       | RmmHashAlgorithm       | Algorithm used to compute Realm measurements        |
| rec_index       | UInt64                 | Index of next REC to be created                     |
| rtt_base        | Address                | Realm Translation Table base address                |
| rtt_level_start | Int64                  | RTT starting level                                  |
| rtt_num_start   | UInt64                 | Number of physically contiguous starting level RTTs |
| state           | RmmRealmState          | Lifecycle state                                     |
| vmid            | Bits16                 | Virtual Machine Identifier                          |
| rpv             | Bits512                | Realm Personalization Value                         |

## C1.11 RmmRealmMeasurement type

The RmmRealmMeasurement type is realm measurement.

The RmmRealmMeasurement type is a concrete type.

The width of the RmmRealmMeasurement type is 512 bits.

# C1.12 RmmRealmState type

The RmmRealmState enumeration represents the state of a Realm.

The RmmRealmState enumeration is an abstract type.

The values of the RmmRealmState enumeration are shown in the following table.

| Name       | Description                                             |
|------------|---------------------------------------------------------|
| ACTIVE     | Eligible for execution.                                 |
| NEW        | Under construction. Not eligible for execution.         |
| SYSTEM_OFF | System has been turned off. Not eligible for execution. |

# C1.13 RmmRec type

The RmmRec structure contains attributes of a REC.

The RmmRec structure is an abstract type.

See also:

• A2.3 Realm Execution Context

The members of the RmmRec structure are shown in the following table.

| Name              | Туре                    | Description                                                                    |
|-------------------|-------------------------|--------------------------------------------------------------------------------|
| attest_state      | RmmRecAttestState       | Attestation token generation state                                             |
| attest_challenge  | Bits512                 | Challenge for under-construction attestation token                             |
| aux               | Address[16]             | Addresses of auxiliary Granules                                                |
| emulatable_abort  | RmmRecEmulatableAbort   | Whether the most recent exit from this REC was due to an Emulatable Data Abort |
| flags             | RmmRecFlags             | Flags which control REC behavior                                               |
| gprs              | Bits64[32]              | General-purpose register values                                                |
| mpidr             | Bits64                  | MPIDR value                                                                    |
| owner             | Address                 | PA of RD of Realm which owns this REC                                          |
| pc                | Bits64                  | Program counter value                                                          |
| psci_pending      | RmmPsciPending          | Whether a PSCI request is pending                                              |
| state             | RmmRecState             | Lifecycle state                                                                |
| sysregs           | RmmSystemRegisters      | EL1 and EL0 system register values                                             |
| ripas_addr        | Address                 | Next address to be processed in RIPAS change                                   |
| ripas_top         | Address                 | Top address of pending RIPAS change                                            |
| ripas_value       | RmmRipas                | RIPAS value of pending RIPAS change                                            |
| ripas_destroyed   | RmmRipasChangeDestroyed | Whether a RIPAS change from DESTROYED should be permitted                      |
| ripas_response    | RmmRecResponse          | Host response to RIPAS change request                                          |
| host_call_pending | RmmHostCallPending      | Whether a Host call is pending                                                 |

# C1.14 RmmRecAttestState type

The RmmRecAttestState enumeration represents whether an attestation token generation operation is ongoing on this REC.

The RmmRecAttestState enumeration is an abstract type.

The values of the RmmRecAttestState enumeration are shown in the following table.

| Name                  | Description                                               |
|-----------------------|-----------------------------------------------------------|
| ATTEST_IN_PROGRESS    | An attestation token generation operation is in progress. |
| NO_ATTEST_IN_PROGRESS | No attestation token generation operation is in progress. |

# C1.15 RmmRecEmulatableAbort type

The RmmRecEmulatableAbort enumeration represents whether the most recent exit from a REC was due to an Emulatable Data Abort.

The RmmRecEmulatableAbort enumeration is an abstract type.

The values of the RmmRecEmulatableAbort enumeration are shown in the following table.

| Name                 | Description                                                              |
|----------------------|--------------------------------------------------------------------------|
| EMULATABLE_ABORT     | The most recent exit from a REC was due to an Emulatable Data Abort.     |
| NOT_EMULATABLE_ABORT | The most recent exit from a REC was not due to an Emulatable Data Abort. |

## C1.16 RmmRecFlags type

The RmmRecFlags structure contains REC flags.

The RmmRecFlags structure is an abstract type.

The members of the RmmRecFlags structure are shown in the following table.

| Name     | Туре           | Description                       |
|----------|----------------|-----------------------------------|
| runnable | RmmRecRunnable | Whether the REC is elgible to run |

# C1.17 RmmRecResponse type

The RmmRecResponse enumeration represents whether the Host accepted or rejected a Realm request.

The RmmRecResponse enumeration is an abstract type.

The values of the RmmRecResponse enumeration are shown in the following table.

| Name   | Description                      |
|--------|----------------------------------|
| ACCEPT | Host accepted the Realm request. |
| REJECT | Host rejected the Realm request. |

# C1.18 RmmRecRunnable type

The RmmRecRunnable enumeration represents whether a REC is eligible for execution.

The RmmRecRunnable enumeration is an abstract type.

The values of the RmmRecRunnable enumeration are shown in the following table.

| Name         | Description                 |
|--------------|-----------------------------|
| NOT_RUNNABLE | Not eligible for execution. |
| RUNNABLE     | Eligible for execution.     |

# C1.19 RmmRecState type

The RmmRecState enumeration represents the state of a REC.

The RmmRecState enumeration is an abstract type.

The values of the RmmRecState enumeration are shown in the following table.

| Name    | Description                   |
|---------|-------------------------------|
| READY   | REC is not currently running. |
| RUNNING | REC is currently running.     |

# C1.20 RmmRipas type

The RmmRipas enumeration represents realm IPA state.

The RmmRipas enumeration is an abstract type.

The values of the RmmRipas enumeration are shown in the following table.

| Name      | Description                                                                    |
|-----------|--------------------------------------------------------------------------------|
| DESTROYED | Address which is inaccessible to the Realm due to an action taken by the Host. |
| EMPTY     | Address where no Realm resources are mapped.                                   |
| RAM       | Address where private code or data owned by the Realm is mapped.               |

# C1.21 RmmRipasChangeDestroyed type

The RmmRipasChangeDestroyed enumeration represents whether a RIPAS change from DESTROYED should be permitted.

The RmmRipasChangeDestroyed enumeration is an abstract type.

The values of the RmmRipasChangeDestroyed enumeration are shown in the following table.

| Name                | Description                                            |
|---------------------|--------------------------------------------------------|
| CHANGE_DESTROYED    | A RIPAS change from DESTROYED should be permitted.     |
| NO_CHANGE_DESTROYED | A RIPAS change from DESTROYED should not be permitted. |

# C1.22 RmmRtt type

The RmmRtt structure contains an RTT.

The RmmRtt structure is an abstract type.

The members of the RmmRtt structure are shown in the following table.

| Name    | Туре             | Description |
|---------|------------------|-------------|
| entries | RmmRttEntry[512] | Entries     |

# C1.23 RmmRttEntry type

The RmmRttEntry structure contains attributes of an RTT Entry.

The RmmRttEntry structure is an abstract type.

See also:

• A5.5 Realm Translation Table

The members of the RmmRttEntry structure are shown in the following table.

| Name    | Туре             | Description    |
|---------|------------------|----------------|
| addr    | Address          | Output address |
| ripas   | RmmRipas         | RIPAS          |
| state   | RmmRttEntryState | State          |
| MemAttr | Bits3            | MemAttr        |
| S2AP    | Bits2            | S2AP           |
| SH      | Bits2            | SH             |

# C1.24 RmmRttEntryState type

The RmmRttEntryState enumeration represents the state of an RTTE.

#### Chapter C1. RMM types C1.26. RmmSystemRegisters type

The RmmRttEntryState enumeration is an abstract type.

The values of the RmmRttEntryState enumeration are shown in the following table.

| Name          | Description                                                                                                |
|---------------|------------------------------------------------------------------------------------------------------------|
| ASSIGNED      | This RTTE is identified by a Protected IPA.<br>The output address of this RTTE points to a DATA Granule.   |
| ASSIGNED_NS   | This RTTE is identified by an Unprotected IPA.<br>The output address of this RTTE points to an NS Granule. |
| TABLE         | The output address of this RTTE points to the next-level RTT.                                              |
| UNASSIGNED    | This RTTE is identified by a Protected IPA.<br>This RTTE is not associated with any Granule.               |
| UNASSIGNED_NS | This RTTE is identified by an Unprotected IPA.<br>This RTTE is not associated with any Granule.            |

# C1.25 RmmRttWalkResult type

The RmmRttWalkResult structure contains result of an RTT walk.

The RmmRttWalkResult structure is an abstract type.

See also:

• A5.5.10 RTT walk

The members of the RmmRttWalkResult structure are shown in the following table.

| Name     | Туре        | Description                        |
|----------|-------------|------------------------------------|
| level    | Int8        | RTT level reached by the walk      |
| rtt_addr | Address     | Address of RTT reached by the walk |
| rtte     | RmmRttEntry | RTTE reached by the walk           |

# C1.26 RmmSystemRegisters type

The RmmSystemRegisters structure contains EL0 and EL1 system registers.

The RmmSystemRegisters structure is an abstract type.

# Chapter C2 Generic types

This section defines types which are shared between RMM interfaces and descriptions of RMM abstract state. See also:

- B3.4 RMI types
- B4.4 *RSI types*
- B5.4 PSCI types
- Chapter C1 RMM types

# C2.1 Address type

The Address type is an address.

The Address type is a concrete type.

The width of the Address type is 64 bits.

## C2.2 BitsN type

The BitsN type is an N-bit field.

The BitsN type is a concrete type.

Chapter C2. Generic types C2.3. IntN type

The width of the BitsN type is N bits.

# C2.3 IntN type

The IntN type is an signed N-bit integer. The IntN type is a concrete type. The width of the IntN type is N bits.

# C2.4 UIntN type

The UIntN type is an unsigned N-bit integer. The UIntN type is a concrete type. The width of the UIntN type is N bits.

Part D Usage

# Chapter D1 Flows

This section presents flows which explain how the RMM architecture can be used by the Host, and by Realm software.

Note that parts of the sequences below are for illustration only. For example, in the Realm creation flows, the RMI\_GRANULE\_DELEGATE and RMI\_GRANULE\_UNDELEGATE commands are called immediately before or after the RMI\_X\_CREATE and RMI\_X\_DESTROY commands respectively. An alternative flow would be for the Host to maintain a pool of Granules in the DELEGATED state, from which RMM data structures and Realm data can be allocated on demand.

# D1.1 Granule delegation flows

## D1.1.1 Granule delegation flow

The following diagram shows how the PAS of a Granule is changed from NS to REALM.

See Arm Architecture Reference Manual Supplement, The Realm Management Extension (RME), for Armv9-A [2] for example software flows for the operations performed by the Monitor in this flow.

It is anticipated that the Monitor software will be required to use synchronization mechanisms to serialize access to the GPT.



See also:

- A2.2.1 Granule attributes
- B3.3.5 RMI\_GRANULE\_DELEGATE command
- D1.1.2 Granule undelegation flow

## D1.1.2 Granule undelegation flow

The following diagram shows how the PAS of a Granule is changed from REALM to NS.

See Arm Architecture Reference Manual Supplement, The Realm Management Extension (RME), for Armv9-A [2] for example software flows for the operations performed by the Monitor in this flow.

It is anticipated that the Monitor software will be required to use synchronization mechanisms to serialize access to the GPT.

Chapter D1. Flows D1.1. Granule delegation flows



See also:

- A2.2.1 Granule attributes
- B3.3.6 RMI\_GRANULE\_UNDELEGATE command
- D1.1.1 Granule delegation flow

# D1.2 Realm lifecycle flows

This section contains flows which relate to the Realm lifecycle.

See also:

• A2.1.5 Realm lifecycle

## D1.2.1 Realm creation flow

The following diagram shows the flow for creating a Realm.

To create a Realm, the Host must allocate and delegate two Granules:

- rd to store the Realm Descriptor
- rtt which will be the starting level Realm Translation Table (RTT)

The Host also provides an NS Granule (params) containing Realm creation parameters.



See also:

- B3.3.5 RMI\_GRANULE\_DELEGATE command
- B3.3.9 *RMI\_REALM\_CREATE command*
- D1.2.5 Realm destruction flow

## D1.2.2 Realm Translation Table creation flow

The following diagram shows the flow for populating the Realm Translation Tables (RTTs).

The starting level Realm Translation Tables (RTTs) are provided at Realm creation time.

Subsequent levels of RTT are added using the RMI\_RTT\_CREATE command. This can be performed when the state of the Realm is NEW or ACTIVE.

# Iost RMM Create Realm (rd) (rtt1, rtt2, rtt3) = alloc\_granules() RMI\_GRANULE\_DELEGATE(rtt1) RMI\_SUCCESS RMI\_SUCCESS RMI\_RTT\_CREATE(rd, rtt1, ipa, level=1) RMI\_SUCCESS RMI\_GRANULE\_DELEGATE(rtt2) RMI\_SUCCESS RMI\_SUCCESS RMI\_SUCCESS RMI\_RTT\_CREATE(rd, rtt2, ipa, level=2) RMI\_SUCCESS RMI\_GRANULE\_DELEGATE(rtt3) RMI\_SUCCESS RMI\_SUCCESS

See also:

- Chapter A5 Realm memory management
- B3.3.15 RMI\_RTT\_CREATE command
- D1.2.1 *Realm creation flow*
- D1.2.3 Initialize memory of New Realm flow

## D1.2.3 Initialize memory of New Realm flow

Immediately following Realm creation, every page in the Protected IPA space has its RIPAS set to EMPTY. There are two ways in which the Host can set the RIPAS of a given page of Protected IPA space to RAM:

- 1. Change the RIPAS by executing RMI\_RTT\_INIT\_RIPAS, but do not populate the contents of the page. The RIM is extended to reflect the RIPAS change.
- 2. Change the RIPAS by executing RMI\_RTT\_INIT\_RIPAS, and then populate the page with contents provided by the Host. The RIM is extended to reflect the contents added by the Host.

Once the Host has performed either of these actions for a given page of Protected IPA space, that page cannot be further modified prior to Realm activation.

The following diagram shows the flow for initializing the RIPAS without providing contents.



The following diagram shows the flow for populating the page with contents provided by the Host.

To do this, the Host must:

- Delegate a destination Granule (dst).
- Provide an NS Granule (src), whose contents will be copied into the destination Granule.
- $\bullet$  Specify the Protected IPA <code>ipa</code> at which the <code>dst</code> Granule should be mapped in the Realm's IPA space.
- Ensure that the level 3 RTT which contains the RTTE identified by the Protected IPA has been created.

Once the Data Granule has been created, the src Granule can be reallocated by the Host.

| st RMM                                                                                                                                                      |
|-------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Create Realm (rd) and RTTs<br>and initialize RIPAS to RAM                                                                                                   |
| (src, dst) = alloc_granules()<br>RMI_GRANULE_DELEGATE(dst)<br>RMI_SUCCESS<br>Copy initial Realm image into src<br>RMI_DATA_CREATE(rd, dst, ipa, src, flags) |
| <pre>RMI_SUCCESS</pre>                                                                                                                                      |
| src contents have been copied to dst.                                                                                                                       |
| Realm Initial Measurement has been<br>updated with the IPA and contents<br>of the DATA Granule.                                                             |
| HIPAS of RTTE identified by ipa has been updated to ASSIGNED.                                                                                               |
| free_granule(src)                                                                                                                                           |
| RMI_REALM_ACTIVATE(rd)                                                                                                                                      |
| Once the Realm state has changed<br>to Active, further Data granules<br>with Host-controlled contents can<br>no longer be added to the Realm                |
|                                                                                                                                                             |

See also:

- A2.2.1 Granule attributes
- A5.2.2 Realm IPA state
- A7.1.1 Realm Initial Measurement
- B3.3.1 RMI\_DATA\_CREATE command
- B3.3.5 RMI\_GRANULE\_DELEGATE command
- B3.3.18 RMI\_RTT\_INIT\_RIPAS command
- D1.2.1 Realm creation flow
- D1.2.2 Realm Translation Table creation flow
- D1.2.5 Realm destruction flow

## D1.2.4 REC creation flow

The following diagram shows the flow for creating a REC during Realm creation.

To create a REC, the Host must:

- Delegate a destination Granule (rec).
- Query the number of auxiliary Granules required, by calling RMI\_REC\_AUX\_COUNT
- Delegate the required number of auxiliary Granules (aux)
- Provide auxiliary Granule addresses, register values and REC activation status in an NS Granule (params).

Once the REC has been created, the params Granule can be reallocated by the Host.

Chapter D1. Flows D1.2. Realm lifecycle flows



See also:

• B3.3.5 *RMI\_GRANULE\_DELEGATE command* 

- B3.3.11 RMI\_REC\_AUX\_COUNT command
- B3.3.12 RMI\_REC\_CREATE command
- D1.2.1 *Realm creation flow*
- D1.2.5 *Realm destruction flow*

### D1.2.5 Realm destruction flow

The following diagram shows the flow for destroying a Realm.

To destroy a Realm, the Host must first make the Realm non-live. This is done by destroying (in any order) the objects which are associated with the Realm:

- Data Granules
- RECs
- RTTs

Finally, the Realm itself can be destroyed.

Once each of these objects has been destroyed, the corresponding Granules can be undelegated and reallocated by the Host.

Chapter D1. Flows D1.2. Realm lifecycle flows



See also:

- A2.1.4 *Realm liveness*
- B3.3.3 RMI\_DATA\_DESTROY command
- B3.3.6 RMI\_GRANULE\_UNDELEGATE command
- B3.3.10 RMI\_REALM\_DESTROY command
- B3.3.13 RMI\_REC\_DESTROY command
- D1.2.1 Realm creation flow

## D1.3 Realm exception model flows

This section contains flows which relate to the Realm exception model.

See also:

• Chapter A4 Realm exception model

### D1.3.1 Realm entry and exit flow

The following diagram shows how a Realm is executed, and illustrates the different reasons for exiting the Realm and returning control to the Host.

A REC is entered using the RMI\_REC\_ENTER command. The parameters to this command include:

- a RecEnter object, which is a data structure used to pass values from the Host to the RMM on REC entry
- a *RecExit object*, which is a data structure used to pass values from the RMM to the Host on REC exit



See also:

- Chapter A4 Realm exception model
- D1.3.2 Host call flow
- D1.3.3 REC exit due to Data Abort fault flow
- D1.3.4 MMIO emulation flow

#### D1.3.2 Host call flow

The following diagram shows how software executing inside the Realm can voluntarily yield control back to the Host by making a Host call.

A REC is entered using the RMI\_REC\_ENTER command. The parameters to this command include:

- a RecEnter object, which is a data structure used to pass values from the Host to the RMM on REC entry
- a RecExit object, which is a data structure used to pass values from the RMM to the Host on REC exit

On execution of RSI\_HOST\_CALL, arguments are copied from the RsiHostCall object in Realm memory into the RecExit object in NS memory. On the subsequent RMI\_REC\_ENTER, return values are copied from the RecEnter object in NS memory into the RsiHostCall object in Realm memory.



See also:

• A4.5 Host call

### D1.3.3 REC exit due to Data Abort fault flow

The following diagram shows how a Data Abort due to a Realm access is taken to the Host.

A REC is entered using the RMI\_REC\_ENTER command. The parameters to this command include:

- a *RecEnter object*, which is a data structure used to pass values from the Host to the RMM on REC entry
- a *RecExit object*, which is a data structure used to pass values from the RMM to the Host on REC exit



• Chapter A4 Realm exception model

### D1.3.4 MMIO emulation flow

The following diagram shows how an MMIO access by a Realm can be emulated by the Host.



• Chapter A4 Realm exception model

Chapter D1. Flows D1.4. PSCI flows

## D1.4 PSCI flows

## D1.4.1 PSCI\_CPU\_ON flow

The following diagram shows how one Realm VPE can set the "runnable" flag in another Realm VPE by executing PSCI\_CPU\_ON.



Chapter D1. Flows D1.4. PSCI flows

See also:

- B3.3.7 RMI\_PSCI\_COMPLETE command
- B5.3.3 PSCI\_CPU\_ON command

## D1.5 Realm memory management flows

This section contains flows which relate to management of Realm memory.

See also:

• Chapter A5 Realm memory management

### D1.5.1 Add memory to Active Realm flow

The following diagram shows the flow for adding memory to a Realm whose state is ACTIVE.

To add memory to a Realm whose state is ACTIVE, the Host must:

- Delegate a destination Granule (dst).
- Specify the Protected IPA at which the dst Granule will be mapped in the Realm's IPA space.
- Ensure that the level 3 RTT which contains the RTTE identified by the Protected IPA has been created.
- Ensure that the RIPAS of the Protected IPA is RAM.

Once a given Protected IPA has been populated with unknown content, it cannot be repopulated.



See also:

- A2.1.5 Realm lifecycle
- Chapter A5 Realm memory management
- B3.3.2 RMI\_DATA\_CREATE\_UNKNOWN command
- B3.3.5 *RMI\_GRANULE\_DELEGATE command*

### D1.5.2 NS memory flow

The following diagram describes how NS memory can be mapped into a Realm.



- Chapter A5 Realm memory management
- B3.3.19 RMI\_RTT\_MAP\_UNPROTECTED command
- B3.3.22 RMI\_RTT\_UNMAP\_UNPROTECTED command

#### D1.5.3 RIPAS change flow

The following diagram describes how a Realm requests a RIPAS change, and how that request is handled by the Host.

- The Realm calls RSI\_IPA\_STATE\_SET to request a RIPAS change for IPA range [base, top).
- This causes a REC exit due to RIPAS change pending.

On taking a REC exit due to RIPAS change pending, the Host does the following:

- Reads the region base and top addresses from the RecExit object.
- Applies the requested RIPAS change to an IPA range starting from the base of the target region, and extending no further than the top of the target region.
- Calls RMI\_REC\_ENTER to re-enter the REC.

The Realm observes in X1 the top of the region for which the RIPAS change was applied.



See also:

• A5.4 *RIPAS change* 

Chapter D1. Flows D1.5. Realm memory management flows

- B3.3.14 RMI\_REC\_ENTER command
- B3.3.21 RMI\_RTT\_SET\_RIPAS command
- B4.3.5 *RSI\_IPA\_STATE\_SET command*
- D2.2 Realm shared memory protocol flow

## D1.6 Realm interrupts and timers flows

## D1.6.1 Interrupt flow

The following diagram shows how a virtual interrupt is injected into a Realm by the Host.

| С | St R                                                                                                                                |                |                                                                                                   | Realm | )<br>VPE                                                                                         |    |
|---|-------------------------------------------------------------------------------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------|-------|--------------------------------------------------------------------------------------------------|----|
|   | Save virtual GIC CPU interface stat<br>Set virtual interrupt pending<br>by writing to run.entry.gicv3_Irs<br>MI_REC_ENTER(rec, run) | Valid<br>Resto | ate run.entry.gicv3*<br>]<br>pre virtual GIC CPU interface state<br>rec and run.entry.gicv3*<br>] |       | <ul> <li>✓ Virtual interrupt</li> <li>Acknowledge interrupt</li> <li>Handle interrupt</li> </ul> | Dt |
|   |                                                                                                                                     | Save           | Virtual GIC CPU interface state to rec and run.exi                                                |       | hatever reason                                                                                   |    |

See also:

• A6.1 Realm interrupts

## D1.6.2 Timer interrupt delivery flow

The following diagram shows how a timer interrupt is delivered to and handled by a Realm.

Chapter D1. Flows D1.6. Realm interrupts and timers flows



• A6.2 Realm timers

## D1.7 Realm attestation flows

### D1.7.1 Attestation token generation flow

The following diagram shows the flow for a Realm to obtain an attestation token.

The Realm first calls RSI\_ATTESTATION\_TOKEN\_INIT, providing the address where the attestation token will be written, and a challenge value.

The Realm then calls RSI\_ATTESTATION\_TOKEN\_CONTINUE, providing the same address. This command is called in a loop, until the result is not RSI\_INCOMPLETE.



#### See also:

- A7.2.2 Attestation token generation
- B4.3.1 RSI\_ATTESTATION\_TOKEN\_CONTINUE command
- B4.3.2 RSI\_ATTESTATION\_TOKEN\_INIT command

### D1.7.2 Handling interrupts during attestation token generation flow

The following diagram shows how interrupts are handled during generation of an attestation token.

If the RMM detects that a physical interrupt is pending during execution of RSI\_ATTESTATION\_TOKEN\_CONTINUE, it saves the execution context to the REC object, and performs a REC exit due to IRQ.

During handling of the IRQ, the Host may signal a virtual interrupt to the REC.

On the next entry to the REC, if a virtual interrupt is pending, it is taken to the REC's exception vector.

Whether or not a virtual interrupt was taken, on return to the original thread, the REC determines that X0 is RSI\_INCOMPLETE, and therefore calls RSI\_ATTESTATION\_TOKEN\_CONTINUE again.

Chapter D1. Flows D1.7. Realm attestation flows



See also:

- A4.3.5 REC exit due to IRQ
- A6.1 *Realm interrupts*
- A7.2.2 Attestation token generation
- B4.3.1 RSI\_ATTESTATION\_TOKEN\_CONTINUE command
- B4.3.2 RSI\_ATTESTATION\_TOKEN\_INIT command
- D1.3.1 Realm entry and exit flow

# Chapter D2 Realm shared memory protocol

This section describes a protocol for management of memory which is shared between a Realm and the Host. This protocol makes use of the primitives described in this specification. However, the protocol itself is not part of the RMM architecture. Use of this protocol is subject to a contract between the Realm and Host software agents.

See also:

• Chapter A5 Realm memory management

## D2.1 Realm shared memory protocol description

The Host agrees to provide the Realm with a certain amount of memory. This memory is referred to below as the Realm's "memory footprint".

The memory footprint is described to the Realm, for example via firmware tables. The Realm can choose, at any point during its execution, how much of its memory footprint is protected (accessible only to the Realm) and how much is shared with the Host.

Realm software treats the most significant IPA bit as a "protection attribute" bit. This means that for every Protected IPA (in which the most significant bit is '0'), there exists a corresponding Unprotected IPA alias, which is generated by setting the most significant bit to '1'.

The choice of whether a given page is protected or shared at a given time is expressed by setting the RIPAS of the Protected IPA:

- If the RIPAS of the Protected IPA is RAM, the page is protected and access to the Unprotected IPA alias causes a Synchronous External Abort taken to the Realm.
- If the RIPAS of the Protected IPA is EMPTY, the page is shared and access to the Unprotected IPA alias does not cause a Synchronous External Abort taken to the Realm.

The initial RIPAS for every page in the Realm's memory footprint is described to the Realm, for example via firmware tables. The Host agrees that during Realm execution, it will accept a RIPAS change request on any page within the Realm's memory footprint.

See also:

- A5.2.1 Realm IPA space
- A5.2.2 Realm IPA state
- A5.4 RIPAS change

## D2.2 Realm shared memory protocol flow

The following diagram illustrates how the protocol is used to set up and tear down a shared memory buffer.





Figure D2.1: Realm shared memory protocol flow

• D1.5.3 RIPAS change flow

| ASL         |                                                                                                                                                                                                    |
|-------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
|             | Arm Specification Language<br>Language used to express pseudocode implementations. Formal language definition can be found in <i>Arm Specifica-</i><br><i>tion Language Reference Manual</i> [14]. |
| CBOR        |                                                                                                                                                                                                    |
|             | Concise Binary Object Representation                                                                                                                                                               |
| CCA         |                                                                                                                                                                                                    |
|             | Confidential Compute Architecture                                                                                                                                                                  |
| CCA platfor | m                                                                                                                                                                                                  |
|             | All hardware and firmware components which are involved in delivering the CCA security guarantee. See <i>Arm CCA Security model</i> [4].                                                           |
| CDDL        |                                                                                                                                                                                                    |
|             | Concise Data Definition Language                                                                                                                                                                   |
| COSE        |                                                                                                                                                                                                    |
|             | CBOR Object Signing and Encryption                                                                                                                                                                 |
| EAT         |                                                                                                                                                                                                    |
|             | Entity Attestation Token                                                                                                                                                                           |
| FID         |                                                                                                                                                                                                    |
|             | Function Identifier                                                                                                                                                                                |
| GIC         |                                                                                                                                                                                                    |
|             | Generic Interrupt Controller<br>See Arm Generic Interrupt Controller (GIC) Architecture Specification version 3 and version 4 [5]                                                                  |
| GPF         |                                                                                                                                                                                                    |
|             | Granule Protection Fault                                                                                                                                                                           |
| GPT         |                                                                                                                                                                                                    |
|             | Granule Protection Table<br>Table which determines the Physical Address Space of each Granule.                                                                                                     |
| HIPAS       | Table which determines the Enystear Address Space of each Oranule.                                                                                                                                 |
| TIIFAS      | Host IPA state                                                                                                                                                                                     |
| Host        | HOST IF A State                                                                                                                                                                                    |
| 11051       | Software executing in Non-secure Security state which manages resources used by Realms                                                                                                             |
| IAK         | Software executing in Non-secure Security state which manages resources used by Keanns                                                                                                             |
|             | Initial Attestation Key Key used to sign the CCA platform attestation token.                                                                                                                       |
| IPA         | initial Attestation Key Key used to sign the CCA platform attestation token.                                                                                                                       |
| ГА          |                                                                                                                                                                                                    |

| Convright @ 2022-2023 Arm Limited or its affiliates All rights reserved                                       |
|---------------------------------------------------------------------------------------------------------------|
| Realm Hash Algorithm                                                                                          |
| Realm Extensible Measurement Measurement value which can be extended during the lifetime of a Realm.          |
|                                                                                                               |
| Realm Execution Context<br>Object which stores PE state associated with a thread of execution within a Realm. |
|                                                                                                               |
| A protected execution environment                                                                             |
| Object which stores attributes of a Realm.                                                                    |
| Realm Descriptor                                                                                              |
|                                                                                                               |
| Realm Attestation Key Key used to sign the Realm attestation token.                                           |
| Power State Control Interface<br>See Arm Power State Coordination Interface (PSCI) [16]                       |
|                                                                                                               |
| Performance Monitor Unit                                                                                      |
| Processing Element                                                                                            |
| Decession Flowert                                                                                             |
| Physical Address Space                                                                                        |
| Non-secure                                                                                                    |
|                                                                                                               |
| Multiprocessor Affinity Register                                                                              |
| Memory-mapped I/O                                                                                             |
| Mamory manual I/O                                                                                             |
| A service provided by the GIC.                                                                                |
| Interrupt Translation Service                                                                                 |
| Interrupt Routing Infrastructure<br>A subset of the components which make up the GIC.                         |
|                                                                                                               |
| Inter-processor interrupt                                                                                     |
|                                                                                                               |
| Intermediate Physical Address<br>Address space visible to software executing at EL1 in the Realm.             |
|                                                                                                               |

| RIM   |                                                                                          |
|-------|------------------------------------------------------------------------------------------|
|       | Realm Initial Measurement Measurement of the state of a Realm at the time of activation. |
| RIPAS |                                                                                          |
|       | Realm IPA state                                                                          |
|       | Keann n A state                                                                          |
| RMI   |                                                                                          |
|       | Realm Management Interface The ABI exposed by the RMM for use by the Host.               |
| RMM   |                                                                                          |
|       | Realm Management Monitor                                                                 |
| RNVS  |                                                                                          |
|       | Root Non-volatile Storage                                                                |
|       | Koot Non-volatile Storage                                                                |
| RPV   |                                                                                          |
|       | Realm Personalization Value                                                              |
| RSI   |                                                                                          |
|       | Realm Services Interface The ABI exposed by the RMM for use by the Realm.                |
| RTT   |                                                                                          |
|       | Realm Translation Table                                                                  |
|       | Object which describes the IPA space of a Realm.                                         |
| RTTE  | <b>5 1</b>                                                                               |
|       | Dealer Terrelation Table Dates                                                           |
|       | Realm Translation Table Entry                                                            |
| SEA   |                                                                                          |
|       | Synchronous External Abort                                                               |
| SGI   |                                                                                          |
|       | Software Generated Interrupt                                                             |
| SMCCC |                                                                                          |
|       | SMC Calling Convention                                                                   |
|       | See Arm SMC Calling Convention [13]                                                      |
| SPM   |                                                                                          |
| ••••  | Secure Dertition Manager                                                                 |
|       | Secure Partition Manager                                                                 |
| ΤΑ    |                                                                                          |
|       | Trusted Application                                                                      |
| TOS   |                                                                                          |
|       | Trusted OS                                                                               |
| VMM   |                                                                                          |
|       | Virtual Machine Monitor                                                                  |
|       |                                                                                          |
| VMSA  |                                                                                          |
|       | Virtual Memory System Architecture                                                       |
| VPE   |                                                                                          |
|       |                                                                                          |
|       |                                                                                          |

#### Virtual Processing Element

### Wiping

An operation which changes the value of a memory location from X to Y, such that the value X cannot be determined from the value Y