Trusted Firmware Logo

CCA Awakens on Arm’s Modelling Platform

Ryan Roberts| Thursday, September 2, 2021|3 min read

CCA Awakens on Arm’s Modelling Platform

I’m sure many people will, by now, be aware of Arm’s Confidential Compute Architecture (CCA). This is a key component of the Armv9-A architecture and was announced earlier this year. If you missed it, I heartily recommend taking some time to watch the excellent presentations from the Linaro Arm CCA Tech Event [1] and review the documentation on Arm’s website [2], [3]. As part of the CCA Tech Event, Arm made public a branch of the TF-A Monitor to preview the required implementation changes to support CCA [4].

Today we are announcing the next piece of the puzzle; the release by Arm of a Fixed Virtual Platform (FVP) that supports the Realm Management Extension (RME) [5]. With this, it is now possible to execute the TF-A Monitor preview code. Full instructions are available at [6] which describe how to access and build all the code, and boot and run the new RME tests on the FVP.

For now, the rme_prototype branch replaces the secure world with realm world, replacing the secure world image (BL32) with the realm world binary. A Test Realm Payload (TRP) is packaged as BL32 by default, which is used as a mock Realm Management Monitor (RMM) by the TFTF tests. BL2 is also modified to run at EL3 and load firmware images in the realm and non-secure address spaces. A common RMM Dispatcher (RMMD) is included with the monitor, which rCoutes RMI calls between non-secure and realm worlds and provides the Granule Transition Service (GTS) for migrating memory between PASs. See [7] for more details.

{% include image.html path=“/assets/images/blog/CCA_Pic1.png” alt=“PAS Overview image” %}

While far from complete, the rme_prototype branch can provide developers with an understanding of the shape and direction of the ultimate solution. And by running it on the FVP, it should be possible to better understand the runtime behaviours. All feedback is welcome through the TF-A mailing list.

The TF-A team will keep submitting patches to mainline TF-A following the usual upstream contribution flow and, once these patches are merged, the rme_prototype branch will be retired. The goal is to get enough functionality into mainline TF-A in time for the TF-A v2.6 release in November, then continue to mature the support over time.

1: Arm CCA sessions at Linaro Connect

2: Arm CCA overview

3: Arm CCA introduction

4: TF-A Monitor code for Arm CCA architecture blog on

5: Architecture Envelope Models(AEM) in Fixed Virtual Platforms(FVPs)

6: Realm Management Extension(RME) Enabled TF-A Users Guide

7: TF-A Monitor deep dive Linaro Connect Session

Recent Posts

post image
MISRA Compliance Jumpstart

Monday, October 30, 2023

White Paper: Jumpstarting MISRA compliance via the integration of static analysis into Open Source CI systems: best practices and key elements from

post image
MCUboot v2.0.0 Release!

Monday, October 30, 2023

MCUboot v2.0.0 Release

post image
Trusted Firmware OP TEE Release 4.0.0

Friday, October 20, 2023

Trusted Firmware OP TEE: v4.0.0 Release

post image
MBed TLS 3.5.0 Released with new and smaller ECC implementation!

Thursday, October 19, 2023

Introduction The Mbed TLS project has released version 3.5.0 in October 2023. The release includes several code size optimizations including a new small footprint secp256r1 implementation accessible via PSA Crypto APIs. 3.5.0 also includes feature enhancements, bug fixes and security fixes. 2.28.5 released from the Mbed TLS...

post image
Trusted Services 1.0.0 released!

Friday, October 13, 2023

Introduction Building on the Beta version of the Trusted Services release, v1.0.0 is the first stable release of the project. The release comprises PSA Services that can be deployed on Cortex-A devices to meet PSA Certified requirements and, necessary build and test infrastructure and documentation.