1.. SPDX-License-Identifier: BSD-3-Clause 2.. SPDX-FileCopyrightText: Copyright TF-RMM Contributors. 3 4###### 5TF-RMM 6###### 7 8TF-RMM (or simply RMM) is the Trusted Firmware Implementation of the `Realm 9Management Monitor (RMM) Specification`_. The RMM 10is a software component that runs at Realm EL2 and forms part of a system 11which implements the Arm Confidential Compute Architecture (Arm CCA). 12`Arm CCA`_ is an architecture which provides Protected Execution Environments 13called Realms. 14 15Prior to Arm CCA, virtual machines have to trust hypervisors that manage them 16and a resource that is managed by the hypervisor is also accessible by it. 17Exploits against the hypervisors can leak confidential data held in the virtual 18machines. `Arm CCA`_ introduces a new confidential compute environment called 19a `Realm`. Any code or data belonging to a `Realm`, whether in memory or in 20registers, cannot be accessed or modified by the hypervisor. This means that 21the Realm owner does not need to trust the hypervisor that manages the 22resources used by the Realm. 23 24The Realm VM is initiated and controlled by the Normal world Hypervisor. 25To allow the isolated execution of the Realm VM, a new component called the 26Realm Management Monitor (RMM) is introduced, executing at R_EL2. The 27hypervisor interacts with the RMM via Realm Management Interface (RMI) to 28manage the Realm VM. Policy decisions, such as which Realm to run or what 29memory to be delegated to the Realm are made by the hypervisor and communicated 30via the RMI. The RMM also provides services to the Realm via the Realm Service 31Interface (RSI). These services include cryptographic services and 32attestation. The Realm initial state can be measured and an attestation 33report, which also includes platform attestation, can be requested via RSI. 34The RSI is also the channel for memory management requests from the 35Realm VM to the RMM. 36 37The following diagram shows the complete Arm CCA software stack running a 38confidential Realm VM : 39 40|Realm VM| 41 42Figure 1. Realm VM execution 43 44The TF-RMM interacts with the Root EL3 Firmware via the 45`RMM-EL3 Communication Interface`_ and this is implemented by the reference 46EL3 Firmware implementation `TF-A`_. 47 48More details about the RMM and how it fits in the Software Stack can be 49found in `Arm CCA Software Stack Guide`_. 50 51The :ref:`Change-log and Release notes` has the details of features implemented 52by this version of TF-RMM and lists any known issues. 53 54******* 55License 56******* 57 58Unless specifically indicated otherwise in a file, TF-RMM files are provided 59under the :ref:`BSD-3-Clause License <License>`. For contributions, please 60see :ref:`License and Copyright for Contributions <copyright-license-guidance>`. 61 62Third Party Projects 63==================== 64 65The TF-RMM project requires to be linked with certain other 3rd party projects 66and they are to be cloned from their repositories into ``ext`` folder before 67building. The projects are `MbedTLS`_, `t_cose`_, and `QCBOR`_. 68 69The project also contains files which are imported from other projects 70into the source tree and may have a different license. Such files with 71different licenses are listed in the table below. This table is used by the 72``checkspdx`` tool in the project to verify license headers. 73 74.. list-table:: **List of files with different license** 75 76 * - File 77 - License 78 * - lib/libc/src/printf.c 79 - MIT 80 * - lib/libc/include/stdio.h 81 - MIT 82 * - lib/libc/src/strlcpy.c 83 - ISC 84 * - lib/libc/src/strnlen.c 85 - BSD-2-Clause 86 * - lib/allocator/src/memory_alloc.c 87 - Apache-2.0 88 89 90************ 91Contributing 92************ 93 94We gratefully accept bug reports and contributions from the community. 95Please see the :ref:`Contributor's Guide` for details on how to do this. 96 97******************** 98Feedback and support 99******************** 100 101Feedback is requested via email to: 102`tf-rmm@lists.trustedfirmware.org <tf-rmm@lists.trustedfirmware.org>`__. 103 104To report a bug, please file an `issue on Github`_ 105 106----------------- 107 108.. |Realm VM| image:: ./about/diagrams/cca_software_arch.png 109.. _Realm Management Monitor (RMM) Specification: https://developer.arm.com/documentation/den0137/1-0bet0/?lang=en 110.. _Arm CCA: https://www.arm.com/architecture/security-features/arm-confidential-compute-architecture 111.. _Arm CCA Software Stack Guide: https://developer.arm.com/documentation/den0127/0100/Overview 112.. _TF-A: https://www.trustedfirmware.org/projects/tf-a/ 113.. _RMM-EL3 Communication Interface: https://trustedfirmware-a.readthedocs.io/en/latest/components/rmm-el3-comms-spec.html 114.. _issue on Github: https://github.com/TF-RMM/tf-rmm/issues 115.. _MbedTLS: https://github.com/ARMmbed/mbedtls.git 116.. _t_cose: https://github.com/laurencelundblade/t_cose 117.. _QCBOR: https://github.com/laurencelundblade/QCBOR.git 118
