Commit Graph

494 Commits

Author SHA1 Message Date
Olivier Deprez 65b13bace4 Merge changes from topic "ffa_el3_spmc" into integration
* changes:
  feat(spmc): add support for direct req/resp
  feat(spmc): add support for handling FFA_ERROR ABI
  feat(spmc): add support for FFA_MSG_WAIT
  feat(spmc): add function to determine the return path from the SPMC
  feat(spmd): enable handling of FF-A SMCs with the SPMC at EL3
  feat(spmd): update SPMC init flow to use EL3 implementation
  feat(spmc): add FF-A secure partition manager core
  feat(spmc): prevent read only xlat tables with the EL3 SPMC
  feat(spmc): enable building of the SPMC at EL3
  refactor(spm_mm): reorganize secure partition manager code
2022-04-22 21:09:13 +02:00
Olivier Deprez 6f8674964b Merge "feat(spm): add FFA_RX_ACQUIRE forwarding in SPMD" into integration 2022-04-21 11:35:42 +02:00
Marc Bonnici 9741327df5 feat(spmc): add support for direct req/resp
Enable the SPMC to handle FFA_MSG_SEND_DIRECT_REQ and
FFA_MSG_SEND_DIRECT_RESP ABIs.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ia196c7405993f600e4fdbf467397ea3fb035a62a
2022-04-20 19:40:31 +01:00
Marc Bonnici d663fe7a30 feat(spmc): add support for handling FFA_ERROR ABI
This ABI is only valid during SP initialisation to indicate
failure. If this occurs during SP initialisation signal a failure,
otherwise respond with a not supported error code.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0182a1641c0f6850e82173af333be79b594f2318
2022-04-20 19:40:31 +01:00
Marc Bonnici c4db76f066 feat(spmc): add support for FFA_MSG_WAIT
Handle an incoming call of FFA_MSG_WAIT from the secure world
and update the runtime state of the calling partition accordingly.

This ABI can be called in the following scenarios:
  - Used by an SP to signal it has finished initializing.
  - To resume the normal world after handling a secure interrupt
    that interrupted the normal world.
  - To relinquish control back to the normal world.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I929713a2280e8ec291b5b4e8f6d4b49df337228c
2022-04-20 19:40:31 +01:00
Marc Bonnici 20fae0a7ce feat(spmc): add function to determine the return path from the SPMC
Use knowledge of the target partition ID and source security state
to determine which route should be used to exit the SPMC.

There are 3 exit paths:
1) Return to the normal world via the SPMD, this will take care of
   switching contexts if required.
2) Return to the secure world when the call originated in the normal
   world and therefore switch contexts.
3) Return to the secure world when the call originated in the secure
   world, therefore we can return directly.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I4037f3a8a8519e2c9f1876be92806d2c41d0d154
2022-04-20 19:40:31 +01:00
Marc Bonnici bb01a67306 feat(spmd): enable handling of FF-A SMCs with the SPMC at EL3
Any FF-A SMC that arrives from the normal world is handled by the
SPMD before being forwarded to the SPMC. Similarly any SMC
arriving from the secure world will hit the SPMC first and be
forwarded to the SPMD if required, otherwise the SPMC will
respond directly.

This allows for the existing flow of handling FF-A ABI's when
the SPMC resides at a lower EL to be preserved.

In order to facilitate this flow the spmd_smc_forward function
has been split and control is either passed to the SPMC or it is
forwarded as before. To allow this the flags and cookie parameters
must now also be passed into this method as the SPMC must be able to
provide these when calling back into the SPMD handler as appropriate.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I84fee8390023295b9689067e14cd25cba23ca39b
2022-04-20 19:40:28 +01:00
Marc Bonnici 6da76075bf feat(spmd): update SPMC init flow to use EL3 implementation
Allow the SPMD to initialise an SPMC implementation at EL3 directly
rather than at a lower EL.
This includes removing the requirement to parse an SPMC manifest to
obtain information about the SPMC implementation, in this case since the
SPMD and SPMC reside in the same EL we can hardcode the required
information directly.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I66d1e1b3ec2d0abbfc28b011a32445ee890a331d
2022-04-20 18:29:32 +01:00
Marc Bonnici 5096aeb2ba feat(spmc): add FF-A secure partition manager core
This patch introduces the core support for enabling an SPMC in EL3
as per the FF-A spec.

The current implemented functionality is targeted to enable
initialization of the SPMC itself and initial support for
bringing up a single S-EL1 SP.

This includes initialization of the SPMC's internal state,
parsing of an SP's manifest, preparing the cpu contexts and
appropriate system registers for the Secure Partition.

The spmc_smc_handler is the main handler for all incoming SMCs
to the SPMC, FF-A ABI handlers and functionality will
be implemented in subsequent patches.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib33c240b91e54cbd018a69fec880d02adfbe12b9
2022-04-20 18:29:30 +01:00
Zelalem Aweke 8b95e84870 refactor(context mgmt): add cm_prepare_el3_exit_ns function
As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.

When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653
2022-04-12 17:42:11 +02:00
Marc Bonnici b61d94a1a2 refactor(spm_mm): reorganize secure partition manager code
In preparation for adding the EL3 SPMC configuration as defined in
the FF-A specification, restructure the existing SPM_MM code.

With this restructuring of the code, the 'spm_mm' directory is
renamed as 'spm' and the code inside has been split into two
sub-directories named 'common' and 'spm_mm'. The code in 'spm_mm'
directory contains the code that implements the MM interface.
In subsequent patches, the 'spmc' directory will be introduced
under the 'spm' directory providing the code that implements
the 'FF-A' interface.

Currently the common functionality for S-EL1 partitions is
limited to assembler functions to enter and exit an SP
synchronously.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I37739b9b53bc68e151ab5c1c0c6a15b3ee362241
2022-04-08 15:36:22 +01:00
Soby Mathew a0435105f2 feat(rme): add dummy realm attestation key to RMMD
Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
parameters:
    * Fid (0xC400001B2).
    * Attestation key buffer PA (the realm attestation key is copied
      at this address by the monitor).
    * Attestation key buffer length as input and size of realm
      attesation key as output.
    * Type of elliptic curve.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I12d8d98fd221f4638ef225c9383374ddf6e65eac
2022-03-28 15:02:01 +02:00
Soby Mathew 0f9159b7eb feat(rme): add dummy platform token to RMMD
Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
    * Fid (0xC40001B3).
    * Platform token PA (the platform token is copied at this address by
      the monitor). The challenge object needs to be passed by
      the caller in this buffer.
    * Platform token len.
    * Challenge object len.

When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.

Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348
2022-03-25 17:12:26 +00:00
Soby Mathew 319fb08438 refactor(rme): reorg existing RMMD EL3 service FIDs
This patch reworks the GTSI service implementation in RMMD
such that it is made internal to RMMD. This rework also
lays the ground work for additional RMMD services which
can be invoked from RMM.

The rework renames some of the FID macros to make it
more suited for adding more RMMD services. All the RMM-EL31
service SMCs are now routed via rmmd_rmm_el3_handler().

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: Ic52ca0f33b79a1fd1deefa8136f9586b088b2e07
2022-03-24 14:50:11 +00:00
Federico Recanati d555233fe5 feat(spm): add FFA_RX_ACQUIRE forwarding in SPMD
Add FF-A v1.1 FFA_RX_ACQUIRE ABI forwarding to SPMD.
RX acquire interface is used by Hypervisor to acquire ownership of a
VM's RX buffer from SPMC when it needs to deliver a message to the VM.

Change-Id: I5f57240a9c9e94eb696a5a394ec0644170380026
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
2022-03-18 10:51:39 +01:00
Bipin Ravi 9b2510b69d fix(security): apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57
This patch applies CVE-2022-23960 workarounds for Cortex-A75,
Cortex-A73, Cortex-A72 & Cortex-A57. This patch also implements
the new SMCCC_ARCH_WORKAROUND_3 and enables necessary discovery
hooks for Coxtex-A72, Cortex-A57, Cortex-A73 and Cortex-A75 to
enable discovery of this SMC via SMC_FEATURES. SMCCC_ARCH_WORKAROUND_3
is implemented for A57/A72 because some revisions are affected by both
CVE-2022-23960 and CVE-2017-5715 and this allows callers to replace
SMCCC_ARCH_WORKAROUND_1 calls with SMCCC_ARCH_WORKAROUND_3. For details
of SMCCC_ARCH_WORKAROUND_3, please refer SMCCCv1.4 specification.

Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ifa6d9c7baa6764924638efe3c70468f98d60ed7c
2022-03-18 01:01:34 +02:00
Robert Wakim 6a00e9b0c8 fix(gpt_rme): rework delegating/undelegating sequence
The previous delegating/undelegating sequence was incorrect as per the
specification DDI0615, "Architecture Reference Manual Supplement, The
Realm  Management Extension (RME), for Armv9-A" Sections A1.1.1 and
A1.1.2

Off topic:
 - cleaning the gpt_is_gpi_valid and gpt_check_pass_overlap

Change-Id: Idb64d0a2e6204f1708951137062847938ab5e0ac
Signed-off-by: Robert Wakim <robert.wakim@arm.com>
2022-03-09 16:08:42 +01:00
Olivier Deprez b298d4df5e Merge "feat(ff-a): forward FFA_VERSION from SPMD to SPMC" into integration 2022-03-04 13:22:45 +01:00
Federico Recanati c2eba07c47 feat(spm): add FFA_MSG_SEND2 forwarding in SPMD
Add FF-A v1.1 indirect messaging ABI FFA_MSG_SEND2 to SPMD to allow
message forwarding across normal/secure worlds.

Change-Id: I074fbd2e4d13893925f987cee271d49da3aaf64b
Signed-off-by: Federico Recanati <federico.recanati@arm.com>
2022-02-14 13:34:49 +01:00
Daniel Boulby 9944f55761 feat(ff-a): forward FFA_VERSION from SPMD to SPMC
Introduced by FF-A v1.1 we must forward a call to FFA_VERSION
to the SPMC so that the ffa version of the caller can be stored
for later use. Since the return of FFA_VERSION is not wrapped in
a FF-A call we need to  use a direct message request to do this
forwarding. For the spmd_handler in the SPMC to hand off to the
correct function we use w2 to specify a target framework function.
Therefore we must update PSCI CPU_OFF to do this as well.

Change-Id: Ibaa6832b66f1597b3d65aa8986034f0c5916016d
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2022-02-03 14:02:42 +00:00
Daniel Boulby 4d4821569d test(el3-runtime): dit is retained on world switch
Add tsp service to check the value of the PSTATE DIT bit is as
expected and toggle it's value. This is used to ensure that
the DIT bit is maintained during a switch from the Normal to
Secure worlds and back.

Change-Id: I4e8bdfa6530e5e75925c0079d4fa2795133c5105
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2022-02-03 11:33:55 +00:00
Bipin Ravi 9697e4596c Merge "fix(trp): Distinguish between cold and warm boot" into integration 2021-12-22 21:13:03 +01:00
Mark Dykes 00e8113145 fix(trp): Distinguish between cold and warm boot
The original design prevented the primary CPU from doing a
warm boot sequence. This patch allows the primary to do warm
boot as well.

Signed-off-by: Mark Dykes <mark.dykes@arm.com>
Change-Id: I6baa50c3dff3051ff8b3e5a922d340634f651867
2021-12-14 10:24:24 -06:00
Alexei Fedorov 3082a33017 Merge "fix(rmmd/sve): enable/disable SVE/FPU for Realms" into integration 2021-12-10 13:28:48 +01:00
Subhasish Ghosh a4cc85c129 fix(rmmd/sve): enable/disable SVE/FPU for Realms
This patch enable/disable SVE/FPU for Realms depending
upon it's state in NS.

When this feature is enabled, traps to EL3 on SVE/FPU access from
Realms are disabled. However, RMM must ensure that the Realm <-> NS
SVE/FPU registers are not corrupted by each other and Realms do
not leak information to NS.

Change-Id: I0a27a055787976507017b72879ba6458f066624e
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
2021-12-09 15:56:55 +00:00
Subhasish Ghosh b9fd2d3ce3 fix(rmmd): align RMI and GTSI FIDs with SMCCC
This patch allocates the RMI and GTSI FIDs from the reserved
range in Standard Secure Service call range of SMCCC.

Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I82e77778882194c2a78ca6340788d53bab7c3a50
2021-12-08 10:15:21 +00:00
Soby Mathew 11578303fd fix(rmmd): preserve x4-x7 as per SMCCCv1.1
The RMI command handling in RMMD did not preserve x4 to x7 when
returning to NS caller. Although this is allowed for SMCCCv1.0, this is
not correct as per v1.1. This fixes the same by differentiating the
onward and backward path during SMC handling.

This patch also fixes an issue with the backward path wherein the first
argument was being truncated to 32 bits.

Change-Id: Ibc85d574d5a2178a763975ddb32e456a12e7dc88
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
2021-11-24 19:26:51 +02:00
Manish Pandey 4333f95bed fix(spm_mm): do not compile if SVE/SME is enabled
As spm_mm cannot handle SVE/SME usage in NS world so its better to give
compilation error when ENABLE_SVE_FOR_NS=1 or ENABLE_SME_FOR_NS=1.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I69dbb272ca681bb020501342008eda20d4c0b096
2021-11-16 16:06:33 +00:00
johpow01 dc78e62d80 feat(sme): enable SME functionality
This patch adds two new compile time options to enable SME in TF-A:
ENABLE_SME_FOR_NS and ENABLE_SME_FOR_SWD for use in non-secure and
secure worlds respectively. Setting ENABLE_SME_FOR_NS=1 will enable
SME for non-secure worlds and trap SME, SVE, and FPU/SIMD instructions
in secure context. Setting ENABLE_SME_FOR_SWD=1 will disable these
traps, but support for SME context management does not yet exist in
SPM so building with SPD=spmd will fail.

The existing ENABLE_SVE_FOR_NS and ENABLE_SVE_FOR_SWD options cannot
be used with SME as it is a superset of SVE and will enable SVE and
FPU/SIMD along with SME.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Iaaac9d22fe37b4a92315207891da848a8fd0ed73
2021-11-12 10:38:00 -06:00
Manish Pandey b6b486f383 Merge "fix(sdei): fix assert while kdump issue" into integration 2021-11-10 14:20:48 +01:00
Manish Pandey 2461bd3a89 fix(gpt_rme): use correct print format for uint64_t
sha 4ce3e99a3 introduced printf format specifiers for fixed width
types, which uses PRI*64 instead of "ll" for 64 bit values.

Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I30472411467061d58cc6ee22407ed3bad2552751
2021-11-09 20:58:03 +00:00
Olivier Deprez 0c23e6f44d fix(spmd): error macro to use correct print format
Following merge of [1] then [2] broke the build because of an incorrect
format specifier in an ERROR macro. Fix to use the correct print format.

[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/5437
[2] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/9211

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I14d4c31091f6a5f4c3252f6d810e9d2bb2f545c4
2021-11-09 15:44:24 +01:00
Olivier Deprez a127b99d5a Merge "feat(SPMD): route secure interrupts to SPMC" into integration 2021-11-09 11:57:30 +01:00
Manish Pandey 28623c102d Merge "fix: libc: use long for 64-bit types on aarch64" into integration 2021-11-08 21:34:42 +01:00
Scott Branden 4ce3e99a33 fix: libc: use long for 64-bit types on aarch64
Use long instead of long long on aarch64 for 64_t stdint types.
Introduce inttypes.h to properly support printf format specifiers for
fixed width types for such change.

Change-Id: I0bca594687a996fde0a9702d7a383055b99f10a1
Signed-off-by: Scott Branden <scott.branden@broadcom.com>
2021-11-08 14:41:17 +00:00
J-Alves 96b71eb959 feat(ff-a): feature retrieval through FFA_FEATURES call
Updated FFA_FEATURES according to FF-A v1.1 in SPMC can also be used
to retrieve feature information, and should now accept other arguments
than just FF-A call IDs.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I02cc24a31ab3092ec1ce6fed1a9649ffe7136782
2021-11-05 16:44:31 +00:00
Ming Huang d39db2695b fix(sdei): fix assert while kdump issue
Assert condition:
1 Register secure timer(ppi=29) for sdei nmi watchdog;
2 kernel panic and then kdump;
While kdump, kernel mask all cores sdei, secure timer trigger
and go to handle_masked_trigger() and assert here:
assert(se->affinity == my_mpidr);

As kernel register with flag=0, mpidr=0 and TF-A set flag to
SDEI_REGF_RM_PE but leave mpidr=0. So set mpidr to fix his
assert issue.

Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: Ia9182f40bde94fb004b46e2a72b186eb0ef05166
2021-11-05 18:53:44 +08:00
Olivier Deprez 8cb99c3fc3 feat(SPMD): route secure interrupts to SPMC
Define a handler in the SPMD to route secure interrupts occurring while
the normal world runs. On a Group1 Secure interrupt (with a GICv3 or a
Group0 interrupt on GICv2), the normal world is pre-empted to EL3 and
redirected to the SPMD/SPMC for further handling.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Change-Id: I1350d74048c5549a2af8da0ba004c08512cc006a
2021-11-03 15:42:21 -05:00
Vasyl Gomonovych 6b94356b57 fix(sdei): print event number in hex format
SDEI specified event numbers in hexadecimal format.
Change event number format to hexadecimal to make
it easier for the reader to recognize the proper event.

Change-Id: Iac7a91d0910316e0ad54a8f09bc17209e8c6adf6
Signed-off-by: Vasyl Gomonovych <vgomonovych@marvell.com>
2021-10-22 13:45:06 +01:00
johpow01 f19dc624a1 refactor(gpt): productize and refactor GPT library
This patch updates and refactors the GPT library and fixes bugs.

- Support all combinations of PGS, PPS, and L0GPTSZ parameters.
- PPS and PGS are set at runtime, L0GPTSZ is read from GPCCR_EL3.
- Use compiler definitions to simplify code.
- Renaming functions to better suit intended uses.
- MMU enabled before GPT APIs called.
- Add comments to make function usage more clear in GPT library.
- Added _rme suffix to file names to differentiate better from the
  GPT file system code.
- Renamed gpt_defs.h to gpt_rme_private.h to better separate private
  and public code.
- Renamed gpt_core.c to gpt_rme.c to better conform to TF-A precedent.

Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I4cbb23b0f81e697baa9fb23ba458aa3f7d1ed919
2021-10-05 16:24:57 -05:00
Zelalem Aweke 5b18de09e8 feat(rme): add ENABLE_RME build option and support for RMM image
The changes include:

- A new build option (ENABLE_RME) to enable FEAT_RME

- New image called RMM. RMM is R-EL2 firmware that manages Realms.
  When building TF-A, a path to RMM image can be specified using
  the "RMM" build flag. If RMM image is not provided, TRP is built
  by default and used as RMM image.

- Support for RMM image in fiptool

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I017c23ef02e465a5198baafd665a60858ecd1b25
2021-10-05 11:49:59 -05:00
Zelalem Aweke 50a3056a3c feat(rme): add Test Realm Payload (TRP)
TRP is a small test payload that implements Realm Monitor
Management (RMM) functionalities. RMM runs in the Realm world
(R-EL2) and manages the execution of Realm VMs and their
interaction with the hypervisor in Normal world.

TRP is used to test the interface between RMM and Normal world
software, known as Realm Management Interface (RMI). Current
functions includes returning RMM version and transitioning
granules from Non-secure to Realm world and vice versa.

More information about RMM can be found at:
https://developer.arm.com/documentation/den0125/latest

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: Ic7b9a1e1f3142ef6458d40150d0b4ba6bd723ea2
2021-10-05 18:41:07 +02:00
Zelalem Aweke 77c2775323 feat(rme): add RMM dispatcher (RMMD)
This patch introduces the RMM dispatcher into BL31. This
will be the mechanism that will enable communication to
take place between the Realm and non-secure world. Currently
gives the capability for granules to be
transitioned from non-secure type to realm and vice versa.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I1fdc99a4bdd42bc14911aa0c6954b131de309511
2021-10-05 11:34:53 -05:00
Olivier Deprez c7c22ab662 Merge "feat(ff-a): adding notifications SMC IDs" into integration 2021-09-27 16:54:53 +02:00
J-Alves fc3f480023 feat(ff-a): adding notifications SMC IDs
Defining SMC IDs for FF-A v1.1 notifications functionality, and adding
them to SPMD SMC handler, to ensure calls are forwarded to the SPMC.

Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: Icc88aded0fd33507f7795e996bd4ff1c2fe679c8
2021-09-16 14:59:21 +01:00
Olivier Deprez f2dcf41826 refactor(spmd): boot interface and pass core id
This change refactors the SPMD to setup SPMC CPU contexts once and early
from spmd_spmc_init (single call to cm_setup_context rather than on each
and every warm boot).
Pass the core linear ID through a GP register as an implementation
defined behavior helping FF-A adoption to legacy TOSes (essentially
when secure virtualization is not used).

A first version of this change was originally submitted by Lukas [1].
Pasting below the original justification:

Our TEE, Kinibi, is used to receive the core linear ID in the x3
register of booting secondary cores.
This patch is necessary to bring up secondary cores with Kinibi as an
SPMC in SEL1.

In Kinibi, the TEE is mostly platform-independent and all platform-
specifics like topology is concentrated in TF-A of our customers.
That is why we don't have the MPIDR - linear ID mapping in Kinibi.
We need the correct linear ID to program the GICv2 target register,
for example in power management case.
It is not needed on GICv3/v4, because of using a fixed mapping from
MPIDR to ICDIPTR/GICD_ITARGETSRn register.

For debug and power management purpose, we also want a unified view to
linear id between Linux and the TEE.
E.g. to disable a core, to see what cores are printing a trace /
an event.

In the past, Kinibi had several other designs, but the complexity was
getting out of control:
* Platform-specific assembler macros in the kernel.
* A per-core SMC from Linux to tell the linear ID after the boot.
* With DynamiQ, it seems SIPs were playing with MPIDR register values,
  reusing them between cores and changing them during boot.

[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/10235

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Change-Id: Ifa8fa208e9b8eb1642c80b5f7b54152dadafa75e
2021-09-09 16:51:17 +02:00
Ming Huang d21f1ddb71 services: Fix pmr_el1 rewrote issue in sdei_disaptch_event()
Consider a RAS scenario:
Enter EL3 by sync exception, then call spm_mm_sp_call() enter
EL0s to handle this error, then call sdei_dispatch_event() to
inform OS. Finally, return back to OS from sync exception flow.
Similar flow is sgi_ras_intr_handler() in sgi_ras.c.

The icc_pmr_el1 register will be change in above flow:
1 cm_el1_sysregs_context_save(NON_SECURE);
  -> ehf_exited_normal_world();
    ##icc_pmr_el1: 0xf8 => 0x80
2 spm_mm_sp_call();
3 sdei_dispatch_event();
4 ehf_activate_priority(sdei_event_priority(map));
    ##icc_pmr_el1: 0x80 => 0x60
5 restore_and_resume_ns_context();
  -> ehf_exited_normal_world();
     ##return due to has_valid_pri_activations(pe_data) == 1
6 ehf_deactivate_priority(sdei_event_priority(map));
    ##icc_pmr_el1: 0x60 => 0x80
The icc_pmr_el1 was rewrote from 0xf8 to 0x80. This issue will
result in OS hang when eret to OS from RAS flow.

Move ehf_activate_priority(sdei_event_priority(map)) after
restore_and_resume_ns_context() can fix this issue.

Signed-off-by: Ming Huang <huangming@linux.alibaba.com>
Change-Id: If01ec55cf0aabf1594dece1ad50d3ec3406cdabc
2021-07-28 11:12:44 +02:00
Daniel Boulby 37596fcb43 fix(sdei): set SPSR for SDEI based on TakeException
The SDEI specification now says that during an SDEI
event handler dispatch the SPSR should be set according
to the TakeException() pseudocode function defined in
the Arm Architecture Reference Manual. This patch sets
the SPSR according to the function given in
ARM DDI 0487F.c page J1-7635

Change-Id: Id2f8f2464fd69c701d81626162827e5c4449b658
Signed-off-by: Daniel Boulby <daniel.boulby@arm.com>
2021-07-23 13:20:28 +01:00
Olivier Deprez 967344b520 Merge "feat(spmd): add support for FFA_SPM_ID_GET" into integration 2021-06-18 17:28:39 +02:00
Olivier Deprez 678ce2237c perf(spmd): omit sel1 context save if sel2 present
The SPMC at S-EL2 manages S-EL1 execution contexts for SPs. The
currently running SP vCPU state is always saved when the SPMC exits to
SPMD. A fresh vCPU context is always restored when the SPMC is entered
from the SPMD and a SP resumed. For performance optimization reasons
this permits omitting the saving/restoring of the S-EL1 context from
within the EL3 SPMD on entering/exiting the SPMC. The S-EL2 SPMC and
NS-EL1 context save/restore remain done in the SPMD.

Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I66413ed5983913791ff5c9fc03c590ee65c6ccd7
2021-06-03 09:31:24 +02:00