In the case of a SP pre-empted by a non-secure interrupt, the SPMC
returns to the SPMD through the FFA_INTERRUPT ABI. It is then forwarded
to the normal world driver hinting the SP has to be resumed after the
non-secure interrupt has been serviced.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I51a694dddcb8ea30fa84e1f11d018bc2abec0a56
The current SPM_MM implementations expects the SP image addresses
as static macros. This means platforms wanting to use dynamically
allocated memory addresses are left out. This patch gets sp_boot_info
at the beginning of spm_sp_setup function and uses member variables
of sp_boot_info to setup the context. So member variables of
struct sp_boot_info and consequently the context can be initialized
by static macros or dynamiclly allocated memory address..
Change-Id: I1cb75190ab8026b845ae20a9c6cc416945b5d7b9
Signed-off-by: Mayur Gudmeti <mgudmeti@nvidia.com>
FF-A specification states that error codes should be typed int32_t.
SPMD's uses uint64_t for return values, which if assigned with a signed
type would have sign extension, and change the size of the return from
32-bit to 64-bit.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I288ab2ffec8330a2fe1f21df14e22c34bd83ced3
Typically, interrupts for a specific security state get handled in the
same security execption level if the execution is in the same security
state. For example, if a non-secure interrupt gets fired when CPU is
executing in NS-EL2 it gets handled in the non-secure world.
However, interrupts belonging to the opposite security state typically
demand a world(context) switch. This is inline with the security
principle which states a secure interrupt has to be handled in the
secure world. Hence, the TSPD in EL3 expects the context(handle) for a
secure interrupt to be non-secure and vice versa.
The function "tspd_sel1_interrupt_handler" is the handler registered
for S-EL1 interrupts by the TSPD. Based on the above assumption, it
provides an assertion to validate if the interrupt originated from
non-secure world and upon success arranges entry into the TSP at
'tsp_sel1_intr_entry' for handling the interrupt.
However, a race condition between non-secure and secure interrupts can
lead to a scenario where the above assumptions do not hold true and
further leading to following assert fail.
This patch fixes the bug which causes this assert fail:
ASSERT: services/spd/tspd/tspd_main.c:105
BACKTRACE: START: assert
0: EL3: 0x400c128
1: EL3: 0x400faf8
2: EL3: 0x40099a4
3: EL3: 0x4010d54
BACKTRACE: END: assert
Change-Id: I359d30fb5dbb1429a4a3c3fff37fdc64c07e9414
Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Add a lock and spin lock/unlock calls when accessing the fields of the
SPMD PM structure.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I9bab705564dc1ba003c29512b1f9be5f126fbb0d
Remove the former impdef SPMD service for SPMC entry point
registration. Replace with FFA_SECONDARY_EP_REGISTER ABI
providing a single entry point address into the SPMC for
primary and secondary cold boot.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I067adeec25fc12cdae90c15a616903b4ac4d4d83
when updata routing of an SDEI event, if the registration flags
is SDEI_REGF_RM_PE, need to updata the affinity of shared event.
Signed-off-by: Tony Xie <tony.xie@rock-chips.com>
Change-Id: Ie5d7cc4199253f6af1c28b407f712caac3092d06
The code to check for the presence of the TRNG service relies on
toolchain garbage collection, which is not enabled with -O0.
Add #ifdef guards around the call to the TRNG service handler to
cover builds without optimisation as well.
Change-Id: I08ece2005ea1c8fa96afa13904a851dec6b24216
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This adds the TRNG Firmware Interface Service to the standard
service dispatcher. This includes a method for dispatching entropy
requests to platforms and includes an entropy pool implementation to
avoid dropping any entropy requested from the platform.
Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9
Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com>
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
This patch provides the changes listed below:
- Adds new bit fields definitions for SCTLR_EL1/2 registers
- Corrects the name of SCTLR_EL1/2.[20] bit field from
SCTLR_UWXN_BIT to SCTLR_TSCXT_BIT
- Adds FEAT_PANx bit field definitions and their possible
values for ID_AA64MMFR1_EL1 register.
- Adds setting of SCTLR_EL1.SPAN bit to preserve PSTATE.PAN
on taking an exception to EL1 in spm_sp_setup() function
(services\std_svc\spm_mm\spm_mm_setup.c)
Change-Id: If51f20e7995c649126a7728a4d0867041fdade19
Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
With -Wsign-compare, compilers issue a warning in the SPMD code:
====================
services/std_svc/spmd/spmd_pm.c:35:22: error: comparison of integer
expressions of different signedness: 'int' and 'unsigned int'
[-Werror=sign-compare]
35 | if ((id < 0) || (id >= PLATFORM_CORE_COUNT)) {
| ^~
cc1: all warnings being treated as errors
====================
Since we just established that "id" is positive, we can safely cast it
to an unsigned type to make the comparison have matching types.
Change-Id: I6ef24804c88136d7e3f15de008e4fea854f10ffe
Signed-off-by: Andre Przywara <andre.przywara@arm.com>
spmd_get_context_by_mpidr was using potentially negative value as an
array index. plat_core_pos_by_mpidr could return -1 on failure which is
utilized by some platforms.
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I7f8827e77f18da389c9cafdc1fc841aba9f03120
This patch removes the assert that expects the SPMC PC
value to be same as BL32_BASE. This assumption is not
true for all platforms e.g. Tegra, and so will be removed
from the SPMD.
Platforms can always add this check to the platform files,
if required.
Change-Id: Ic40620b43d160feb4f72f4af18e6d01861d4bf37
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
This patch implements support for the 64-bit and 32-bit versions of
0xBF00FF01 SMC function ID, as documented by the SMCCC, to allow
non-secure world clients to query SPD's UUID.
In order to service this FID, the Trusty SPD now increases the range
of SMCs that it services. To restrict Trusty from receiving the extra
SMC FIDs, this patch drops any unsupported FID.
Verified with TFTF tests for UID query and internal gtest for Trusty.
Change-Id: If96fe4993f7e641595cfe67cc6b4210a0d52403f
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Define SPMD PM hooks for warm boot and off events. svc_on_finish handler
enters the SPMC at the entry point defined by the secondary EP register
service. The svc_off handler notifies the SPMC that a physical core is
being turned off through a notification message.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I2609a75a0c6ffb9f6313fc09553be2b29a41de59
Upon booting, the SPMC running on the primary core shall register the
secondary core entry points to which a given secondary core being woken
up shall jump to into the SPMC . The current implementation assumes the
SPMC calls a registering service implemented in the SPMD for each core
identified by its MPIDR. This can typically happen in a simple loop
implemented in the early SPMC initialization routines by passing each
core identifier associated with an entry point address and context
information.
This service is implemented on top of a more generic SPMC<=>SPMD
interface using direct request/response message passing as defined by
the FF-A specification.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: I1f70163b6b5cee0880bd2004e1fec41e3780ba35
FF-A interface to handle SPMC to SPMD direct messages requests.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Change-Id: Ia707a308c55561a31dcfa86e554ea1c9e23f862a
This patch defines and registers the SPMD PM handler hooks.
This is intended to relay boot and PM events to the SPMC.
Change-Id: If5a758d22b8d2152cbbb83a0cad563b5e1c6bd49
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
This patch adds SPMC states used by the SPMD to track SPMC boot phases
specifically on secondary cores.
Change-Id: If97af7352dda7f04a8e46a56892a2aeddcfab91b
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
This patch provides a helper to get the entry_point_info
structure used by the boot CPU as it is used to initialise
the SPMC context on secondary CPUs.
Change-Id: I99087dc7a86a7258e545d24a2ff06aa25170f00c
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
In case of AT speculative workaround applied, page table walk
is disabled for lower ELs (EL1 and EL0) in EL3.
Hence added a wrapper function which temporarily enables page
table walk to execute AT instruction for lower ELs and then
disables page table walk.
Execute AT instructions directly for lower ELs (EL1 and EL0)
assuming page table walk is enabled always when AT speculative
workaround is not applied.
Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Currently, 'SMCCC_ARCH_FEATURES' SMC call handler unconditionally
returns 'SMC_OK' for 'SMCCC_ARCH_SOC_ID' function. This seems to
be not correct for the platform which doesn't implement soc-id
functionality i.e. functions to retrieve both soc-version and
soc-revision.
Hence introduced a platform function which will check whether SMCCC
feature is available for the platform.
Also, updated porting guide for the newly added platform function.
Change-Id: I389f0ef6b0837bb24c712aa995b7176117bc7961
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change handler of FFA version interface:
- Return SPMD's version if the origin of the call is secure;
- Return SPMC's version if origin is non-secure.
Signed-off-by: J-Alves <joao.alves@arm.com>
Change-Id: I0d1554da79b72b1e02da6cc363a2288119c32f44
Core spm_mm code expects the translation tables are located in the
inner & outer WBWA & shareable memory.
REGISTER_XLAT_CONTEXT2 macro is used to specify the translation
table section in spm_mm.
In the commit 363830df1c (xlat_tables_v2: merge
REGISTER_XLAT_CONTEXT_{FULL_SPEC,RO_BASE_TABLE}), REGISTER_XLAT_CONTEXT2
macro explicitly specifies the base xlat table goes into .bss by default.
This change affects the existing SynQuacer spm_mm implementation.
plat/socionext/synquacer/include/plat.ld.S linker script intends to
locate ".bss.sp_base_xlat_table" into "sp_xlat_table" section,
but this implementation is no longer available.
This patch adds the base table section name parameter for
REGISTER_XLAT_CONTEXT2 so that platform can specify the
inner & outer WBWA & shareable memory for spm_mm base xlat table.
If PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME is not defined, base xlat table
goes into .bss by default, the result is same as before.
Change-Id: Ie0e1a235e5bd4288dc376f582d6c44c5df6d31b2
Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
SPCI is renamed as PSA FF-A which stands for Platform Security
Architecture Firmware Framework for A class processors.
This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
or simply FFA(in code).
Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
Signed-off-by: J-Alves <joao.alves@arm.com>
This patch introduces dynamic configuration for SDEI setup and is supported
when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays
and processing the configuration at compile time, the config is moved to
dts files. It will be retrieved at runtime during SDEI init, using the fconf
layer.
Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
Currently BL2 passes TOS_FW_CONFIG address and size through registers to
BL31. This corresponds to SPMC manifest load address and size. The SPMC
manifest is mapped in BL31 by dynamic mapping. This patch removes BL2
changes from generic code (which were enclosed by SPD=spmd) and retrieves
SPMC manifest size directly from within SPMD. The SPMC manifest load
address is still passed through a register by generic code.
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I35c5abd95c616ae25677302f0b1d0c45c51c042f
As a follow-up to bdd2596d4, and related to SPM Dispatcher
EL3 component and SPM Core S-EL2/S-EL1 component: update
with cosmetic and coding rules changes. In addition:
-Add Armv8.4-SecEL2 arch detection helper.
-Add an SPMC context (on current core) get helper.
-Return more meaningful error return codes.
-Remove complexity in few spmd_smc_handler switch-cases.
-Remove unused defines and structures from spmd_private.h
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Change-Id: I99e642450b0dafb19d3218a2f0e2d3107e8ca3fe
Commit 0e753437e7 ("Implement SMCCC_ARCH_SOC_ID SMC call") executes
and return the result of SMCCC_ARCH_SOC_ID(soc_id_type) to the
SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) itself. Moreover it expect to
pass soc_id_type for SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) which is
incorrect.
Fix the implementation by returning SMC_OK for
SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) always and move the current
implementation under "smccc_arch_id" function which gets called from
SMC handler on receiving "SMCCC_ARCH_SOC_ID" command.
This change is tested over linux operating system
Change-Id: I61a980045081eae786b907d408767ba9ecec3468
Signed-off-by: Sudeep Holla <sudeep.holla@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This patch adds support to handle following TLK SMCs:
{TLK_SET_BL_VERSION, TLK_LOCK_BL_INTERFACE, TLK_BL_RPMB_SERVICE}
These SMCs need to be supported in ATF in order to forward them to
TLK. Otherwise, these functionalities won't work.
Brief:
TLK_SET_BL_VERSION: This SMC is issued by the bootloader to supply its
version to TLK. TLK can use this to prevent rollback attacks.
TLK_LOCK_BL_INTERFACE: This SMC is issued by bootloader before handing off
execution to the OS. This allows preventing sensitive SMCs being used
by the OS.
TLK_BL_RPMB_SERVICE: bootloader issues this SMC to sign or verify RPMB
frames.
Tested by: Tests TLK can receive the new SMCs issued by bootloader
Change-Id: I57c2d189a5f7a77cea26c3f8921866f2a6f0f944
Signed-off-by: Mustafa Yigit Bilgen <mbilgen@nvidia.com>
TLK does not participate in the system off/reset process and so
has no use for the SYSTEM_OFF/RESET notifications.
This patch removes the system off/reset handlers as a result.
Change-Id: Icf1430b1400cea88000e6d54426eb604a43cbe6c
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Platforms that do not support Trusty, usually see error
messages from the Trusty SPD, during boot. This can be
interpreted as a boot failure.
This patch lowers the logging level for those error messages
to avoid confusion.
Change-Id: I931baa2c6db0de1aee17383039bc29ed229a1f25
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Implemented SMCCC_ARCH_SOC_ID call in order to get below
SOC information:
1. SOC revision
2. SOC version
Implementation done using below SMCCC specification document:
https://developer.arm.com/docs/den0028/c
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: Ie0595f1c345a6429a6fb4a7f05534a0ca9c9a48b
This patch introduces the `SPCI_ID_GET` interface which will return the
ID of the calling SPCI component. Returns 0 for requests from the
non-secure world and the SPCI component ID as specified in the manifest
for secure world requests.
Change-Id: Icf81eb1d0e1d7d5c521571e04972b6e2d356e0d1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
This patch adds an interrupt handler for TLK. On receiving an
interrupt, the source of the interrupt is determined and the
interrupt is marked complete. The IRQ number is passed to
TLK along with a special SMC function ID. TLK issues an SMC
to notify completion of the interrupt handler in the S-EL1
world.
Change-Id: I76f28cee6537245c5e448d2078f86312219cea1a
Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
Added SPMD_SPM_AT_SEL2 build command line parameter.
Set to 1 to run SPM at S-EL2.
Set to 0 to run SPM at S-EL1 (pre-v8.4 or S-EL2 is disabled).
Removed runtime EL from SPM core manifest.
Change-Id: Icb4f5ea4c800f266880db1d410d63fe27a1171c0
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
This patch adds EL2 registers that are supported up to ARMv8.6.
ARM_ARCH_MINOR has to specified to enable save/restore routine.
Note: Following registers are still not covered in save/restore.
* AMEVCNTVOFF0<n>_EL2
* AMEVCNTVOFF1<n>_EL2
* ICH_AP0R<n>_EL2
* ICH_AP1R<n>_EL2
* ICH_LR<n>_EL2
Change-Id: I4813f3243e56e21cb297b31ef549a4b38d4876e1
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
NOTE: Not all EL-2 system registers are saved/restored.
This subset includes registers recognized by ARMv8.0
Change-Id: I9993c7d78d8f5f8e72d1c6c8d6fd871283aa3ce0
Signed-off-by: Jose Marinho <jose.marinho@arm.com>
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Artsem Artsemenka <artsem.artsemenka@arm.com>
Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
Removed duplicate error code present for SMCCC and used
proper error code for "SMCCC_ARCH_WORKAROUND_2" call.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I76fc7c88095f78a7e2c3d205838f8eaf3132ed5c