- Define information structures for SMMU, root complex,
root port and BDF mappings.
- Add entries for SMMU and PCIe root complexes to Boot manifest.
- Update RMMD_MANIFEST_VERSION_MINOR from 4 to 5.
Change-Id: I0a76dc18edbaaff40116f376aeb56c750d57c7c1
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
With this addition, TF-A now has an SMC call to handle the
update of MEC keys associated to MECIDs.
The behavior of this newly added call is empty for now until an
implementation for the MPE (Memory Protection Engine) driver is
available. Only parameter sanitization has been implemented.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I2a969310b47e8c6da1817a79be0cd56158c6efc3
This patch provides architectural support for further use of
Memory Encryption Contexts (MEC) by declaring the necessary
registers, bits, masks, helpers and values and modifying the
necessary registers to enable FEAT_MEC.
Signed-off-by: Tushar Khandelwal <tushar.khandelwal@arm.com>
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Change-Id: I670dbfcef46e131dcbf3a0b927467ebf6f438fa4
Perform sanity checks on the launch features received via DRTM parameters.
Return INVALID_PARAMETERS if they are incorrect.
Change-Id: I7e8068154028d1c8f6b6b45449616bb5711ea76e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
These bits were missed with the original implementation. They are set if
supported, so we need to ignore them.
Change-Id: I3a94017bacdc54bfc14f0add972240148da3b41d
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Retrieve DLME image authentication features and report them
back to the DCE preamble. Currently, this value is always set
to 0, as no platform supports DLME authentication.
Additionally, the default schema is always used instead of
the DLME PCR schema since DLME authentication is not currently
supported.
This change primarily upgrades the DRTM parameters version to V2,
aligning with DRTM spec v1.1 [1].
[1]: https://developer.arm.com/documentation/den0113/c/?lang=en
Change-Id: Ie2ceb0d2ff49465643597e8725710a93d89e74a2
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
To support TPM start method with SIP, SIP handler dispatch request to
secure partition via MM_COMMUNICATE abi.
That means spm_mm sip handler should generate mm communication header.
Move mm_communication header's definition to spm_mm_svc header.
Change-Id: I40567c16e67b068ee83a39eff050d6578aecfb2c
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
- Add PCIe and SMMUv3 related information to DTS for
configurations with ENABLE_RME=1.
- Add entries for PCIe IO memory regions to Boot manifest
- Update RMMD_MANIFEST_VERSION_MINOR from 3 to 4.
- Read PCIe related information from DTB and write it to
Boot manifest.
- Rename structures that used to describe DRAM layout
and now describe both DRAM and PCIe IO memory regions:
- ns_dram_bank -> memory_bank
- ns_dram_info -> memory_info.
Change-Id: Ib75d1af86076f724f5c330074e231f1c2ba8e21d
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
This patch implements SMCCC_ARCH_WORKAROUND_4 and
allows discovery through SMCCC_ARCH_FEATURES.
This mechanism is enabled if CVE_2024_7881 [1] is enabled
by the platform. If CVE_2024_7881 mitigation
is implemented, the discovery call returns 0,
if not -1 (SMC_ARCH_CALL_NOT_SUPPORTED).
For more information about SMCCC_ARCH_WORKAROUND_4 [2], please
refer to the SMCCC Specification reference provided below.
[1]: https://developer.arm.com/Arm%20Security%20Center/Arm%20CPU%20Vulnerability%20CVE-2024-7881
[2]: https://developer.arm.com/documentation/den0028/latest
Signed-off-by: Arvind Ram Prakash <arvind.ramprakash@arm.com>
Change-Id: I1b1ffaa1f806f07472fd79d5525f81764d99bc79
* changes:
feat(el3_spmc): ffa error handling in direct msg
feat(ff-a): support FFA_MSG_SEND_DIRECT_REQ2/RESP2
feat(ff-a): add FFA_MEM_PERM_GET/SET_SMC64
feat(el3-spmc): support Hob list to boot S-EL0 SP
feat(synquacer): add support Hob creation
fix(fvp): exclude extend memory map TZC regions
feat(fvp): add StandaloneMm manifest in fvp
feat(spm): use xfer list with Hob list in SPM_MM
StandaloneMm which is S-EL0 partition uses
FFA_MSG_SEND_DIRECT_REQ2/RESP2 to handle multiple services.
For this, add support for FFA_MSG_SEND_DIRECT_REQ2/RESP2 in el3_spmc
restrictly up to use 8 registers.
although FF-A v1.2 defines FFA_MSG_SEND_DIRECT_REQ2/RESP2
with ability to pass/return up to 18 registers.
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I8ab1c332d269d9d131330bb2debd10d75bdba1ee
SMCCC_ARCH_FEATURE_AVAILABILITY [1] is a call to query firmware about
the features it is aware of and enables. This is useful when a feature
is not enabled at EL3, eg due to an older FW image, but it is present in
hardware. In those cases, the EL1 ID registers do not reflect the usable
feature set and this call should provide the necessary information to
remedy that.
The call itself is very lightweight - effectively a sanitised read of
the relevant system register. Bits that are not relevant to feature
enablement are masked out and active low bits are converted to active
high.
The implementation is also very simple. All relevant, irrelevant, and
inverted bits combined into bitmasks at build time. Then at runtime the
masks are unconditionally applied to produce the right result. This
assumes that context managers will make sure that disabled features
do not have their bits set and the registers are context switched if
any fields in them make enablement ambiguous.
Features that are not yet supported in TF-A have not been added. On
debug builds, calling this function will fail an assert if any bits that
are not expected are set. In combination with CI this should allow for
this feature to to stay up to date as new architectural features are
added.
If a call for MPAM3_EL3 is made when MPAM is not enabled, the call
will return INVALID_PARAM, while if it is FEAT_STATE_CHECK, it will
return zero. This should be fairly consistent with feature detection.
The bitmask is meant to be interpreted as the logical AND of the
relevant ID registers. It would be permissible for this to return 1
while the ID returns 0. Despite this, this implementation takes steps
not to. In the general case, the two should match exactly.
Finally, it is not entirely clear whether this call replies to SMC32
requests. However, it will not, as the return values are all 64 bits.
[1]: https://developer.arm.com/documentation/den0028/galp1/?lang=en
Co-developed-by: Charlie Bareham <charlie.bareham@arm.com>
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I1a74e7d0b3459b1396961b8fa27f84e3f0ad6a6f
FF-A memory management protocol v1.1 specifies not only
FFA_MEM_PERM_GET_SMC32/FFA_MEM_PERM_SET_SMC32 but also
FFA_MEM_PERM_GET_SMC64/FFA_MEM_PERM_SET_SMC64.
Change former FFA_MEM_PERM_GET/SET definitions to separate operations
and add handler for FFA_MEM_PERM_GET/SET_SMC64 in spmc_smc_handler().
Signed-off-by: Levi Yun <yeoreum.yun@arm.com>
Change-Id: I175063654703db26c1ffc3cfd7fa428b94d2bfc9
Clang build breaks with the following warning:
| In file included from services/std_svc/spmd/spmd_logical_sp.c:15:
| include/services/el3_spmd_logical_sp.h:15:38: error: redefinition of
| typedef 'spmd_spm_core_context_t' is a C11 feature [-Werror,-Wtypedef-redefinition].
| 15 | typedef struct spmd_spm_core_context spmd_spm_core_context_t;
| | ^
| services/std_svc/spmd/spmd_private.h:58:3: note: previous definition is here
| 58 | } spmd_spm_core_context_t;
| | ^
| CC services/std_svc/std_svc_setup.c
| 1 error generated.
| In file included from services/std_svc/spmd/spmd_main.c:35:
| services/std_svc/spmd/spmd_private.h:58:3: error: redefinition of typedef
| 'spmd_spm_core_context_t' is a C11 feature [-Werror,-Wtypedef-redefinition]
| 58 | } spmd_spm_core_context_t;
| | ^
| include/services/el3_spmd_logical_sp.h:15:38: note: previous definition is here
| 15 | typedef struct spmd_spm_core_context spmd_spm_core_context_t;
| | ^
| 1 error generated.
A structure 'spmd_spm_core_context_t' defined in 'spmd_private.h' is
also declared in 'el3_spmd_logical_sp.h' as it is used in a couple of
function declarations. These function declarations can be moved to
spmd_private.h as they are not needed elsewhere.
Change-Id: Ic6b9a277abe00cb7129f671570abf7255be62dfa
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
The name field of console_info structure was missed
in checksum calculation. This is corrected by adding
a new helper checksum_calc() which computes the
checksum in a field agnostic manner.
Change-Id: I5c39ee43f1fa20872c37846e3feeabd0525a47ae
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Add required SMCs by RMM to push attestation signing requests to EL3
and get responses. EL3 may then choose to push these requests to a HES
as suitable for a platform. This patch also supports the new
RMM_EL3_FEATURES interface, that RMM can use to query for support for
HES based signing. The new interface exposes a feature register with
different bits defining different discoverable features. This new
interface is available starting the 0.4 version of the RMM-EL3
interface, causing the version to bump up. This patch also adds a
platform port for FVP that implements the platform hooks required to
enable the new SMCs, but it does not push to a HES and instead copies a
zeroed buffer in EL3.
Change-Id: I69c110252835122a9533e71bdcce10b5f2a686b2
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>
The digest size in bytes for sha1/256/384/512 were defined in multiple
places. Refactor the macros into a common header file.
Change-Id: I84ef3561486ff70345ae8c871d5d6e1564574ec2
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>
Until now, the attestation token size was limited by the size of the
shared buffer between RMM and TF-A. With this change, RMM can now
request the token in pieces, so they fit in the shared buffer. A new
output parameter was added to the SMC call, which will return (along
with the size of bytes copied into the buffer) the number of bytes
of the token that remain to be retrieved.
TF-A will keep an offset variable that will indicate the position in
the token where the next call will retrieve bytes from. This offset
will be increased on every call by adding the number number of bytes
copied. If the received hash size is not 0, TF-A will reset the
offset to 0 and copy from that position on.
The SMC call will now return at most the size of the shared buffer
in bytes on every call. Therefore, from now on, multiple SMC calls
may be needed to be issued if the token size exceeds the shared
buffer size.
Change-Id: I591f7013d06f64e98afaf9535dbea6f815799723
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>
Move pmf support to vendor-specific EL3 Monitor Service Calls. Remove
pmf call count as it's not supported in vendor-specific el3 as per
SMCCC Documentation 1.5:
https://developer.arm.com/documentation/den0028/latest
Add a deprecation notice to inform PMF is moved from arm-sip range to
vendor-specific EL3 range. PMF support from arm-sip range will be
removed and will not available after TF-A 2.12 release.
Change-Id: Ie1e14aa601d4fc3db352cd5621d842017a18e9ec
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Move debugfs to Vendor-Specific EL3 Monitor Service Calls.
Function Identifier for Vendor-Specific EL3 Monitor Service is '7' and
allocated subranges of Function identifiers to different services are:
0x87000000-0x8700FFFF-SMC32: Vendor-Specific EL3 Monitor Service Calls
0xC7000000-0xC700FFFF-SMC64: Vendor-Specific EL3 Monitor Service Calls
Amend Debugfs FID's to use this range and id.
Add a deprecation notice to inform debugfs moved from arm-sip range to
Vendor-Specific EL3 range. Debugfs support from arm-sip range will be
removed and will not be available after TF-A 2.12 release.
Reference to debugfs component level documentation:
https://trustedfirmware-a.readthedocs.io/en/latest/components/debugfs-design.html#overview
Change-Id: I97a50170178f361f70c95ed0049bc4e278de59d7
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
Add support for vendor-specific el3 service. SMCCC 1.5 introduces
support for vendor-specific EL3 monitor calls.
SMCCC Documentation reference:
https://developer.arm.com/docs/den0028/latest
Change-Id: Id8bc43842eecdb7a8a2ec7f31a631e88fe4fe0b4
Signed-off-by: Govindraj Raja <govindraj.raja@arm.com>
This patch modifies the boot manifest to add console information to
be passed from EL3 to RMM.
Boot manifest version is bumped to v0.3
Signed-off-by: Harry Moulton <harry.moulton@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: Iedc4e640fb7a4450ce5ce966ae76936d1b7b742d
Update all references to DRTM beta0 to be 1.0 instead.
Signed-off-by: Stuart Yoder <stuart.yoder@arm.com>
Change-Id: Ieda70f26f3be42f4705e9b267706674c94f120f2
The DRTM 1.0 spec changed the Firmware hash algorithm field
size from 32-bits to 16-bits.
Signed-off-by: Stuart Yoder <stuart.yoder@arm.com>
Change-Id: I713e32e01b1983bf21d97c93bbb28c77dc94a541
A normal world caller can emit an SMC with the SVE hint bit set such
that the callee can perform an optimization by omitting to save/restore
the SVE context. Update the SPMD to pass this information to the SPMC
when set by the caller in the SMC flags parameter.
For now, restrict this behavior to the SPMC living at S-EL2.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: Icf46eb8a391dd3ddd2ee6aff8581a2f1c8a1c274
The ChromeOS will use the SMC to pass some secrets from firmware to
optee.
Change-Id: Iaf3357d40a7ed22415926acd9d7979df24dd81f1
Signed-off-by: Yi Chou <yich@google.com>
Add handling for FF-A 1.2 FFA_MSG_SEND_DIR_REQ2 interface.
Handler validates security states of sender/receiver pairs
and forwards the call to other world if necessary.
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Change-Id: I02a60362d8d9a50fcc0b6a84753cba274ba5eb1b
Add support for FFA_CONSOLE_LOG in EL3 SPMC,
Disallow forwarding FFA_CONSOLE_LOG across worlds.
Add support for FFA_CONSOLE_LOG in FFA_FEATURES.
Input parameters:
w0/x0 - FFA_CONSOLE_LOG_32/64
w1/x1 - Character count
w2/x2-w7/x7 - 24 or 48 characters depending upon whether a SMC32 or
SMC64 FID was used.
Output parameters in case of success:
w0/x0 - FFA_SUCCESS
Output parameters in case of error:
w0/x0 - FFA_ERROR
w2/x2 - NOT_SUPPORTED: ABI is not implemented
INVALID_PARAMETERS: Parameters are incorrectly encoded
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I004c043729e77d1b9aa396c42d25c73d9268169a
Bump the required FF-A version in framework and manifests to v1.2 as
upstream feature development goes.
Signed-off-by: Kathleen Capella <kathleen.capella@arm.com>
Change-Id: I09d936d4aad89965cfd13f58741d647223b63a34
Secure partition running at SEL0 does not have privilege to modify
translation tables. So it needs SPMC to map the regions for it. Add the
support to request memory map or region info using FF-A interface.
Signed-off-by: Nishant Sharma <nishant.sharma@arm.com>
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Change-Id: I04a97899808bbd45eda24edf7bc74eaef96fb2ce
This patch adds necessary support for RMI_VERSION command.
This patch sets RMI version numbers to 1.0 as per
RMM Specification 1.0-eac5.
Change-Id: If7f88d5b5efa58716752488108fa110fc71ae836
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
This patch adds a basic el3 spmd logical partition to the fvp platform
via a platform specific smc handler. One of the use cases for el3
logical partitions is to have the ability to translate sip calls into
ff-a direct requests via the use of spmd logical partitions. The smc
handler creates a direct request based on the incoming smc parameters
and forwards the call as a direct request from the spmd logical
partition to the target secure partition.
Change-Id: If8ba9aab8203924bd00fc1dcdf9cd05a9a04a147
This patch enables FF-A secure partitions and the SPMC to query EL3 SPMD
logical partitions that are present in the system via partition get info
regs abi. Note that normal world will not be able to see EL3 SPMD
logical partitions as per the spec.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I3fca8aed8ae156a559a74521803324c13ae3d55a
This patch adds support for an EL3 SPMD logical partition to discover
secure partitions using the FFA_PARTITION_INFO_GET_REGS abi. It also
adds helper functions for a logical partition to use the information
returned in registers in a meaningful way.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: Id69488e7367e17e2dfa6c8e332be3c8d41f6c773
Move ffa_partition_info_get definitions from EL3 SPMC private header
files to common header files. The structures are common to FF-A and are
useful for the EL3 SPMD logical partitions.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I19de3f6cb3351afa873022da1397a475a84e3d8b
This patch implements an API that is exposed to SPMD logical partitions
that can be used to send direct messages to a secure partition.
It also adds required code in the SPMD smc handler to complete the
direct response appropriately.
Change-Id: I2d0e38415f13ad4fd28f8984d565036b7d3a9e71
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Add header file to help with creation of SPMD logical partitions. Also
update linker files to create sections to record SPMD logical partitions
declared. This follows the same pattern as the EL3 SPMC's logical
partitions. This patch also adds initialization of SPMD logical
partitions when the SPMD comes up.
ENABLE_SPMD_LP is a build flag that is used to enable support for
SPMD logical partitions.
Note that the approach chosen is to keep SPMD and SPMC logical
partition support separate, as opposed to extend the existing SPMC
logical partition support since the code would need to have a number of
ifdefs and the interactions with various build options such as
SPMC_AT_EL3 needs to be accounted for, which would make code more
complicated.
Signed-off-by: Raghu Krishnamurthy <raghu.ncstate@gmail.com>
Change-Id: I9642ddbf6ea26dd3f4a283baec598d61c07e3661
This patch enables CTX_INCLUDE_PAUTH_REGS for RME builds.
The RMM-EL3 specification is also updated to reflect the changes
and also version of the same is bumped from 0.1 to 0.2.
Signed-off-by: Shruti Gupta <shruti.gupta@arm.com>
Change-Id: I2e96a592d2b75abaee24294240c1727c5ceba420
This patch adds the errata management firmware interface for lower ELs
to discover details about CPU erratum. Based on the CPU erratum
identifier the interface enables the OS to find the mitigation of an
erratum in EL3.
The ABI can only be present in a system that is compliant with SMCCCv1.1
or higher. This implements v1.0 of the errata ABI spec.
For details on all possible return values, refer the design
documentation below:
ABI design documentation:
https://developer.arm.com/documentation/den0100/1-0?lang=en
Signed-off-by: Sona Mathew <SonaRebecca.Mathew@arm.com>
Change-Id: I70f0e2569cf92e6e02ad82e3e77874546232b89a
