Secure partitions in Arm Trusted Firmware-A


The Armv8.4 architecture will introduce support for virtualization in the Secure state. A new privileged exception level Secure-EL2 will be added that mirrors the existing EL2 in the Non-secure state.

To take advantage of the new possibilities, this opens up arm is currently working on a software architecture advocating the breaking down of secure services into several secure payloads, called Secure Partitions. Mainly, they are software sandboxes used to instantiate management or security services in the Trusted World.

They run under the control of a high privileged software component called the Secure Partition Manager (SPM). As secure services might have been developed independently of each other, they might be unaware of the services provided by other partitions and compete for the same resources. SPM is the critical component that guarantees that secure partitions run isolated from each other, while being able to communicate with each other or with other software components in the Normal World.

This presentation will give an overview of this software architecture along with details about the SPM reference implementation that the Trusted Firmware-A ill eventually provide.

For more details about the Trusted Firmware-A open source project in general, see: