Add call to platform hooks upon successful transmission of a
memory transaction request and as part of a memory reclaim request.
This allows for platform specific functionality to be performed
accordingly.
Note the hooks must be placed in the initial share request and final
reclaim to prevent order dependencies with operations that may take
place in the normal world without visibility of the SPMC.
Add a dummy implementation to the FVP platform.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0c7441a9fdf953c4db0651512e5e2cdbc6656c79
In FF-A v1.1 the NS bit is used by the SPMC to specify the
security state of a memory region retrieved by a SP.
Enable the SPMC to set the bit for v1.1 callers or v1.0
callers that explicitly request the usage via FFA_FEATURES.
In this implementation the sender of the memory region must
reside in the normal world and the SPMC does not support
changing the security state of memory regions therefore
always set the NS bit if required by the caller.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I215756b28e2382082933ba1dcc7584e7faf4b36b
Add support for the FF-A v1.1 data structures to the EL3 SPMC
and enable the ability to convert between v1.0 and the v1.1
forwards compatible data structures.
The SPMC now uses the v1.1 data structures internally and will
convert descriptors as required depending on the FF-A version
supported by the calling partition.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ic14a95ea2e49c989aecf19b927a6b21ac50f863e
Allow the SPMC to reject incoming memory sharing/lending requests
that contain memory regions which overlap with an existing
request.
To enable this functionality the SPMC compares each requested
memory region to those in ongoing memory transactions and rejects
the request if the ranges overlap.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I7588846f272ec2add2a341d9f24836c73a046e2f
Enable FFA_MEM_LEND and FFA_MEM_SHARE transactions to support multiple
borrowers and add the appropriate validation. Since we currently
only support a single S-EL1 partition, this functionality is to
support the use case where a VM shares or lends memory to one or
more VMs in the normal world as part of the same transaction to
the SP.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ia12c4357e9d015cb5f9b38e518b7a25b1ea2e30e
A partition can request the use of the FF-A boot protocol via
an entry in its manifest along with the register (0-3)
that should be populated with a pointer to a data structure
containing boot related information. Currently the boot
information consists of an allocated memory region
containing the SP's manifest, allowing it to map and parse
any extra information as required.
This implementation only supports the v1.1 data structures
and will return an error if a v1.0 client requests the usage
of the protocol.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I67692553a90a7e7d94c64fe275edd247b512efca
In order to provide the EL3 SPMC a sufficient datastore to
record memory descriptors, a accessor function is used.
This allows for the backing memory to be allocated in a
platform defined manner, to accommodate memory constraints
and desired use cases.
Provide an implementation for the Arm FVP platform to
use a default value of 512KB memory allocated in the
TZC RAM section.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I92bc55ba6e04bdad429eb52f0d2960ceda682804
Originally taken from the downstream Trusty SPD [1]
implementation and modified to integrate with
the EL3 SPMC internals.
Add support to the EL3 SPMC for a subset of the FF-A
memory management ABIs:
- FFA_MEM_SHARE
- FFA_MEM_LEND
- FFA_MEM_RETRIEVE_REQ
- FFA_MEM_RETRIEVE_RESP
- FFA_MEM_RELINQUISH
- FFA_MEM_RECLAIM
- FFA_MEM_FRAG_RX
- FFA_MEM_FRAG_TX
This implementation relies on a datastore allocated in
platform specific code in order to store memory descriptors
about ongoing memory transactions. This mechanism
will be implemented in the following commit.
[1] https://android.googlesource.com/trusty/external/trusted-firmware-a/+/refs/heads/master/services/spd/trusty/
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib042f73c8a6e0f0aed00f6762be175cb9dedc042
* changes:
feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls
feat(spmc): add support for FFA_SPM_ID_GET
feat(spmc): add support for forwarding a secure interrupt to the SP
feat(spmc): add support for FF-A power mgmt. messages in the EL3 SPMC
Enable the SPMD to forward FFA_FRAG_RX/TX calls between
the normal world and the SPMC.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I097a48552827a8527dd3efe1155bc601d7cbf887
Enable a Secure Partition to query the ID assigned to the SPMC.
The SPMD will take care of any calls from the normal world
therefore we should not need to handle this case in the SPMC.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I97903e920e928df385addbb2d383f24e602bf2db
This patch adds support for forwarding a secure interrupt that
preempts the normal world to a SP for top-half interrupt handling.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Iaa6e96f4cf8922ba5b6d128a19359df15e44158d
Add TF-A implementation defined behaviour to provide the linear core
ID in the x4 register when bringing up an SP.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I6cb215841097b264d252ec0262b0b7272be99d41
This patch adds support for forwarding the following PSCI messages
received by the SPMC at EL3 to the S-EL1 SP if the SP has indicated
that it wishes to receive the appropriate message via its manifest.
1. A PSCI CPU_OFF message in response to a cpu hot unplug request
from the OS.
2. A message to indicate warm boot of a cpu in response to a cpu
hot plug request from the OS.
3. A PSCI CPU_SUSPEND message in response to a cpu idle event
initiated from the OS.
4. A message to indicate warm boot of a cpu from a shallow power
state in response to a cpu resume power event.
This patch also implements the FFA_SECONDARY_EP_REGISTER function to
enable the SP specify its secondary entrypoint.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I375d0655b2c6fc27445facc39213d1d0678557f4
Enable a partition to release its RX buffer and the SPMC
to update the appropriate state tracking.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I5fb6d92244b5ed5f032269b29b102aa874bf3ae3
Enable the SPMC to handle the FFA_RUN ABI and update
the state tracking accordingly.
Change-Id: I3e8a3fa3ec9b03830055d2fbd6124b8ff1ed4103
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Allow for a partition to retrieve its own partition ID.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I1a19ac30b86736d818673c239b2f8fd2d6128c06
Enable the spmc to report the features that it currently supports.
Populated with the currently implemented functionality.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I00e51ded284efd87cd50a0e9416dbc33f22ced85
Enable the SPMC to handle calls to FFA_PARTITION_INFO_GET.
This allows the normal world to discover which partitions
are running in the secure world including logical partitions
in EL3.
This implementation supports both the v1.0 and v1.1
implementations of the Partition Info Get Descriptor.
The SPMC populates the appropriate descriptor in the
partitions RX buffer, if requested, according to the
version of FF-A that the caller is using.
Additionally rename the common/uuid UUID_H include guard
due to a conflict with another header file.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0a85f1dae50fae1fe47a3cafb765fbe9f40619e1
Enable handling of FFA_RXTX_MAP and FFA_RXTX_UNMAP ABIs
and ensure these buffers are mapped as required to allow
access by the SPMC.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ifc425f1ee16c90d1d95b6ae4ac9992d6f785227b
Adding Sandrine Bailleux for the PSA APIs and myself for the
MHU and RSS comms drivers as code owner.
Change-Id: Ib948479cc6e46163aae59c938877a2d0bcf91754
Signed-off-by: David Vincze <david.vincze@arm.com>
This patch is to fix configuration status command now returns
the result based on the last config start command made to the
runtime software. The status type can be either:
- NO_REQUEST (default)
- RECONFIGURATION
- BITSTREAM_AUTH
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I1ce4b7b4c741d88de88778f8fbed7dfe83a39fbc
This patch is to align the sequence of function in header file.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I9658aef78b06b744c6c14f95b2821daf5dbb0082
This patch is to remove redundant NOC declarations in
system manager header file. The NOC headers are shareable
across both Stratix 10 and Agilex platforms.
Signed-off-by: Sieu Mun Tang <sieu.mun.tang@intel.com>
Change-Id: I40ff55eb1d8fe280db1d099d5d1a3c2bf4b4b459
This call is used to register and reset SGI interrupt.
Before this functionality was performed using IOCTL_REGISTER_SGI
pm_ioctl EEMI call. It's not correct use of PM_IOCTL as it is
not EEMI functionality. Instead this new SMCCC call will be
handled by TF-A specific handler.
Change-Id: If2408af38b889d29a5c584e8eec5f1672eab4fb5
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
Add "reset" parameter in pm_register_sgi() to reset
SGI number. This will be required if OS wants to reset
SGI number to default state. Caller can reset param to
1 to reset SGI in ATF.
Change-Id: If485ff275df884f74eb67671cac7fa953458afe9
Signed-off-by: Rajan Vaja <rajan.vaja@xilinx.com>
Signed-off-by: Tanmay Shah <tanmay.shah@xilinx.com>
* changes:
fix(intel): add flash dcache after return response for INTEL_SIP_SMC_MBOX_SEND_CMD
fix(intel): extending to support large file size for SHA2/HMAC get digest and verifying
fix(intel): extending to support large file size for SHA-2 ECDSA data signing and signature verifying
fix(intel): extending to support large file size for AES encryption and decryption
feat(intel): support version 2 SiP SVC SMC function ID for mailbox commands
feat(intel): support version 2 SiP SVC SMC function ID for non-mailbox commands
fix(intel): update certificate mask for FPGA Attestation
feat(intel): update to support maximum response data size
feat(intel): support ECDSA HASH Verification
feat(intel): support ECDSA HASH Signing
feat(intel): support ECDH request
feat(intel): support ECDSA SHA-2 Data Signature Verification
feat(intel): support ECDSA SHA-2 Data Signing
feat(intel): support ECDSA Get Public Key
feat(intel): support session based SDOS encrypt and decrypt
feat(intel): support AES Crypt Service
feat(intel): support HMAC SHA-2 MAC verify request
feat(intel): support SHA-2 hash digest generation on a blob
feat(intel): support extended random number generation
feat(intel): support crypto service key operation
feat(intel): support crypto service session
feat(intel): extend attestation service to Agilex family
fix(intel): flush dcache before sending certificate to mailbox
fix(intel): introduce a generic response error code
fix(intel): allow non-secure access to FPGA Crypto Services (FCS)
feat(intel): single certificate feature enablement
feat(intel): initial commit for attestation service
fix(intel): update encryption and decryption command logic
Implements the loop workaround for Cortex Makalu/Makalu-ELP/Hunter
and Neoverse Demeter/Poseidon.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: If5f6689b662ecac92491e0c0902df4270051ce5b
DSU-110 erratum 2313941 is a Cat B erratum and applies to revisions
r0p0, r1p0, r2p0, r2p1, r3p0, r3p1 and is still open.
The workaround sets IMP_CLUSTERACTLR_EL1[16:15] bits to 0b11 to disable
clock gating of the SCLK domain. This will increase the idle power
consumption.
This patch applies the fix for Cortex-X2/A510/A710 and Neoverse N2.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1781796/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I54d948b23e8e01aaf1898ed9fe4e2255dd209318
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
This is required to prevent Nwd context corruption during StMM
execution.
Standalone MM uses OpenSSL for secure boot, which uses FP registers for
floating point calculations.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I6ed11d4fa5d64c3089a24b66fd048a841c480792
Add the support to save Nwd's floating point registers before switching
to SEL0 and then restore it after coming out of it. Emit a warning
message if SPM_MM is built with CTX_INCLUDE_FPREGS == 0
There is no need to save FP registers of SEL0 because secure partitions
run to completion.
This change is used to prevent context corruption if secure partition
enabled and Nwd decide to use floating point registers.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Change-Id: I1eea16ea2311a4f00a806ea72c118752821b9abb
Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with success and hard-code data.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I7543e9033a7a21f1b836d911d8d9498c6e09b956
Introduce PLAT_RSS_NOT_SUPPORTED build config to
provide a mocked version of PSA APIs. The goal is
to test the RSS backend based measured boot and
attestation token request integration on such
a platform (AEM FVP) where RSS is otherwise
unsupported. The mocked PSA API version does
not send a request to the RSS, it only returns
with success and hard-coded values.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ice8d174adf828c1df08fc589f0e17abd1e382a4d
Runtime Security Subsystem (RSS) provides for the host:
- Runtime service to store measurments, which were
computed by the host during measured boot.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ia9e4e8a1fe8f01a28da1fd8c434b780f2a08f94e
This commit adds a driver to conduct the AP's communication
with the Runtime Security Subsystem (RSS).
RSS is Arm's reference implementation for the CCA HES [1].
It can be considered as a secure enclave to which, for example,
certain services can be offloaded such as initial attestation.
RSS comms driver:
- Relies on MHU v2.x communication IP, using a generic MHU API,
- Exposes the psa_call(..) API to the upper layers.
[1] https://developer.arm.com/documentation/DEN0096/latest
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ib174ac7d1858834006bbaf8aad0eb31e3a3ad107
Marc Bonnici
Achin Gupta
Olivier Deprez
Madhukar Pappireddy
Sandrine Bailleux
Joanna Farley
David Vincze
Sieu Mun Tang
Tanmay Shah
Venkatesh Yadav Abbarapu
Bipin Ravi
Nishant Sharma
Tamas Ban