1.. SPDX-License-Identifier: BSD-3-Clause
2.. SPDX-FileCopyrightText: Copyright TF-RMM Contributors.
3
4.. _getting_started:
5
6#############
7Prerequisite
8#############
9
10This document describes the software requirements for building |RMM| for
11AArch64 target platforms.
12
13It may possible to build |RMM| with combinations of software packages that
14are different from those listed below, however only the software described in
15this document can be officially supported.
16
17###########
18Build Host
19###########
20
21The |RMM| officially supports a limited set of build environments and setups.
22In this context, official support means that the environments listed below
23are actively used by team members and active developers, hence users should
24be able to recreate the same configurations by following the instructions
25described below. In case of problems, the |RMM| team provides support only
26for these environments, but building in other environments can still be
27possible.
28
29We recommend at least Ubuntu 20.04 LTS (x64) for build environment. The
30arm64/AArch64 Ubuntu and other Linux distributions should also work fine,
31provided that the necessary tools and libraries can be installed.
32
33.. _tool_dependencies:
34
35##########################
36Tool & Dependency overview
37##########################
38
39The following tools are required to obtain and build |RMM|:
40
41.. csv-table:: Tool dependencies
42   :header: "Name", "Version", "Component"
43
44   "C compiler", see :ref:`getting_started_toolchain` ,"Firmware"
45   "CMake", ">=3.20.0", "Firmware, Documentation"
46   "GNU Make", ">4.0", "Firmware, Documentation"
47   "Python",3.x,"Firmware, Documentation"
48   "Perl",>=5.26,"Firmware, Documentation"
49   "ninja-build",,"Firmware (using Ninja Generator)"
50   "Sphinx",">=2.4,<3.0.0","Documentation"
51   "sphinxcontrib-plantuml",,"Documentation"
52   "sphinx-rtd-theme",,"Documentation"
53   "Git",, "Firmware, Documentation"
54   "Graphviz dot",">v2.38.0","Documentation"
55   "docutils",">v2.38.0","Documentation"
56   "gcovr",">=v4.2","Tools(Coverage analysis)"
57   "CBMC",">=5.84.0","Tools(CBMC analysis)"
58   "Cppcheck",">=2.14.0","Tools(Cppcheck)"
59   "pyelftools","==0.32","Firmware (EL0 app)"
60   "Clang-tidy",">=18.1.8","Tools(clang-tidy)"
61
62.. _getting_started_toolchain:
63
64###############
65Setup Toolchain
66###############
67
68To compile |RMM| code for an AArch64 target, at least one of the
69supported AArch64 toolchains have to be available in the
70build environment.
71
72Currently, the following compilers are supported:
73
74- GCC (aarch64-none-elf-) >= 11.2-2022.02 (from the `Arm GNU Toolchain downloads`_)
75- Clang+LLVM >= 14.0.0 (from the `LLVM Releases website`_)
76
77The respective compiler binary must be found in the shell's search path.
78Be sure to add the bin/ directory if you have downloaded a binary version.
79The toolchain to use can be set using ``RMM_TOOLCHAIN`` parameter and can
80be set to either `llvm` or `gnu`. The default toolchain is `gnu`.
81
82For non-native AArch64 target build, the ``CROSS_COMPILE`` environment
83variable must contain the right target triplet corresponding to the AArch64
84GCC compiler. Below is an example when RMM is to be built for AArch64 target
85on a non-native host machine and using GCC as the toolchain.
86
87    .. code-block:: bash
88
89      export CROSS_COMPILE=aarch64-none-elf-
90      export PATH=<path-to-aarch64-gcc>/bin:$PATH
91
92Please note that AArch64 GCC must be included in the shell's search path
93even when using Clang as the compiler as LLVM does not include some C
94standard headers like `stdlib.h` and needs to be picked up from the
95`include` folder of the AArch64 GCC. Below is an example when RMM is
96to be built for AArch64 target on a non-native host machine and using
97LLVM as the toolchain.
98
99    .. code-block:: bash
100
101      export CROSS_COMPILE=aarch64-none-elf-
102      export PATH=<path-to-aarch64-gcc>/bin:<path-to-clang+llvm>/bin:$PATH
103
104The ``CROSS_COMPILE`` variable is ignored for ``fake_host`` build and
105the native host toolchain is used for the build.
106
107#######################################
108Package Installation (Ubuntu-20.04 x64)
109#######################################
110
111If you are using the recommended Ubuntu distribution then we can install the
112required packages with the following commands:
113
1141. Install dependencies:
115
116.. code:: shell
117
118    sudo apt-get install -y git build-essential python3 python3-pip make ninja-build
119    sudo snap install cmake
120
1212. Verify cmake version:
122
123.. code-block:: bash
124
125    cmake --version
126
127.. note::
128
129    Please download cmake 3.20 or later version from https://cmake.org/download/.
130
1313. Add CMake path into environment:
132
133.. code-block:: bash
134
135    export PATH=<CMake path>/bin:$PATH
136
137###########################
138Install python dependencies
139###########################
140
141RMM's ``requirements.txt`` file declares additional Python dependencies.
142Install them with ``pip3``:
143
144.. code-block:: bash
145
146    pip3 install --upgrade pip
147    cd <rmm source folder>
148    pip3 install -r requirements.txt
149
150#############################################
151Install python dependencies for Documentation
152#############################################
153
154.. note::
155
156    The installation of Python dependencies for documentation is an optional
157    step. This is required only if building documentation.
158
159RMM's ``docs/requirements.txt`` file declares additional Python dependencies.
160Install them with ``pip3``:
161
162.. code-block:: bash
163
164    pip3 install --upgrade pip
165    cd <rmm source folder>
166    pip3 install -r docs/requirements.txt
167
168############################################
169Install coverage tools analysis dependencies
170############################################
171
172.. note::
173
174    This is an optional step only needed if you intend to run coverage
175    analysis on the source code.
176
177On Ubuntu, ``gcovr`` tool can be installed in two different ways:
178
179Using the package manager:
180
181.. code-block:: bash
182
183    sudo apt-get install gcovr
184
185The second (and recommended) way is install it with ``pip3``:
186
187.. code-block:: bash
188
189    pip3 install --upgrade pip
190    pip3 install gcovr
191
192.. _getting_started_get_source:
193
194#########################
195Getting the RMM Source
196#########################
197
198Source code for |RMM| is maintained in a Git repository hosted on TrustedFirmware.org.
199To clone this repository from the server, run the following in your shell:
200
201.. code-block:: bash
202
203    git clone https://git.trustedfirmware.org/TF-RMM/tf-rmm.git
204
205Note that the RMM submodule dependencies will be updated during the
206configuration phase of build.
207
208Additional steps for Contributors
209*********************************
210
211If you are planning on contributing back to RMM, your commits need to
212include a ``Change-Id`` footer as explained in :ref:`mandated-trailers`.
213This footer is generated by a Git hook that needs to be installed
214inside your cloned RMM source folder.
215
216The `TF-RMM Gerrit page`_ under trustedfirmware.org contains a
217*Clone with commit-msg hook* subsection under its **Download** header where
218you can copy the command to clone the repo with the required git hooks. Please
219use the **SSH** option to clone the repository on your local machine.
220
221If needed, you can also manually install the hooks separately on an existing
222repo:
223
224.. code:: shell
225
226    curl -Lo $(git rev-parse --git-dir)/hooks/commit-msg https://review.trustedfirmware.org/tools/hooks/commit-msg
227    chmod +x $(git rev-parse --git-dir)/hooks/commit-msg
228
229You can read more about Git hooks in the *githooks* page of the `Git hooks
230documentation`_.
231
232General contribution guidelines for contributors can be found in
233:ref:`Contributor's Guide`.
234
235#################################
236Install Cppcheck and dependencies
237#################################
238
239.. note::
240
241    The installation of Cppcheck is an optional step. This is required only
242    if using the Cppcheck static analysis.
243
244The recommended version of Cppcheck is indicated in :ref:`tool_dependencies`.
245See :ref:`Cppcheck Application Note` for installation steps and details
246on how to use it within RMM build system.
247
248############
249Install CBMC
250############
251
252.. note::
253
254    The installation of CBMC is an optional step. This is required only
255    if running source code analysis with CBMC.
256
257Follow the public documentation to install CBMC either from the official
258website https://www.cprover.org/cbmc/ or from the official github
259https://github.com/diffblue/cbmc
260
261Refer to :ref:`CBMC` Application Notes for details on installation and
262running CBMC analysis on TF-RMM sources.
263
264##################
265Install Clang-tidy
266##################
267
268Clang-tidy is included in LLVM release package. It can also be installed via
269package manager :
270
271.. code-block:: bash
272
273    sudo apt-get install clang-tidy
274
275Note that the ``RMM_TOOLCHAIN`` needs to be set to `llvm` to run clang-tidy
276build targets from RMM build system.
277
278###########################
279Performing an Initial Build
280###########################
281
282The |RMM| sources can be compiled using multiple CMake options.
283
284For detailed instructions on build configurations and examples
285see :ref:`build_options_examples`.
286
287A typical build command for the FVP platform using GCC toolchain
288is shown below:
289
290.. code-block:: bash
291
292    cmake -DRMM_CONFIG=fvp_defcfg -S ${RMM_SOURCE_DIR} -B ${RMM_BUILD_DIR}
293    cmake --build ${RMM_BUILD_DIR}
294
295###############
296Running the RMM
297###############
298
299The |RMM| is part of the CCA software stack and relies on EL3 Firmware to load
300the binary at boot time appropriately. It needs both EL3 Firmware and
301Non-Secure Host to be present at runtime for its functionality. The EL3
302Firmware must comply to `RMM-EL3 Communication Specification`_ and is
303typically the `TF-A`_. The Non-Secure Host can be an RME aware hypervisor
304or an appropriate Test utility running in Non-Secure world which can interact
305with |RMM| via Realm Management Interface (RMI).
306
307Building all of the involved stack is complicated. We recommend using the
308`Shrinkwrap`_ tooling to bootstrap the stack. For more details on `Shrinkwrap`_
309and utilizing configs and overlays included in |RMM| please refer to
310:ref:`using_shrinkwrap_with_rmm` and, specially for building a demonstrator
311for 3-world, you can refer to :ref:`3_world_testing`.
312
313The |TF-A| documentation also provides some documentation to build |TF-A| and
314other pieces of firmware for RME in `TF-A RME documentation`_. The |RMM| build
315option in |TF-A| should point to the ``rmm.img`` binary generated by building
316|RMM|.
317
318If |RMM| is built for the `fake_host` architecture
319(see :ref:`RMM Fake Host Build`), then the generated `rmm_core.elf` binary can
320run natively on the Host machine. It does this by emulating parts of the system
321as described in :ref:`RMM Fake host architecture` design.
322
323-----
324
325.. _Arm GNU Toolchain downloads: https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads
326.. _LLVM Releases website: https://releases.llvm.org/
327.. _RMM-EL3 Communication Specification: https://trustedfirmware-a.readthedocs.io/en/latest/components/rmm-el3-comms-spec.html
328.. _TF-A: https://www.trustedfirmware.org/projects/tf-a/
329.. _TF-A RME documentation: https://trustedfirmware-a.readthedocs.io/en/latest/components/realm-management-extension.html
330.. _TF-RMM Gerrit page: https://review.trustedfirmware.org/admin/repos/TF-RMM/tf-rmm
331.. _Git hooks documentation:  https://git-scm.com/docs/githooks
332.. _Shrinkwrap: https://shrinkwrap.docs.arm.com
333