In FF-A v1.1 the NS bit is used by the SPMC to specify the
security state of a memory region retrieved by a SP.
Enable the SPMC to set the bit for v1.1 callers or v1.0
callers that explicitly request the usage via FFA_FEATURES.
In this implementation the sender of the memory region must
reside in the normal world and the SPMC does not support
changing the security state of memory regions therefore
always set the NS bit if required by the caller.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I215756b28e2382082933ba1dcc7584e7faf4b36b
Add support for the FF-A v1.1 data structures to the EL3 SPMC
and enable the ability to convert between v1.0 and the v1.1
forwards compatible data structures.
The SPMC now uses the v1.1 data structures internally and will
convert descriptors as required depending on the FF-A version
supported by the calling partition.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ic14a95ea2e49c989aecf19b927a6b21ac50f863e
Enable FFA_MEM_LEND and FFA_MEM_SHARE transactions to support multiple
borrowers and add the appropriate validation. Since we currently
only support a single S-EL1 partition, this functionality is to
support the use case where a VM shares or lends memory to one or
more VMs in the normal world as part of the same transaction to
the SP.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ia12c4357e9d015cb5f9b38e518b7a25b1ea2e30e
A partition can request the use of the FF-A boot protocol via
an entry in its manifest along with the register (0-3)
that should be populated with a pointer to a data structure
containing boot related information. Currently the boot
information consists of an allocated memory region
containing the SP's manifest, allowing it to map and parse
any extra information as required.
This implementation only supports the v1.1 data structures
and will return an error if a v1.0 client requests the usage
of the protocol.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I67692553a90a7e7d94c64fe275edd247b512efca
In order to provide the EL3 SPMC a sufficient datastore to
record memory descriptors, a accessor function is used.
This allows for the backing memory to be allocated in a
platform defined manner, to accommodate memory constraints
and desired use cases.
Provide an implementation for the Arm FVP platform to
use a default value of 512KB memory allocated in the
TZC RAM section.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I92bc55ba6e04bdad429eb52f0d2960ceda682804
Originally taken from the downstream Trusty SPD [1]
implementation and modified to integrate with
the EL3 SPMC internals.
Add support to the EL3 SPMC for a subset of the FF-A
memory management ABIs:
- FFA_MEM_SHARE
- FFA_MEM_LEND
- FFA_MEM_RETRIEVE_REQ
- FFA_MEM_RETRIEVE_RESP
- FFA_MEM_RELINQUISH
- FFA_MEM_RECLAIM
- FFA_MEM_FRAG_RX
- FFA_MEM_FRAG_TX
This implementation relies on a datastore allocated in
platform specific code in order to store memory descriptors
about ongoing memory transactions. This mechanism
will be implemented in the following commit.
[1] https://android.googlesource.com/trusty/external/trusted-firmware-a/+/refs/heads/master/services/spd/trusty/
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib042f73c8a6e0f0aed00f6762be175cb9dedc042
Created a function to abort all pending NS DMA transactions to
engage complete DMA protection. This call will be used by the
subsequent DRTM implementation changes.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I94992b54c570327d6746295073822a9c0ebdc85d
This change makes use of 32-bit crc for calculating gpt header crc
and compares it with the given value.
Signed-off-by: Rohit Ner <rohitner@google.com>
Change-Id: I49bca7aab2c3884881c4b7d90d31786a895290e6
Enable the SPMD to forward FFA_FRAG_RX/TX calls between
the normal world and the SPMC.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I097a48552827a8527dd3efe1155bc601d7cbf887
This patch adds support for forwarding the following PSCI messages
received by the SPMC at EL3 to the S-EL1 SP if the SP has indicated
that it wishes to receive the appropriate message via its manifest.
1. A PSCI CPU_OFF message in response to a cpu hot unplug request
from the OS.
2. A message to indicate warm boot of a cpu in response to a cpu
hot plug request from the OS.
3. A PSCI CPU_SUSPEND message in response to a cpu idle event
initiated from the OS.
4. A message to indicate warm boot of a cpu from a shallow power
state in response to a cpu resume power event.
This patch also implements the FFA_SECONDARY_EP_REGISTER function to
enable the SP specify its secondary entrypoint.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I375d0655b2c6fc27445facc39213d1d0678557f4
Enable the SPMC to handle calls to FFA_PARTITION_INFO_GET.
This allows the normal world to discover which partitions
are running in the secure world including logical partitions
in EL3.
This implementation supports both the v1.0 and v1.1
implementations of the Partition Info Get Descriptor.
The SPMC populates the appropriate descriptor in the
partitions RX buffer, if requested, according to the
version of FF-A that the caller is using.
Additionally rename the common/uuid UUID_H include guard
due to a conflict with another header file.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0a85f1dae50fae1fe47a3cafb765fbe9f40619e1
When RECLAIM_INIT_CODE is enabled, functions with __init attribute can
be reclaimed after boot and marked as Execute Never.
Because of a bug in linker script the functions starting with "init"
were also marked XN and causing instruction abort.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I2221973c05af170acf4e723cd44645b9ff9d58d2
Implements the loop workaround for Cortex Makalu/Makalu-ELP/Hunter
and Neoverse Demeter/Poseidon.
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: If5f6689b662ecac92491e0c0902df4270051ce5b
DSU-110 erratum 2313941 is a Cat B erratum and applies to revisions
r0p0, r1p0, r2p0, r2p1, r3p0, r3p1 and is still open.
The workaround sets IMP_CLUSTERACTLR_EL1[16:15] bits to 0b11 to disable
clock gating of the SCLK domain. This will increase the idle power
consumption.
This patch applies the fix for Cortex-X2/A510/A710 and Neoverse N2.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1781796/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I54d948b23e8e01aaf1898ed9fe4e2255dd209318
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Enable the RSS backend based measured boot feature.
In the absence of RSS the mocked version of PSA APIs
are used. They always return with success and hard-code data.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I7543e9033a7a21f1b836d911d8d9498c6e09b956
Runtime Security Subsystem (RSS) provides for the host:
- Runtime service to store measurments, which were
computed by the host during measured boot.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Ia9e4e8a1fe8f01a28da1fd8c434b780f2a08f94e
This commit adds a driver to conduct the AP's communication
with the Runtime Security Subsystem (RSS).
RSS is Arm's reference implementation for the CCA HES [1].
It can be considered as a secure enclave to which, for example,
certain services can be offloaded such as initial attestation.
RSS comms driver:
- Relies on MHU v2.x communication IP, using a generic MHU API,
- Exposes the psa_call(..) API to the upper layers.
[1] https://developer.arm.com/documentation/DEN0096/latest
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: Ib174ac7d1858834006bbaf8aad0eb31e3a3ad107
Supports:
- Get Platform Attestation token from secure enclave
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: Icaeb7b4eaff08e10f449fbf752068de3ac7974bf
A secure enclave could provide an alternate
backend for measured boot. This API can be used
to store measurements in a secure enclave, which
provides the measured boot runtime service.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Change-Id: I2448e324e7ece6b318403c5937dfe7abea53d0f3
The Arm Message Handling Unit (MHU) is a mailbox controller used to
communicate with other processing element(s). Adding a driver to
enable the communication:
- Adding generic MHU driver interface,
- Adding MHU_v2_x driver.
Driver supports:
- Discovering available MHU channels,
- Sending / receiving words over MHU channels,
- Signaling happens over a dedicated channel.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: David Vincze <david.vincze@arm.com>
Change-Id: I41a5b968f6b8319cdbdf7907d70bd8837839862e
This patch adds workarounds for following cortex-x1 errata:
- 1821534 (CatB)
- 1688305 (CatB)
- 1827429 (CatB)
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1401782/latest
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I10ebe8d5c56a6d273820bb2c682f21bf98daa7a5
This patch adds basic CPU library code to support Cortex-X1 CPU in TF-A.
Follow-up patches will add selected errata workarounds for this CPU.
Signed-off-by: Okash Khawaja <okash@google.com>
Change-Id: I4a3d50a98bf55a555bfaefeed5c7b88a35e3bc21
Report the SPMC version to the caller, currently v1.1 and
also store the requested version to allow the SPMC to
use the corresponding FF-A version in future ABI calls.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I79aafd1e6694cbd4b231bbd0cac5834a71063d79
Cortex-A710 erratum 2008768 is a Cat B erratum that applies to revisions
r0p0, r1p0, and r2p0, and is fixed in r2p1. The workaround is to clear
the ED bit in each ERXCTLR_EL1 register before setting the PWRDN bit in
CPUPWRCTLR_EL1.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775101
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: Ib2171c06da762dd4155b02c03d86766f1616381d
This patch enables access to the branch record buffer control registers
in non-secure EL2 and EL1 using the new build option ENABLE_BRBE_FOR_NS.
It is disabled for all secure world, and cannot be used with ENABLE_RME.
This option is disabled by default, however, the FVP platform makefile
enables it for FVP builds.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I576a49d446a8a73286ea6417c16bd0b8de71fca0
For EL3 SPMC configuration enabled platforms, allow the reuse of
BL32 specific definitions.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I37ffbbf680326c101fbb2f146085a96c138f07a1
Introduce a framework to support running logical
partitions alongside the SPMC in EL3 as per the
v1.1 FF-A spec.
The DECLARE_LOGICAL_PARTITION macro has been added to
simplify the process to define a Logical Partition.
The partitions themselves are statically allocated
with the descriptors placed in RO memory.
It is assumed that the MAX_EL3_LP_DESCS_COUNT will
be defined by the platform.
Change-Id: I1c2523e0ad2d9c5d36aeeef6b8bcb1e80db7c443
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Previously the SCR_EL3.AMVOFFEN bit was set for all contexts, this
behavior is incorrect as it allows secure world to access the virtual
offset registers when it should not be able to. This patch only sets
AMVOFFEN for non-secure world.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I2c61fe0a8a0092df089f1cb2c0d8a45c8c8ad0d3
This change performs a basic configuration of the SMMU root registers
interface on an RME enabled system. This permits enabling GPC checks
for transactions originated from a non-secure or secure device upstream
to an SMMU. It re-uses the boot time GPT base address and configuration
programmed on the PE.
The root register file offset is platform dependent and has to be
supplied on a model command line.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I4f889be6b7afc2afb4d1d147c5c1c3ea68f32e07
This change adds a new utility function - `fdtw_find_or_add_subnode`
to find a subnode. If the subnode is not present, the function adds
it in the flattened device tree.
Signed-off-by: Ruchika Gupta <ruchika.gupta@linaro.org>
Change-Id: Idf3ceddc57761ac015763d4a8b004877bcad766a
Currently, HW-config is loaded into non-secure memory, which mean
a malicious NS-agent could tamper with it. Ideally, this shouldn't
be an issue since no software runs in non-secure world at this time
(non-secure world has not been started yet).
It does not provide a guarantee though since malicious external
NS-agents can take control of this memory region for update/corruption
after BL2 loads it and before BL31/BL32/SP_MIN consumes it. The threat
is mapped to Threat ID#3 (Bypass authentication scenario) in threat
model [1].
Hence modified the code as below -
1. BL2 loads the HW_CONFIG into secure memory
2. BL2 makes a copy of the HW_CONFIG in the non-secure memory at an
address provided by the newly added property(ns-load-address) in
the 'hw-config' node of the FW_CONFIG
3. SP_MIN receives the FW_CONFIG address from BL2 via arg1 so that
it can retrieve details (address and size) of HW_CONFIG from
FW_CONFIG
4. A secure and non-secure HW_CONFIG address will eventually be used
by BL31/SP_MIN/BL32 and BL33 components respectively
5. BL31/SP_MIN dynamically maps the Secure HW_CONFIG region and reads
information from it to local variables (structures) and then
unmaps it
6. Reduce HW_CONFIG maximum size from 16MB to 1MB; it appears
sufficient, and it will also create a free space for any future
components to be added to memory
[1]: https://trustedfirmware-a.readthedocs.io/en/latest/threat_model/threat_model.html
Change-Id: I1d431f3e640ded60616604b1c33aa638b9a1e55e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Some platforms require extra firmware to implement CPU_SUSPEND, or only
have working CPU_SUSPEND in certain configurations. On these platforms,
CPU idle states should only be listed in the devicetree when they are
actually available. Add a function BL31 can use to dynamically supply
this idle state information.
Change-Id: I64fcc288303faba8abec4f59efd13a04220d54dc
Signed-off-by: Samuel Holland <samuel@sholland.org>
ufs controller needs to be disabled if already enabled, without
this we noticed a crash at linkstartup during reinit
Signed-off-by: anans <anans@google.com>
Change-Id: I523c5d57c1d34f6404a6368ee3f364fbffd2e542
time taken for device init varies based on different devices,
instead of waiting for 200ms - we can poll on fdevice init
until it gets cleared, similar to what linux does
Change-Id: I571649231732fde0cd6d5be89b6f14fe905fcaff
Signed-off-by: anans <anans@google.com>
Any FF-A SMC that arrives from the normal world is handled by the
SPMD before being forwarded to the SPMC. Similarly any SMC
arriving from the secure world will hit the SPMC first and be
forwarded to the SPMD if required, otherwise the SPMC will
respond directly.
This allows for the existing flow of handling FF-A ABI's when
the SPMC resides at a lower EL to be preserved.
In order to facilitate this flow the spmd_smc_forward function
has been split and control is either passed to the SPMC or it is
forwarded as before. To allow this the flags and cookie parameters
must now also be passed into this method as the SPMC must be able to
provide these when calling back into the SPMD handler as appropriate.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I84fee8390023295b9689067e14cd25cba23ca39b
Allow the SPMD to initialise an SPMC implementation at EL3 directly
rather than at a lower EL.
This includes removing the requirement to parse an SPMC manifest to
obtain information about the SPMC implementation, in this case since the
SPMD and SPMC reside in the same EL we can hardcode the required
information directly.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I66d1e1b3ec2d0abbfc28b011a32445ee890a331d
This patch introduces the core support for enabling an SPMC in EL3
as per the FF-A spec.
The current implemented functionality is targeted to enable
initialization of the SPMC itself and initial support for
bringing up a single S-EL1 SP.
This includes initialization of the SPMC's internal state,
parsing of an SP's manifest, preparing the cpu contexts and
appropriate system registers for the Secure Partition.
The spmc_smc_handler is the main handler for all incoming SMCs
to the SPMC, FF-A ABI handlers and functionality will
be implemented in subsequent patches.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib33c240b91e54cbd018a69fec880d02adfbe12b9
The current implementation uses plat_arm API under generic code.
"plat_arm" API is a convention used with Arm common platform layer
and is reserved for that purpose. In addition, the function has a
weak definition which is not encouraged in TF-A.
Henceforth, removing the weak API with a configurable macro "TWED_DELAY"
of numeric data type in generic code and simplifying the implementation.
By default "TWED_DELAY" is defined to zero, and the delay value need to
be explicitly set by the platforms during buildtime.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I25cd6f628e863dc40415ced3a82d0662fdf2d75a
As part of the RFC:
https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/13651,
this patch adds the 'cm_prepare_el3_exit_ns' function. The function is
a wrapper to 'cm_prepare_el3_exit' function for Non-secure state.
When EL2 sysregs context exists (CTX_INCLUDE_EL2_REGS is
enabled) EL1 and EL2 sysreg values are restored from the context
instead of directly updating the registers.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9b071030576bb05500d54090e2a03b3f125d1653
The following registers are only accessible from secure state,
therefore don't need to be saved/restored during world switch.
- SDER32_EL2
- VSTCR_EL2
- VSTTBR_EL2
This patch removes these registers from EL2 context.
Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I24d08aacb1b6def261c7b37d3e1265bb76adafdc
Cortex-X2 erratum 2147715 is a Cat B erratum that applies to revision
r2p0 and is fixed in r2p1. The workaround is to set CPUACTLR_EL1[22]=1,
which will cause the CFP instruction to invalidate all branch predictor
resources regardless of context.
SDEN can be found here:
https://developer.arm.com/documentation/SDEN1775100/latest
Signed-off-by: Bipin Ravi <bipin.ravi@arm.com>
Change-Id: I2d81867486d9130f2c36cd4554ca9a8f37254b57
The following SMIDs are disabled by default.
* GICD: MBIST REQ error and GICD FMU ClkGate override
* PPI: MBIST REQ error and PPI FMU ClkGate override
* ITS: MBIST REQ error and ITS FMU ClkGate override
This patch explicitly enables them during the FMU init sequence.
Change-Id: I573e64786e3318d4cbcd07d0a1caf25f8e6e9200
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch updates the gic600_fmu_init function to disable all safety
mechanisms for a block ID that is not present on the platform. All
safety mechanisms for GIC-600AE are enabled by default and should be
disabled for blocks that are not present on the platform to avoid
false positive RAS errors.
Change-Id: I52dc3bee9a8b49fd2e51d7ed851fdc803a48e6e3
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Add __BASE_XLAT_TABLE_START__/_END__ and __XLAT_TABLE_START__/_END__
symbols in the linker script to have them in the .map file.
This allows displaying those areas when running memory map script.
Signed-off-by: Yann Gautier <yann.gautier@st.com>
Change-Id: I768a459c5cecc403a9b81b36a71397ecc3179f4f
The GIC-600AE uses a range of RAS features for all RAMs, which include
SECDED, ECC, and Scrub, software and bus error reporting. The GIC makes
all necessary information available to software through Armv8.2 RAS
architecture compliant register space.
This patch introduces support to probe the FMU_ERRGSR register to find
the right error record. Once the correct record is identified, the
"handler" function queries the FMU_ERR<m>STATUS register to further
identify the block ID, safety mechanism and the architecturally defined
primary error code. The description of the error is displayed on the
console to simplify debug.
Change-Id: I7e543664b74457afee2da250549f4c3d9beb1a03
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Replacing ARM_ARCH_AT_LEAST macro with feature specific build options
to prevent unconditional accesses to the registers during context save
and restore routines.
Registers are tightly coupled with features more than architecture
versions. Henceforth having a feature-specific build flag guarding the
respective registers, will restrict any undefined actions.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: I809774df580530803c8a6e05a62d8d4de0910e02
This patch adds architectural features detection procedure to ensure
features enabled are present in the given hardware implementation.
It verifies whether the architecture build flags passed during
compilation match the respective features by reading their ID
registers. It reads through all the enabled feature specific ID
registers at once and panics in case of mismatch(feature enabled
but not implemented in PE).
Feature flags are used at sections (context_management,
save and restore routines of registers) during context switch.
If the enabled feature flag is not supported by the PE, it causes an
exception while saving or restoring the registers guarded by them.
With this mechanism, the build flags are validated at an early
phase prior to their usage, thereby preventing any undefined action
under their control.
This implementation is based on tristate approach for each feature and
currently FEAT_STATE=0 and FEAT_STATE=1 are covered as part of this
patch. FEAT_STATE=2 is planned for phase-2 implementation and will be
taken care separately.
The patch has been explicitly tested, by adding a new test_config
with build config enabling majority of the features and detected
all of them under FVP launched with parameters enabling v8.7 features.
Note: This is an experimental procedure and the mechanism itself is
guarded by a macro "FEATURE_DETECTION", which is currently being
disabled by default.
The "FEATURE_DETECTION" macro is documented and the platforms are
encouraged to make use of this diagnostic tool by enabling this
"FEATURE_DETECTION" flag explicitly and get used to its behaviour
during booting before the procedure gets mandated.
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Ia23d95430fe82d417a938b672bfb5edc401b0f43
Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
parameters:
* Fid (0xC400001B2).
* Attestation key buffer PA (the realm attestation key is copied
at this address by the monitor).
* Attestation key buffer length as input and size of realm
attesation key as output.
* Type of elliptic curve.
Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I12d8d98fd221f4638ef225c9383374ddf6e65eac
Marc Bonnici
Achin Gupta
Lucian Paul-Trifu
Rohit Ner
Manish Pandey
Bipin Ravi
Tamas Ban
Okash Khawaja
johpow01
J-Alves
Olivier Deprez
Ruchika Gupta
Manish V Badarkhe
Samuel Holland
anans
Jayanth Dodderi Chidanand
Zelalem Aweke
Varun Wadekar
Yann Gautier
Soby Mathew