Remove dependency between SPM_MM and ENABLE_SPM build flags

There are two different implementations of Secure Partition management in TF-A. One is based on the "Management Mode" (MM) design, the other is based on the Secure Partition Client Interface (SPCI) specification. Currently there is a dependency between their build flags that shouldn't exist, making further development harder than it should be. This patch removes that dependency, making the two flags function independently. Before: ENABLE_SPM=1 is required for using either implementation. By default, the SPCI-based implementation is enabled and this is overridden if SPM_MM=1. After: ENABLE_SPM=1 enables the SPCI-based implementation. SPM_MM=1 enables the MM-based implementation. The two build flags are mutually exclusive. Note that the name of the ENABLE_SPM flag remains a bit ambiguous - this will be improved in a subsequent patch. For this patch the intention was to leave the name as-is so that it is easier to track the changes that were made. Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-09-16 11:29:03 +00:00 · 2019-09-16 11:29:03 +00:00 · 3f3c341ae5
parent b8e17967bb
commit 3f3c341ae5
18 changed files with 59 additions and 51 deletions
--- a/8
+++ b/8
@ -571,6 +571,14 @@ ifeq ($(CTX_INCLUDE_MTE_REGS),1)
    endif
 endif

+# The SPCI-based SPM implementation and the MM-based SPM implementation cannot
+# be enabled at the same time.
+ifeq ($(ENABLE_SPM),1)
+    ifeq ($(SPM_MM),1)
+        $(error Use only one of the ENABLE_SPM and SPM_MM flags)
+    endif
+endif
+
 ################################################################################
 # Process platform overrideable behaviour
 ################################################################################
--- a/bl31/bl31.ld.S
+++ b/bl31/bl31.ld.S
@ -142,7 +142,7 @@ SECTIONS
    ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__,
           "cpu_ops not defined for this platform.")

-#if ENABLE_SPM
+#if ENABLE_SPM || SPM_MM
 #ifndef SPM_SHIM_EXCEPTIONS_VMA
 #define SPM_SHIM_EXCEPTIONS_VMA         RAM
 #endif
--- a/bl31/bl31.mk
+++ b/bl31/bl31.mk
@ -5,21 +5,21 @@
 #

 ################################################################################
-# Include SPM Makefile
+# Include Makefile for either of the supported SPM implementations
 ################################################################################
 ifeq (${ENABLE_SPM},1)
-  ifeq (${SPM_MM},1)
-    ifeq (${EL3_EXCEPTION_HANDLING},0)
-      $(error EL3_EXCEPTION_HANDLING must be 1 for SPM support)
-    endif
-    $(info Including makefile of SPM based on MM)
-    include services/std_svc/spm_mm/spm.mk
-  else
-    $(info Including SPM makefile)
-    include services/std_svc/spm/spm.mk
-  endif
+  $(info Including SPM (SPCI) makefile)
+  include services/std_svc/spm/spm.mk
 endif

+ifeq (${SPM_MM},1)
+  ifeq (${EL3_EXCEPTION_HANDLING},0)
+    $(error EL3_EXCEPTION_HANDLING must be 1 for SPM support)
+  else
+    $(info Including SPM Management Mode (MM) makefile)
+    include services/std_svc/spm_mm/spm.mk
+  endif
+endif

 include lib/psci/psci_lib.mk

--- a/docs/getting_started/build-options.rst
+++ b/docs/getting_started/build-options.rst
@ -235,8 +235,9 @@ Common build options
   The default is 1 but is automatically disabled when the target architecture
   is AArch32.

-  ``ENABLE_SPM`` : Boolean option to enable the Secure Partition Manager (SPM).
-   Refer to :ref:`Secure Partition Manager` for more details about
+-  ``ENABLE_SPM`` : Boolean option to enable the SPCI-based Secure Partition
+   Manager (SPM) implementation.
+   Refer to the :ref:`Secure Partition Manager` guide for more details about
   this feature. Default is 0.

 -  ``ENABLE_SVE_FOR_NS``: Boolean option to enable Scalable Vector Extension
@ -507,6 +508,9 @@ Common build options
   firmware images have been loaded in memory, and the MMU and caches are
   turned off. Refer to the "Debugging options" section for more details.

+-  ``SPM_MM`` : Boolean option to enable the Management Mode (MM)-based Secure
+   Partition Manager (SPM) implementation. The default value is ``0``.
+
 -  ``SP_MIN_WITH_SECURE_FIQ``: Boolean flag to indicate the SP_MIN handles
   secure interrupts (caught through the FIQ line). Platforms can enable
   this directive if they need to handle such interruption. When enabled,
--- a/include/plat/arm/common/arm_def.h
+++ b/include/plat/arm/common/arm_def.h
@ -500,9 +500,9 @@
 * SPD and no SPM, as they are the only ones that can be used as BL32.
 */
 #if defined(__aarch64__) && !JUNO_AARCH32_EL3_RUNTIME
-# if defined(SPD_none) && !ENABLE_SPM
+# if defined(SPD_none) && !ENABLE_SPM && !SPM_MM
 #  undef BL32_BASE
-# endif /* defined(SPD_none) && !ENABLE_SPM */
+# endif /* defined(SPD_none) && !ENABLE_SPM && !SPM_MM*/
 #endif /* defined(__aarch64__) && !JUNO_AARCH32_EL3_RUNTIME */

 /*******************************************************************************
--- a/include/plat/arm/common/plat_arm.h
+++ b/include/plat/arm/common/plat_arm.h
@ -38,7 +38,7 @@ typedef struct arm_tzc_regions_info {
 *   - Region 1 with secure access only;
 *   - the remaining DRAM regions access from the given Non-Secure masters.
 ******************************************************************************/
-#if ENABLE_SPM && SPM_MM
+#if SPM_MM
 #define ARM_TZC_REGIONS_DEF						\
 	{ARM_AP_TZC_DRAM1_BASE, ARM_EL3_TZC_DRAM1_END,			\
 		TZC_REGION_S_RDWR, 0},					\
--- a/make_helpers/defaults.mk
+++ b/make_helpers/defaults.mk
@ -178,11 +178,11 @@ RECLAIM_INIT_CODE		:= 0
 # SPD choice
 SPD				:= none

-# For including the Secure Partition Manager
+# Enable the SPCI-based Secure Partition Manager implementation
 ENABLE_SPM			:= 0

-# Use the SPM based on MM
-SPM_MM				:= 1
+# Enable the Management Mode (MM)-based Secure Partition Manager implementation
+SPM_MM				:= 0

 # Flag to introduce an infinite loop in BL1 just before it exits into the next
 # image. This is meant to help debugging the post-BL2 phase.
--- a/plat/arm/board/fvp/fvp_common.c
+++ b/plat/arm/board/fvp/fvp_common.c
@ -96,10 +96,10 @@ const mmap_region_t plat_arm_mmap[] = {
 	ARM_MAP_BL1_RW,
 #endif
 #endif /* TRUSTED_BOARD_BOOT */
-#if ENABLE_SPM && SPM_MM
+#if SPM_MM
 	ARM_SP_IMAGE_MMAP,
 #endif
-#if ENABLE_SPM && !SPM_MM
+#if ENABLE_SPM
 	PLAT_MAP_SP_PACKAGE_MEM_RW,
 #endif
 #if ARM_BL31_IN_DRAM
@ -127,16 +127,16 @@ const mmap_region_t plat_arm_mmap[] = {
 	MAP_DEVICE0,
 	MAP_DEVICE1,
 	ARM_V2M_MAP_MEM_PROTECT,
-#if ENABLE_SPM && SPM_MM
+#if SPM_MM
 	ARM_SPM_BUF_EL3_MMAP,
 #endif
-#if ENABLE_SPM && !SPM_MM
+#if ENABLE_SPM
 	PLAT_MAP_SP_PACKAGE_MEM_RO,
 #endif
 	{0}
 };

-#if ENABLE_SPM && defined(IMAGE_BL31) && SPM_MM
+#if defined(IMAGE_BL31) && SPM_MM
 const mmap_region_t plat_arm_secure_partition_mmap[] = {
 	V2M_MAP_IOFPGA_EL0, /* for the UART */
 	MAP_REGION_FLAT(DEVICE0_BASE,				\
@ -190,7 +190,7 @@ static unsigned int get_interconnect_master(void)
 }
 #endif

-#if ENABLE_SPM && defined(IMAGE_BL31) && SPM_MM
+#if defined(IMAGE_BL31) && SPM_MM
 /*
 * Boot information passed to a secure partition during initialisation. Linear
 * indices in MP information will be filled at runtime.
--- a/plat/arm/board/fvp/include/platform_def.h
+++ b/plat/arm/board/fvp/include/platform_def.h
@ -61,7 +61,7 @@
 * plat_arm_mmap array defined for each BL stage.
 */
 #if defined(IMAGE_BL31)
-# if ENABLE_SPM
+# if ENABLE_SPM || SPM_MM
 #  define PLAT_ARM_MMAP_ENTRIES		9
 #  define MAX_XLAT_TABLES		9
 #  define PLAT_SP_IMAGE_MMAP_REGIONS	30
@ -116,7 +116,7 @@
 * calculated using the current BL31 PROGBITS debug size plus the sizes of
 * BL2 and BL1-RW
 */
-#if ENABLE_SPM && !SPM_MM
+#if ENABLE_SPM
 #define PLAT_ARM_MAX_BL31_SIZE		UL(0x60000)
 #else
 #define PLAT_ARM_MAX_BL31_SIZE		UL(0x3B000)
--- a/plat/arm/board/fvp/platform.mk
+++ b/plat/arm/board/fvp/platform.mk
@ -282,9 +282,7 @@ else # if AArch64
        BL31_CFLAGS	+=	-DPLAT_XLAT_TABLES_DYNAMIC=1
    endif
    ifeq (${ENABLE_SPM},1)
-        ifeq (${SPM_MM},0)
            BL31_CFLAGS	+=	-DPLAT_XLAT_TABLES_DYNAMIC=1
-        endif
    endif
    ifeq (${SPD},trusty)
        BL31_CFLAGS	+=	-DPLAT_XLAT_TABLES_DYNAMIC=1
--- a/plat/arm/common/aarch64/arm_ehf.c
+++ b/plat/arm/common/aarch64/arm_ehf.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2017-2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -24,7 +24,7 @@ ehf_pri_desc_t arm_exceptions[] = {
 	/* Normal priority SDEI */
 	EHF_PRI_DESC(ARM_PRI_BITS, PLAT_SDEI_NORMAL_PRI),
 #endif
-#if ENABLE_SPM
+#if ENABLE_SPM || SPM_MM
 	EHF_PRI_DESC(ARM_PRI_BITS, PLAT_SP_PRI),
 #endif
 };
--- a/plat/arm/common/arm_common.mk
+++ b/plat/arm/common/arm_common.mk
@ -249,14 +249,12 @@ PLAT_BL_COMMON_SOURCES	+=	plat/arm/common/aarch64/arm_pauth.c	\
 endif

 # SPM uses libfdt in Arm platforms
-ifeq (${SPM_MM},0)
 ifeq (${ENABLE_SPM},1)
 BL31_SOURCES		+=	common/fdt_wrappers.c			\
 				plat/common/plat_spm_rd.c		\
 				plat/common/plat_spm_sp.c		\
 				${LIBFDT_SRCS}
 endif
-endif

 ifneq (${TRUSTED_BOARD_BOOT},0)

--- a/plat/arm/css/sgi/include/sgi_base_platform_def.h
+++ b/plat/arm/css/sgi/include/sgi_base_platform_def.h
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -28,7 +28,7 @@
 * plat_arm_mmap array defined for each BL stage.
 */
 #if defined(IMAGE_BL31)
-# if ENABLE_SPM
+# if ENABLE_SPM || SPM_MM
 #  define PLAT_ARM_MMAP_ENTRIES		9
 #  define MAX_XLAT_TABLES		7
 #  define PLAT_SP_IMAGE_MMAP_REGIONS	7
@ -101,7 +101,7 @@
 #elif defined(IMAGE_BL2U)
 # define PLATFORM_STACK_SIZE 0x400
 #elif defined(IMAGE_BL31)
-# if ENABLE_SPM
+# if ENABLE_SPM || SPM_MM
 #  define PLATFORM_STACK_SIZE 0x500
 # else
 #  define PLATFORM_STACK_SIZE 0x400
--- a/plat/arm/css/sgi/sgi_plat.c
+++ b/plat/arm/css/sgi/sgi_plat.c
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */
@ -46,7 +46,7 @@ const mmap_region_t plat_arm_mmap[] = {
 #if ARM_BL31_IN_DRAM
 	ARM_MAP_BL31_SEC_DRAM,
 #endif
-#if ENABLE_SPM
+#if SPM_MM
 	ARM_SP_IMAGE_MMAP,
 #endif
 #if TRUSTED_BOARD_BOOT && !BL2_AT_EL3
@ -61,13 +61,13 @@ const mmap_region_t plat_arm_mmap[] = {
 	V2M_MAP_IOFPGA,
 	CSS_SGI_MAP_DEVICE,
 	SOC_CSS_MAP_DEVICE,
-#if ENABLE_SPM
+#if SPM_MM
 	ARM_SPM_BUF_EL3_MMAP,
 #endif
 	{0}
 };

-#if ENABLE_SPM && defined(IMAGE_BL31)
+#if SPM_MM && defined(IMAGE_BL31)
 const mmap_region_t plat_arm_secure_partition_mmap[] = {
 	PLAT_ARM_SECURE_MAP_DEVICE,
 	ARM_SP_IMAGE_MMAP,
@ -77,12 +77,12 @@ const mmap_region_t plat_arm_secure_partition_mmap[] = {
 	ARM_SPM_BUF_EL0_MMAP,
 	{0}
 };
-#endif /* ENABLE_SPM && defined(IMAGE_BL31) */
+#endif /* SPM_MM && defined(IMAGE_BL31) */
 #endif

 ARM_CASSERT_MMAP

-#if ENABLE_SPM && defined(IMAGE_BL31)
+#if SPM_MM && defined(IMAGE_BL31)
 /*
 * Boot information passed to a secure partition during initialisation. Linear
 * indices in MP information will be filled at runtime.
@ -130,7 +130,7 @@ const struct secure_partition_boot_info *plat_get_secure_partition_boot_info(
 {
 	return &plat_arm_secure_partition_boot_info;
 }
-#endif /* ENABLE_SPM && defined(IMAGE_BL31) */
+#endif /* SPM_MM && defined(IMAGE_BL31) */

 #if TRUSTED_BOARD_BOOT
 int plat_get_mbedtls_heap(void **heap_addr, size_t *heap_size)
--- a/plat/nvidia/tegra/scat/bl31.scat
+++ b/plat/nvidia/tegra/scat/bl31.scat
@ -95,7 +95,7 @@ LR_RO_DATA +0
 	/* cpu_ops must always be defined */
 	ScatterAssert(ImageLength(__CPU_OPS__) > 0)

-#if ENABLE_SPM
+#if ENABLE_SPM || SPM_MM
 LR_SPM +0
 {
 	/*
--- a/plat/socionext/synquacer/platform.mk
+++ b/plat/socionext/synquacer/platform.mk
@ -1,5 +1,5 @@
 #
-# Copyright (c) 2018, ARM Limited and Contributors. All rights reserved.
+# Copyright (c) 2018-2019, ARM Limited and Contributors. All rights reserved.
 #
 # SPDX-License-Identifier: BSD-3-Clause
 #
@ -57,7 +57,7 @@ BL31_SOURCES		+=	$(PLAT_PATH)/drivers/scp/sq_scmi.c		\
 				drivers/arm/css/mhu/css_mhu_doorbell.c
 endif

-ifeq (${ENABLE_SPM},1)
+ifeq (${SPM_MM},1)
 $(eval $(call add_define,PLAT_EXTRA_LD_SCRIPT))

 BL31_SOURCES		+=	$(PLAT_PATH)/sq_spm.c
--- a/plat/socionext/synquacer/sq_bl31_setup.c
+++ b/plat/socionext/synquacer/sq_bl31_setup.c
@ -159,7 +159,7 @@ void bl31_plat_runtime_setup(void)
 void bl31_plat_arch_setup(void)
 {
 	static const mmap_region_t secure_partition_mmap[] = {
-#if ENABLE_SPM && SPM_MM
+#if SPM_MM
 		MAP_REGION_FLAT(PLAT_SPM_BUF_BASE,
 				PLAT_SPM_BUF_SIZE,
 				MT_RW_DATA | MT_SECURE),
@ -173,7 +173,7 @@ void bl31_plat_arch_setup(void)
 	sq_mmap_setup(BL31_BASE, BL31_SIZE, secure_partition_mmap);
 	enable_mmu_el3(XLAT_TABLE_NC);

-#if ENABLE_SPM && SPM_MM
+#if SPM_MM
 	memcpy((void *)SPM_SHIM_EXCEPTIONS_START,
 	       (void *)SPM_SHIM_EXCEPTIONS_LMA,
 	       (uintptr_t)SPM_SHIM_EXCEPTIONS_END -
--- a/services/std_svc/std_svc_setup.c
+++ b/services/std_svc/std_svc_setup.c
@ -45,7 +45,7 @@ static int32_t std_svc_setup(void)
 		ret = 1;
 	}

-#if ENABLE_SPM
+#if ENABLE_SPM || SPM_MM
 	if (spm_setup() != 0) {
 		ret = 1;
 	}
@ -103,7 +103,7 @@ static uintptr_t std_svc_smc_handler(uint32_t smc_fid,
 		SMC_RET1(handle, ret);
 	}

-#if ENABLE_SPM && SPM_MM
+#if SPM_MM
 	/*
 	 * Dispatch SPM calls to SPM SMC handler and return its return
 	 * value