Secure Partitions

Secure Partitions are defined by the FF-A standard

Secure partitions are isolated processing environments managed by a Secure Partition Manager (SPM). An SPM performs the role of hypervisor for the Arm Secure State and is responsible for managing SP initialization, memory management and messaging. The Arm Firmware Framework for A-Profile (FF-A) specification (FF-A Specification) defines the set of firmware features that enable the use of secure partitions for protecting sensitive workloads.

The Armv8.4 architecture introduces the virtualization extension in the Secure state. For silicon based on Armv8.4 (or above) that implement the Secure-EL2 extension, the Hafnium Project provides a reference SPMC implementation. For pre-Arm8.4 silicon, the OP-TEE Project provides an alternative reference SPMC implementation.

Within the Trusted Services, the environments realized by the two reference SPM implementations are named as follows:

• hfsp - for service deployment under Hafnium

• opteesp - for service deployment under OP-TEE

Contents:

• Firmware Framework for Armv8-A
• S-EL0 Secure Partitions under OP-TEE
• S-EL1 Secure Partitions under Hafnium
• libsp

---

Copyright (c) 2020-2022, Arm Limited and Contributors. All rights reserved.

SPDX-License-Identifier: BSD-3-Clause