Introducing 2017’s extensions to the Arm Architecture


The Arm Architecture is continually evolving, and this blog gives a high-level overview of some of the changes made in Armv8.4-A*. We develop these changes by listening to the Arm Ecosystem and working with them to provide new functionality that benefits everyone. These are incremental changes to the architecture and do not introduce any significant new features. Previous incremental versions of the architecture have been introduced for v8.3-A, v8.2-A, and v8.1-A.

The rest of this blog introduces some of the new functionality. It does not offer a complete feature list. However, over the next few months we will be describing this functionality in more detail.

Secure EL2

In architecture versions Armv8.3-A and earlier, there are four exception levels (EL0-3) which may exist in different security states, as shown in this diagram:

Armv8.3-A exception levels with different security states

Notable in this diagram is that EL2 only provides services to Non-Secure State, and that there is no EL2 in Secure State.

Feedback from the Arm ecosystem demonstrates that there are multiple Secure Operating Systems (OS) that wish to make use of Secure EL1, including firmware, key management software, and secure OS services. These will have been developed independently of each other and are therefore unaware of the services provided by other functions, and compete for resources.

To help with this in Armv8.4-A, support has been added for Secure EL2. Together, with Arm Trusted Firmware, this will enable multiple Secure OS services to exist in the system alongside one another. Moving the world to the following diagram:

Secure OS services in a system alongside eachother

Cryptographic Hashes

Armv8.4-A adds support for more cryptographic hashing algorithms, including SHA2-512, SHA3, and the Chinese Standards SM3, and SM4. This provides acceleration for more hashing algorithms than those available in earlier versions of Armv8-A.

Activity Monitors

When using any system, it is useful to be able to monitor what its performance is like. The Arm Architecture has long had a Performance Monitoring Unit that allows you to make specific measurements, much like you would use a multi-meter to measure what is happening in precise areas of an electric circuit. In Armv8.4-A, we add support for Activity Monitors which provides an overall view of what is happening in the system, similar to how an electricity meter will measure how much electricity a building uses – but not where in the building it is being used.

Improvements to support for Virtualization

Armv8-A has continually improved its support for virtualization and, in v8.4-A we add further improvements. One is an incremental improvement to how we handle nested-virtualization (that is running a Virtual Machine within a Virtual Machine), which provides significant performance benefits when the guests are not using para-virtualization. We believe this will be of benefit in enterprise server installations

Memory Partitioning and Monitoring (MPAM)

Armv8.4-A adds a feature called Memory Partitioning and Monitoring (MPAM). This has several uses.

One use case is enabling hypervisors to monitor and control how virtual machines are using the memory of a system and communicating with other system components. This means that the hypervisor can limit the memory system performance impact of one virtual machine on other virtual machines, just as it may limit the number of cores or amount of DRAM that can be allocated by a virtual machine.

Another use case is outside of hypervisors. Here MPAM can be used to provide more memory bandwidth to foreground tasks, as opposed to background tasks.


This provides a short overview of some of the key features added to the Arm Architecture in Armv8.4-A. More information will be forthcoming over the next six months, as new versions of the Arm ARM and XML are released.

These new features add further support to Arm's recent Security Manifesto, launched at Arm TechCon in October 2017.

* The case of the Arm Architecture version numbering has changed to reflect the new Arm brand. Hence, the architecture version is now written as Armv8.4-A and not ARMv8.4-A. The architecture documentation will be updated over time to reflect this change.