ARMv8‑A AArch64 Architecture Overview and Virtualization Support

The ARMv8‑A architecture defines two execution states: AArch64, a 64‑bit state that runs the A64 instruction set, and AArch32, a 32‑bit state compatible with the A32/T32 instruction sets of earlier ARM cores.

Each state provides its own register set: AArch64 offers 31 general‑purpose 64‑bit registers (X0‑X30) plus dedicated PC, SP, and ELR registers, while AArch32 supplies 13 general‑purpose 32‑bit registers together with PC, SP and link registers. Special, status, and system registers support exception handling and processor configuration.

Exception levels (EL0‑EL3) define privilege tiers: EL0 for user applications, EL1 for operating system kernels, EL2 for hypervisors, and EL3 for secure monitor code. Secure and non‑secure states further partition the address space, with EL3 existing only in the secure state.

Key ARMv8 features include a 64‑bit physical address space (typically 48‑bit), 64‑bit virtual addressing, a larger set of general‑purpose registers to reduce stack usage, PC‑relative addressing, finer‑grained page sizes (16 KB/64 KB), and new load‑acquire/store‑release instructions that eliminate explicit memory barriers.

Virtualization is enabled by running a hypervisor at EL2. The hypervisor controls Stage 2 translation, which maps a VM’s intermediate physical address (IPA) to the real physical address, allowing isolation of VM memory and device access. Each VM receives a VMID stored in VTTBR_EL2 to tag TLB entries.

Stage 1 (OS) and Stage 2 (hypervisor) translation attributes are merged, with the more restrictive attribute prevailing. Hypervisors can override this merging using HCR_EL2 bits (CD, DC, FWB).

Device emulation is performed by trapping Stage 2 faults. When a VM accesses a virtual peripheral, the fault is reported via ESR_EL2 and HPFAR_EL2, allowing the hypervisor to emulate the device and resume execution with ERET.

To protect DMA and other bus masters, ARMv8 introduces System MMUs (SMMUs) that extend Stage 2 translation to external devices, ensuring consistent address translation and isolation for DMA operations.

The article also distinguishes Type 1 (bare‑metal) and Type 2 (host‑OS‑based) hypervisors, explains full versus para‑virtualization, and outlines the benefits of virtualization such as isolation, high availability, load balancing, and sandboxing.