diff --git a/bl31/bl31.mk b/bl31/bl31.mk index 3e665c584..ec7062755 100644 --- a/bl31/bl31.mk +++ b/bl31/bl31.mk @@ -149,6 +149,7 @@ endif ifeq (${DRTM_SUPPORT},1) BL31_SOURCES += services/std_svc/drtm/drtm_main.c \ + services/std_svc/drtm/drtm_dma_prot.c \ ${MBEDTLS_SOURCES} endif diff --git a/services/std_svc/drtm/drtm_dma_prot.c b/services/std_svc/drtm/drtm_dma_prot.c new file mode 100644 index 000000000..9d014a0c3 --- /dev/null +++ b/services/std_svc/drtm/drtm_dma_prot.c @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2022 Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + * DRTM DMA protection. + * + * Authors: + * Lucian Paul-Trifu + * + */ + +#include +#include + +#include + +#include "drtm_dma_prot.h" +#include + +/* + * This function checks that platform supports complete DMA protection. + * and returns false - if the platform supports complete DMA protection. + * and returns true - if the platform does not support complete DMA protection. + */ +bool drtm_dma_prot_init(void) +{ + bool must_init_fail = false; + const uintptr_t *smmus; + size_t num_smmus = 0; + unsigned int total_smmus; + + /* Warns presence of non-host platforms */ + if (plat_has_non_host_platforms()) { + WARN("DRTM: the platform includes trusted DMA-capable devices" + " (non-host platforms)\n"); + } + + /* + * DLME protection is uncertain on platforms with peripherals whose + * DMA is not managed by an SMMU. DRTM doesn't work on such platforms. + */ + if (plat_has_unmanaged_dma_peripherals()) { + ERROR("DRTM: this platform does not provide DMA protection\n"); + must_init_fail = true; + } + + /* + * Check that the platform reported all SMMUs. + * It is acceptable if the platform doesn't have any SMMUs when it + * doesn't have any DMA-capable devices. + */ + total_smmus = plat_get_total_smmus(); + plat_enumerate_smmus(&smmus, &num_smmus); + if (num_smmus != total_smmus) { + ERROR("DRTM: could not discover all SMMUs\n"); + must_init_fail = true; + } + + return must_init_fail; +} diff --git a/services/std_svc/drtm/drtm_dma_prot.h b/services/std_svc/drtm/drtm_dma_prot.h new file mode 100644 index 000000000..e0c58b510 --- /dev/null +++ b/services/std_svc/drtm/drtm_dma_prot.h @@ -0,0 +1,14 @@ +/* + * Copyright (c) 2022 Arm Limited. All rights reserved. + * + * SPDX-License-Identifier: BSD-3-Clause + * + */ +#ifndef DRTM_DMA_PROT_H +#define DRTM_DMA_PROT_H + +#include + +bool drtm_dma_prot_init(void); + +#endif /* DRTM_DMA_PROT_H */ diff --git a/services/std_svc/drtm/drtm_main.c b/services/std_svc/drtm/drtm_main.c index c7fce5e16..adb929379 100644 --- a/services/std_svc/drtm/drtm_main.c +++ b/services/std_svc/drtm/drtm_main.c @@ -12,15 +12,37 @@ #include +#include +#include #include #include +#include #include "drtm_main.h" #include +/* This value is used by the SMC to advertise the boot PE */ +static uint64_t boot_pe_aff_value; + int drtm_setup(void) { + bool rc; + INFO("DRTM service setup\n"); + boot_pe_aff_value = read_mpidr_el1() & MPIDR_AFFINITY_MASK; + + rc = drtm_dma_prot_init(); + if (rc) { + return INTERNAL_ERROR; + } + + /* + * initialise the platform supported crypto module that will + * be used by the DRTM-service to calculate hash of DRTM- + * implementation specific components + */ + crypto_mod_init(); + return 0; } diff --git a/services/std_svc/drtm/drtm_main.h b/services/std_svc/drtm/drtm_main.h index 39c67cecf..4c1adac04 100644 --- a/services/std_svc/drtm/drtm_main.h +++ b/services/std_svc/drtm/drtm_main.h @@ -11,6 +11,8 @@ #include +#include "drtm_dma_prot.h" + enum drtm_retc { SUCCESS = SMC_OK, NOT_SUPPORTED = SMC_UNK,