[RFC]: StandAloneMM in OP-TEE

Sahil Malhotra <sahil.malhotra@...>

Hi All,

We are working on enabling the Secure Storage of Variables for Secure UEFI.

Let me give you a brief idea of what we are doing.


We need StandAlone Management Mode to run in the Secure Environment.

For that in EDK2 we already have the MmCommunicationDxe Runtime Driver which communicates with StMM running in Secure Partition in Secure World.

But this driver is based on SPM (Secure Partition Manager) running in the ATF.


As we are aware that ATF can run either in SPM mode or SPD mode, Both are mutually exclusive.

So we cannot have both the StMM running in Secure Partition as well as OP-TEE or any other Secure OS running in Secure World.


On many systems, there are many other secure operations needed to be done that can be done by Secure OS only.

So in these systems we need to make the StMM and Secure OS work together.


As part of doing this only, we have created a kind of Secure Partition within OP-TEE in which StMM can work as a kind of TA, and other TAs cannot interfere with the working of this Secure Partition.

Other TAs can run in parallel to StMM on top of OP-TEE, We can get the work done by StMM by OP-TEE SMC calls only.

It will be like this as shown in the below image.


                                                     Secure World


|   +-----------------------+    +------------------------+ |

|   |                       |    | +--------------------+ | |

|   |                       |    | |                    | | |

|   |   Trusted Application |    | |                    | | |

|   |                       |    | |                    | | |

|   |                       |    | |      StMM          | | |

|   +-----------------------+    | |                    | | |

|                                | |                    | | |

|                                | |                    | | |

|                                | +--------------------+ | |

|                                |                        | |

|                  OP-TEE        |                        | |

|                                |                        | |

|                                |     Secure Partition   | |

|                                |                        | |

|                                |                        | |

|                                |                        | |

|                                +------------------------+ |



So with this approach of running StMM in an exclusive secure partition with OP-TEE, StMM and TAs can work together.

In this way StMM binary which is compiled is also environment-agnostic, Same StMM binary can work whether it is running as part of OP-TEE or Standalone in Secure Word.

If OP-TEE is responsible for running StMM, firmware implementations, like U-Boot, can use it to store UEFI variables.

Now for implementing the whole system of Secure Variable Storage for Secure UEFI.


We need to make changes in MmCommunicationDxe Runtime Driver and OpteeLib

Let's discuss one by one the changes:

  • MmCommunicationDxe – Currently it is based on SPM SMC calls that get landed into ATF and do the required work.
    • Now since StMM is running as part of OP-TEE, we need to change these into OP-TEE SMC calls.
  • OpteeLib – Currently OpteeLib cannot be used with the Runtime Drivers.
    • We need to change its configuration so that it can be used with a Runtime Driver.


So for making these changes we have following approaches:

  • MmCommunicationDxe
    • We can have the code for SPM SMC calling and OPTEE SMC calling in the same driver under some compile time flags, but it will make the code nasty.
    • Another approach can be writing a new driver under the name of MmCommunicationOpteeDxe in ArmPkg/Drivers/.
  • OpteeLib
    • We can make necessary changes to make it work with Runtime Driver.
    • Other approach we can make Runtime Driver of Optee also in ArmPkg/Drivers/


So please review the mail and approaches for making the changes and let us know your views.


Sahil Malhotra

Mayur Gudmeti

Hi Sahil,

Your proposal interests us too. I got a question for you. Are you planning to use or leverage SPCI library interfaces for interaction between OP-TEE and Standalone MM?