In FF-A v1.1 the NS bit is used by the SPMC to specify the
security state of a memory region retrieved by a SP.
Enable the SPMC to set the bit for v1.1 callers or v1.0
callers that explicitly request the usage via FFA_FEATURES.
In this implementation the sender of the memory region must
reside in the normal world and the SPMC does not support
changing the security state of memory regions therefore
always set the NS bit if required by the caller.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I215756b28e2382082933ba1dcc7584e7faf4b36b
A partition can request the use of the FF-A boot protocol via
an entry in its manifest along with the register (0-3)
that should be populated with a pointer to a data structure
containing boot related information. Currently the boot
information consists of an allocated memory region
containing the SP's manifest, allowing it to map and parse
any extra information as required.
This implementation only supports the v1.1 data structures
and will return an error if a v1.0 client requests the usage
of the protocol.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I67692553a90a7e7d94c64fe275edd247b512efca
Originally taken from the downstream Trusty SPD [1]
implementation and modified to integrate with
the EL3 SPMC internals.
Add support to the EL3 SPMC for a subset of the FF-A
memory management ABIs:
- FFA_MEM_SHARE
- FFA_MEM_LEND
- FFA_MEM_RETRIEVE_REQ
- FFA_MEM_RETRIEVE_RESP
- FFA_MEM_RELINQUISH
- FFA_MEM_RECLAIM
- FFA_MEM_FRAG_RX
- FFA_MEM_FRAG_TX
This implementation relies on a datastore allocated in
platform specific code in order to store memory descriptors
about ongoing memory transactions. This mechanism
will be implemented in the following commit.
[1] https://android.googlesource.com/trusty/external/trusted-firmware-a/+/refs/heads/master/services/spd/trusty/
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib042f73c8a6e0f0aed00f6762be175cb9dedc042
Enable a Secure Partition to query the ID assigned to the SPMC.
The SPMD will take care of any calls from the normal world
therefore we should not need to handle this case in the SPMC.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I97903e920e928df385addbb2d383f24e602bf2db
This patch adds support for forwarding a secure interrupt that
preempts the normal world to a SP for top-half interrupt handling.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Iaa6e96f4cf8922ba5b6d128a19359df15e44158d
This patch adds support for forwarding the following PSCI messages
received by the SPMC at EL3 to the S-EL1 SP if the SP has indicated
that it wishes to receive the appropriate message via its manifest.
1. A PSCI CPU_OFF message in response to a cpu hot unplug request
from the OS.
2. A message to indicate warm boot of a cpu in response to a cpu
hot plug request from the OS.
3. A PSCI CPU_SUSPEND message in response to a cpu idle event
initiated from the OS.
4. A message to indicate warm boot of a cpu from a shallow power
state in response to a cpu resume power event.
This patch also implements the FFA_SECONDARY_EP_REGISTER function to
enable the SP specify its secondary entrypoint.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I375d0655b2c6fc27445facc39213d1d0678557f4
Enable a partition to release its RX buffer and the SPMC
to update the appropriate state tracking.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I5fb6d92244b5ed5f032269b29b102aa874bf3ae3
Enable the SPMC to handle the FFA_RUN ABI and update
the state tracking accordingly.
Change-Id: I3e8a3fa3ec9b03830055d2fbd6124b8ff1ed4103
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Allow for a partition to retrieve its own partition ID.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I1a19ac30b86736d818673c239b2f8fd2d6128c06
Enable the spmc to report the features that it currently supports.
Populated with the currently implemented functionality.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I00e51ded284efd87cd50a0e9416dbc33f22ced85
Enable the SPMC to handle calls to FFA_PARTITION_INFO_GET.
This allows the normal world to discover which partitions
are running in the secure world including logical partitions
in EL3.
This implementation supports both the v1.0 and v1.1
implementations of the Partition Info Get Descriptor.
The SPMC populates the appropriate descriptor in the
partitions RX buffer, if requested, according to the
version of FF-A that the caller is using.
Additionally rename the common/uuid UUID_H include guard
due to a conflict with another header file.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0a85f1dae50fae1fe47a3cafb765fbe9f40619e1
Enable handling of FFA_RXTX_MAP and FFA_RXTX_UNMAP ABIs
and ensure these buffers are mapped as required to allow
access by the SPMC.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ifc425f1ee16c90d1d95b6ae4ac9992d6f785227b
Add a helper function to obtain the FF-A version of a calling
partition. This is used to ensure that the SPMC maintains
backwards compatibility if the partition implements a lower
minor version for the same major version than the SPMC.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I5b364a1e510a999bb0c4cacae28f23f8a42a1e3e
Report the SPMC version to the caller, currently v1.1 and
also store the requested version to allow the SPMC to
use the corresponding FF-A version in future ABI calls.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I79aafd1e6694cbd4b231bbd0cac5834a71063d79
Add a helper function to obtain the relevant mailbox buffers
depending on which entity was last run. This will be used in
subsequent functionality to populate requested information in
the callers RX buffer.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I85959ced4d1454be05a7b3fb6853ed3ab7f0cf3e
We assume that the first descriptor in the normal world
endpoints is reserved for the hypervisor and add a helper
function to enable retrieving this directly.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I67c3589994eb820ef420db6ab7e8bd0825d64455
Ensure that the `messaging-methods` entry is populated in
an SP's manifest. Currently only direct messaging is supported
so alert if this does not match the manifest entry.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I67f1fad71a3507627993a004e0f8579388faf178
This is a mandatory entry in an SP's manifest however
currently an S-EL1 partition running under the EL3 SPMC
must have the same amount of execution contexts as
physical cores therefore just check the entry matches
this value.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I4c2a85ccde7a7bb9b1232cf6389a8c532cbf3d41
To align with other SPMC implementations parse the UUID
from the SP manifest as 4 uint32 values and store
this internally.
Change-Id: I7de5d5ef8d98dc14bc7c76892133c2333358a379
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Add mailbox structs to the partition descriptors
and ensure these are initialised correctly.
Change-Id: Ie80166d19763c266b6a1d23e351d312dc31fb221
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Introduce a framework to support running logical
partitions alongside the SPMC in EL3 as per the
v1.1 FF-A spec.
The DECLARE_LOGICAL_PARTITION macro has been added to
simplify the process to define a Logical Partition.
The partitions themselves are statically allocated
with the descriptors placed in RO memory.
It is assumed that the MAX_EL3_LP_DESCS_COUNT will
be defined by the platform.
Change-Id: I1c2523e0ad2d9c5d36aeeef6b8bcb1e80db7c443
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Enable the SPMC to handle FFA_MSG_SEND_DIRECT_REQ and
FFA_MSG_SEND_DIRECT_RESP ABIs.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ia196c7405993f600e4fdbf467397ea3fb035a62a
This ABI is only valid during SP initialisation to indicate
failure. If this occurs during SP initialisation signal a failure,
otherwise respond with a not supported error code.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0182a1641c0f6850e82173af333be79b594f2318
Handle an incoming call of FFA_MSG_WAIT from the secure world
and update the runtime state of the calling partition accordingly.
This ABI can be called in the following scenarios:
- Used by an SP to signal it has finished initializing.
- To resume the normal world after handling a secure interrupt
that interrupted the normal world.
- To relinquish control back to the normal world.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I929713a2280e8ec291b5b4e8f6d4b49df337228c
Use knowledge of the target partition ID and source security state
to determine which route should be used to exit the SPMC.
There are 3 exit paths:
1) Return to the normal world via the SPMD, this will take care of
switching contexts if required.
2) Return to the secure world when the call originated in the normal
world and therefore switch contexts.
3) Return to the secure world when the call originated in the secure
world, therefore we can return directly.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I4037f3a8a8519e2c9f1876be92806d2c41d0d154
Allow the SPMD to initialise an SPMC implementation at EL3 directly
rather than at a lower EL.
This includes removing the requirement to parse an SPMC manifest to
obtain information about the SPMC implementation, in this case since the
SPMD and SPMC reside in the same EL we can hardcode the required
information directly.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I66d1e1b3ec2d0abbfc28b011a32445ee890a331d
This patch introduces the core support for enabling an SPMC in EL3
as per the FF-A spec.
The current implemented functionality is targeted to enable
initialization of the SPMC itself and initial support for
bringing up a single S-EL1 SP.
This includes initialization of the SPMC's internal state,
parsing of an SP's manifest, preparing the cpu contexts and
appropriate system registers for the Secure Partition.
The spmc_smc_handler is the main handler for all incoming SMCs
to the SPMC, FF-A ABI handlers and functionality will
be implemented in subsequent patches.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib33c240b91e54cbd018a69fec880d02adfbe12b9
Marc Bonnici
Achin Gupta