andrius
/
arm-trusted-firmware
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

feat(rme): add ENABLE_RME build option and support for RMM image 

The changes include:

- A new build option (ENABLE_RME) to enable FEAT_RME

- New image called RMM. RMM is R-EL2 firmware that manages Realms.
  When building TF-A, a path to RMM image can be specified using
  the "RMM" build flag. If RMM image is not provided, TRP is built
  by default and used as RMM image.

- Support for RMM image in fiptool

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25
This commit is contained in:
Zelalem Aweke 2021-07-11 18:33:20 -05:00
parent 434d0491c5
commit 5b18de09e8
10 changed files with 114 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
Makefile
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
# Copyright (c) 2013-2021, Arm Limited and Contributors. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@ -129,6 +129,23 @@ else
$(error Unknown BRANCH_PROTECTION value ${BRANCH_PROTECTION})
endif
# FEAT_RME
ifeq (${ENABLE_RME},1)
# RME doesn't support PIE
ifneq (${ENABLE_PIE},0)
$(error ENABLE_RME does not support PIE)
endif
# RME requires AARCH64
ifneq (${ARCH},aarch64)
$(error ENABLE_RME requires AArch64)
endif
# RME requires el2 context to be saved for now.
CTX_INCLUDE_EL2_REGS := 1
CTX_INCLUDE_AARCH32_REGS := 0
ARM_ARCH_MAJOR := 8
ARM_ARCH_MINOR := 6
endif
# USE_SPINLOCK_CAS requires AArch64 build
ifeq (${USE_SPINLOCK_CAS},1)
ifneq (${ARCH},aarch64)
@ -558,6 +575,18 @@ ifneq (${SPD},none)
# over the sources.
endif
################################################################################
# Include rmmd Makefile if RME is enabled
################################################################################
ifneq (${ENABLE_RME},0)
ifneq (${ARCH},aarch64)
$(error ENABLE_RME requires AArch64)
endif
include services/std_svc/rmmd/rmmd.mk
$(warning "RME is an experimental feature")
endif
################################################################################
# Include the platform specific Makefile after the SPD Makefile (the platform
# makefile may use all previous definitions in this file)
@ -926,6 +955,7 @@ $(eval $(call assert_booleans,\
ENABLE_PIE \
ENABLE_PMF \
ENABLE_PSCI_STAT \
ENABLE_RME \
ENABLE_RUNTIME_INSTRUMENTATION \
ENABLE_SPE_FOR_LOWER_ELS \
ENABLE_SVE_FOR_NS \
@ -1028,6 +1058,7 @@ $(eval $(call add_defines,\
ENABLE_PIE \
ENABLE_PMF \
ENABLE_PSCI_STAT \
ENABLE_RME \
ENABLE_RUNTIME_INSTRUMENTATION \
ENABLE_SPE_FOR_LOWER_ELS \
ENABLE_SVE_FOR_NS \
@ -1194,6 +1225,17 @@ $(if ${BUILD_BL32}, $(eval $(call MAKE_BL,bl32,tos-fw)),\
endif
endif
# If RMM image is needed but RMM is not defined, Test Realm Payload (TRP)
# needs to be built from RMM_SOURCES.
ifeq (${NEED_RMM},yes)
# Sort RMM source files to remove duplicates
RMM_SOURCES := $(sort ${RMM_SOURCES})
BUILD_RMM := $(if $(RMM),,$(if $(RMM_SOURCES),1))
$(if ${BUILD_RMM}, $(eval $(call MAKE_BL,rmm,rmm-fw)),\
$(eval $(call TOOL_ADD_IMG,rmm,--rmm-fw)))
endif
# Add the BL33 image if required by the platform
ifeq (${NEED_BL33},yes)
$(eval $(call TOOL_ADD_IMG,bl33,--nt-fw))

49
bl31/bl31_main.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -35,6 +35,13 @@ PMF_REGISTER_SERVICE_SMC(rt_instr_svc, PMF_RT_INSTR_SVC_ID,
******************************************************************************/
static int32_t (*bl32_init)(void);
/*****************************************************************************
* Function used to initialise RMM if RME is enabled
*****************************************************************************/
#if ENABLE_RME
static int32_t (*rmm_init)(void);
#endif
/*******************************************************************************
* Variable to indicate whether next image to execute after BL31 is BL33
* (non-secure & default) or BL32 (secure).
@ -139,12 +146,15 @@ void bl31_main(void)
/*
* All the cold boot actions on the primary cpu are done. We now need to
* decide which is the next image (BL32 or BL33) and how to execute it.
* decide which is the next image and how to execute it.
* If the SPD runtime service is present, it would want to pass control
* to BL32 first in S-EL1. In that case, SPD would have registered a
* function to initialize bl32 where it takes responsibility of entering
* S-EL1 and returning control back to bl31_main. Once this is done we
* can prepare entry into BL33 as normal.
* S-EL1 and returning control back to bl31_main. Similarly, if RME is
* enabled and a function is registered to initialize RMM, control is
* transferred to RMM in R-EL2. After RMM initialization, control is
* returned back to bl31_main. Once this is done we can prepare entry
* into BL33 as normal.
*/
/*
@ -155,9 +165,27 @@ void bl31_main(void)
int32_t rc = (*bl32_init)();
if (rc == 0)
if (rc == 0) {
WARN("BL31: BL32 initialization failed\n");
}
}
/*
* If RME is enabled and init hook is registered, initialize RMM
* in R-EL2.
*/
#if ENABLE_RME
if (rmm_init != NULL) {
INFO("BL31: Initializing RMM\n");
int32_t rc = (*rmm_init)();
if (rc == 0) {
WARN("BL31: RMM initialization failed\n");
}
}
#endif
/*
* We are ready to enter the next EL. Prepare entry into the image
* corresponding to the desired security state after the next ERET.
@ -236,3 +264,14 @@ void bl31_register_bl32_init(int32_t (*func)(void))
{
bl32_init = func;
}
#if ENABLE_RME
/*******************************************************************************
* This function initializes the pointer to RMM init function. This is expected
* to be called by the RMMD after it finishes all its initialization
******************************************************************************/
void bl31_register_rmm_init(int32_t (*func)(void))
{
rmm_init = func;
}
#endif

4
docs/getting_started/build-options.rst
View File

@ -271,6 +271,10 @@ Common build options
be enabled. If ``ENABLE_PMF`` is set, the residency statistics are tracked in
software.
- ``ENABLE_RME``: Boolean option to enable support for the ARMv9 Realm
Management Extension. Default value is 0. This is currently an experimental
feature.
- ``ENABLE_RUNTIME_INSTRUMENTATION``: Boolean option to enable runtime
instrumentation which injects timestamp collection points into TF-A to
allow runtime performance to be measured. Currently, only PSCI is

3
include/bl31/bl31.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013-2019, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -19,6 +19,7 @@ void bl31_set_next_image_type(uint32_t security_state);
uint32_t bl31_get_next_image_type(void);
void bl31_prepare_next_image_entry(void);
void bl31_register_bl32_init(int32_t (*func)(void));
void bl31_register_rmm_init(int32_t (*func)(void));
void bl31_warm_entrypoint(void);
void bl31_main(void);
void bl31_lib_init(void);

4
include/common/bl_common.h
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013-2020, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2013-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -126,6 +126,8 @@ IMPORT_SYM(uintptr_t, __BL31_START__, BL31_START);
IMPORT_SYM(uintptr_t, __BL31_END__, BL31_END);
#elif defined(IMAGE_BL32)
IMPORT_SYM(uintptr_t, __BL32_END__, BL32_END);
#elif defined(IMAGE_RMM)
IMPORT_SYM(uintptr_t, __RMM_END__, RMM_END);
#endif /* IMAGE_BLX */
/* The following symbols are only exported from the BL2 at EL3 linker script. */

5
include/export/common/tbbr/tbbr_img_def_exp.h
View File

@ -101,7 +101,10 @@
*/
#define BKUP_FWU_METADATA_IMAGE_ID U(33)
/* Realm Monitor Manager (RMM) */
#define RMM_IMAGE_ID U(34)
/* Max Images */
#define MAX_IMAGE_IDS U(34)
#define MAX_IMAGE_IDS U(35)
#endif /* ARM_TRUSTED_FIRMWARE_EXPORT_COMMON_TBBR_TBBR_IMG_DEF_EXP_H */

2
include/tools_share/firmware_image_package.h
View File

@ -38,6 +38,8 @@
{{0x8e, 0xa8, 0x7b, 0xb1}, {0xcf, 0xa2}, {0x3f, 0x4d}, 0x85, 0xfd, {0xe7, 0xbb, 0xa5, 0x02, 0x20, 0xd9} }
#define UUID_NON_TRUSTED_FIRMWARE_BL33 \
{{0xd6, 0xd0, 0xee, 0xa7}, {0xfc, 0xea}, {0xd5, 0x4b}, 0x97, 0x82, {0x99, 0x34, 0xf2, 0x34, 0xb6, 0xe4} }
#define UUID_REALM_MONITOR_MGMT_FIRMWARE \
{{0x6c, 0x07, 0x62, 0xa6}, {0x12, 0xf2}, {0x4b, 0x56}, 0x92, 0xcb, {0xba, 0x8f, 0x63, 0x36, 0x06, 0xd9} }
/* Key certificates */
#define UUID_ROT_KEY_CERT \
{{0x86, 0x2d, 0x1d, 0x72}, {0xf8, 0x60}, {0xe4, 0x11}, 0x92, 0x0b, {0x8b, 0xe7, 0x62, 0x16, 0x0f, 0x24} }

5
make_helpers/defaults.mk
View File

@ -1,5 +1,5 @@
#
# Copyright (c) 2016-2021, ARM Limited. All rights reserved.
# Copyright (c) 2016-2021, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: BSD-3-Clause
#
@ -105,6 +105,9 @@ ENABLE_PMF := 0
# Flag to enable PSCI STATs functionality
ENABLE_PSCI_STAT := 0
# Flag to enable Realm Management Extension (FEAT_RME)
ENABLE_RME := 0
# Flag to enable runtime instrumentation using PMF
ENABLE_RUNTIME_INSTRUMENTATION := 0

2
services/std_svc/rmmd/rmmd.mk
View File

@ -14,3 +14,5 @@ RMMD_SOURCES += $(addprefix services/std_svc/rmmd/, \
${ARCH}/rmmd_helpers.S \
rmmd_main.c)
# Let the top-level Makefile know that we intend to include RMM image
NEED_RMM := yes

7
tools/fiptool/tbbr_config.c
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2016-2020, ARM Limited and Contributors. All rights reserved.
* Copyright (c) 2016-2021, ARM Limited and Contributors. All rights reserved.
*
* SPDX-License-Identifier: BSD-3-Clause
*/
@ -67,6 +67,11 @@ toc_entry_t toc_entries[] = {
.uuid = UUID_NON_TRUSTED_FIRMWARE_BL33,
.cmdline_name = "nt-fw"
},
{
.name = "Realm Monitor Management Firmware",
.uuid = UUID_REALM_MONITOR_MGMT_FIRMWARE,
.cmdline_name = "rmm-fw"
},
/* Dynamic Configs */
{
.name = "FW_CONFIG",