feat(cm): test integrity of el1_ctx registers

* This patch adds support to tsp (BL32) Image, to exercise
  EL1_context registers at S-EL1.

* Adds a SMC function ID "MODIFY_EL1_CTX" to handle EL1_CTX
  registers at S-EL1 and overwrite them.

Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Change-Id: Id4f2b3b748f7bc9e6c9d72a2f03d50aefbfb61cb

bl32/tsp/tsp.mk

@@ -7,7 +7,7 @@
 INCLUDES		+=	-Iinclude/bl32/tsp
 
 ifeq (${SPMC_AT_EL3},1)
-   BL32_SOURCES            +=      bl32/tsp/tsp_ffa_main.c                    \
+   BL32_SOURCES            +=      bl32/tsp/tsp_ffa_main.c		\
 				   bl32/tsp/ffa_helpers.c
 else
    BL32_SOURCES            +=      bl32/tsp/tsp_main.c
@@ -19,6 +19,7 @@ BL32_SOURCES		+=	bl32/tsp/aarch64/tsp_entrypoint.S	\
 				bl32/tsp/tsp_interrupt.c		\
 				bl32/tsp/tsp_timer.c			\
 				bl32/tsp/tsp_common.c			\
+				bl32/tsp/tsp_context.c			\
 				common/aarch64/early_exceptions.S	\
 				lib/locks/exclusive/aarch64/spinlock.S
 

bl32/tsp/tsp_context.c

@@ -0,0 +1,143 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#include <arch_features.h>
+#include <arch_helpers.h>
+#include <bl32/tsp/tsp_el1_context.h>
+#include <common/debug.h>
+
+#define DUMMY_CTX_VALUE		ULL(0xffffffff)
+#define DUMMY_CTX_TCR_VALUE	ULL(0xffff0000)
+#define DUMMY_CTX_TRF_VALUE	ULL(0xf)
+#define DUMMY_CTX_GCS_VALUE	ULL(0xffff0000)
+#define DEFAULT_CTX_VALUE	ULL(0x0)
+
+/**
+ * -------------------------------------------------------
+ * Private Helper functions required to access and modify
+ * EL1 context registers at S-EL1.
+ * -------------------------------------------------------
+ */
+static void modify_el1_common_regs(uint64_t cm_value)
+{
+	/**
+	 * NOTE: Few EL1 registers "SCTLR_EL1, SPSR_EL1, ELR_EL1" are
+	 *       left out consciously as those are important registers for
+	 *       execution in each world and overwriting them with dummy value
+	 *       would cause unintended crash while executing the test.
+	 */
+	write_tcr_el1(cm_value);
+	write_cpacr_el1(cm_value);
+	write_csselr_el1(cm_value);
+	write_esr_el1(cm_value);
+	write_ttbr0_el1(cm_value);
+	write_ttbr1_el1(cm_value);
+	write_mair_el1(cm_value);
+	write_amair_el1(cm_value);
+	write_actlr_el1(cm_value);
+	write_tpidr_el1(cm_value);
+	write_tpidr_el0(cm_value);
+	write_tpidrro_el0(cm_value);
+	write_par_el1(cm_value);
+	write_far_el1(cm_value);
+	write_afsr0_el1(cm_value);
+	write_afsr1_el1(cm_value);
+	write_contextidr_el1(cm_value);
+	write_vbar_el1(cm_value);
+	write_mdccint_el1(cm_value);
+	write_mdscr_el1(cm_value);
+}
+
+static void modify_el1_mte2_regs(uint64_t mte_value)
+{
+	if (is_feat_mte2_supported()) {
+		write_tfsre0_el1(mte_value);
+		write_tfsr_el1(mte_value);
+		write_rgsr_el1(mte_value);
+		write_gcr_el1(mte_value);
+	}
+}
+
+static void modify_el1_ras_regs(uint64_t ras_value)
+{
+	if (is_feat_ras_supported()) {
+		write_disr_el1(ras_value);
+	}
+}
+
+static void modify_el1_s1pie_regs(uint64_t s1pie_value)
+{
+	if (is_feat_s1pie_supported()) {
+		write_pire0_el1(s1pie_value);
+		write_pir_el1(s1pie_value);
+	}
+}
+
+static void modify_el1_s1poe_regs(uint64_t s1poe_value)
+{
+	if (is_feat_s1poe_supported()) {
+		write_por_el1(s1poe_value);
+	}
+}
+
+static void modify_el1_s2poe_regs(uint64_t s2poe_value)
+{
+	if (is_feat_s2poe_supported()) {
+		write_s2por_el1(s2poe_value);
+	}
+}
+
+static void modify_el1_tcr2_regs(uint64_t tcr_value)
+{
+	if (is_feat_tcr2_supported()) {
+		write_tcr2_el1(tcr_value & DUMMY_CTX_TCR_VALUE);
+	}
+}
+
+static void modify_el1_trf_regs(uint64_t trf_value)
+{
+	if (is_feat_trf_supported()) {
+		write_trfcr_el1(trf_value & DUMMY_CTX_TRF_VALUE);
+	}
+}
+
+static void modify_el1_gcs_regs(uint64_t gcs_value)
+{
+	if (is_feat_gcs_supported()) {
+		write_gcscr_el1(gcs_value & DUMMY_CTX_GCS_VALUE);
+		write_gcscre0_el1(gcs_value & DUMMY_CTX_GCS_VALUE);
+		write_gcspr_el1(gcs_value & DUMMY_CTX_GCS_VALUE);
+		write_gcspr_el0(gcs_value & DUMMY_CTX_GCS_VALUE);
+	}
+}
+
+/**
+ * -----------------------------------------------------
+ * Public API, to modify/restore EL1 ctx registers:
+ * -----------------------------------------------------
+ */
+void modify_el1_ctx_regs(const bool modify_option)
+{
+	uint64_t mask;
+
+	if (modify_option == TSP_CORRUPT_EL1_REGS) {
+		VERBOSE("TSP(S-EL1): Corrupt EL1 Registers with Dummy values\n");
+		mask = DUMMY_CTX_VALUE;
+	} else {
+		VERBOSE("TSP(S-EL1): Restore EL1 Registers with Default values\n");
+		mask = DEFAULT_CTX_VALUE;
+	}
+
+	modify_el1_common_regs(mask);
+	modify_el1_mte2_regs(mask);
+	modify_el1_ras_regs(mask);
+	modify_el1_s1pie_regs(mask);
+	modify_el1_s1poe_regs(mask);
+	modify_el1_s2poe_regs(mask);
+	modify_el1_tcr2_regs(mask);
+	modify_el1_trf_regs(mask);
+	modify_el1_gcs_regs(mask);
+}

bl32/tsp/tsp_main.c

@@ -11,6 +11,7 @@
 #include <arch_features.h>
 #include <arch_helpers.h>
 #include <bl32/tsp/tsp.h>
+#include <bl32/tsp/tsp_el1_context.h>
 #include <common/bl_common.h>
 #include <common/build_message.h>
 #include <common/debug.h>
@@ -278,6 +279,17 @@ smc_args_t *tsp_smc_handler(uint64_t func,
 		/* Toggle the dit bit */
 		write_dit(service_arg0 != 0U ? 0 : DIT_BIT);
 		break;
+	case TSP_MODIFY_EL1_CTX:
+		/*
+		 * Write dummy values to EL1 context registers, to simulate
+		 * their usage in the secure world.
+		 */
+		if (arg1 == TSP_CORRUPT_EL1_REGS) {
+			modify_el1_ctx_regs(TSP_CORRUPT_EL1_REGS);
+		} else {
+			modify_el1_ctx_regs(TSP_RESTORE_EL1_REGS);
+		}
+		break;
 	default:
 		break;
 	}

include/bl32/tsp/tsp.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -36,12 +36,13 @@
  * Identifiers for various TSP services. Corresponding function IDs (whether
  * fast or yielding) are generated by macros defined below
  */
-#define TSP_ADD		0x2000
-#define TSP_SUB		0x2001
-#define TSP_MUL		0x2002
-#define TSP_DIV		0x2003
+#define TSP_ADD				0x2000
+#define TSP_SUB				0x2001
+#define TSP_MUL				0x2002
+#define TSP_DIV				0x2003
 #define TSP_HANDLE_SEL1_INTR_AND_RETURN	0x2004
-#define TSP_CHECK_DIT	0x2005
+#define TSP_CHECK_DIT			0x2005
+#define TSP_MODIFY_EL1_CTX		0x2006
 
 /*
  * Identify a TSP service from function ID filtering the last 16 bits from the

include/bl32/tsp/tsp_el1_context.h

@@ -0,0 +1,16 @@
+/*
+ * Copyright (c) 2024, Arm Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef TSP_EL1_CONTEXT_H
+#define TSP_EL1_CONTEXT_H
+
+#define TSP_CORRUPT_EL1_REGS        1
+#define TSP_RESTORE_EL1_REGS        0
+
+/* Public helper function to handle EL1 ctx registers at S-EL1(TSP) */
+void modify_el1_ctx_regs(const bool modify_option);
+
+#endif /* TSP_EL1_CONTEXT_H */

services/spd/tspd/tspd_main.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2013-2022, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2013-2024, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -575,6 +575,11 @@ static uintptr_t tspd_smc_handler(uint32_t smc_fid,
 		 * of the DIT PSTATE bit.
 		 */
 	case TSP_YIELD_FID(TSP_CHECK_DIT):
+		/*
+		 * Request from non-secure client to modify the EL1
+		 * context registers.
+		 */
+	case TSP_YIELD_FID(TSP_MODIFY_EL1_CTX):
 		if (ns) {
 			/*
 			 * This is a fresh request from the non-secure client.