Hard Processor System Technical Reference Manual: Agilex™ 5 SoCs

ID 814346
Date 7/19/2024
Public
Document Table of Contents

3.5.3.3. Virtualization

EL2 supports virtualization of the non-secure state. A virtualized system typically includes:
  • A hypervisor, running in EL2, that is responsible for switching between virtual machines. A virtual machine is comprised of non-secure EL1 and non-secure EL0.
  • A number of guest operating systems, that each run in non-secure EL1, on a virtual machine
  • For each guest operating system, applications that usually run in non-secure EL0 on a virtual machine
Note: The Cortex* -A76 core supports systems where the guest OS is unaware that it or any other guest OS is running on a virtual machine and systems where the guest OS is aware it is running on a virtual machine with other guest OSs.
The hypervisor assigns a virtual machine identifier (VMID) to each virtual machine. For guest OS management, EL2 is implemented only in non-secure state. EL2 provides controls to:
  • Virtual values of a small number of identification registers. A read of one of these registers by a guest OS or the applications for a guest OS returns the virtual value.
  • Trap various operations, including memory management operations and accesses other registers. A trapped operation generates an exception that is taken to EL2.
  • Route interrupts to:
    • The current guest OS
    • A guest OS that is not currently running
    • The hypervisor
In the non-secure state, an independent translation regime exists for memory accesses from EL2. For the EL0 and EL1 translation regime, address translation occurs in two stages:
  • Stage 1 maps the virtual address (VA) to an intermediate physical address (IPA). This translation is managed at EL1, usually by a guest OS. The guest OS believes that the IPA is the physical address (PA).
  • Stage 2 maps the IPA to the PA. This translation is managed at EL2. The guest OS might be completely unaware of this stage. For more information on the translation regimes, see the System Memory Management Unit chapter.
EL2 implements the following exceptions:
  • Hypervisor call (HVC) exception
  • Traps to EL2
  • All of the virtual interrupts:
    • Virtual SError
    • Virtual IRQ
    • Virtual FIQ
HVC exceptions are always taken to EL2. All virtual interrupts are always taken to EL1, and can only be taken from the non-secure EL1 or EL0. You can independently enable each of the virtual interrupts using controls at EL2.

The Cortex* -A76 core contains virtualization registers that allow you to configure translation tables, hypervisor operations, exception levels, and virtual interrupts. For more information, please refer to the Arm* Cortex* -A76 Core Technical Reference Manual, Revision r4p1 .