2019-10-11 15:41:16 +01:00
|
|
|
/*
|
2021-12-09 11:20:13 +00:00
|
|
|
* Copyright (c) 2020-2022, ARM Limited and Contributors. All rights reserved.
|
2019-10-11 15:41:16 +01:00
|
|
|
*
|
|
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <assert.h>
|
|
|
|
|
#include <errno.h>
|
2020-08-25 21:49:32 +01:00
|
|
|
#include <inttypes.h>
|
|
|
|
|
#include <stdint.h>
|
2019-10-11 15:41:16 +01:00
|
|
|
#include <string.h>
|
|
|
|
|
|
|
|
|
|
#include <arch_helpers.h>
|
2020-04-16 12:39:06 +01:00
|
|
|
#include <arch/aarch64/arch_features.h>
|
2019-10-11 15:41:16 +01:00
|
|
|
#include <bl31/bl31.h>
|
2020-08-05 10:27:42 +01:00
|
|
|
#include <bl31/interrupt_mgmt.h>
|
2019-10-11 15:41:16 +01:00
|
|
|
#include <common/debug.h>
|
|
|
|
|
#include <common/runtime_svc.h>
|
|
|
|
|
#include <lib/el3_runtime/context_mgmt.h>
|
|
|
|
|
#include <lib/smccc.h>
|
|
|
|
|
#include <lib/spinlock.h>
|
|
|
|
|
#include <lib/utils.h>
|
|
|
|
|
#include <plat/common/common_def.h>
|
|
|
|
|
#include <plat/common/platform.h>
|
|
|
|
|
#include <platform_def.h>
|
2020-05-07 18:42:25 +01:00
|
|
|
#include <services/ffa_svc.h>
|
2021-11-29 17:57:03 +00:00
|
|
|
#include <services/spmc_svc.h>
|
2019-10-11 15:41:16 +01:00
|
|
|
#include <services/spmd_svc.h>
|
|
|
|
|
#include <smccc_helpers.h>
|
|
|
|
|
#include "spmd_private.h"
|
|
|
|
|
|
|
|
|
|
/*******************************************************************************
|
|
|
|
|
* SPM Core context information.
|
|
|
|
|
******************************************************************************/
|
2020-04-16 12:39:06 +01:00
|
|
|
static spmd_spm_core_context_t spm_core_context[PLATFORM_CORE_COUNT];
|
2019-10-11 15:41:16 +01:00
|
|
|
|
|
|
|
|
/*******************************************************************************
|
2021-11-29 17:57:03 +00:00
|
|
|
* SPM Core attribute information is read from its manifest if the SPMC is not
|
|
|
|
|
* at EL3. Else, it is populated from the SPMC directly.
|
2019-10-11 15:41:16 +01:00
|
|
|
******************************************************************************/
|
2020-04-16 12:39:06 +01:00
|
|
|
static spmc_manifest_attribute_t spmc_attrs;
|
2020-02-27 14:54:21 +00:00
|
|
|
|
|
|
|
|
/*******************************************************************************
|
|
|
|
|
* SPM Core entry point information. Discovered on the primary core and reused
|
|
|
|
|
* on secondary cores.
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
static entry_point_info_t *spmc_ep_info;
|
|
|
|
|
|
2020-06-19 14:33:41 +01:00
|
|
|
/*******************************************************************************
|
|
|
|
|
* SPM Core context on CPU based on mpidr.
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
spmd_spm_core_context_t *spmd_get_context_by_mpidr(uint64_t mpidr)
|
|
|
|
|
{
|
2020-08-25 11:50:18 +01:00
|
|
|
int core_idx = plat_core_pos_by_mpidr(mpidr);
|
|
|
|
|
|
|
|
|
|
if (core_idx < 0) {
|
2020-08-25 21:49:32 +01:00
|
|
|
ERROR("Invalid mpidr: %" PRIx64 ", returned ID: %d\n", mpidr, core_idx);
|
2020-08-25 11:50:18 +01:00
|
|
|
panic();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return &spm_core_context[core_idx];
|
2020-06-19 14:33:41 +01:00
|
|
|
}
|
|
|
|
|
|
2020-04-16 12:39:06 +01:00
|
|
|
/*******************************************************************************
|
|
|
|
|
* SPM Core context on current CPU get helper.
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
spmd_spm_core_context_t *spmd_get_context(void)
|
|
|
|
|
{
|
2020-06-19 14:33:41 +01:00
|
|
|
return spmd_get_context_by_mpidr(read_mpidr());
|
2020-04-16 12:39:06 +01:00
|
|
|
}
|
|
|
|
|
|
2020-03-23 08:53:06 +00:00
|
|
|
/*******************************************************************************
|
|
|
|
|
* SPM Core ID getter.
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
uint16_t spmd_spmc_id_get(void)
|
|
|
|
|
{
|
|
|
|
|
return spmc_attrs.spmc_id;
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-27 14:54:21 +00:00
|
|
|
/*******************************************************************************
|
|
|
|
|
* Static function declaration.
|
|
|
|
|
******************************************************************************/
|
2020-04-16 12:39:06 +01:00
|
|
|
static int32_t spmd_init(void);
|
2020-02-07 14:44:43 +00:00
|
|
|
static int spmd_spmc_init(void *pm_addr);
|
2020-05-07 18:42:25 +01:00
|
|
|
static uint64_t spmd_ffa_error_return(void *handle,
|
2020-04-16 12:39:06 +01:00
|
|
|
int error_code);
|
|
|
|
|
static uint64_t spmd_smc_forward(uint32_t smc_fid,
|
|
|
|
|
bool secure_origin,
|
|
|
|
|
uint64_t x1,
|
|
|
|
|
uint64_t x2,
|
|
|
|
|
uint64_t x3,
|
|
|
|
|
uint64_t x4,
|
2021-11-29 18:02:45 +00:00
|
|
|
void *cookie,
|
|
|
|
|
void *handle,
|
|
|
|
|
uint64_t flags);
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2021-12-09 11:20:13 +00:00
|
|
|
/******************************************************************************
|
|
|
|
|
* Builds an SPMD to SPMC direct message request.
|
|
|
|
|
*****************************************************************************/
|
|
|
|
|
void spmd_build_spmc_message(gp_regs_t *gpregs, uint8_t target_func,
|
|
|
|
|
unsigned long long message)
|
|
|
|
|
{
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X0, FFA_MSG_SEND_DIRECT_REQ_SMC32);
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X1,
|
|
|
|
|
(SPMD_DIRECT_MSG_ENDPOINT_ID << FFA_DIRECT_MSG_SOURCE_SHIFT) |
|
|
|
|
|
spmd_spmc_id_get());
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X2, BIT(31) | target_func);
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X3, message);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2019-10-11 15:41:16 +01:00
|
|
|
/*******************************************************************************
|
2020-04-16 12:39:06 +01:00
|
|
|
* This function takes an SPMC context pointer and performs a synchronous
|
|
|
|
|
* SPMC entry.
|
2019-10-11 15:41:16 +01:00
|
|
|
******************************************************************************/
|
|
|
|
|
uint64_t spmd_spm_core_sync_entry(spmd_spm_core_context_t *spmc_ctx)
|
|
|
|
|
{
|
|
|
|
|
uint64_t rc;
|
|
|
|
|
|
|
|
|
|
assert(spmc_ctx != NULL);
|
|
|
|
|
|
|
|
|
|
cm_set_context(&(spmc_ctx->cpu_ctx), SECURE);
|
|
|
|
|
|
|
|
|
|
/* Restore the context assigned above */
|
2020-02-25 13:55:00 +00:00
|
|
|
#if SPMD_SPM_AT_SEL2
|
2020-02-25 13:56:19 +00:00
|
|
|
cm_el2_sysregs_context_restore(SECURE);
|
2021-05-21 17:00:04 +01:00
|
|
|
#else
|
|
|
|
|
cm_el1_sysregs_context_restore(SECURE);
|
2020-02-25 13:55:00 +00:00
|
|
|
#endif
|
2019-10-11 15:41:16 +01:00
|
|
|
cm_set_next_eret_context(SECURE);
|
|
|
|
|
|
2020-02-25 13:55:00 +00:00
|
|
|
/* Enter SPMC */
|
2019-10-11 15:41:16 +01:00
|
|
|
rc = spmd_spm_core_enter(&spmc_ctx->c_rt_ctx);
|
|
|
|
|
|
|
|
|
|
/* Save secure state */
|
2020-02-25 13:55:00 +00:00
|
|
|
#if SPMD_SPM_AT_SEL2
|
2020-02-25 13:56:19 +00:00
|
|
|
cm_el2_sysregs_context_save(SECURE);
|
2021-05-21 17:00:04 +01:00
|
|
|
#else
|
|
|
|
|
cm_el1_sysregs_context_save(SECURE);
|
2020-02-25 13:55:00 +00:00
|
|
|
#endif
|
2019-10-11 15:41:16 +01:00
|
|
|
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*******************************************************************************
|
2020-04-16 12:39:06 +01:00
|
|
|
* This function returns to the place where spmd_spm_core_sync_entry() was
|
2019-10-11 15:41:16 +01:00
|
|
|
* called originally.
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
__dead2 void spmd_spm_core_sync_exit(uint64_t rc)
|
|
|
|
|
{
|
2020-04-16 12:39:06 +01:00
|
|
|
spmd_spm_core_context_t *ctx = spmd_get_context();
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2020-04-16 12:39:06 +01:00
|
|
|
/* Get current CPU context from SPMC context */
|
2019-10-11 15:41:16 +01:00
|
|
|
assert(cm_get_context(SECURE) == &(ctx->cpu_ctx));
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The SPMD must have initiated the original request through a
|
|
|
|
|
* synchronous entry into SPMC. Jump back to the original C runtime
|
|
|
|
|
* context with the value of rc in x0;
|
|
|
|
|
*/
|
|
|
|
|
spmd_spm_core_exit(ctx->c_rt_ctx, rc);
|
|
|
|
|
|
|
|
|
|
panic();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*******************************************************************************
|
2020-04-16 12:39:06 +01:00
|
|
|
* Jump to the SPM Core for the first time.
|
2019-10-11 15:41:16 +01:00
|
|
|
******************************************************************************/
|
|
|
|
|
static int32_t spmd_init(void)
|
|
|
|
|
{
|
2020-04-16 12:39:06 +01:00
|
|
|
spmd_spm_core_context_t *ctx = spmd_get_context();
|
|
|
|
|
uint64_t rc;
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2020-04-16 12:39:06 +01:00
|
|
|
VERBOSE("SPM Core init start.\n");
|
2019-10-28 09:03:13 +00:00
|
|
|
|
refactor(spmd): boot interface and pass core id
This change refactors the SPMD to setup SPMC CPU contexts once and early
from spmd_spmc_init (single call to cm_setup_context rather than on each
and every warm boot).
Pass the core linear ID through a GP register as an implementation
defined behavior helping FF-A adoption to legacy TOSes (essentially
when secure virtualization is not used).
A first version of this change was originally submitted by Lukas [1].
Pasting below the original justification:
Our TEE, Kinibi, is used to receive the core linear ID in the x3
register of booting secondary cores.
This patch is necessary to bring up secondary cores with Kinibi as an
SPMC in SEL1.
In Kinibi, the TEE is mostly platform-independent and all platform-
specifics like topology is concentrated in TF-A of our customers.
That is why we don't have the MPIDR - linear ID mapping in Kinibi.
We need the correct linear ID to program the GICv2 target register,
for example in power management case.
It is not needed on GICv3/v4, because of using a fixed mapping from
MPIDR to ICDIPTR/GICD_ITARGETSRn register.
For debug and power management purpose, we also want a unified view to
linear id between Linux and the TEE.
E.g. to disable a core, to see what cores are printing a trace /
an event.
In the past, Kinibi had several other designs, but the complexity was
getting out of control:
* Platform-specific assembler macros in the kernel.
* A per-core SMC from Linux to tell the linear ID after the boot.
* With DynamiQ, it seems SIPs were playing with MPIDR register values,
reusing them between cores and changing them during boot.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/10235
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Change-Id: Ifa8fa208e9b8eb1642c80b5f7b54152dadafa75e
2021-06-21 08:47:13 +01:00
|
|
|
/* Primary boot core enters the SPMC for initialization. */
|
|
|
|
|
ctx->state = SPMC_STATE_ON_PENDING;
|
2019-10-11 15:41:16 +01:00
|
|
|
|
|
|
|
|
rc = spmd_spm_core_sync_entry(ctx);
|
2020-04-16 12:39:06 +01:00
|
|
|
if (rc != 0ULL) {
|
2020-08-25 21:49:32 +01:00
|
|
|
ERROR("SPMC initialisation failed 0x%" PRIx64 "\n", rc);
|
2020-04-16 12:39:06 +01:00
|
|
|
return 0;
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
|
|
|
|
|
2019-10-28 09:03:13 +00:00
|
|
|
ctx->state = SPMC_STATE_ON;
|
|
|
|
|
|
2020-04-16 12:39:06 +01:00
|
|
|
VERBOSE("SPM Core init end.\n");
|
2019-10-11 15:41:16 +01:00
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-08-05 10:27:42 +01:00
|
|
|
/*******************************************************************************
|
|
|
|
|
* spmd_secure_interrupt_handler
|
|
|
|
|
* Enter the SPMC for further handling of the secure interrupt by the SPMC
|
|
|
|
|
* itself or a Secure Partition.
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
static uint64_t spmd_secure_interrupt_handler(uint32_t id,
|
|
|
|
|
uint32_t flags,
|
|
|
|
|
void *handle,
|
|
|
|
|
void *cookie)
|
|
|
|
|
{
|
|
|
|
|
spmd_spm_core_context_t *ctx = spmd_get_context();
|
|
|
|
|
gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx);
|
|
|
|
|
unsigned int linear_id = plat_my_core_pos();
|
|
|
|
|
int64_t rc;
|
|
|
|
|
|
|
|
|
|
/* Sanity check the security state when the exception was generated */
|
|
|
|
|
assert(get_interrupt_src_ss(flags) == NON_SECURE);
|
|
|
|
|
|
|
|
|
|
/* Sanity check the pointer to this cpu's context */
|
|
|
|
|
assert(handle == cm_get_context(NON_SECURE));
|
|
|
|
|
|
|
|
|
|
/* Save the non-secure context before entering SPMC */
|
|
|
|
|
cm_el1_sysregs_context_save(NON_SECURE);
|
|
|
|
|
#if SPMD_SPM_AT_SEL2
|
|
|
|
|
cm_el2_sysregs_context_save(NON_SECURE);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Convey the event to the SPMC through the FFA_INTERRUPT interface. */
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X0, FFA_INTERRUPT);
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X1, 0);
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X2, 0);
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X3, 0);
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X4, 0);
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X5, 0);
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X6, 0);
|
|
|
|
|
write_ctx_reg(gpregs, CTX_GPREG_X7, 0);
|
|
|
|
|
|
|
|
|
|
/* Mark current core as handling a secure interrupt. */
|
|
|
|
|
ctx->secure_interrupt_ongoing = true;
|
|
|
|
|
|
|
|
|
|
rc = spmd_spm_core_sync_entry(ctx);
|
|
|
|
|
if (rc != 0ULL) {
|
2021-11-09 11:37:20 +00:00
|
|
|
ERROR("%s failed (%" PRId64 ") on CPU%u\n", __func__, rc, linear_id);
|
2020-08-05 10:27:42 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ctx->secure_interrupt_ongoing = false;
|
|
|
|
|
|
|
|
|
|
cm_el1_sysregs_context_restore(NON_SECURE);
|
|
|
|
|
#if SPMD_SPM_AT_SEL2
|
|
|
|
|
cm_el2_sysregs_context_restore(NON_SECURE);
|
|
|
|
|
#endif
|
|
|
|
|
cm_set_next_eret_context(NON_SECURE);
|
|
|
|
|
|
|
|
|
|
SMC_RET0(&ctx->cpu_ctx);
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-11 15:41:16 +01:00
|
|
|
/*******************************************************************************
|
2020-04-16 12:39:06 +01:00
|
|
|
* Loads SPMC manifest and inits SPMC.
|
2019-10-11 15:41:16 +01:00
|
|
|
******************************************************************************/
|
2020-02-07 14:44:43 +00:00
|
|
|
static int spmd_spmc_init(void *pm_addr)
|
2019-10-11 15:41:16 +01:00
|
|
|
{
|
refactor(spmd): boot interface and pass core id
This change refactors the SPMD to setup SPMC CPU contexts once and early
from spmd_spmc_init (single call to cm_setup_context rather than on each
and every warm boot).
Pass the core linear ID through a GP register as an implementation
defined behavior helping FF-A adoption to legacy TOSes (essentially
when secure virtualization is not used).
A first version of this change was originally submitted by Lukas [1].
Pasting below the original justification:
Our TEE, Kinibi, is used to receive the core linear ID in the x3
register of booting secondary cores.
This patch is necessary to bring up secondary cores with Kinibi as an
SPMC in SEL1.
In Kinibi, the TEE is mostly platform-independent and all platform-
specifics like topology is concentrated in TF-A of our customers.
That is why we don't have the MPIDR - linear ID mapping in Kinibi.
We need the correct linear ID to program the GICv2 target register,
for example in power management case.
It is not needed on GICv3/v4, because of using a fixed mapping from
MPIDR to ICDIPTR/GICD_ITARGETSRn register.
For debug and power management purpose, we also want a unified view to
linear id between Linux and the TEE.
E.g. to disable a core, to see what cores are printing a trace /
an event.
In the past, Kinibi had several other designs, but the complexity was
getting out of control:
* Platform-specific assembler macros in the kernel.
* A per-core SMC from Linux to tell the linear ID after the boot.
* With DynamiQ, it seems SIPs were playing with MPIDR register values,
reusing them between cores and changing them during boot.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/10235
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Change-Id: Ifa8fa208e9b8eb1642c80b5f7b54152dadafa75e
2021-06-21 08:47:13 +01:00
|
|
|
cpu_context_t *cpu_ctx;
|
|
|
|
|
unsigned int core_id;
|
2020-08-05 10:27:42 +01:00
|
|
|
uint32_t ep_attr, flags;
|
2020-04-16 12:39:06 +01:00
|
|
|
int rc;
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2020-04-16 12:39:06 +01:00
|
|
|
/* Load the SPM Core manifest */
|
2020-02-07 14:44:43 +00:00
|
|
|
rc = plat_spm_core_manifest_load(&spmc_attrs, pm_addr);
|
2020-02-27 14:54:21 +00:00
|
|
|
if (rc != 0) {
|
2020-04-16 12:39:06 +01:00
|
|
|
WARN("No or invalid SPM Core manifest image provided by BL2\n");
|
|
|
|
|
return rc;
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
2020-04-16 12:39:06 +01:00
|
|
|
* Ensure that the SPM Core version is compatible with the SPM
|
|
|
|
|
* Dispatcher version.
|
2019-10-11 15:41:16 +01:00
|
|
|
*/
|
2020-05-07 18:42:25 +01:00
|
|
|
if ((spmc_attrs.major_version != FFA_VERSION_MAJOR) ||
|
|
|
|
|
(spmc_attrs.minor_version > FFA_VERSION_MINOR)) {
|
|
|
|
|
WARN("Unsupported FFA version (%u.%u)\n",
|
2019-10-11 15:41:16 +01:00
|
|
|
spmc_attrs.major_version, spmc_attrs.minor_version);
|
2020-04-16 12:39:06 +01:00
|
|
|
return -EINVAL;
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
|
|
|
|
|
2020-05-07 18:42:25 +01:00
|
|
|
VERBOSE("FFA version (%u.%u)\n", spmc_attrs.major_version,
|
2019-10-11 15:41:16 +01:00
|
|
|
spmc_attrs.minor_version);
|
|
|
|
|
|
2020-04-16 12:39:06 +01:00
|
|
|
VERBOSE("SPM Core run time EL%x.\n",
|
2020-02-25 13:55:00 +00:00
|
|
|
SPMD_SPM_AT_SEL2 ? MODE_EL2 : MODE_EL1);
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2020-03-12 15:16:40 +00:00
|
|
|
/* Validate the SPMC ID, Ensure high bit is set */
|
2020-04-16 12:39:06 +01:00
|
|
|
if (((spmc_attrs.spmc_id >> SPMC_SECURE_ID_SHIFT) &
|
|
|
|
|
SPMC_SECURE_ID_MASK) == 0U) {
|
|
|
|
|
WARN("Invalid ID (0x%x) for SPMC.\n", spmc_attrs.spmc_id);
|
|
|
|
|
return -EINVAL;
|
2020-03-12 15:16:40 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-16 12:39:06 +01:00
|
|
|
/* Validate the SPM Core execution state */
|
2019-10-11 15:41:16 +01:00
|
|
|
if ((spmc_attrs.exec_state != MODE_RW_64) &&
|
|
|
|
|
(spmc_attrs.exec_state != MODE_RW_32)) {
|
2020-02-07 14:44:43 +00:00
|
|
|
WARN("Unsupported %s%x.\n", "SPM Core execution state 0x",
|
2019-10-11 15:41:16 +01:00
|
|
|
spmc_attrs.exec_state);
|
2020-04-16 12:39:06 +01:00
|
|
|
return -EINVAL;
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
|
|
|
|
|
2020-02-07 14:44:43 +00:00
|
|
|
VERBOSE("%s%x.\n", "SPM Core execution state 0x",
|
|
|
|
|
spmc_attrs.exec_state);
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2020-02-25 13:55:00 +00:00
|
|
|
#if SPMD_SPM_AT_SEL2
|
|
|
|
|
/* Ensure manifest has not requested AArch32 state in S-EL2 */
|
|
|
|
|
if (spmc_attrs.exec_state == MODE_RW_32) {
|
|
|
|
|
WARN("AArch32 state at S-EL2 is not supported.\n");
|
2020-04-16 12:39:06 +01:00
|
|
|
return -EINVAL;
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check if S-EL2 is supported on this system if S-EL2
|
|
|
|
|
* is required for SPM
|
|
|
|
|
*/
|
2020-04-16 12:39:06 +01:00
|
|
|
if (!is_armv8_4_sel2_present()) {
|
|
|
|
|
WARN("SPM Core run time S-EL2 is not supported.\n");
|
|
|
|
|
return -EINVAL;
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
2020-02-25 13:55:00 +00:00
|
|
|
#endif /* SPMD_SPM_AT_SEL2 */
|
2019-10-11 15:41:16 +01:00
|
|
|
|
|
|
|
|
/* Initialise an entrypoint to set up the CPU context */
|
|
|
|
|
ep_attr = SECURE | EP_ST_ENABLE;
|
2020-04-16 12:39:06 +01:00
|
|
|
if ((read_sctlr_el3() & SCTLR_EE_BIT) != 0ULL) {
|
2019-10-11 15:41:16 +01:00
|
|
|
ep_attr |= EP_EE_BIG;
|
2020-02-27 14:54:21 +00:00
|
|
|
}
|
|
|
|
|
|
2019-10-11 15:41:16 +01:00
|
|
|
SET_PARAM_HEAD(spmc_ep_info, PARAM_EP, VERSION_1, ep_attr);
|
|
|
|
|
|
|
|
|
|
/*
|
2020-04-16 12:39:06 +01:00
|
|
|
* Populate SPSR for SPM Core based upon validated parameters from the
|
|
|
|
|
* manifest.
|
2019-10-11 15:41:16 +01:00
|
|
|
*/
|
|
|
|
|
if (spmc_attrs.exec_state == MODE_RW_32) {
|
|
|
|
|
spmc_ep_info->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM,
|
|
|
|
|
SPSR_E_LITTLE,
|
|
|
|
|
DAIF_FIQ_BIT |
|
|
|
|
|
DAIF_IRQ_BIT |
|
|
|
|
|
DAIF_ABT_BIT);
|
|
|
|
|
} else {
|
2020-02-25 13:55:00 +00:00
|
|
|
|
|
|
|
|
#if SPMD_SPM_AT_SEL2
|
|
|
|
|
static const uint32_t runtime_el = MODE_EL2;
|
|
|
|
|
#else
|
|
|
|
|
static const uint32_t runtime_el = MODE_EL1;
|
|
|
|
|
#endif
|
|
|
|
|
spmc_ep_info->spsr = SPSR_64(runtime_el,
|
2019-10-11 15:41:16 +01:00
|
|
|
MODE_SP_ELX,
|
|
|
|
|
DISABLE_ALL_EXCEPTIONS);
|
|
|
|
|
}
|
|
|
|
|
|
refactor(spmd): boot interface and pass core id
This change refactors the SPMD to setup SPMC CPU contexts once and early
from spmd_spmc_init (single call to cm_setup_context rather than on each
and every warm boot).
Pass the core linear ID through a GP register as an implementation
defined behavior helping FF-A adoption to legacy TOSes (essentially
when secure virtualization is not used).
A first version of this change was originally submitted by Lukas [1].
Pasting below the original justification:
Our TEE, Kinibi, is used to receive the core linear ID in the x3
register of booting secondary cores.
This patch is necessary to bring up secondary cores with Kinibi as an
SPMC in SEL1.
In Kinibi, the TEE is mostly platform-independent and all platform-
specifics like topology is concentrated in TF-A of our customers.
That is why we don't have the MPIDR - linear ID mapping in Kinibi.
We need the correct linear ID to program the GICv2 target register,
for example in power management case.
It is not needed on GICv3/v4, because of using a fixed mapping from
MPIDR to ICDIPTR/GICD_ITARGETSRn register.
For debug and power management purpose, we also want a unified view to
linear id between Linux and the TEE.
E.g. to disable a core, to see what cores are printing a trace /
an event.
In the past, Kinibi had several other designs, but the complexity was
getting out of control:
* Platform-specific assembler macros in the kernel.
* A per-core SMC from Linux to tell the linear ID after the boot.
* With DynamiQ, it seems SIPs were playing with MPIDR register values,
reusing them between cores and changing them during boot.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/10235
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Change-Id: Ifa8fa208e9b8eb1642c80b5f7b54152dadafa75e
2021-06-21 08:47:13 +01:00
|
|
|
/* Set an initial SPMC context state for all cores. */
|
|
|
|
|
for (core_id = 0U; core_id < PLATFORM_CORE_COUNT; core_id++) {
|
|
|
|
|
spm_core_context[core_id].state = SPMC_STATE_OFF;
|
|
|
|
|
|
|
|
|
|
/* Setup an initial cpu context for the SPMC. */
|
|
|
|
|
cpu_ctx = &spm_core_context[core_id].cpu_ctx;
|
|
|
|
|
cm_setup_context(cpu_ctx, spmc_ep_info);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Pass the core linear ID to the SPMC through x4.
|
|
|
|
|
* (TF-A implementation defined behavior helping
|
|
|
|
|
* a legacy TOS migration to adopt FF-A).
|
|
|
|
|
*/
|
|
|
|
|
write_ctx_reg(get_gpregs_ctx(cpu_ctx), CTX_GPREG_X4, core_id);
|
|
|
|
|
}
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2019-10-28 09:15:52 +00:00
|
|
|
/* Register power management hooks with PSCI */
|
|
|
|
|
psci_register_spd_pm_hook(&spmd_pm);
|
|
|
|
|
|
2020-04-16 12:39:06 +01:00
|
|
|
/* Register init function for deferred init. */
|
2019-10-11 15:41:16 +01:00
|
|
|
bl31_register_bl32_init(&spmd_init);
|
|
|
|
|
|
refactor(spmd): boot interface and pass core id
This change refactors the SPMD to setup SPMC CPU contexts once and early
from spmd_spmc_init (single call to cm_setup_context rather than on each
and every warm boot).
Pass the core linear ID through a GP register as an implementation
defined behavior helping FF-A adoption to legacy TOSes (essentially
when secure virtualization is not used).
A first version of this change was originally submitted by Lukas [1].
Pasting below the original justification:
Our TEE, Kinibi, is used to receive the core linear ID in the x3
register of booting secondary cores.
This patch is necessary to bring up secondary cores with Kinibi as an
SPMC in SEL1.
In Kinibi, the TEE is mostly platform-independent and all platform-
specifics like topology is concentrated in TF-A of our customers.
That is why we don't have the MPIDR - linear ID mapping in Kinibi.
We need the correct linear ID to program the GICv2 target register,
for example in power management case.
It is not needed on GICv3/v4, because of using a fixed mapping from
MPIDR to ICDIPTR/GICD_ITARGETSRn register.
For debug and power management purpose, we also want a unified view to
linear id between Linux and the TEE.
E.g. to disable a core, to see what cores are printing a trace /
an event.
In the past, Kinibi had several other designs, but the complexity was
getting out of control:
* Platform-specific assembler macros in the kernel.
* A per-core SMC from Linux to tell the linear ID after the boot.
* With DynamiQ, it seems SIPs were playing with MPIDR register values,
reusing them between cores and changing them during boot.
[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/10235
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Change-Id: Ifa8fa208e9b8eb1642c80b5f7b54152dadafa75e
2021-06-21 08:47:13 +01:00
|
|
|
INFO("SPM Core setup done.\n");
|
|
|
|
|
|
2020-08-05 10:27:42 +01:00
|
|
|
/*
|
|
|
|
|
* Register an interrupt handler routing secure interrupts to SPMD
|
|
|
|
|
* while the NWd is running.
|
|
|
|
|
*/
|
|
|
|
|
flags = 0;
|
|
|
|
|
set_interrupt_rm_flag(flags, NON_SECURE);
|
|
|
|
|
rc = register_interrupt_type_handler(INTR_TYPE_S_EL1,
|
|
|
|
|
spmd_secure_interrupt_handler,
|
|
|
|
|
flags);
|
|
|
|
|
if (rc != 0) {
|
|
|
|
|
panic();
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-11 15:41:16 +01:00
|
|
|
return 0;
|
2020-02-27 14:54:21 +00:00
|
|
|
}
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2020-02-27 14:54:21 +00:00
|
|
|
/*******************************************************************************
|
2020-04-16 12:39:06 +01:00
|
|
|
* Initialize context of SPM Core.
|
2020-02-27 14:54:21 +00:00
|
|
|
******************************************************************************/
|
|
|
|
|
int spmd_setup(void)
|
|
|
|
|
{
|
|
|
|
|
int rc;
|
2021-11-29 17:57:03 +00:00
|
|
|
void *spmc_manifest;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* If the SPMC is at EL3, then just initialise it directly. The
|
|
|
|
|
* shenanigans of when it is at a lower EL are not needed.
|
|
|
|
|
*/
|
|
|
|
|
if (is_spmc_at_el3()) {
|
|
|
|
|
/* Allow the SPMC to populate its attributes directly. */
|
|
|
|
|
spmc_populate_attrs(&spmc_attrs);
|
|
|
|
|
|
|
|
|
|
rc = spmc_setup();
|
|
|
|
|
if (rc != 0) {
|
|
|
|
|
ERROR("SPMC initialisation failed 0x%x.\n", rc);
|
|
|
|
|
}
|
|
|
|
|
return rc;
|
|
|
|
|
}
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2020-02-27 14:54:21 +00:00
|
|
|
spmc_ep_info = bl31_plat_get_next_image_ep_info(SECURE);
|
2020-04-16 12:39:06 +01:00
|
|
|
if (spmc_ep_info == NULL) {
|
|
|
|
|
WARN("No SPM Core image provided by BL2 boot loader.\n");
|
|
|
|
|
return -EINVAL;
|
2020-02-27 14:54:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Under no circumstances will this parameter be 0 */
|
2020-04-16 12:39:06 +01:00
|
|
|
assert(spmc_ep_info->pc != 0ULL);
|
2020-02-27 14:54:21 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Check if BL32 ep_info has a reference to 'tos_fw_config'. This will
|
2020-04-16 12:39:06 +01:00
|
|
|
* be used as a manifest for the SPM Core at the next lower EL/mode.
|
2020-02-27 14:54:21 +00:00
|
|
|
*/
|
2020-02-07 14:44:43 +00:00
|
|
|
spmc_manifest = (void *)spmc_ep_info->args.arg0;
|
|
|
|
|
if (spmc_manifest == NULL) {
|
|
|
|
|
ERROR("Invalid or absent SPM Core manifest.\n");
|
|
|
|
|
return -EINVAL;
|
2020-02-27 14:54:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Load manifest, init SPMC */
|
2020-02-07 14:44:43 +00:00
|
|
|
rc = spmd_spmc_init(spmc_manifest);
|
2020-02-27 14:54:21 +00:00
|
|
|
if (rc != 0) {
|
2020-04-16 12:39:06 +01:00
|
|
|
WARN("Booting device without SPM initialization.\n");
|
2020-02-27 14:54:21 +00:00
|
|
|
}
|
|
|
|
|
|
2020-02-07 14:44:43 +00:00
|
|
|
return rc;
|
2020-02-27 14:54:21 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*******************************************************************************
|
2021-11-29 18:02:45 +00:00
|
|
|
* Forward FF-A SMCs to the other security state.
|
2020-02-27 14:54:21 +00:00
|
|
|
******************************************************************************/
|
2021-11-29 18:02:45 +00:00
|
|
|
uint64_t spmd_smc_switch_state(uint32_t smc_fid,
|
|
|
|
|
bool secure_origin,
|
|
|
|
|
uint64_t x1,
|
|
|
|
|
uint64_t x2,
|
|
|
|
|
uint64_t x3,
|
|
|
|
|
uint64_t x4,
|
|
|
|
|
void *handle)
|
2020-02-27 14:54:21 +00:00
|
|
|
{
|
2020-04-16 15:59:21 +01:00
|
|
|
unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE;
|
|
|
|
|
unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE;
|
2019-12-23 15:21:12 +00:00
|
|
|
|
2020-02-27 14:54:21 +00:00
|
|
|
/* Save incoming security state */
|
2020-02-25 13:55:00 +00:00
|
|
|
#if SPMD_SPM_AT_SEL2
|
2021-05-21 17:00:04 +01:00
|
|
|
if (secure_state_in == NON_SECURE) {
|
|
|
|
|
cm_el1_sysregs_context_save(secure_state_in);
|
|
|
|
|
}
|
2019-12-23 15:21:12 +00:00
|
|
|
cm_el2_sysregs_context_save(secure_state_in);
|
2021-05-21 17:00:04 +01:00
|
|
|
#else
|
|
|
|
|
cm_el1_sysregs_context_save(secure_state_in);
|
2020-02-25 13:55:00 +00:00
|
|
|
#endif
|
2020-02-27 14:54:21 +00:00
|
|
|
|
|
|
|
|
/* Restore outgoing security state */
|
2020-02-25 13:55:00 +00:00
|
|
|
#if SPMD_SPM_AT_SEL2
|
2021-05-21 17:00:04 +01:00
|
|
|
if (secure_state_out == NON_SECURE) {
|
|
|
|
|
cm_el1_sysregs_context_restore(secure_state_out);
|
|
|
|
|
}
|
2019-12-23 15:21:12 +00:00
|
|
|
cm_el2_sysregs_context_restore(secure_state_out);
|
2021-05-21 17:00:04 +01:00
|
|
|
#else
|
|
|
|
|
cm_el1_sysregs_context_restore(secure_state_out);
|
2020-02-25 13:55:00 +00:00
|
|
|
#endif
|
2019-12-23 15:21:12 +00:00
|
|
|
cm_set_next_eret_context(secure_state_out);
|
2020-02-27 14:54:21 +00:00
|
|
|
|
2019-12-23 15:21:12 +00:00
|
|
|
SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4,
|
2020-02-27 14:54:21 +00:00
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X5),
|
|
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X6),
|
|
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X7));
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-29 18:02:45 +00:00
|
|
|
/*******************************************************************************
|
|
|
|
|
* Forward SMCs to the other security state.
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
static uint64_t spmd_smc_forward(uint32_t smc_fid,
|
|
|
|
|
bool secure_origin,
|
|
|
|
|
uint64_t x1,
|
|
|
|
|
uint64_t x2,
|
|
|
|
|
uint64_t x3,
|
|
|
|
|
uint64_t x4,
|
|
|
|
|
void *cookie,
|
|
|
|
|
void *handle,
|
|
|
|
|
uint64_t flags)
|
|
|
|
|
{
|
|
|
|
|
if (is_spmc_at_el3() && !secure_origin) {
|
|
|
|
|
return spmc_smc_handler(smc_fid, secure_origin, x1, x2, x3, x4,
|
|
|
|
|
cookie, handle, flags);
|
|
|
|
|
}
|
|
|
|
|
return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2, x3, x4,
|
|
|
|
|
handle);
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
2020-02-27 14:54:21 +00:00
|
|
|
/*******************************************************************************
|
2020-05-07 18:42:25 +01:00
|
|
|
* Return FFA_ERROR with specified error code
|
2020-02-27 14:54:21 +00:00
|
|
|
******************************************************************************/
|
2020-05-07 18:42:25 +01:00
|
|
|
static uint64_t spmd_ffa_error_return(void *handle, int error_code)
|
2020-02-27 14:54:21 +00:00
|
|
|
{
|
2021-03-01 10:26:59 +00:00
|
|
|
SMC_RET8(handle, (uint32_t) FFA_ERROR,
|
|
|
|
|
FFA_TARGET_INFO_MBZ, (uint32_t)error_code,
|
2020-05-07 18:42:25 +01:00
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ);
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
|
|
|
|
|
2020-04-16 16:54:27 +01:00
|
|
|
/*******************************************************************************
|
|
|
|
|
* spmd_check_address_in_binary_image
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
bool spmd_check_address_in_binary_image(uint64_t address)
|
|
|
|
|
{
|
|
|
|
|
assert(!check_uptr_overflow(spmc_attrs.load_address, spmc_attrs.binary_size));
|
|
|
|
|
|
|
|
|
|
return ((address >= spmc_attrs.load_address) &&
|
|
|
|
|
(address < (spmc_attrs.load_address + spmc_attrs.binary_size)));
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-16 15:59:21 +01:00
|
|
|
/******************************************************************************
|
|
|
|
|
* spmd_is_spmc_message
|
|
|
|
|
*****************************************************************************/
|
|
|
|
|
static bool spmd_is_spmc_message(unsigned int ep)
|
|
|
|
|
{
|
2021-11-29 18:02:45 +00:00
|
|
|
if (is_spmc_at_el3()) {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-16 15:59:21 +01:00
|
|
|
return ((ffa_endpoint_destination(ep) == SPMD_DIRECT_MSG_ENDPOINT_ID)
|
|
|
|
|
&& (ffa_endpoint_source(ep) == spmc_attrs.spmc_id));
|
|
|
|
|
}
|
|
|
|
|
|
2020-04-16 16:54:27 +01:00
|
|
|
/******************************************************************************
|
|
|
|
|
* spmd_handle_spmc_message
|
|
|
|
|
*****************************************************************************/
|
2020-03-23 08:53:06 +00:00
|
|
|
static int spmd_handle_spmc_message(unsigned long long msg,
|
|
|
|
|
unsigned long long parm1, unsigned long long parm2,
|
|
|
|
|
unsigned long long parm3, unsigned long long parm4)
|
2020-04-16 16:54:27 +01:00
|
|
|
{
|
|
|
|
|
VERBOSE("%s %llx %llx %llx %llx %llx\n", __func__,
|
|
|
|
|
msg, parm1, parm2, parm3, parm4);
|
|
|
|
|
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-29 18:02:45 +00:00
|
|
|
/*******************************************************************************
|
|
|
|
|
* This function forwards FF-A SMCs to either the main SPMD handler or the
|
|
|
|
|
* SPMC at EL3, depending on the origin security state, if enabled.
|
|
|
|
|
******************************************************************************/
|
|
|
|
|
uint64_t spmd_ffa_smc_handler(uint32_t smc_fid,
|
|
|
|
|
uint64_t x1,
|
|
|
|
|
uint64_t x2,
|
|
|
|
|
uint64_t x3,
|
|
|
|
|
uint64_t x4,
|
|
|
|
|
void *cookie,
|
|
|
|
|
void *handle,
|
|
|
|
|
uint64_t flags)
|
|
|
|
|
{
|
|
|
|
|
if (is_spmc_at_el3()) {
|
|
|
|
|
/*
|
|
|
|
|
* If we have an SPMC at EL3 allow handling of the SMC first.
|
|
|
|
|
* The SPMC will call back through to SPMD handler if required.
|
|
|
|
|
*/
|
|
|
|
|
if (is_caller_secure(flags)) {
|
|
|
|
|
return spmc_smc_handler(smc_fid,
|
|
|
|
|
is_caller_secure(flags),
|
|
|
|
|
x1, x2, x3, x4, cookie,
|
|
|
|
|
handle, flags);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return spmd_smc_handler(smc_fid, x1, x2, x3, x4, cookie,
|
|
|
|
|
handle, flags);
|
|
|
|
|
}
|
|
|
|
|
|
2019-10-11 15:41:16 +01:00
|
|
|
/*******************************************************************************
|
2020-05-07 18:42:25 +01:00
|
|
|
* This function handles all SMCs in the range reserved for FFA. Each call is
|
2019-10-11 15:41:16 +01:00
|
|
|
* either forwarded to the other security state or handled by the SPM dispatcher
|
|
|
|
|
******************************************************************************/
|
2020-04-16 12:39:06 +01:00
|
|
|
uint64_t spmd_smc_handler(uint32_t smc_fid,
|
|
|
|
|
uint64_t x1,
|
|
|
|
|
uint64_t x2,
|
|
|
|
|
uint64_t x3,
|
|
|
|
|
uint64_t x4,
|
|
|
|
|
void *cookie,
|
|
|
|
|
void *handle,
|
2019-10-11 15:41:16 +01:00
|
|
|
uint64_t flags)
|
|
|
|
|
{
|
2021-01-19 14:06:47 +00:00
|
|
|
unsigned int linear_id = plat_my_core_pos();
|
2020-04-16 12:39:06 +01:00
|
|
|
spmd_spm_core_context_t *ctx = spmd_get_context();
|
2019-12-23 15:21:12 +00:00
|
|
|
bool secure_origin;
|
|
|
|
|
int32_t ret;
|
2020-05-26 14:03:05 +01:00
|
|
|
uint32_t input_version;
|
2019-10-11 15:41:16 +01:00
|
|
|
|
|
|
|
|
/* Determine which security state this SMC originated from */
|
2019-12-23 15:21:12 +00:00
|
|
|
secure_origin = is_caller_secure(flags);
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2020-08-25 21:49:32 +01:00
|
|
|
VERBOSE("SPM(%u): 0x%x 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64
|
|
|
|
|
" 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 "\n",
|
|
|
|
|
linear_id, smc_fid, x1, x2, x3, x4,
|
|
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X5),
|
|
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X6),
|
|
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X7));
|
2019-10-11 15:41:16 +01:00
|
|
|
|
|
|
|
|
switch (smc_fid) {
|
2020-05-07 18:42:25 +01:00
|
|
|
case FFA_ERROR:
|
2019-10-11 15:41:16 +01:00
|
|
|
/*
|
|
|
|
|
* Check if this is the first invocation of this interface on
|
2020-04-16 12:39:06 +01:00
|
|
|
* this CPU. If so, then indicate that the SPM Core initialised
|
2019-10-11 15:41:16 +01:00
|
|
|
* unsuccessfully.
|
|
|
|
|
*/
|
2019-10-28 09:03:13 +00:00
|
|
|
if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) {
|
2019-10-11 15:41:16 +01:00
|
|
|
spmd_spm_core_sync_exit(x2);
|
2020-02-27 14:54:21 +00:00
|
|
|
}
|
2019-10-11 15:41:16 +01:00
|
|
|
|
2019-12-23 15:21:12 +00:00
|
|
|
return spmd_smc_forward(smc_fid, secure_origin,
|
2021-11-29 18:02:45 +00:00
|
|
|
x1, x2, x3, x4, cookie,
|
|
|
|
|
handle, flags);
|
2019-10-11 15:41:16 +01:00
|
|
|
break; /* not reached */
|
|
|
|
|
|
2020-05-07 18:42:25 +01:00
|
|
|
case FFA_VERSION:
|
2020-05-26 14:03:05 +01:00
|
|
|
input_version = (uint32_t)(0xFFFFFFFF & x1);
|
2019-10-11 15:41:16 +01:00
|
|
|
/*
|
2020-05-26 14:03:05 +01:00
|
|
|
* If caller is secure and SPMC was initialized,
|
|
|
|
|
* return FFA_VERSION of SPMD.
|
|
|
|
|
* If caller is non secure and SPMC was initialized,
|
2021-12-08 14:27:40 +00:00
|
|
|
* forward to the EL3 SPMC if enabled, otherwise return
|
|
|
|
|
* the SPMC version if implemented at a lower EL.
|
2020-05-26 14:03:05 +01:00
|
|
|
* Sanity check to "input_version".
|
2021-11-29 18:02:45 +00:00
|
|
|
* If the EL3 SPMC is enabled, ignore the SPMC state as
|
|
|
|
|
* this is not used.
|
2019-10-11 15:41:16 +01:00
|
|
|
*/
|
2020-05-26 14:03:05 +01:00
|
|
|
if ((input_version & FFA_VERSION_BIT31_MASK) ||
|
2021-11-29 18:02:45 +00:00
|
|
|
(!is_spmc_at_el3() && (ctx->state == SPMC_STATE_RESET))) {
|
2020-05-26 14:03:05 +01:00
|
|
|
ret = FFA_ERROR_NOT_SUPPORTED;
|
|
|
|
|
} else if (!secure_origin) {
|
2021-12-08 14:27:40 +00:00
|
|
|
if (is_spmc_at_el3()) {
|
|
|
|
|
/*
|
|
|
|
|
* Forward the call directly to the EL3 SPMC, if
|
|
|
|
|
* enabled, as we don't need to wrap the call in
|
|
|
|
|
* a direct request.
|
|
|
|
|
*/
|
|
|
|
|
return spmd_smc_forward(smc_fid, secure_origin,
|
|
|
|
|
x1, x2, x3, x4, cookie,
|
|
|
|
|
handle, flags);
|
|
|
|
|
}
|
|
|
|
|
|
2021-12-09 11:20:13 +00:00
|
|
|
gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx);
|
|
|
|
|
uint64_t rc;
|
|
|
|
|
|
|
|
|
|
if (spmc_attrs.major_version == 1 &&
|
|
|
|
|
spmc_attrs.minor_version == 0) {
|
|
|
|
|
ret = MAKE_FFA_VERSION(spmc_attrs.major_version,
|
|
|
|
|
spmc_attrs.minor_version);
|
|
|
|
|
SMC_RET8(handle, (uint32_t)ret,
|
|
|
|
|
FFA_TARGET_INFO_MBZ,
|
|
|
|
|
FFA_TARGET_INFO_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
/* Save non-secure system registers context */
|
|
|
|
|
cm_el1_sysregs_context_save(NON_SECURE);
|
|
|
|
|
#if SPMD_SPM_AT_SEL2
|
|
|
|
|
cm_el2_sysregs_context_save(NON_SECURE);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The incoming request has FFA_VERSION as X0 smc_fid
|
|
|
|
|
* and requested version in x1. Prepare a direct request
|
|
|
|
|
* from SPMD to SPMC with FFA_VERSION framework function
|
|
|
|
|
* identifier in X2 and requested version in X3.
|
|
|
|
|
*/
|
|
|
|
|
spmd_build_spmc_message(gpregs,
|
|
|
|
|
SPMD_FWK_MSG_FFA_VERSION_REQ,
|
|
|
|
|
input_version);
|
|
|
|
|
|
|
|
|
|
rc = spmd_spm_core_sync_entry(ctx);
|
|
|
|
|
|
|
|
|
|
if ((rc != 0ULL) ||
|
|
|
|
|
(SMC_GET_GP(gpregs, CTX_GPREG_X0) !=
|
|
|
|
|
FFA_MSG_SEND_DIRECT_RESP_SMC32) ||
|
|
|
|
|
(SMC_GET_GP(gpregs, CTX_GPREG_X2) !=
|
2022-04-12 17:18:13 +01:00
|
|
|
(FFA_FWK_MSG_BIT |
|
2021-12-09 11:20:13 +00:00
|
|
|
SPMD_FWK_MSG_FFA_VERSION_RESP))) {
|
|
|
|
|
ERROR("Failed to forward FFA_VERSION\n");
|
|
|
|
|
ret = FFA_ERROR_NOT_SUPPORTED;
|
|
|
|
|
} else {
|
|
|
|
|
ret = SMC_GET_GP(gpregs, CTX_GPREG_X3);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Return here after SPMC has handled FFA_VERSION.
|
|
|
|
|
* The returned SPMC version is held in X3.
|
|
|
|
|
* Forward this version in X0 to the non-secure caller.
|
|
|
|
|
*/
|
|
|
|
|
return spmd_smc_forward(ret, true, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
2021-11-29 18:02:45 +00:00
|
|
|
FFA_PARAM_MBZ, cookie, gpregs,
|
|
|
|
|
flags);
|
2020-05-26 14:03:05 +01:00
|
|
|
} else {
|
2021-03-01 10:26:59 +00:00
|
|
|
ret = MAKE_FFA_VERSION(FFA_VERSION_MAJOR,
|
|
|
|
|
FFA_VERSION_MINOR);
|
2020-05-26 14:03:05 +01:00
|
|
|
}
|
|
|
|
|
|
2021-03-01 10:26:59 +00:00
|
|
|
SMC_RET8(handle, (uint32_t)ret, FFA_TARGET_INFO_MBZ,
|
|
|
|
|
FFA_TARGET_INFO_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ);
|
2019-10-11 15:41:16 +01:00
|
|
|
break; /* not reached */
|
|
|
|
|
|
2020-05-07 18:42:25 +01:00
|
|
|
case FFA_FEATURES:
|
2019-10-11 15:41:16 +01:00
|
|
|
/*
|
|
|
|
|
* This is an optional interface. Do the minimal checks and
|
2020-04-16 12:39:06 +01:00
|
|
|
* forward to SPM Core which will handle it if implemented.
|
2019-10-11 15:41:16 +01:00
|
|
|
*/
|
|
|
|
|
|
2020-04-16 12:39:06 +01:00
|
|
|
/* Forward SMC from Normal world to the SPM Core */
|
2019-12-23 15:21:12 +00:00
|
|
|
if (!secure_origin) {
|
|
|
|
|
return spmd_smc_forward(smc_fid, secure_origin,
|
2021-11-29 18:02:45 +00:00
|
|
|
x1, x2, x3, x4, cookie,
|
|
|
|
|
handle, flags);
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
2020-02-27 14:54:21 +00:00
|
|
|
|
2020-04-16 12:39:06 +01:00
|
|
|
/*
|
|
|
|
|
* Return success if call was from secure world i.e. all
|
2020-05-07 18:42:25 +01:00
|
|
|
* FFA functions are supported. This is essentially a
|
2020-04-16 12:39:06 +01:00
|
|
|
* nop.
|
|
|
|
|
*/
|
2020-05-07 18:42:25 +01:00
|
|
|
SMC_RET8(handle, FFA_SUCCESS_SMC32, x1, x2, x3, x4,
|
2020-04-16 12:39:06 +01:00
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X5),
|
|
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X6),
|
|
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X7));
|
|
|
|
|
|
2019-10-11 15:41:16 +01:00
|
|
|
break; /* not reached */
|
|
|
|
|
|
2020-05-07 18:42:25 +01:00
|
|
|
case FFA_ID_GET:
|
2020-03-12 15:16:40 +00:00
|
|
|
/*
|
2020-05-07 18:42:25 +01:00
|
|
|
* Returns the ID of the calling FFA component.
|
2020-04-16 12:39:06 +01:00
|
|
|
*/
|
2020-03-12 15:16:40 +00:00
|
|
|
if (!secure_origin) {
|
2020-05-07 18:42:25 +01:00
|
|
|
SMC_RET8(handle, FFA_SUCCESS_SMC32,
|
|
|
|
|
FFA_TARGET_INFO_MBZ, FFA_NS_ENDPOINT_ID,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ);
|
2020-03-12 15:16:40 +00:00
|
|
|
}
|
|
|
|
|
|
2020-05-07 18:42:25 +01:00
|
|
|
SMC_RET8(handle, FFA_SUCCESS_SMC32,
|
|
|
|
|
FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ);
|
2020-04-16 12:39:06 +01:00
|
|
|
|
2020-03-12 15:16:40 +00:00
|
|
|
break; /* not reached */
|
|
|
|
|
|
2021-01-19 14:06:47 +00:00
|
|
|
case FFA_SECONDARY_EP_REGISTER_SMC64:
|
|
|
|
|
if (secure_origin) {
|
|
|
|
|
ret = spmd_pm_secondary_ep_register(x1);
|
|
|
|
|
|
|
|
|
|
if (ret < 0) {
|
|
|
|
|
SMC_RET8(handle, FFA_ERROR_SMC64,
|
|
|
|
|
FFA_TARGET_INFO_MBZ, ret,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ);
|
|
|
|
|
} else {
|
|
|
|
|
SMC_RET8(handle, FFA_SUCCESS_SMC64,
|
|
|
|
|
FFA_TARGET_INFO_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED);
|
|
|
|
|
break; /* Not reached */
|
|
|
|
|
|
2021-02-03 12:13:19 +00:00
|
|
|
case FFA_SPM_ID_GET:
|
|
|
|
|
if (MAKE_FFA_VERSION(1, 1) > FFA_VERSION_COMPILED) {
|
|
|
|
|
return spmd_ffa_error_return(handle,
|
|
|
|
|
FFA_ERROR_NOT_SUPPORTED);
|
|
|
|
|
}
|
|
|
|
|
/*
|
|
|
|
|
* Returns the ID of the SPMC or SPMD depending on the FF-A
|
|
|
|
|
* instance where this function is invoked
|
|
|
|
|
*/
|
|
|
|
|
if (!secure_origin) {
|
|
|
|
|
SMC_RET8(handle, FFA_SUCCESS_SMC32,
|
|
|
|
|
FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ);
|
|
|
|
|
}
|
|
|
|
|
SMC_RET8(handle, FFA_SUCCESS_SMC32,
|
|
|
|
|
FFA_TARGET_INFO_MBZ, SPMD_DIRECT_MSG_ENDPOINT_ID,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ);
|
|
|
|
|
|
|
|
|
|
break; /* not reached */
|
|
|
|
|
|
2020-04-16 16:54:27 +01:00
|
|
|
case FFA_MSG_SEND_DIRECT_REQ_SMC32:
|
|
|
|
|
if (secure_origin && spmd_is_spmc_message(x1)) {
|
|
|
|
|
ret = spmd_handle_spmc_message(x3, x4,
|
|
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X5),
|
|
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X6),
|
|
|
|
|
SMC_GET_GP(handle, CTX_GPREG_X7));
|
|
|
|
|
|
|
|
|
|
SMC_RET8(handle, FFA_SUCCESS_SMC32,
|
|
|
|
|
FFA_TARGET_INFO_MBZ, ret,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ, FFA_PARAM_MBZ,
|
|
|
|
|
FFA_PARAM_MBZ);
|
|
|
|
|
} else {
|
|
|
|
|
/* Forward direct message to the other world */
|
|
|
|
|
return spmd_smc_forward(smc_fid, secure_origin,
|
2021-11-29 18:02:45 +00:00
|
|
|
x1, x2, x3, x4, cookie,
|
|
|
|
|
handle, flags);
|
2020-04-16 16:54:27 +01:00
|
|
|
}
|
|
|
|
|
break; /* Not reached */
|
|
|
|
|
|
|
|
|
|
case FFA_MSG_SEND_DIRECT_RESP_SMC32:
|
|
|
|
|
if (secure_origin && spmd_is_spmc_message(x1)) {
|
2020-08-05 10:27:42 +01:00
|
|
|
spmd_spm_core_sync_exit(0ULL);
|
2020-04-16 16:54:27 +01:00
|
|
|
} else {
|
|
|
|
|
/* Forward direct message to the other world */
|
|
|
|
|
return spmd_smc_forward(smc_fid, secure_origin,
|
2021-11-29 18:02:45 +00:00
|
|
|
x1, x2, x3, x4, cookie,
|
|
|
|
|
handle, flags);
|
2020-04-16 16:54:27 +01:00
|
|
|
}
|
|
|
|
|
break; /* Not reached */
|
|
|
|
|
|
2020-05-07 18:42:25 +01:00
|
|
|
case FFA_RX_RELEASE:
|
|
|
|
|
case FFA_RXTX_MAP_SMC32:
|
|
|
|
|
case FFA_RXTX_MAP_SMC64:
|
|
|
|
|
case FFA_RXTX_UNMAP:
|
2020-07-28 10:33:35 +01:00
|
|
|
case FFA_PARTITION_INFO_GET:
|
2021-03-11 17:46:47 +00:00
|
|
|
#if MAKE_FFA_VERSION(1, 1) <= FFA_VERSION_COMPILED
|
|
|
|
|
case FFA_NOTIFICATION_BITMAP_CREATE:
|
|
|
|
|
case FFA_NOTIFICATION_BITMAP_DESTROY:
|
|
|
|
|
case FFA_NOTIFICATION_BIND:
|
|
|
|
|
case FFA_NOTIFICATION_UNBIND:
|
|
|
|
|
case FFA_NOTIFICATION_SET:
|
|
|
|
|
case FFA_NOTIFICATION_GET:
|
|
|
|
|
case FFA_NOTIFICATION_INFO_GET:
|
|
|
|
|
case FFA_NOTIFICATION_INFO_GET_SMC64:
|
2022-02-03 16:22:37 +00:00
|
|
|
case FFA_MSG_SEND2:
|
2022-03-18 09:30:00 +00:00
|
|
|
case FFA_RX_ACQUIRE:
|
2021-03-11 17:46:47 +00:00
|
|
|
#endif
|
2022-02-03 16:22:37 +00:00
|
|
|
case FFA_MSG_RUN:
|
2020-07-28 10:33:35 +01:00
|
|
|
/*
|
2022-02-03 16:22:37 +00:00
|
|
|
* Above calls should be invoked only by the Normal world and
|
|
|
|
|
* must not be forwarded from Secure world to Normal world.
|
2020-07-28 10:33:35 +01:00
|
|
|
*/
|
2019-12-23 15:21:12 +00:00
|
|
|
if (secure_origin) {
|
2020-05-07 18:42:25 +01:00
|
|
|
return spmd_ffa_error_return(handle,
|
2020-07-28 10:33:35 +01:00
|
|
|
FFA_ERROR_NOT_SUPPORTED);
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Fall through to forward the call to the other world */
|
2020-05-07 18:42:25 +01:00
|
|
|
case FFA_MSG_SEND:
|
|
|
|
|
case FFA_MSG_SEND_DIRECT_REQ_SMC64:
|
|
|
|
|
case FFA_MSG_SEND_DIRECT_RESP_SMC64:
|
|
|
|
|
case FFA_MEM_DONATE_SMC32:
|
|
|
|
|
case FFA_MEM_DONATE_SMC64:
|
|
|
|
|
case FFA_MEM_LEND_SMC32:
|
|
|
|
|
case FFA_MEM_LEND_SMC64:
|
|
|
|
|
case FFA_MEM_SHARE_SMC32:
|
|
|
|
|
case FFA_MEM_SHARE_SMC64:
|
|
|
|
|
case FFA_MEM_RETRIEVE_REQ_SMC32:
|
|
|
|
|
case FFA_MEM_RETRIEVE_REQ_SMC64:
|
|
|
|
|
case FFA_MEM_RETRIEVE_RESP:
|
|
|
|
|
case FFA_MEM_RELINQUISH:
|
|
|
|
|
case FFA_MEM_RECLAIM:
|
2021-09-23 09:44:14 +01:00
|
|
|
case FFA_MEM_FRAG_TX:
|
|
|
|
|
case FFA_MEM_FRAG_RX:
|
2020-05-07 18:42:25 +01:00
|
|
|
case FFA_SUCCESS_SMC32:
|
|
|
|
|
case FFA_SUCCESS_SMC64:
|
2019-10-11 15:41:16 +01:00
|
|
|
/*
|
|
|
|
|
* TODO: Assume that no requests originate from EL3 at the
|
|
|
|
|
* moment. This will change if a SP service is required in
|
|
|
|
|
* response to secure interrupts targeted to EL3. Until then
|
|
|
|
|
* simply forward the call to the Normal world.
|
|
|
|
|
*/
|
|
|
|
|
|
2019-12-23 15:21:12 +00:00
|
|
|
return spmd_smc_forward(smc_fid, secure_origin,
|
2021-11-29 18:02:45 +00:00
|
|
|
x1, x2, x3, x4, cookie,
|
|
|
|
|
handle, flags);
|
2019-10-11 15:41:16 +01:00
|
|
|
break; /* not reached */
|
|
|
|
|
|
2020-05-07 18:42:25 +01:00
|
|
|
case FFA_MSG_WAIT:
|
2019-10-11 15:41:16 +01:00
|
|
|
/*
|
|
|
|
|
* Check if this is the first invocation of this interface on
|
|
|
|
|
* this CPU from the Secure world. If so, then indicate that the
|
2020-04-16 12:39:06 +01:00
|
|
|
* SPM Core initialised successfully.
|
2019-10-11 15:41:16 +01:00
|
|
|
*/
|
2019-10-28 09:03:13 +00:00
|
|
|
if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) {
|
2020-08-05 10:27:42 +01:00
|
|
|
spmd_spm_core_sync_exit(0ULL);
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
|
|
|
|
|
2020-02-27 14:54:21 +00:00
|
|
|
/* Fall through to forward the call to the other world */
|
2021-04-02 10:09:10 +01:00
|
|
|
case FFA_INTERRUPT:
|
2020-05-07 18:42:25 +01:00
|
|
|
case FFA_MSG_YIELD:
|
2019-10-11 15:41:16 +01:00
|
|
|
/* This interface must be invoked only by the Secure world */
|
2019-12-23 15:21:12 +00:00
|
|
|
if (!secure_origin) {
|
2020-05-07 18:42:25 +01:00
|
|
|
return spmd_ffa_error_return(handle,
|
|
|
|
|
FFA_ERROR_NOT_SUPPORTED);
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
|
|
|
|
|
2019-12-23 15:21:12 +00:00
|
|
|
return spmd_smc_forward(smc_fid, secure_origin,
|
2021-11-29 18:02:45 +00:00
|
|
|
x1, x2, x3, x4, cookie,
|
|
|
|
|
handle, flags);
|
2019-10-11 15:41:16 +01:00
|
|
|
break; /* not reached */
|
|
|
|
|
|
2020-08-05 10:27:42 +01:00
|
|
|
case FFA_NORMAL_WORLD_RESUME:
|
|
|
|
|
if (secure_origin && ctx->secure_interrupt_ongoing) {
|
|
|
|
|
spmd_spm_core_sync_exit(0ULL);
|
|
|
|
|
} else {
|
|
|
|
|
return spmd_ffa_error_return(handle, FFA_ERROR_DENIED);
|
|
|
|
|
}
|
|
|
|
|
break; /* Not reached */
|
|
|
|
|
|
2019-10-11 15:41:16 +01:00
|
|
|
default:
|
|
|
|
|
WARN("SPM: Unsupported call 0x%08x\n", smc_fid);
|
2020-05-07 18:42:25 +01:00
|
|
|
return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED);
|
2019-10-11 15:41:16 +01:00
|
|
|
}
|
|
|
|
|
}
|
