Djam/arm-trusted-firmware
1
0
Fork 0
mirror of https://github.com/ARM-software/arm-trusted-firmware.git synced 2025-04-15 17:14:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(rme): add Realm security state definition

Browse source 
FEAT_RME introduces two additional security states,
Root and Realm security states. This patch adds Realm
security state awareness to SMCCC helpers and entry point info
structure.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Change-Id: I9cdefcc1aa71259b2de46e5fb62b28d658fa59bd
This commit is contained in:
Zelalem Aweke 2021-07-08 17:13:09 -05:00
parent 81c272b3b7
commit 4693ff7225
4 changed files with 65 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
bl31/aarch64/runtime_exceptions.S
View file

@ -500,6 +500,21 @@ smc_handler64:
stp x16, x17, [x6, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3] stp x16, x17, [x6, #CTX_EL3STATE_OFFSET + CTX_SPSR_EL3]
str x18, [x6, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3] str x18, [x6, #CTX_EL3STATE_OFFSET + CTX_SCR_EL3]
/* Clear flag register */
mov x7, xzr
#if ENABLE_RME
/* Copy SCR_EL3.NSE bit to the flag to indicate caller's security */
ubfx x7, x18, #SCR_NSE_SHIFT, 1
/*
* Shift copied SCR_EL3.NSE bit by 5 to create space for
* SCR_EL3.NS bit. Bit 5 of the flag correspondes to
* the SCR_EL3.NSE bit.
*/
lsl x7, x7, #5
#endif /* ENABLE_RME */
/* Copy SCR_EL3.NS bit to the flag to indicate caller's security */ /* Copy SCR_EL3.NS bit to the flag to indicate caller's security */
bfi x7, x18, #0, #1 bfi x7, x18, #0, #1

11
include/common/ep_info.h
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2017-2019, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2017-2021, Arm Limited and Contributors. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
@ -18,14 +18,21 @@
#define SECURE EP_SECURE #define SECURE EP_SECURE
#define NON_SECURE EP_NON_SECURE #define NON_SECURE EP_NON_SECURE
#define REALM EP_REALM
#if ENABLE_RME
#define sec_state_is_valid(s) (((s) == SECURE) || \
((s) == NON_SECURE) || \
((s) == REALM))
#else
#define sec_state_is_valid(s) (((s) == SECURE) || ((s) == NON_SECURE)) #define sec_state_is_valid(s) (((s) == SECURE) || ((s) == NON_SECURE))
#endif
#define PARAM_EP_SECURITY_MASK EP_SECURITY_MASK #define PARAM_EP_SECURITY_MASK EP_SECURITY_MASK
#define NON_EXECUTABLE EP_NON_EXECUTABLE #define NON_EXECUTABLE EP_NON_EXECUTABLE
#define EXECUTABLE EP_EXECUTABLE #define EXECUTABLE EP_EXECUTABLE
/* Secure or Non-secure image */ /* Get/set security state of an image */
#define GET_SECURITY_STATE(x) ((x) & EP_SECURITY_MASK) #define GET_SECURITY_STATE(x) ((x) & EP_SECURITY_MASK)
#define SET_SECURITY_STATE(x, security) \ #define SET_SECURITY_STATE(x, security) \
((x) = ((x) & ~EP_SECURITY_MASK) | (security)) ((x) = ((x) & ~EP_SECURITY_MASK) | (security))

18
include/export/common/ep_info_exp.h
View file

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. * Copyright (c) 2021, Arm Limited and Contributors. All rights reserved.
* *
* SPDX-License-Identifier: BSD-3-Clause * SPDX-License-Identifier: BSD-3-Clause
*/ */
@ -24,11 +24,23 @@
#define ENTRY_POINT_INFO_ARGS_OFFSET U(0x14) #define ENTRY_POINT_INFO_ARGS_OFFSET U(0x14)
#endif #endif
/* Security state of the image. */ /*
#define EP_SECURITY_MASK UL(0x1) * Security state of the image. Bit 0 and
* bit 5 are used to determine the security
* state of the image as follows:
*
* ---------------------------------
* Bit 5 | Bit 0 | Security state
* ---------------------------------
* 0 0 EP_SECURE
* 0 1 EP_NON_SECURE
* 1 1 EP_REALM
*/
#define EP_SECURITY_MASK UL(0x21)
#define EP_SECURITY_SHIFT UL(0) #define EP_SECURITY_SHIFT UL(0)
#define EP_SECURE UL(0x0) #define EP_SECURE UL(0x0)
#define EP_NON_SECURE UL(0x1) #define EP_NON_SECURE UL(0x1)
#define EP_REALM UL(0x21)
/* Endianness of the image. */ /* Endianness of the image. */
#define EP_EE_MASK U(0x2) #define EP_EE_MASK U(0x2)

27
include/lib/smccc.h
View file

@ -108,9 +108,24 @@
#define SMC_ARCH_CALL_NOT_REQUIRED -2 #define SMC_ARCH_CALL_NOT_REQUIRED -2
#define SMC_ARCH_CALL_INVAL_PARAM -3 #define SMC_ARCH_CALL_INVAL_PARAM -3
/* Various flags passed to SMC handlers */ /*
* Various flags passed to SMC handlers
*
* Bit 5 and bit 0 of the flag are used to
* determine the source security state as
* follows:
* ---------------------------------
* Bit 5 | Bit 0 | Security state
* ---------------------------------
* 0 0 SMC_FROM_SECURE
* 0 1 SMC_FROM_NON_SECURE
* 1 1 SMC_FROM_REALM
*/
#define SMC_FROM_SECURE (U(0) << 0) #define SMC_FROM_SECURE (U(0) << 0)
#define SMC_FROM_NON_SECURE (U(1) << 0) #define SMC_FROM_NON_SECURE (U(1) << 0)
#define SMC_FROM_REALM U(0x21)
#define SMC_FROM_MASK U(0x21)
#ifndef __ASSEMBLER__ #ifndef __ASSEMBLER__
@ -118,8 +133,18 @@
#include <lib/cassert.h> #include <lib/cassert.h>
#if ENABLE_RME
#define is_caller_non_secure(_f) (((_f) & SMC_FROM_MASK) \
== SMC_FROM_NON_SECURE)
#define is_caller_secure(_f) (((_f) & SMC_FROM_MASK) \
== SMC_FROM_SECURE)
#define is_caller_realm(_f) (((_f) & SMC_FROM_MASK) \
== SMC_FROM_REALM)
#define caller_sec_state(_f) ((_f) & SMC_FROM_MASK)
#else /* ENABLE_RME */
#define is_caller_non_secure(_f) (((_f) & SMC_FROM_NON_SECURE) != U(0)) #define is_caller_non_secure(_f) (((_f) & SMC_FROM_NON_SECURE) != U(0))
#define is_caller_secure(_f) (!is_caller_non_secure(_f)) #define is_caller_secure(_f) (!is_caller_non_secure(_f))
#endif /* ENABLE_RME */
/* The macro below is used to identify a Standard Service SMC call */ /* The macro below is used to identify a Standard Service SMC call */
#define is_std_svc_call(_fid) (GET_SMC_OEN(_fid) == OEN_STD_START) #define is_std_svc_call(_fid) (GET_SMC_OEN(_fid) == OEN_STD_START)