Commit Graph

362 Commits

Author SHA1 Message Date
Robert Wakim 6a00e9b0c8 fix(gpt_rme): rework delegating/undelegating sequence
The previous delegating/undelegating sequence was incorrect as per the
specification DDI0615, "Architecture Reference Manual Supplement, The
Realm  Management Extension (RME), for Armv9-A" Sections A1.1.1 and
A1.1.2

Off topic:
 - cleaning the gpt_is_gpi_valid and gpt_check_pass_overlap

Change-Id: Idb64d0a2e6204f1708951137062847938ab5e0ac
Signed-off-by: Robert Wakim <robert.wakim@arm.com>
2022-03-09 16:08:42 +01:00
Olivier Deprez b298d4df5e Merge "feat(ff-a): forward FFA_VERSION from SPMD to SPMC" into integration 2022-03-04 13:22:45 +01:00
Federico Recanati c2eba07c47 feat(spm): add FFA_MSG_SEND2 forwarding in SPMD
Add FF-A v1.1 indirect messaging ABI FFA_MSG_SEND2 to SPMD to allow
message forwarding across normal/secure worlds.

Change-Id: I074fbd2e4d13893925f987cee271d49da3aaf64b
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
2022-02-14 13:34:49 +01:00
Daniel Boulby 9944f55761 feat(ff-a): forward FFA_VERSION from SPMD to SPMC
Introduced by FF-A v1.1 we must forward a call to FFA_VERSION
to the SPMC so that the ffa version of the caller can be stored
for later use. Since the return of FFA_VERSION is not wrapped in
a FF-A call we need to  use a direct message request to do this
forwarding. For the spmd_handler in the SPMC to hand off to the
correct function we use w2 to specify a target framework function.
Therefore we must update PSCI CPU_OFF to do this as well.

Change-Id: Ibaa6832b66f1597b3d65aa8986034f0c5916016d
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2022-02-03 14:02:42 +00:00
Bipin Ravi 9697e4596c Merge "fix(trp): Distinguish between cold and warm boot" into integration 2021-12-22 21:13:03 +01:00
Mark Dykes 00e8113145 fix(trp): Distinguish between cold and warm boot
The original design prevented the primary CPU from doing a
warm boot sequence. This patch allows the primary to do warm
boot as well.

Signed-off-by: Mark Dykes <mark.dykes@arm.com>
Change-Id: I6baa50c3dff3051ff8b3e5a922d340634f651867
2021-12-14 10:24:24 -06:00
Alexei Fedorov 3082a33017 Merge "fix(rmmd/sve): enable/disable SVE/FPU for Realms" into integration 2021-12-10 13:28:48 +01:00
Subhasish Ghosh a4cc85c129 fix(rmmd/sve): enable/disable SVE/FPU for Realms
This patch enable/disable SVE/FPU for Realms depending
upon it's state in NS.

When this feature is enabled, traps to EL3 on SVE/FPU access from
Realms are disabled. However, RMM must ensure that the Realm <-> NS
SVE/FPU registers are not corrupted by each other and Realms do
not leak information to NS.

Change-Id: I0a27a055787976507017b72879ba6458f066624e
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
2021-12-09 15:56:55 +00:00
Subhasish Ghosh b9fd2d3ce3 fix(rmmd): align RMI and GTSI FIDs with SMCCC
This patch allocates the RMI and GTSI FIDs from the reserved
range in Standard Secure Service call range of SMCCC.

Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I82e77778882194c2a78ca6340788d53bab7c3a50
2021-12-08 10:15:21 +00:00
Soby Mathew 11578303fd fix(rmmd): preserve x4-x7 as per SMCCCv1.1
The RMI command handling in RMMD did not preserve x4 to x7 when
returning to NS caller. Although this is allowed for SMCCCv1.0, this is
not correct as per v1.1. This fixes the same by differentiating the
onward and backward path during SMC handling.

This patch also fixes an issue with the backward path wherein the first
argument was being truncated to 32 bits.

Change-Id: Ibc85d574d5a2178a763975ddb32e456a12e7dc88
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2021-11-24 19:26:51 +02:00
Manish Pandey 4333f95bed fix(spm_mm): do not compile if SVE/SME is enabled
As spm_mm cannot handle SVE/SME usage in NS world so its better to give
compilation error when ENABLE_SVE_FOR_NS=1 or ENABLE_SME_FOR_NS=1.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I69dbb272ca681bb020501342008eda20d4c0b096
2021-11-16 16:06:33 +00:00
johpow01 dc78e62d80 feat(sme): enable SME functionality
This patch adds two new compile time options to enable SME in TF-A:
ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and
secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable
SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions
in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these
traps, but support for SME context management does not yet exist in
SPM so building with SPD=spmd will fail.

The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot
be used with SME as it is a superset of SVE and will enable SVE and
FPU/SIMD along with SME.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-11-12 10:38:00 -06:00
Manish Pandey b6b486f383 Merge "fix(sdei): fix assert while kdump issue" into integration 2021-11-10 14:20:48 +01:00
Manish Pandey 2461bd3a89 fix(gpt_rme): use correct print format for uint64_t
sha 4ce3e99a3 introduced printf format specifiers for fixed width
types, which uses PRI*64 instead of "ll" for 64 bit values.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I30472411467061d58cc6ee22407ed3bad2552751
2021-11-09 20:58:03 +00:00
Olivier Deprez 0c23e6f44d fix(spmd): error macro to use correct print format
Following merge of [1] then [2] broke the build because of an incorrect
format specifier in an ERROR macro. Fix to use the correct print format.

[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5437
[2] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9211

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I14d4c31091f6a5f4c3252f6d810e9d2bb2f545c4
2021-11-09 15:44:24 +01:00
Olivier Deprez a127b99d5a Merge "feat(SPMD): route secure interrupts to SPMC" into integration 2021-11-09 11:57:30 +01:00
Manish Pandey 28623c102d Merge "fix: libc: use long for 64-bit types on aarch64" into integration 2021-11-08 21:34:42 +01:00
Scott Branden 4ce3e99a33 fix: libc: use long for 64-bit types on aarch64
Use long instead of long long on aarch64 for 64_t stdint types.
Introduce inttypes.h to properly support printf format specifiers for
fixed width types for such change.

Change-Id: I0bca594687a996fde0a9702d7a383055b99f10a1
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
2021-11-08 14:41:17 +00:00
J-Alves 96b71eb959 feat(ff-a): feature retrieval through FFA_FEATURES call
Updated FFA_FEATURES according to FF-A v1.1 in SPMC can also be used
to retrieve feature information, and should now accept other arguments
than just FF-A call IDs.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I02cc24a31ab3092ec1ce6fed1a9649ffe7136782
2021-11-05 16:44:31 +00:00
Ming Huang d39db2695b fix(sdei): fix assert while kdump issue
Assert condition:
1 Register secure timer(ppi=29) for sdei nmi watchdog;
2 kernel panic and then kdump;
While kdump, kernel mask all cores sdei, secure timer trigger
and go to handle_masked_trigger() and assert here:
assert(se->affinity == my_mpidr);

As kernel register with flag=0, mpidr=0 and TF-A set flag to
SDEI_REGF_RM_PE but leave mpidr=0. So set mpidr to fix his
assert issue.

Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: Ia9182f40bde94fb004b46e2a72b186eb0ef05166
2021-11-05 18:53:44 +08:00
Olivier Deprez 8cb99c3fc3 feat(SPMD): route secure interrupts to SPMC
Define a handler in the SPMD to route secure interrupts occurring while
the normal world runs. On a Group1 Secure interrupt (with a GICv3 or a
Group0 interrupt on GICv2), the normal world is pre-empted to EL3 and
redirected to the SPMD/SPMC for further handling.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I1350d74048c5549a2af8da0ba004c08512cc006a
2021-11-03 15:42:21 -05:00
Vasyl Gomonovych 6b94356b57 fix(sdei): print event number in hex format
SDEI specified event numbers in hexadecimal format.
Change event number format to hexadecimal to make
it easier for the reader to recognize the proper event.

Change-Id: Iac7a91d0910316e0ad54a8f09bc17209e8c6adf6
Signed-off-by: Vasyl Gomonovych <vgomonovych@marvell.com>
2021-10-22 13:45:06 +01:00
johpow01 f19dc624a1 refactor(gpt): productize and refactor GPT library
This patch updates and refactors the GPT library and fixes bugs.

- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
  GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
  and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919
2021-10-05 16:24:57 -05:00
Zelalem Aweke 5b18de09e8 feat(rme): add ENABLE_RME build option and support for RMM image
The changes include:

- A new build option (ENABLE_RME) to enable FEAT_RME

- New image called RMM. RMM is R-EL2 firmware that manages Realms.
  When building TF-A, a path to RMM image can be specified using
  the "RMM" build flag. If RMM image is not provided, TRP is built
  by default and used as RMM image.

- Support for RMM image in fiptool

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25
2021-10-05 11:49:59 -05:00
Zelalem Aweke 50a3056a3c feat(rme): add Test Realm Payload (TRP)
TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of Realm VMs and their
interaction with the hypervisor in Normal world.

TRP is used to test the interface between RMM and Normal world
software, known as Realm Management Interface (RMI). Current
functions includes returning RMM version and transitioning
granules from Non-secure to Realm world and vice versa.

More information about RMM can be found at:
https://developer.arm.com/documentation/den0125/latest

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ic7b9a1e1f3142ef6458d40150d0b4ba6bd723ea2
2021-10-05 18:41:07 +02:00
Zelalem Aweke 77c2775323 feat(rme): add RMM dispatcher (RMMD)
This patch introduces the RMM dispatcher into BL31. This
will be the mechanism that will enable communication to
take place between the Realm and non-secure world. Currently
gives the capability for granules to be
transitioned from non-secure type to realm and vice versa.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I1fdc99a4bdd42bc14911aa0c6954b131de309511
2021-10-05 11:34:53 -05:00
Olivier Deprez c7c22ab662 Merge "feat(ff-a): adding notifications SMC IDs" into integration 2021-09-27 16:54:53 +02:00
J-Alves fc3f480023 feat(ff-a): adding notifications SMC IDs
Defining SMC IDs for FF-A v1.1 notifications functionality, and adding
them to SPMD SMC handler, to ensure calls are forwarded to the SPMC.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Icc88aded0fd33507f7795e996bd4ff1c2fe679c8
2021-09-16 14:59:21 +01:00
Olivier Deprez f2dcf41826 refactor(spmd): boot interface and pass core id
This change refactors the SPMD to setup SPMC CPU contexts once and early
from spmd_spmc_init (single call to cm_setup_context rather than on each
and every warm boot).
Pass the core linear ID through a GP register as an implementation
defined behavior helping FF-A adoption to legacy TOSes (essentially
when secure virtualization is not used).

A first version of this change was originally submitted by Lukas [1].
Pasting below the original justification:

Our TEE, Kinibi, is used to receive the core linear ID in the x3
register of booting secondary cores.
This patch is necessary to bring up secondary cores with Kinibi as an
SPMC in SEL1.

In Kinibi, the TEE is mostly platform-independent and all platform-
specifics like topology is concentrated in TF-A of our customers.
That is why we don't have the MPIDR - linear ID mapping in Kinibi.
We need the correct linear ID to program the GICv2 target register,
for example in power management case.
It is not needed on GICv3/v4, because of using a fixed mapping from
MPIDR to ICDIPTR/GICD_ITARGETSRn register.

For debug and power management purpose, we also want a unified view to
linear id between Linux and the TEE.
E.g. to disable a core, to see what cores are printing a trace /
an event.

In the past, Kinibi had several other designs, but the complexity was
getting out of control:
* Platform-specific assembler macros in the kernel.
* A per-core SMC from Linux to tell the linear ID after the boot.
* With DynamiQ, it seems SIPs were playing with MPIDR register values,
  reusing them between cores and changing them during boot.

[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/10235

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Change-Id: Ifa8fa208e9b8eb1642c80b5f7b54152dadafa75e
2021-09-09 16:51:17 +02:00
Ming Huang d21f1ddb71 services: Fix pmr_el1 rewrote issue in sdei_disaptch_event()
Consider a RAS scenario:
Enter EL3 by sync exception, then call spm_mm_sp_call() enter
EL0s to handle this error, then call sdei_dispatch_event() to
inform OS. Finally, return back to OS from sync exception flow.
Similar flow is sgi_ras_intr_handler() in sgi_ras.c.

The icc_pmr_el1 register will be change in above flow:
1 cm_el1_sysregs_context_save(NON_SECURE);
  -> ehf_exited_normal_world();
    ##icc_pmr_el1: 0xf8 => 0x80
2 spm_mm_sp_call();
3 sdei_dispatch_event();
4 ehf_activate_priority(sdei_event_priority(map));
    ##icc_pmr_el1: 0x80 => 0x60
5 restore_and_resume_ns_context();
  -> ehf_exited_normal_world();
     ##return due to has_valid_pri_activations(pe_data) == 1
6 ehf_deactivate_priority(sdei_event_priority(map));
    ##icc_pmr_el1: 0x60 => 0x80
The icc_pmr_el1 was rewrote from 0xf8 to 0x80. This issue will
result in OS hang when eret to OS from RAS flow.

Move ehf_activate_priority(sdei_event_priority(map)) after
restore_and_resume_ns_context() can fix this issue.

Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: If01ec55cf0aabf1594dece1ad50d3ec3406cdabc
2021-07-28 11:12:44 +02:00
Daniel Boulby 37596fcb43 fix(sdei): set SPSR for SDEI based on TakeException
The SDEI specification now says that during an SDEI
event handler dispatch the SPSR should be set according
to the TakeException() pseudocode function defined in
the Arm Architecture Reference Manual. This patch sets
the SPSR according to the function given in
ARM DDI 0487F.c page J1-7635

Change-Id: Id2f8f2464fd69c701d81626162827e5c4449b658
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2021-07-23 13:20:28 +01:00
Olivier Deprez 967344b520 Merge "feat(spmd): add support for FFA_SPM_ID_GET" into integration 2021-06-18 17:28:39 +02:00
Olivier Deprez 678ce2237c perf(spmd): omit sel1 context save if sel2 present
The SPMC at S-EL2 manages S-EL1 execution contexts for SPs. The
currently running SP vCPU state is always saved when the SPMC exits to
SPMD. A fresh vCPU context is always restored when the SPMC is entered
from the SPMD and a SP resumed. For performance optimization reasons
this permits omitting the saving/restoring of the S-EL1 context from
within the EL3 SPMD on entering/exiting the SPMC. The S-EL2 SPMC and
NS-EL1 context save/restore remain done in the SPMD.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I66413ed5983913791ff5c9fc03c590ee65c6ccd7
2021-06-03 09:31:24 +02:00
Manish Pandey e55d12b7eb Merge changes from topic "Arm_PCI_Config_Space_Interface" into integration
* changes:
  TF-A: Document SMC_PCI_SUPPORT option
  SMCCC/PCI: Handle std svc boilerplate
  SMCCC/PCI: Add initial PCI conduit definitions
  SMCCC: Hoist SMC_32 sanitization
2021-05-27 09:49:10 +02:00
Jeremy Linton 1cdf1eb875 SMCCC/PCI: Handle std svc boilerplate
Add SMC wrappers for handshaking the existence
and basic parameter validation for the SMCCC/PCI
API. The actual read/write/segment validation is
implemented by a given platform which will enable
the API by defining SMC_PCI_SUPPORT.

Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Change-Id: I4485ad0fe6003cec6f5eedef688914d100513c21
2021-05-25 14:49:08 +02:00
Jeremy Linton 475333c8a9 SMCCC: Hoist SMC_32 sanitization
The SMCCC, part 3 indicates that only the bottom
32-bits of a 32-bit SMC call are valid. The upper
bits must be zero. Lets enforce that so standard
service code can assume its been called that way.

Signed-off-by: Jeremy Linton <jeremy.linton@arm.com>
Change-Id: I1bac50fbdc3b6ddca5fe2d1d1f96166a65ac4eb4
2021-05-25 14:48:56 +02:00
Daniel Boulby 70c121a258 feat(spmd): add support for FFA_SPM_ID_GET
Handle calls to the FFA_SPM_ID_GET interface. If FFA_SPM_ID_GET is
invoked from the non-secure physical FF-A instance, return the SPMC id
(defined in the SPMC manifest). If FFA_SPM_ID_GET is invoked from
the secure physical FF-A instance (e.g. the SPMC), return the SPMD id.

Change-Id: Id6d4e96b1da2510386d344e09c4553dba01227ec
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2021-05-13 10:43:49 +01:00
Andre Przywara 67fad514ee fix(services): drop warning on unimplemented calls
Standard Secure Services, complying to the SMCCC specification, are
discoverable: Any user can do the SMC call, and derive from the return
value (-1) if the service is implemented. Consequently we should not
*warn* if BL31 does not implement a service, as some services (TRNG, for
instance) might never be implemented for devices, as they are lacking
hardware.

Short of dropping the existing warning message altogether, change the
level to VERBOSE, which should prevent it actually being printed in
normal situations.

This removes the pointless TF-A messages on the console when booting
Linux, as modern kernels now call the SOCID and the TRNG service
unconditionally.

Change-Id: I08b0b02e0f46322ebe0b40b3991c3c9b5bed4f97
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2021-05-04 10:30:15 +01:00
Olivier Deprez 89a05821ec Merge changes from topic "od/ns-interrupts" into integration
* changes:
  spmd: add FFA_INTERRUPT forwarding
  doc: spm: update messaging method field
2021-04-21 07:19:00 +02:00
Olivier Deprez 386dc36543 spmd: add FFA_INTERRUPT forwarding
In the case of a SP pre-empted by a non-secure interrupt, the SPMC
returns to the SPMD through the FFA_INTERRUPT ABI. It is then forwarded
to the normal world driver hinting the SP has to be resumed after the
non-secure interrupt has been serviced.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I51a694dddcb8ea30fa84e1f11d018bc2abec0a56
2021-04-20 21:24:44 +02:00
Mayur Gudmeti 21583a315a services: spm_mm: Use sp_boot_info to set SP context
The current SPM_MM implementations expects the SP image addresses
as static macros. This means platforms wanting to use dynamically
allocated memory addresses are left out. This patch gets sp_boot_info
at the beginning of spm_sp_setup function and uses member variables
of sp_boot_info to setup the context. So member variables of
struct sp_boot_info and consequently the context can be initialized
by static macros or dynamiclly allocated memory address..

Change-Id: I1cb75190ab8026b845ae20a9c6cc416945b5d7b9
Signed-off-by: Mayur Gudmeti <mgudmeti@nvidia.com>
2021-04-19 18:28:07 +02:00
J-Alves e46b2fd210 SPM: Fix error codes size in SPMD handler
FF-A specification states that error codes should be typed int32_t.
SPMD's uses uint64_t for return values, which if assigned with a signed
type would have sign extension, and change the size of the return from
32-bit to 64-bit.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I288ab2ffec8330a2fe1f21df14e22c34bd83ced3
2021-03-19 15:07:46 +01:00
Olivier Deprez 473ced5670 SPMD: lock the g_spmd_pm structure
Add a lock and spin lock/unlock calls when accessing the fields of the
SPMD PM structure.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9bab705564dc1ba003c29512b1f9be5f126fbb0d
2021-03-15 12:29:19 +01:00
Olivier Deprez cdb49d475e FF-A: implement FFA_SECONDARY_EP_REGISTER
Remove the former impdef SPMD service for SPMC entry point
registration. Replace with FFA_SECONDARY_EP_REGISTER ABI
providing a single entry point address into the SPMC for
primary and secondary cold boot.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I067adeec25fc12cdae90c15a616903b4ac4d4d83
2021-03-15 12:29:11 +01:00
Tony Xie 6ccbcff502 SDEI: updata the affinity of shared event
when updata routing of an SDEI event, if the registration flags
is SDEI_REGF_RM_PE, need to updata the affinity of shared event.

Signed-off-by: Tony Xie <tony.xie@rock-chips.com>
Change-Id: Ie5d7cc4199253f6af1c28b407f712caac3092d06
2021-03-05 21:33:58 +01:00
Max Shvetsov f36e62e3c7 Revert "spmd: ensure SIMD context is saved/restored on SPMC entry/exit"
This reverts commit bedb13f509.
SIMD context is now saved in S-EL2 as opposed to EL3, see commit:
https://review.trustedfirmware.org/c/hafnium/hafnium/+/8321

Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Ic81416464ffada1a6348d0abdcf3adc7c1879e61
2021-02-18 17:45:20 +00:00
Olivier Deprez bedb13f509 spmd: ensure SIMD context is saved/restored on SPMC entry/exit
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I8ed58ec5f97e05d91451020a2739464bb8e428b3
2021-02-12 10:54:08 +00:00
Andre Przywara 323b6c6305 services: TRNG: Fix -O0 compilation
The code to check for the presence of the TRNG service relies on
toolchain garbage collection, which is not enabled with -O0.

Add #ifdef guards around the call to the TRNG service handler to
cover builds without optimisation as well.

Change-Id: I08ece2005ea1c8fa96afa13904a851dec6b24216
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2021-02-10 17:34:45 +00:00
Jimmy Brisson 7dfb99118e Add TRNG Firmware Interface service
This adds the TRNG Firmware Interface Service to the standard
service dispatcher. This includes a method for dispatching entropy
requests to platforms and includes an entropy pool implementation to
avoid dropping any entropy requested from the platform.

Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2021-02-05 11:49:18 +00:00
Alexei Fedorov a83103c824 Aarch64: Add support for FEAT_PANx extensions
This patch provides the changes listed below:
- Adds new bit fields definitions for SCTLR_EL1/2 registers
- Corrects the name of SCTLR_EL1/2.[20] bit field from
SCTLR_UWXN_BIT to SCTLR_TSCXT_BIT
- Adds FEAT_PANx bit field definitions and their possible
values for ID_AA64MMFR1_EL1 register.
- Adds setting of SCTLR_EL1.SPAN bit to preserve PSTATE.PAN
on taking an exception to EL1 in spm_sp_setup() function
(services\std_svc\spm_mm\spm_mm_setup.c)

Change-Id: If51f20e7995c649126a7728a4d0867041fdade19
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
2020-11-30 15:24:52 +00:00
Andre Przywara 6e4da01ffb spmd: Fix signedness comparison warning
With -Wsign-compare, compilers issue a warning in the SPMD code:
====================
services/std_svc/spmd/spmd_pm.c:35:22: error: comparison of integer
expressions of different signedness: 'int' and 'unsigned int'
[-Werror=sign-compare]
   35 |  if ((id < 0) || (id >= PLATFORM_CORE_COUNT)) {
      |                      ^~
cc1: all warnings being treated as errors
====================

Since we just established that "id" is positive, we can safely cast it
to an unsigned type to make the comparison have matching types.

Change-Id: I6ef24804c88136d7e3f15de008e4fea854f10ffe
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
2020-10-02 12:14:02 +00:00
Mark Dykes 80f823b727 Merge "spmd: remove assert for SPMC PC value" into integration 2020-09-17 19:48:27 +00:00
Max Shvetsov f7fb0bf77f Fix: fixing coverity issue for SPM Core.
spmd_get_context_by_mpidr was using potentially negative value as an
array index. plat_core_pos_by_mpidr could return -1 on failure which is
utilized by some platforms.

Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I7f8827e77f18da389c9cafdc1fc841aba9f03120
2020-09-07 16:16:35 +01:00
Varun Wadekar 75e1dfa038 spmd: remove assert for SPMC PC value
This patch removes the assert that expects the SPMC PC
value to be same as BL32_BASE. This assumption is not
true for all platforms e.g. Tegra, and so will be removed
from the SPMD.

Platforms can always add this check to the platform files,
if required.

Change-Id: Ic40620b43d160feb4f72f4af18e6d01861d4bf37
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
2020-09-01 15:17:11 -07:00
Ruari Phipps 545b8eb33e SPMD: Dont forward PARTITION_INFO_GET from secure FF-A instance
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com>
Change-Id: I4e9fbfcfda4ed4b87d5ece1c609c57c73d617d4c
2020-08-21 14:21:51 +00:00
Olivier Deprez 02d50bb018 SPMC: embed secondary core ep info into to SPMC context
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Icdb15b8664fb3467ffd55b44d1f0660457192586
2020-08-20 18:06:06 +01:00
Olivier Deprez a92bc73b8e SPMD: secondary cores PM on and off SPD hooks relayed to SPMC
Define SPMD PM hooks for warm boot and off events. svc_on_finish handler
enters the SPMC at the entry point defined by the secondary EP register
service. The svc_off handler notifies the SPMC that a physical core is
being turned off through a notification message.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2609a75a0c6ffb9f6313fc09553be2b29a41de59
2020-08-20 18:06:06 +01:00
Olivier Deprez f0d743dbcd SPMD: handle SPMC message to register secondary core entry point
Upon booting, the SPMC running on the primary core shall register the
secondary core entry points to which a given secondary core being woken
up shall jump to into the SPMC . The current implementation assumes the
SPMC calls a registering service implemented in the SPMD for each core
identified by its MPIDR. This can typically happen in a simple loop
implemented in the early SPMC initialization routines by passing each
core identifier associated with an entry point address and context
information.
This service is implemented on top of a more generic SPMC<=>SPMD
interface using direct request/response message passing as defined by
the FF-A specification.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I1f70163b6b5cee0880bd2004e1fec41e3780ba35
2020-08-20 18:06:06 +01:00
Olivier Deprez c2901419b5 SPMD: introduce SPMC to SPMD messages
FF-A interface to handle SPMC to SPMD direct messages requests.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Ia707a308c55561a31dcfa86e554ea1c9e23f862a
2020-08-20 18:06:06 +01:00
Olivier Deprez a334c4e691 SPMD: register the SPD PM hooks
Change-Id: If88d64c0e3d60accd2638a55f9f3299ec700a8c8
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
2020-08-20 18:06:06 +01:00
Olivier Deprez b058f20a7e SPMD: add generic SPD PM handlers
This patch defines and registers the SPMD PM handler hooks.
This is intended to relay boot and PM events to the SPMC.

Change-Id: If5a758d22b8d2152cbbb83a0cad563b5e1c6bd49
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
2020-08-20 18:06:06 +01:00
Olivier Deprez 9dcf63dd8b SPMD: enhance SPMC internal boot states
This patch adds SPMC states used by the SPMD to track SPMC boot phases
specifically on secondary cores.

Change-Id: If97af7352dda7f04a8e46a56892a2aeddcfab91b
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
2020-08-20 18:06:06 +01:00
Olivier Deprez c0267cc994 SPMD: entry point info get helper
This patch provides a helper to get the entry_point_info
structure used by the boot CPU as it is used to initialise
the SPMC context on secondary CPUs.

Change-Id: I99087dc7a86a7258e545d24a2ff06aa25170f00c
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
2020-08-20 18:06:06 +01:00
J-Alves 4388f28f0f FFA Version interface update
Change handler of FFA version interface:
- Return SPMD's version if the origin of the call is secure;
- Return SPMC's version if origin is non-secure.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I0d1554da79b72b1e02da6cc363a2288119c32f44
2020-06-23 15:08:48 +01:00
Masahisa Kojima 0922e481e5 xlat_tables_v2: add base table section name parameter for spm_mm
Core spm_mm code expects the translation tables are located in the
inner & outer WBWA & shareable memory.
REGISTER_XLAT_CONTEXT2 macro is used to specify the translation
table section in spm_mm.

In the commit 363830df1c (xlat_tables_v2: merge
REGISTER_XLAT_CONTEXT_{FULL_SPEC,RO_BASE_TABLE}), REGISTER_XLAT_CONTEXT2
macro explicitly specifies the base xlat table goes into .bss by default.
This change affects the existing SynQuacer spm_mm implementation.
plat/socionext/synquacer/include/plat.ld.S linker script intends to
locate ".bss.sp_base_xlat_table" into "sp_xlat_table" section,
but this implementation is no longer available.

This patch adds the base table section name parameter for
REGISTER_XLAT_CONTEXT2 so that platform can specify the
inner & outer WBWA & shareable memory for spm_mm base xlat table.
If PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME is not defined, base xlat table
goes into .bss by default, the result is same as before.

Change-Id: Ie0e1a235e5bd4288dc376f582d6c44c5df6d31b2
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
2020-06-02 14:53:06 +09:00
J-Alves 662af36d9c SPCI is now called PSA FF-A
SPCI is renamed as PSA FF-A which stands for Platform Security
Architecture Firmware Framework for A class processors.
This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
or simply FFA(in code).

Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
Signed-off-by: J-Alves <joao.alves@arm.com>
2020-05-25 08:55:36 +00:00
Balint Dobszay cbf9e84a19 plat/arm/fvp: Support performing SDEI platform setup in runtime
This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.

Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
2020-05-15 10:05:06 -05:00
Olivier Deprez 23d5ba86bd SPMD: extract SPMC DTB header size from SPMD
Currently BL2 passes TOS_FW_CONFIG address and size through registers to
BL31. This corresponds to SPMC manifest load address and size. The SPMC
manifest is mapped in BL31 by dynamic mapping. This patch removes BL2
changes from generic code (which were enclosed by SPD=spmd) and retrieves
SPMC manifest size directly from within SPMD. The SPMC manifest load
address is still passed through a register by generic code.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I35c5abd95c616ae25677302f0b1d0c45c51c042f
2020-05-13 08:08:39 +02:00
Olivier Deprez 52696946ab SPMD: code/comments cleanup
As a follow-up to bdd2596d4, and related to SPM Dispatcher
EL3 component and SPM Core S-EL2/S-EL1 component: update
with cosmetic and coding rules changes. In addition:
-Add Armv8.4-SecEL2 arch detection helper.
-Add an SPMC context (on current core) get helper.
-Return more meaningful error return codes.
-Remove complexity in few spmd_smc_handler switch-cases.
-Remove unused defines and structures from spmd_private.h

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I99e642450b0dafb19d3218a2f0e2d3107e8ca3fe
2020-05-13 08:08:39 +02:00
Max Shvetsov ac03ac5ebb SPMD: Add support for SPCI_ID_GET
This patch introduces the `SPCI_ID_GET` interface which will return the
ID of the calling SPCI component. Returns 0 for requests from the
non-secure world and the SPCI component ID as specified in the manifest
for secure world requests.

Change-Id: Icf81eb1d0e1d7d5c521571e04972b6e2d356e0d1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
2020-03-12 16:59:29 +00:00
Max Shvetsov 033039f8e5 SPMD: add command line parameter to run SPM at S-EL2 or S-EL1
Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.

Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
2020-03-03 11:38:36 +00:00
Olivier Deprez 93ff138b59 SPMD: smc handler qualify secure origin using booleans
Change-Id: Icc8f73660453a2cbb2241583684b615d5d1af9d4
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
2020-03-03 11:38:36 +00:00
Max Shvetsov 0f14d02f8f SPMD: SPMC init, SMC handler cosmetic changes
Change-Id: I8881d489994aea667e3dd59932ab4123f511d6ba
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
2020-03-03 11:38:36 +00:00
Max Shvetsov 2825946e92 SPMD: Adds partially supported EL2 registers.
This patch adds EL2 registers that are supported up to ARMv8.6.
ARM_ARCH_MINOR has to specified to enable save/restore routine.

Note: Following registers are still not covered in save/restore.
 * AMEVCNTVOFF0<n>_EL2
 * AMEVCNTVOFF1<n>_EL2
 * ICH_AP0R<n>_EL2
 * ICH_AP1R<n>_EL2
 * ICH_LR<n>_EL2

Change-Id: I4813f3243e56e21cb297b31ef549a4b38d4876e1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
2020-03-03 11:38:26 +00:00
Max Shvetsov 28f39f02ad SPMD: save/restore EL2 system registers.
NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0

Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
2020-03-02 12:10:00 +00:00
Achin Gupta 2a7b403de5 SPMD: hook SPMD into standard services framework
This patch adds support to initialise the SPM dispatcher as a standard
secure service. It also registers a handler for SPCI SMCs exported by
the SPM dispatcher.

Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: I2183adf826d08ff3fee9aee75f021021162b6477
2020-02-10 14:09:21 +00:00
Achin Gupta bdd2596d42 SPMD: add SPM dispatcher based upon SPCI Beta 0 spec
This patch adds a rudimentary SPM dispatcher component in EL3.
It does the following:

- Consumes the TOS_FW_CONFIG to determine properties of the SPM core
  component
- Initialises the SPM core component which resides in the BL32 image
- Implements a handler for SPCI calls from either security state. Some
  basic validation is done for each call but in most cases it is simply
  forwarded as-is to the "other" security state.

Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Change-Id: I7d116814557f7255f4f4ebb797d1619d4fbab590
2020-02-10 14:09:21 +00:00
Anthony Steinhauser f461fe346b Prevent speculative execution past ERET
Even though ERET always causes a jump to another address, aarch64 CPUs
speculatively execute following instructions as if the ERET
instruction was not a jump instruction.
The speculative execution does not cross privilege-levels (to the jump
target as one would expect), but it continues on the kernel privilege
level as if the ERET instruction did not change the control flow -
thus execution anything that is accidentally linked after the ERET
instruction. Later, the results of this speculative execution are
always architecturally discarded, however they can leak data using
microarchitectural side channels. This speculative execution is very
reliable (seems to be unconditional) and it manages to complete even
relatively performance-heavy operations (e.g. multiple dependent
fetches from uncached memory).

This was fixed in Linux, FreeBSD, OpenBSD and Optee OS:
679db70801
29fb48ace4
3a08873ece
abfd092aa1

It is demonstrated in a SafeSide example:
https://github.com/google/safeside/blob/master/demos/eret_hvc_smc_wrapper.cc
https://github.com/google/safeside/blob/master/kernel_modules/kmod_eret_hvc_smc/eret_hvc_smc_module.c

Signed-off-by: Anthony Steinhauser <asteinhauser@google.com>
Change-Id: Iead39b0b9fb4b8d8b5609daaa8be81497ba63a0f
2020-01-22 21:42:51 +00:00
Paul Beesley 99c69109ec spm-mm: Rename aarch64 assembly files
Change-Id: I2bab67f319758dd033aa689d985227cad796cdea
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-12-20 16:04:49 +00:00
Paul Beesley 6b1d9e6c39 spm-mm: Rename source files
Change-Id: I851be04fc5de8a95ea11270996f8ca33f0fccadb
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-12-20 16:04:35 +00:00
Paul Beesley 6b54236ea2 spm-mm: Rename spm_shim_private.h
Change-Id: I575188885ebed8c5f0682ac6e0e7dd159155727f
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-12-20 16:04:27 +00:00
Paul Beesley ff362d5fbd spm-mm: Rename spm_private.h
Change-Id: Ie47009158032c2e8f35febd7bf5458156f334ead
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-12-20 16:04:20 +00:00
Paul Beesley 442e092842 spm-mm: Rename component makefile
Change-Id: Idcd2a35cd2b30d77a7ca031f7e0172814bdb8cab
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-12-20 16:04:12 +00:00
Paul Beesley 962c44e77c spm-mm: Remove mm_svc.h header
The contents of this header have been merged into the spm_mm_svc.h
header file.

Change-Id: I01530b2e4ec1b4c091ce339758025e2216e740a4
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-12-20 16:04:01 +00:00
Paul Beesley 0bf9f567a7 spm-mm: Refactor spm_svc.h and its contents
Change-Id: I91c192924433226b54d33e57d56d146c1c6df81b
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-12-20 16:03:51 +00:00
Paul Beesley aeaa225cbe spm-mm: Refactor secure_partition.h and its contents
Before adding any new SPM-related components we should first do
some cleanup around the existing SPM-MM implementation. The aim
is to make sure that any SPM-MM components have names that clearly
indicate that they are MM-related. Otherwise, when adding new SPM
code, it could quickly become confusing as it would be unclear to
which component the code belongs.

The secure_partition.h header is a clear example of this, as the
name is generic so it could easily apply to any SPM-related code,
when it is in fact SPM-MM specific.

This patch renames the file and the two structures defined within
it, and then modifies any references in files that use the header.

Change-Id: I44bd95fab774c358178b3e81262a16da500fda26
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-12-20 16:03:41 +00:00
Paul Beesley 538b002046 spm: Remove SPM Alpha 1 prototype and support files
The Secure Partition Manager (SPM) prototype implementation is
being removed. This is preparatory work for putting in place a
dispatcher component that, in turn, enables partition managers
at S-EL2 / S-EL1.

This patch removes:

- The core service files (std_svc/spm)
- The Resource Descriptor headers (include/services)
- SPRT protocol support and service definitions
- SPCI protocol support and service definitions

Change-Id: Iaade6f6422eaf9a71187b1e2a4dffd7fb8766426
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
2019-12-20 16:03:32 +00:00
Paul Beesley 3f3c341ae5 Remove dependency between SPM_MM and ENABLE_SPM build flags
There are two different implementations of Secure Partition
management in TF-A. One is based on the "Management Mode" (MM)
design, the other is based on the Secure Partition Client Interface
(SPCI) specification. Currently there is a dependency between their
build flags that shouldn't exist, making further development
harder than it should be. This patch removes that
dependency, making the two flags function independently.

Before: ENABLE_SPM=1 is required for using either implementation.
        By default, the SPCI-based implementation is enabled and
        this is overridden if SPM_MM=1.

After: ENABLE_SPM=1 enables the SPCI-based implementation.
       SPM_MM=1 enables the MM-based implementation.
       The two build flags are mutually exclusive.

Note that the name of the ENABLE_SPM flag remains a bit
ambiguous - this will be improved in a subsequent patch. For this
patch the intention was to leave the name as-is so that it is
easier to track the changes that were made.

Change-Id: I8e64ee545d811c7000f27e8dc8ebb977d670608a
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-12-20 16:03:02 +00:00
Justin Chadwell b7f6525db6 Enable -Wshadow always
Variable shadowing is, according to the C standard, permitted and valid
behaviour. However, allowing a local variable to take the same name as a
global one can cause confusion and can make refactoring and bug hunting
more difficult.

This patch moves -Wshadow from WARNING2 into the general warning group
so it is always used. It also fixes all warnings that this introduces
by simply renaming the local variable to a new name

Change-Id: I6b71bdce6580c6e58b5e0b41e4704ab0aa38576e
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
2019-11-19 08:53:16 -06:00
Paul Beesley a8ab58e9b2 Merge changes from topic "jc/coverity-fixes" into integration
* changes:
  Fix Coverity #261967, Infinite loop
  Fix Coverity #343017, Missing unlock
  Fix Coverity #343008, Side affect in assertion
  Fix Coverity #342970, Uninitialized scalar variable
2019-08-13 11:20:25 +00:00
Justin Chadwell fc6b626c6b Fix Coverity #343017, Missing unlock
All other returns from this function unlock the responses_lock, so we
also should release the lock in this case.

Change-Id: Ie2cfa8755723fed79e809f9480190d11f373a217
Signed-off-by: Justin Chadwell <justin.chadwell@arm.com>
2019-08-06 13:06:03 +01:00
Julius Werner 402b3cf876 Switch AARCH32/AARCH64 to __aarch64__
NOTE: AARCH32/AARCH64 macros are now deprecated in favor of __aarch64__.

All common C compilers pre-define the same macros to signal which
architecture the code is being compiled for: __arm__ for AArch32 (or
earlier versions) and __aarch64__ for AArch64. There's no need for TF-A
to define its own custom macros for this. In order to unify code with
the export headers (which use __aarch64__ to avoid another dependency),
let's deprecate the AARCH32 and AARCH64 macros and switch the code base
over to the pre-defined standard macro. (Since it is somewhat
unintuitive that __arm__ only means AArch32, let's standardize on only
using __aarch64__.)

Change-Id: Ic77de4b052297d77f38fc95f95f65a8ee70cf200
Signed-off-by: Julius Werner <jwerner@chromium.org>
2019-08-01 13:45:03 -07:00
Julius Werner d5dfdeb65f Replace __ASSEMBLY__ with compiler-builtin __ASSEMBLER__
NOTE: __ASSEMBLY__ macro is now deprecated in favor of __ASSEMBLER__.

All common C compilers predefine a macro called __ASSEMBLER__ when
preprocessing a .S file. There is no reason for TF-A to define it's own
__ASSEMBLY__ macro for this purpose instead. To unify code with the
export headers (which use __ASSEMBLER__ to avoid one extra dependency),
let's deprecate __ASSEMBLY__ and switch the code base over to the
predefined standard.

Change-Id: Id7d0ec8cf330195da80499c68562b65cb5ab7417
Signed-off-by: Julius Werner <jwerner@chromium.org>
2019-08-01 13:14:12 -07:00
Paul Beesley 00e51ca312 services/spm: Fix service UUID lookup
The spm_sp_get_by_uuid() function is used to look up the secure
partition that provides a given service.

Within this function, memcmp() is used to compare the service
UUIDs but it uses the size of the rdsvc->uuid pointer instead of
the size of its content (missing dereference). This means that only
a partial comparison is performed as UUIDs are 128 bits in length and
rdsvc->uuid is a uint32_t typed pointer.

Instead, use the size of the array pointed to by the svc_uuid parameter,
which will be the full 128 bits, for the comparison.

Change-Id: I258fb0cca3bf19f97b8f2a4c133981647cd050e4
Signed-off-by: Paul Beesley <paul.beesley@arm.com>
2019-04-09 11:10:09 +01:00
Antonio Nino Diaz 75f364b3e0 SPM: Adjust size of virtual address space per partition
Rather than using a fixed virtual address space size, read all regions
in the resource description of each partition and restrict the virtual
address space size to the one the partition actually needs.

This also allows SPM to take advantage of the extension ARMv8.4-TTST if
the virtual address space size is small enough.

Change-Id: I8646aa95e659136b58b44b040364cdee631f7e82
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-04-03 10:51:31 +01:00
Antonio Nino Diaz 014df18b8e SPM: Refactor xlat context creation
Right now the virtual address space is fixed to
PLAT_VIRT_ADDR_SPACE_SIZE, so all base translation tables are the same
size and need the same alignment. The current code allocates the exact
space needed by this initial table.

However, a following patch is going to allow each partition to choose
the size of its address space based on the memory regions defined in
their resource description, so it isn't possible to determine this at
build time. As this optimization no longer applies, it has to be
removed.

Change-Id: Ia8d19f4981e1017e4ffe0ba136de73d701044cb0
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-04-03 10:51:31 +01:00
Antonio Nino Diaz 6de6965b2f SPM: Move shim layer to TTBR1_EL1
This gives each Secure Partition complete freedom on its address space.
Previously, the memory used by the exception vectors was reserved and
couldn't be used. Also, it always had to be mapped, forcing SPM to
generate translation tables that included the exception vectors as well
as the Partition memory regions. With this change, partitions can reduce
their address space size easily.

Change-Id: I67fb5e9bdf2870b73347f23bff702fab0a8f8711
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-04-03 10:51:31 +01:00
Antonio Nino Diaz 5db5930baf SPM: Ignore empty regions in resource description
Instead of letting the code run until another error is reached, return
early.

Change-Id: I6277a8c65101d3e39b0540099c2a3063584a7dbd
Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
2019-04-02 14:52:55 +01:00
Ambroise Vincent 7a79328c3a SPM: Create SPCI auxiliary function
Fix variable shadowing warnings and prevent code duplication.

Change-Id: Idb29cc95d6b6943bc012d7bd430afa0e4a7cbf8c
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
2019-04-01 10:43:42 +01:00
Ambroise Vincent bde2836fcc Remove several warnings reported with W=2
Improved support for W=2 compilation flag by solving some nested-extern
and sign-compare warnings.

The libraries are compiling with warnings (which turn into errors with
the Werror flag).

Outside of libraries, some warnings cannot be fixed.

Change-Id: I06b1923857f2a6a50e93d62d0274915b268cef05
Signed-off-by: Ambroise Vincent <ambroise.vincent@arm.com>
2019-04-01 10:43:42 +01:00