1############
2SPM Backends
3############
4This document briefly introduces the backends of Secure Partition Manager (SPM)
5in TF-M and how to select one for building.
6
7***********
8IPC and SFN
9***********
10The Firmware Framework M (FF-M) [1]_, [2]_ provides two different programming
11models for Secure Partitions.
12
13- IPC Model
14
15  The Secure Partition processes signals in any order, and can defer
16  responding to a message while continuing to process other signals.
17
18- SFN Model
19
20  The Secure Partition is made up of a collection of callback functions which
21  implement secure services.
22
23Although the programming model is different, they share the same APIs to
24interact with the SPM.
25The behaviours of the APIs share the same implementation with slight differences
26for the two programming models.
27This is regarded as the ``frontend``.
28
29The TF-M runtime implementations behind ``frontend`` are different.
30TF-M provides two ``backends`` correspondingly.
31
32 - IPC backend
33
34  In this backend, the SPM and each Secure Partition have their own execution
35  contexts, which is required to support the IPC model Secure Partitions.
36  This also enables the SPM to provide higher isolation levels.
37  This SPM backend acts like a multiple-process system.
38  It can also adopt SFN model Secure Partitions.
39
40 - SFN backend
41
42  The SFN backend provides more efficient executions because it shares a
43  single-thread execution context with all the Secure Partitions.
44  This SPM backend acts like a single library.
45  Therefore, it can only adopt SFN model Secure Partitions.
46  And it does not support higher isolation levels.
47  On the other hand, it consumes less memory compared to the IPC backend.
48
49The following table summaries the relationships between SPM backends, Secure
50Partition models and isolation levels.
51
52.. table::
53    :widths: auto
54
55    +--------------+---------------------------+---------------------------+
56    | SPM backend  | Supported Partition model | Supported Isolation Level |
57    +==============+===========================+===========================+
58    | SFN          | SFN Partition             | 1                         |
59    +--------------+---------------------------+---------------------------+
60    | IPC          | IPC and SFN Partition     | 1, 2 and 3                |
61    +--------------+---------------------------+---------------------------+
62
63******************************
64Implementation Recommendations
65******************************
66If an implementation doesn't contain any IPC model Secure Partition and only
67requires isolation level 1, then it is recommended to select the SFN backend
68to optimize memory consumption and execution performance.
69
70If an implementation contains any IPC model Secure Partition or requires
71isolation level 2 or 3, then the IPC backend is required.
72
73***************************
74TF-M Configuration Switches
75***************************
76In the TF-M build system, the ``CONFIG_TFM_SPM_BACKEND`` configuration is used
77to select the backend of SPM.
78The valid values are ``SFN`` and ``IPC``.
79
80.. code-block:: bash
81
82  -DCONFIG_TFM_SPM_BACKEND=SFN
83
84If ``CONFIG_TFM_SPM_BACKEND`` is not set, then ``IPC`` is the default value.
85
86**********
87References
88**********
89
90.. [1] `FF-M v1.0 Specification <https://developer.arm.com/-/media/Files/pdf/PlatformSecurityArchitecture/Architect/DEN0063-PSA_Firmware_Framework-1.0.0-2.pdf?revision=2d1429fa-4b5b-461a-a60e-4ef3d8f7f4b4>`__
91
92.. [2] `FF-M v1.1 Extention <https://documentation-service.arm.com/static/600067c09b9c2d1bb22cd1c5?token=>`__
93
94--------------
95
96*Copyright (c) 2022, Arm Limited. All rights reserved.*
97