TF-RMM (or simply RMM) is the Trusted Firmware Implementation of the Realm Management Monitor (RMM) Specification. The RMM is a software component that runs at Realm EL2 and forms part of a system which implements the Arm Confidential Compute Architecture (Arm CCA). Arm CCA is an architecture which provides Protected Execution Environments called Realms.
Prior to Arm CCA, virtual machines have to trust hypervisors that manage them and a resource that is managed by the hypervisor is also accessible by it. Exploits against the hypervisors can leak confidential data held in the virtual machines. Arm CCA introduces a new confidential compute environment called a Realm. Any code or data belonging to a Realm, whether in memory or in registers, cannot be accessed or modified by the hypervisor. This means that the Realm owner does not need to trust the hypervisor that manages the resources used by the Realm.
The Realm VM is initiated and controlled by the Normal world Hypervisor. To allow the isolated execution of the Realm VM, a new component called the Realm Management Monitor (RMM) is introduced, executing at R_EL2. The hypervisor interacts with the RMM via Realm Management Interface (RMI) to manage the Realm VM. Policy decisions, such as which Realm to run or what memory to be delegated to the Realm are made by the hypervisor and communicated via the RMI. The RMM also provides services to the Realm via the Realm Service Interface (RSI). These services include cryptographic services and attestation. The Realm initial state can be measured and an attestation report, which also includes platform attestation, can be requested via RSI. The RSI is also the channel for memory management requests from the Realm VM to the RMM.
The following diagram shows the complete Arm CCA software stack running a confidential Realm VM :
Figure 1. Realm VM execution
The TF-RMM interacts with the Root EL3 Firmware via the RMM-EL3 Communication Interface and this is implemented by the reference EL3 Firmware implementation TF-A.
More details about the RMM and how it fits in the Software Stack can be found in Arm CCA Software Stack Guide.
The Change-log and Release notes has the details of features implemented by this version of TF-RMM and lists any known issues.
Unless specifically indicated otherwise in a file, TF-RMM files are provided under the BSD-3-Clause License. For contributions, please see License and Copyright for Contributions.
The TF-RMM project requires to be linked with certain other 3rd party
projects and they are to be cloned from their repositories into ext
folder
before building. The projects are MbedTLS, t_cose, QCBOR and
CppUTest.
The project also contains files which are imported from other projects
into the source tree and may have a different license. Such files with
different licenses are listed in the table below. This table is used by the
checkspdx
tool in the project to verify license headers.
File | License |
lib/libc/src/printf.c | MIT |
lib/libc/include/stdio.h | MIT |
lib/libc/src/strlcpy.c | ISC |
lib/libc/src/strnlen.c | BSD-2-Clause |
lib/allocator/src/memory_alloc.c | Apache-2.0 |
We gratefully accept bug reports and contributions from the community. Please see the Contributor's Guide for details on how to do this.
Feedback is requested via email to: tf-rmm@lists.trustedfirmware.org.
To report a bug, please file an issue on Github