Merge pull request #1148 from antonio-nino-diaz-arm/an/spm

Introduce Secure Partition Manager

Makefile

@@ -500,6 +500,7 @@ $(eval $(call add_define,PROGRAMMABLE_RESET_ADDRESS))
 $(eval $(call add_define,PSCI_EXTENDED_STATE_ID))
 $(eval $(call add_define,RESET_TO_BL31))
 $(eval $(call add_define,SEPARATE_CODE_AND_RODATA))
+$(eval $(call add_define,ENABLE_SPM))
 $(eval $(call add_define,SPD_${SPD}))
 $(eval $(call add_define,SPIN_ON_BL1_EXIT))
 $(eval $(call add_define,TRUSTED_BOARD_BOOT))

bl31/bl31.ld.S

@@ -118,6 +118,23 @@ SECTIONS
     ASSERT(__CPU_OPS_END__ > __CPU_OPS_START__,
            "cpu_ops not defined for this platform.")
 
+#if ENABLE_SPM
+    /*
+     * Exception vectors of the SPM shim layer. They must be aligned to a 2K
+     * address, but we need to place them in a separate page so that we can set
+     * individual permissions to them, so the actual alignment needed is 4K.
+     *
+     * There's no need to include this into the RO section of BL31 because it
+     * doesn't need to be accessed by BL31.
+     */
+    spm_shim_exceptions : ALIGN(4096) {
+        __SPM_SHIM_EXCEPTIONS_START__ = .;
+        *(.spm_shim_exceptions)
+        . = NEXT(4096);
+        __SPM_SHIM_EXCEPTIONS_END__ = .;
+    } >RAM
+#endif
+
     /*
      * Define a linker symbol to mark start of the RW memory area for this
      * image.
@@ -202,6 +219,13 @@ SECTIONS
      * the .bss section and eliminates the unecessary zero init
      */
     xlat_table (NOLOAD) : {
+#if ENABLE_SPM
+        __SP_IMAGE_XLAT_TABLES_START__ = .;
+        *secure_partition*.o(xlat_table)
+        /* Make sure that the rest of the page is empty. */
+        . = NEXT(4096);
+        __SP_IMAGE_XLAT_TABLES_END__ = .;
+#endif
         *(xlat_table)
     } >RAM
 

bl31/bl31.mk

@@ -4,6 +4,15 @@
 # SPDX-License-Identifier: BSD-3-Clause
 #
 
+################################################################################
+# Include SPM Makefile
+################################################################################
+ifeq (${ENABLE_SPM},1)
+$(info Including SPM makefile)
+include services/std_svc/spm/spm.mk
+endif
+
+
 include lib/psci/psci_lib.mk
 
 BL31_SOURCES		+=	bl31/bl31_main.c				\
@@ -15,7 +24,9 @@ BL31_SOURCES		+=	bl31/bl31_main.c				\
 				common/runtime_svc.c				\
 				plat/common/aarch64/platform_mp_stack.S		\
 				services/std_svc/std_svc_setup.c		\
-				${PSCI_LIB_SOURCES}
+				${PSCI_LIB_SOURCES}				\
+				${SPM_SOURCES}					\
+
 
 ifeq (${ENABLE_PMF}, 1)
 BL31_SOURCES		+=	lib/pmf/pmf_main.c

docs/spm-user-guide.rst

+ARM Trusted Firmware - SPM User Guide
+=====================================
+
+.. section-numbering::
+    :suffix: .
+
+.. contents::
+
+
+This document briefly presents the Secure Partition Management (SPM) support in
+the Arm Trusted Firmware (TF), specifically focusing on how to build Arm TF with
+SPM support.
+
+Overview of the SPM software stack
+----------------------------------
+
+SPM is supported on the Arm FVP exclusively at the moment.
+
+It is not currently possible for BL31 to integrate SPM support and a Secure
+Payload Dispatcher (SPD) at the same time; they are mutually exclusive. In the
+SPM bootflow, a Secure Partition (SP) image executing at Secure-EL0 replaces the
+Secure Payload image executing at Secure-EL1 (e.g. a Trusted OS). Both are
+referred to as BL32.
+
+A working prototype of a SP has been implemented by repurposing the EDK2 code
+and tools, leveraging the concept of the *Standalone Management Mode (MM)* in
+the UEFI specification (see the PI v1.6 Volume 4: Management Mode Core
+Interface). This will be referred to as the *Standalone MM Secure Partition* in
+the rest of this document.
+
+
+Building TF with SPM support
+----------------------------
+
+To enable SPM support in the TF, the source code must be compiled with the build
+flag ``ENABLE_SPM=1``. On Arm platforms the build option ``ARM_BL31_IN_DRAM``
+can be used to select the location of BL31, both SRAM and DRAM are supported.
+
+
+Using the Standalone MM SP
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+First, build the Standalone MM Secure Partition. To build it, refer to the
+`instructions in the EDK2 repository`_.
+
+Then build TF with SPM support and include the Standalone MM Secure Partition
+image in the FIP:
+
+::
+
+    BL32=path/to/standalone/mm/sp BL33=path/to/bl33.bin \
+    make PLAT=fvp ENABLE_SPM=1 fip all
+
+
+--------------
+
+*Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.*
+
+.. _instructions in the EDK2 repository: https://github.com/tianocore/edk2-staging/blob/AArch64StandaloneMm/HowtoBuild.MD

include/common/aarch64/asm_macros.S

@@ -51,8 +51,8 @@
 	 * so that it inserts illegal AArch64 instructions. This increases
 	 * security, robustness and potentially facilitates debugging.
 	 */
-	.macro vector_base  label
-	.section .vectors, "ax"
+	.macro vector_base  label, section_name=.vectors
+	.section \section_name, "ax"
 	.align 11, 0
 	\label:
 	.endm
@@ -64,9 +64,9 @@
 	 * so that it inserts illegal AArch64 instructions. This increases
 	 * security, robustness and potentially facilitates debugging.
 	 */
-	.macro vector_entry  label
+	.macro vector_entry  label, section_name=.vectors
 	.cfi_sections .debug_frame
-	.section .vectors, "ax"
+	.section \section_name, "ax"
 	.align 7, 0
 	.type \label, %function
 	.func \label

include/common/param_header.h

@@ -8,12 +8,13 @@
 #define __PARAM_HEADER_H__
 
 /* Param header types */
-#define PARAM_EP		0x01
-#define PARAM_IMAGE_BINARY	0x02
-#define PARAM_BL31		0x03
-#define PARAM_BL_LOAD_INFO	0x04
-#define PARAM_BL_PARAMS		0x05
-#define PARAM_PSCI_LIB_ARGS	0x06
+#define PARAM_EP			0x01
+#define PARAM_IMAGE_BINARY		0x02
+#define PARAM_BL31			0x03
+#define PARAM_BL_LOAD_INFO		0x04
+#define PARAM_BL_PARAMS			0x05
+#define PARAM_PSCI_LIB_ARGS		0x06
+#define PARAM_SP_IMAGE_BOOT_INFO	0x07
 
 /* Param header version */
 #define VERSION_1	0x01

include/lib/aarch64/arch.h

@@ -126,6 +126,7 @@
 #define ID_AA64PFR0_GIC_MASK	((U(1) << ID_AA64PFR0_GIC_WIDTH) - 1)
 
 /* ID_AA64MMFR0_EL1 definitions */
+#define ID_AA64MMFR0_EL1_PARANGE_SHIFT	U(0)
 #define ID_AA64MMFR0_EL1_PARANGE_MASK	U(0xf)
 
 #define PARANGE_0000	U(32)
@@ -135,6 +136,21 @@
 #define PARANGE_0100	U(44)
 #define PARANGE_0101	U(48)
 
+#define ID_AA64MMFR0_EL1_TGRAN4_SHIFT		U(28)
+#define ID_AA64MMFR0_EL1_TGRAN4_MASK		U(0xf)
+#define ID_AA64MMFR0_EL1_TGRAN4_SUPPORTED	U(0x0)
+#define ID_AA64MMFR0_EL1_TGRAN4_NOT_SUPPORTED	U(0xf)
+
+#define ID_AA64MMFR0_EL1_TGRAN64_SHIFT		U(24)
+#define ID_AA64MMFR0_EL1_TGRAN64_MASK		U(0xf)
+#define ID_AA64MMFR0_EL1_TGRAN64_SUPPORTED	U(0x0)
+#define ID_AA64MMFR0_EL1_TGRAN64_NOT_SUPPORTED	U(0xf)
+
+#define ID_AA64MMFR0_EL1_TGRAN16_SHIFT		U(20)
+#define ID_AA64MMFR0_EL1_TGRAN16_MASK		U(0xf)
+#define ID_AA64MMFR0_EL1_TGRAN16_SUPPORTED	U(0x1)
+#define ID_AA64MMFR0_EL1_TGRAN16_NOT_SUPPORTED	U(0x0)
+
 /* ID_PFR1_EL1 definitions */
 #define ID_PFR1_VIRTEXT_SHIFT	U(12)
 #define ID_PFR1_VIRTEXT_MASK	U(0xf)
@@ -160,12 +176,25 @@
 #define SCTLR_A_BIT		(U(1) << 1)
 #define SCTLR_C_BIT		(U(1) << 2)
 #define SCTLR_SA_BIT		(U(1) << 3)
+#define SCTLR_SA0_BIT		(U(1) << 4)
 #define SCTLR_CP15BEN_BIT	(U(1) << 5)
+#define SCTLR_ITD_BIT		(U(1) << 7)
+#define SCTLR_SED_BIT		(U(1) << 8)
+#define SCTLR_UMA_BIT		(U(1) << 9)
 #define SCTLR_I_BIT		(U(1) << 12)
+#define SCTLR_V_BIT		(U(1) << 13)
+#define SCTLR_DZE_BIT		(U(1) << 14)
+#define SCTLR_UCT_BIT		(U(1) << 15)
 #define SCTLR_NTWI_BIT		(U(1) << 16)
 #define SCTLR_NTWE_BIT		(U(1) << 18)
 #define SCTLR_WXN_BIT		(U(1) << 19)
+#define SCTLR_UWXN_BIT		(U(1) << 20)
+#define SCTLR_E0E_BIT		(U(1) << 24)
 #define SCTLR_EE_BIT		(U(1) << 25)
+#define SCTLR_UCI_BIT		(U(1) << 26)
+#define SCTLR_TRE_BIT		(U(1) << 28)
+#define SCTLR_AFE_BIT		(U(1) << 29)
+#define SCTLR_TE_BIT		(U(1) << 30)
 #define SCTLR_RESET_VAL		SCTLR_EL3_RES1
 
 /* CPACR_El1 definitions */
@@ -350,6 +379,13 @@
 #define TCR_SH_OUTER_SHAREABLE	(U(0x2) << 12)
 #define TCR_SH_INNER_SHAREABLE	(U(0x3) << 12)
 
+#define TCR_TG0_SHIFT		U(14)
+#define TCR_TG0_MASK		U(3)
+#define TCR_TG0_4K		(ULL(0) << TCR_TG0_SHIFT)
+#define TCR_TG0_64K		(ULL(1) << TCR_TG0_SHIFT)
+#define TCR_TG0_16K		(ULL(2) << TCR_TG0_SHIFT)
+
+#define TCR_EPD0_BIT		(U(1) << 7)
 #define TCR_EPD1_BIT		(U(1) << 23)
 
 #define MODE_SP_SHIFT		U(0x0)

include/lib/xlat_tables/aarch64/xlat_tables_aarch64.h

@@ -15,6 +15,11 @@
 #error "PAGE_SIZE is not defined."
 #endif
 
+/*
+ * Encode a Physical Address Space size for its use in TCR_ELx.
+ */
+unsigned long long tcr_physical_addr_size_bits(unsigned long long max_addr);
+
 /*
  * In AArch64 state, the MMU may support 4 KB, 16 KB and 64 KB page
  * granularity. For 4KB granularity, a level 0 table descriptor doesn't support

include/plat/arm/board/common/board_arm_def.h

@@ -52,7 +52,17 @@
  * They are also used for the dynamically mapped regions in the images that
  * enable dynamic memory mapping.
  */
-#if defined(IMAGE_BL31) || defined(IMAGE_BL32)
+#if defined(IMAGE_BL31)
+# if ENABLE_SPM
+#  define PLAT_ARM_MMAP_ENTRIES		9
+#  define MAX_XLAT_TABLES		7
+#  define PLAT_SP_IMAGE_MMAP_REGIONS	7
+#  define PLAT_SP_IMAGE_MAX_XLAT_TABLES	10
+# else
+#  define PLAT_ARM_MMAP_ENTRIES		7
+#  define MAX_XLAT_TABLES		5
+# endif
+#elif defined(IMAGE_BL32)
 # define PLAT_ARM_MMAP_ENTRIES		7
 # define MAX_XLAT_TABLES		5
 #else
@@ -80,7 +90,11 @@
  * PLAT_ARM_MAX_BL31_SIZE is calculated using the current BL31 debug size plus a
  * little space for growth.
  */
+#if ENABLE_SPM
+#define PLAT_ARM_MAX_BL31_SIZE		0x28000
+#else
 #define PLAT_ARM_MAX_BL31_SIZE		0x1D000
+#endif
 
 #endif /* ARM_BOARD_OPTIMISE_MEM */
 

include/plat/arm/board/common/v2m_def.h

@@ -121,6 +121,11 @@
 						V2M_IOFPGA_SIZE,		\
 						MT_DEVICE | MT_RW | MT_SECURE)
 
+/* Region equivalent to V2M_MAP_IOFPGA suitable for mapping at EL0 */
+#define V2M_MAP_IOFPGA_EL0		MAP_REGION_FLAT(		\
+						V2M_IOFPGA_BASE,	\
+						V2M_IOFPGA_SIZE,	\
+						MT_DEVICE | MT_RW | MT_SECURE | MT_USER)
 
 
 #endif /* __V2M_DEF_H__ */

include/plat/arm/common/arm_def.h

@@ -378,7 +378,13 @@
  * Trusted DRAM (if available) or the DRAM region secured by the TrustZone
  * controller.
  */
-#if ARM_BL31_IN_DRAM
+#if ENABLE_SPM
+# define TSP_SEC_MEM_BASE		(ARM_AP_TZC_DRAM1_BASE + ULL(0x200000))
+# define TSP_SEC_MEM_SIZE		(ARM_AP_TZC_DRAM1_SIZE - ULL(0x200000))
+# define BL32_BASE			(ARM_AP_TZC_DRAM1_BASE + ULL(0x200000))
+# define BL32_LIMIT			(ARM_AP_TZC_DRAM1_BASE +	\
+						ARM_AP_TZC_DRAM1_SIZE)
+#elif ARM_BL31_IN_DRAM
 # define TSP_SEC_MEM_BASE		(ARM_AP_TZC_DRAM1_BASE +	\
 						PLAT_ARM_MAX_BL31_SIZE)
 # define TSP_SEC_MEM_SIZE		(ARM_AP_TZC_DRAM1_SIZE -	\
@@ -409,11 +415,14 @@
 # error "Unsupported ARM_TSP_RAM_LOCATION_ID value"
 #endif
 
-/* BL32 is mandatory in AArch32 */
+/*
+ * BL32 is mandatory in AArch32. In AArch64, undefine BL32_BASE if there is no
+ * SPD and no SPM, as they are the only ones that can be used as BL32.
+ */
 #ifndef AARCH32
-#ifdef SPD_none
-#undef BL32_BASE
-#endif /* SPD_none */
+# if defined(SPD_none) && !ENABLE_SPM
+#  undef BL32_BASE
+# endif
 #endif
 
 /*******************************************************************************

include/plat/arm/common/arm_spm_def.h

+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+#ifndef __ARM_SPM_DEF_H__
+#define __ARM_SPM_DEF_H__
+
+#include <arm_def.h>
+#include <platform_def.h>
+#include <utils_def.h>
+#include <xlat_tables_defs.h>
+
+/*
+ * If BL31 is placed in DRAM, place the Secure Partition in DRAM right after the
+ * region used by BL31. If BL31 it is placed in SRAM, put the Secure Partition
+ * at the base of DRAM.
+ */
+#define ARM_SP_IMAGE_BASE		BL32_BASE
+#define ARM_SP_IMAGE_LIMIT		BL32_LIMIT
+/* The maximum size of the S-EL0 payload can be 3MB */
+#define ARM_SP_IMAGE_SIZE		ULL(0x300000)
+
+#ifdef IMAGE_BL2
+/* SPM Payload memory. Mapped as RW in BL2. */
+#define ARM_SP_IMAGE_MMAP		MAP_REGION_FLAT(			\
+						ARM_SP_IMAGE_BASE,		\
+						ARM_SP_IMAGE_SIZE,		\
+						MT_MEMORY | MT_RW | MT_SECURE)
+#endif
+#ifdef IMAGE_BL31
+/* SPM Payload memory. Mapped as code in S-EL1 */
+#define ARM_SP_IMAGE_MMAP		MAP_REGION2(				\
+						ARM_SP_IMAGE_BASE,		\
+						ARM_SP_IMAGE_BASE,		\
+						ARM_SP_IMAGE_SIZE,		\
+						MT_CODE | MT_SECURE | MT_USER,	\
+						PAGE_SIZE)
+#endif
+
+/*
+ * Memory shared between EL3 and S-EL0. It is used by EL3 to push data into
+ * S-EL0, so it is mapped with RW permission from EL3 and with RO permission
+ * from S-EL0. Placed after SPM Payload memory.
+ */
+#define PLAT_SPM_BUF_BASE		(ARM_SP_IMAGE_BASE + ARM_SP_IMAGE_SIZE)
+#define PLAT_SPM_BUF_SIZE		ULL(0x100000)
+
+#define ARM_SPM_BUF_EL3_MMAP		MAP_REGION_FLAT(			\
+						PLAT_SPM_BUF_BASE,		\
+						PLAT_SPM_BUF_SIZE,		\
+						MT_RW_DATA | MT_SECURE)
+#define ARM_SPM_BUF_EL0_MMAP		MAP_REGION2(			\
+						PLAT_SPM_BUF_BASE,		\
+						PLAT_SPM_BUF_BASE,		\
+						PLAT_SPM_BUF_SIZE,		\
+						MT_RO_DATA | MT_SECURE | MT_USER,\
+						PAGE_SIZE)
+
+/*
+ * Memory shared between Normal world and S-EL0 for passing data during service
+ * requests. Mapped as RW and NS. Placed after the shared memory between EL3 and
+ * S-EL0.
+ */
+#define ARM_SP_IMAGE_NS_BUF_BASE	(PLAT_SPM_BUF_BASE + PLAT_SPM_BUF_SIZE)
+#define ARM_SP_IMAGE_NS_BUF_SIZE	ULL(0x10000)
+#define ARM_SP_IMAGE_NS_BUF_MMAP	MAP_REGION2(				\
+						ARM_SP_IMAGE_NS_BUF_BASE,	\
+						ARM_SP_IMAGE_NS_BUF_BASE,	\
+						ARM_SP_IMAGE_NS_BUF_SIZE,	\
+						MT_RW_DATA | MT_NS | MT_USER,	\
+						PAGE_SIZE)
+
+/*
+ * RW memory, which uses the remaining Trusted DRAM. Placed after the memory
+ * shared between Secure and Non-secure worlds. First there is the stack memory
+ * for all CPUs and then there is the common heap memory. Both are mapped with
+ * RW permissions.
+ */
+#define PLAT_SP_IMAGE_STACK_BASE	(ARM_SP_IMAGE_NS_BUF_BASE +		\
+						ARM_SP_IMAGE_NS_BUF_SIZE)
+#define PLAT_SP_IMAGE_STACK_PCPU_SIZE	ULL(0x2000)
+#define ARM_SP_IMAGE_STACK_TOTAL_SIZE	(PLATFORM_CORE_COUNT *			\
+					 PLAT_SP_IMAGE_STACK_PCPU_SIZE)
+
+#define ARM_SP_IMAGE_HEAP_BASE		(PLAT_SP_IMAGE_STACK_BASE +		\
+					 ARM_SP_IMAGE_STACK_TOTAL_SIZE)
+#define ARM_SP_IMAGE_HEAP_SIZE		(ARM_SP_IMAGE_LIMIT - ARM_SP_IMAGE_HEAP_BASE)
+
+#define ARM_SP_IMAGE_RW_MMAP		MAP_REGION2(				\
+						PLAT_SP_IMAGE_STACK_BASE,	\
+						PLAT_SP_IMAGE_STACK_BASE,	\
+						(ARM_SP_IMAGE_LIMIT -		\
+						 PLAT_SP_IMAGE_STACK_BASE),	\
+						MT_RW_DATA | MT_SECURE | MT_USER,\
+						PAGE_SIZE)
+
+/* Total number of memory regions with distinct properties */
+#define ARM_SP_IMAGE_NUM_MEM_REGIONS	6
+
+/* Cookies passed to the Secure Partition at boot. Not used by ARM platforms. */
+#define PLAT_SPM_COOKIE_0		ULL(0)
+#define PLAT_SPM_COOKIE_1		ULL(0)
+
+#endif /* __ARM_SPM_DEF_H__ */

include/plat/common/platform.h

@@ -23,6 +23,8 @@ struct bl31_params;
 struct image_desc;
 struct bl_load_info;
 struct bl_params;
+struct mmap_region;
+struct secure_partition_boot_info;
 
 /*******************************************************************************
  * plat_get_rotpk_info() flags
@@ -293,6 +295,13 @@ int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
 int plat_set_nv_ctr2(void *cookie, const struct auth_img_desc_s *img_desc,
 		unsigned int nv_ctr);
 
+/*******************************************************************************
+ * Secure Partitions functions
+ ******************************************************************************/
+const struct mmap_region *plat_get_secure_partition_mmap(void *cookie);
+const struct secure_partition_boot_info *plat_get_secure_partition_boot_info(
+		void *cookie);
+
 #if LOAD_IMAGE_V2
 /*******************************************************************************
  * Mandatory BL image load functions(may be overridden).

include/services/secure_partition.h

+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __SECURE_PARTITION_H__
+#define __SECURE_PARTITION_H__
+
+#include <bl_common.h>
+#include <types.h>
+#include <utils_def.h>
+
+/* Linker symbols */
+extern uintptr_t __SP_IMAGE_XLAT_TABLES_START__;
+extern uintptr_t __SP_IMAGE_XLAT_TABLES_END__;
+
+/* Definitions */
+#define SP_IMAGE_XLAT_TABLES_START	\
+	(uintptr_t)(&__SP_IMAGE_XLAT_TABLES_START__)
+#define SP_IMAGE_XLAT_TABLES_END	\
+	(uintptr_t)(&__SP_IMAGE_XLAT_TABLES_END__)
+#define SP_IMAGE_XLAT_TABLES_SIZE	\
+	(SP_IMAGE_XLAT_TABLES_END - SP_IMAGE_XLAT_TABLES_START)
+
+/*
+ * Flags used by the secure_partition_mp_info structure to describe the
+ * characteristics of a cpu. Only a single flag is defined at the moment to
+ * indicate the primary cpu.
+ */
+#define MP_INFO_FLAG_PRIMARY_CPU	U(0x00000001)
+
+/*
+ * This structure is used to provide information required to initialise a S-EL0
+ * partition.
+ */
+typedef struct secure_partition_mp_info {
+	u_register_t		mpidr;
+	unsigned int		linear_id;
+	unsigned int		flags;
+} secure_partition_mp_info_t;
+
+typedef struct secure_partition_boot_info {
+	param_header_t		h;
+	uintptr_t		sp_mem_base;
+	uintptr_t		sp_mem_limit;
+	uintptr_t		sp_image_base;
+	uintptr_t		sp_stack_base;
+	uintptr_t		sp_heap_base;
+	uintptr_t		sp_ns_comm_buf_base;
+	uintptr_t		sp_shared_buf_base;
+	size_t			sp_image_size;
+	size_t			sp_pcpu_stack_size;
+	size_t			sp_heap_size;
+	size_t			sp_ns_comm_buf_size;
+	size_t			sp_shared_buf_size;
+	unsigned int		num_sp_mem_regions;
+	unsigned int		num_cpus;
+	secure_partition_mp_info_t	*mp_info;
+} secure_partition_boot_info_t;
+
+/* Setup function for secure partitions context. */
+
+void secure_partition_setup(void);
+
+#endif /* __SECURE_PARTITION_H__ */

include/services/spm_svc.h

+/*
+ * Copyright (c) 2017, ARM Limited and Contributors. All rights reserved.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+#ifndef __SPM_SVC_H__
+#define __SPM_SVC_H__
+
+#include <utils_def.h>
+
+#define SPM_VERSION_MAJOR	U(0)
+#define SPM_VERSION_MINOR	U(1)
+#define SPM_VERSION_FORM(major, minor)	((major << 16) | (minor))
+#define SPM_VERSION_COMPILED	SPM_VERSION_FORM(SPM_VERSION_MAJOR, SPM_VERSION_MINOR)
+
+#define SP_VERSION_MAJOR	U(1)
+#define SP_VERSION_MINOR	U(0)
+#define SP_VERSION_FORM(major, minor)	((major << 16) | (minor))
+#define SP_VERSION_COMPILED	SP_VERSION_FORM(SP_VERSION_MAJOR, SP_VERSION_MINOR)
+
+/* The macros below are used to identify SPM calls from the SMC function ID */
+#define SPM_FID_MASK			U(0xffff)
+#define SPM_FID_MIN_VALUE		U(0x40)
+#define SPM_FID_MAX_VALUE		U(0x7f)
+#define is_spm_fid(_fid)						\
+		((((_fid) & SPM_FID_MASK) >= SPM_FID_MIN_VALUE) &&	\
+		 (((_fid) & SPM_FID_MASK) <= SPM_FID_MAX_VALUE))
+
+/*
+ * SMC IDs defined for accessing services implemented by the Secure Partition
+ * Manager from the Secure Partition(s). These services enable a partition to
+ * handle delegated events and request privileged operations from the manager.
+ */
+#define SPM_VERSION_AARCH32		U(0x84000060)
+#define SP_EVENT_COMPLETE_AARCH64	U(0xC4000061)
+#define SP_MEM_ATTRIBUTES_GET_AARCH64	U(0xC4000064)
+#define SP_MEM_ATTRIBUTES_SET_AARCH64	U(0xC4000065)
+
+/*
+ * Macros used by SP_MEM_ATTRIBUTES_SET_AARCH64.
+ */
+
+#define SP_MEM_ATTR_ACCESS_NOACCESS	U(0)
+#define SP_MEM_ATTR_ACCESS_RW		U(1)
+/* Value U(2) is reserved. */
+#define SP_MEM_ATTR_ACCESS_RO		U(3)
+#define SP_MEM_ATTR_ACCESS_MASK		U(3)
+#define SP_MEM_ATTR_ACCESS_SHIFT	0
+
+#define SP_MEM_ATTR_EXEC		(U(0) << 2)
+#define SP_MEM_ATTR_NON_EXEC		(U(1) << 2)
+
+/*
+ * SMC IDs defined in [1] for accessing secure partition services from the
+ * Non-secure world. These FIDs occupy the range 0x40 - 0x5f
+ * [1] DEN0060A_ARM_MM_Interface_Specification.pdf
+ */
+#define SP_VERSION_AARCH64		U(0xC4000040)
+#define SP_VERSION_AARCH32		U(0x84000040)
+
+#define SP_COMMUNICATE_AARCH64		U(0xC4000041)
+#define SP_COMMUNICATE_AARCH32		U(0x84000041)
+
+/* SPM error codes. */
+#define SPM_SUCCESS		0
+#define SPM_NOT_SUPPORTED	-1
+#define SPM_INVALID_PARAMETER	-2
+#define SPM_DENIED		-3
+#define SPM_NO_MEMORY		-5
+
+#ifndef __ASSEMBLY__
+
+#include <stdint.h>
+
+int32_t spm_setup(void);
+
+uint64_t spm_smc_handler(uint32_t smc_fid,
+			 uint64_t x1,
+			 uint64_t x2,
+			 uint64_t x3,
+			 uint64_t x4,
+			 void *cookie,
+			 void *handle,
+			 uint64_t flags);
+
+#endif /* __ASSEMBLY__ */
+
+#endif /* __SPM_SVC_H__ */

lib/xlat_tables_v2/aarch64/xlat_tables_arch.c

@@ -16,8 +16,7 @@
 #include <xlat_tables_v2.h>
 #include "../xlat_tables_private.h"
 
-static unsigned long long calc_physical_addr_size_bits(
-					unsigned long long max_addr)
+unsigned long long tcr_physical_addr_size_bits(unsigned long long max_addr)
 {
 	/* Physical address can't exceed 48 bits */
 	assert((max_addr & ADDR_MASK_48_TO_63) == 0);
@@ -252,7 +251,7 @@ void enable_mmu_arch(unsigned int flags,
 	 * It is safer to restrict the max physical address accessible by the
 	 * hardware as much as possible.
 	 */
-	unsigned long long tcr_ps_bits = calc_physical_addr_size_bits(max_pa);
+	unsigned long long tcr_ps_bits = tcr_physical_addr_size_bits(max_pa);
 
 #if IMAGE_EL == 1
 	assert(IS_IN_EL(1));

make_helpers/defaults.mk

@@ -118,6 +118,9 @@ SEPARATE_CODE_AND_RODATA	:= 0
 # SPD choice
 SPD				:= none
 
+# For including the Secure Partition Manager
+ENABLE_SPM			:= 0
+
 # Flag to introduce an infinite loop in BL1 just before it exits into the next
 # image. This is meant to help debugging the post-BL2 phase.
 SPIN_ON_BL1_EXIT		:= 0

plat/arm/board/fvp/fvp_common.c

@@ -6,6 +6,7 @@
 
 #include <arm_config.h>
 #include <arm_def.h>
+#include <arm_spm_def.h>
 #include <assert.h>
 #include <cci.h>
 #include <ccn.h>
@@ -13,6 +14,7 @@
 #include <gicv2.h>
 #include <mmio.h>
 #include <plat_arm.h>
+#include <secure_partition.h>
 #include <v2m_def.h>
 #include "../fvp_def.h"
 
@@ -89,6 +91,9 @@ const mmap_region_t plat_arm_mmap[] = {
 	/* To access the Root of Trust Public Key registers. */
 	MAP_DEVICE2,
 #endif
+#if ENABLE_SPM
+	ARM_SP_IMAGE_MMAP,
+#endif
 #if ARM_BL31_IN_DRAM
 	ARM_MAP_BL31_SEC_DRAM,
 #endif
@@ -114,9 +119,23 @@ const mmap_region_t plat_arm_mmap[] = {
 	MAP_DEVICE0,
 	MAP_DEVICE1,
 	ARM_V2M_MAP_MEM_PROTECT,
+#if ENABLE_SPM
+	ARM_SPM_BUF_EL3_MMAP,
+#endif
+	{0}
+};
+
+#if ENABLE_SPM && defined(IMAGE_BL31)
+const mmap_region_t plat_arm_secure_partition_mmap[] = {
+	V2M_MAP_IOFPGA_EL0, /* for the UART */
+	ARM_SP_IMAGE_MMAP,
+	ARM_SP_IMAGE_NS_BUF_MMAP,
+	ARM_SP_IMAGE_RW_MMAP,
+	ARM_SPM_BUF_EL0_MMAP,
 	{0}
 };
 #endif
+#endif
 #ifdef IMAGE_BL32
 const mmap_region_t plat_arm_mmap[] = {
 #ifdef AARCH32
@@ -156,6 +175,57 @@ static unsigned int get_interconnect_master(void)
 }
 #endif
 
+#if ENABLE_SPM && defined(IMAGE_BL31)
+/*
+ * Boot information passed to a secure partition during initialisation. Linear
+ * indices in MP information will be filled at runtime.
+ */
+static secure_partition_mp_info_t sp_mp_info[] = {
+	[0] = {0x80000000, 0},
+	[1] = {0x80000001, 0},
+	[2] = {0x80000002, 0},
+	[3] = {0x80000003, 0},
+	[4] = {0x80000100, 0},
+	[5] = {0x80000101, 0},
+	[6] = {0x80000102, 0},
+	[7] = {0x80000103, 0},
+};
+
+const secure_partition_boot_info_t plat_arm_secure_partition_boot_info = {
+	.h.type              = PARAM_SP_IMAGE_BOOT_INFO,
+	.h.version           = VERSION_1,
+	.h.size              = sizeof(secure_partition_boot_info_t),
+	.h.attr              = 0,
+	.sp_mem_base         = ARM_SP_IMAGE_BASE,
+	.sp_mem_limit        = ARM_SP_IMAGE_LIMIT,
+	.sp_image_base       = ARM_SP_IMAGE_BASE,
+	.sp_stack_base       = PLAT_SP_IMAGE_STACK_BASE,
+	.sp_heap_base        = ARM_SP_IMAGE_HEAP_BASE,
+	.sp_ns_comm_buf_base = ARM_SP_IMAGE_NS_BUF_BASE,
+	.sp_shared_buf_base  = PLAT_SPM_BUF_BASE,
+	.sp_image_size       = ARM_SP_IMAGE_SIZE,
+	.sp_pcpu_stack_size  = PLAT_SP_IMAGE_STACK_PCPU_SIZE,
+	.sp_heap_size        = ARM_SP_IMAGE_HEAP_SIZE,
+	.sp_ns_comm_buf_size = ARM_SP_IMAGE_NS_BUF_SIZE,
+	.sp_shared_buf_size  = PLAT_SPM_BUF_SIZE,
+	.num_sp_mem_regions  = ARM_SP_IMAGE_NUM_MEM_REGIONS,
+	.num_cpus            = PLATFORM_CORE_COUNT,
+	.mp_info             = &sp_mp_info[0],
+};
+
+const struct mmap_region *plat_get_secure_partition_mmap(void *cookie)
+{
+	return plat_arm_secure_partition_mmap;
+}
+
+const struct secure_partition_boot_info *plat_get_secure_partition_boot_info(
+		void *cookie)
+{
+	return &plat_arm_secure_partition_boot_info;
+}
+
+#endif
+
 /*******************************************************************************
  * A single boot loader stack is expected to work on both the Foundation FVP
  * models and the two flavours of the Base FVP models (AEMv8 & Cortex). The

plat/arm/common/arm_common.c

@@ -11,6 +11,7 @@
 #include <mmio.h>
 #include <plat_arm.h>
 #include <platform_def.h>
+#include <secure_partition.h>
 
 extern const mmap_region_t plat_arm_mmap[];
 
@@ -79,6 +80,14 @@ void arm_setup_page_tables(uintptr_t total_base,
 			MT_DEVICE | MT_RW | MT_SECURE);
 #endif
 
+#if ENABLE_SPM && defined(IMAGE_BL31)
+	/* The address of the following region is calculated by the linker. */
+	mmap_add_region(SP_IMAGE_XLAT_TABLES_START,
+			SP_IMAGE_XLAT_TABLES_START,
+			SP_IMAGE_XLAT_TABLES_SIZE,
+			MT_MEMORY | MT_RW | MT_SECURE);
+#endif
+
 	/* Now (re-)map the platform-specific memory regions */
 	mmap_add(plat_arm_get_mmap());
 

plat/arm/common/arm_tzc400.c

 /*
- * Copyright (c) 2014-2015, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2014-2017, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
 
 #include <arm_def.h>
+#include <arm_spm_def.h>
 #include <debug.h>
 #include <platform_def.h>
 #include <tzc400.h>
@@ -56,9 +57,26 @@ void arm_tzc400_setup(void)
 			ARM_DRAM2_BASE, ARM_DRAM2_END,
 			ARM_TZC_NS_DRAM_S_ACCESS,
 			PLAT_ARM_TZC_NS_DEV_ACCESS);
-#else
+
+#if ENABLE_SPM
+	/*
+	 * Region 4 set to cover Non-Secure access to the communication buffer
+	 * shared with the Secure world.
+	 */
+	tzc400_configure_region(PLAT_ARM_TZC_FILTERS,
+				4,
+				ARM_SP_IMAGE_NS_BUF_BASE,
+				(ARM_SP_IMAGE_NS_BUF_BASE +
+				 ARM_SP_IMAGE_NS_BUF_SIZE) - 1,
+				TZC_REGION_S_NONE,
+				PLAT_ARM_TZC_NS_DEV_ACCESS);
+#endif
+
+#else /* if defined(EL3_PAYLOAD_BASE) */
+
 	/* Allow secure access only to DRAM for EL3 payloads. */
 	tzc400_configure_region0(TZC_REGION_S_RDWR, 0);
+
 #endif /* EL3_PAYLOAD_BASE */
 
 	/*