Skip to content

GitLab

Switch branch/tag
  1. 09 Apr, 2019 1 commit
    • Paul Beesley's avatar
      services/spm: Fix service UUID lookup · 00e51ca3
      Paul Beesley authored 
      

The spm_sp_get_by_uuid() function is used to look up the secure
partition that provides a given service.

Within this function, memcmp() is used to compare the service
UUIDs but it uses the size of the rdsvc->uuid pointer instead of
the size of its content (missing dereference). This means that only
a partial comparison is performed as UUIDs are 128 bits in length and
rdsvc->uuid is a uint32_t typed pointer.

Instead, use the size of the array pointed to by the svc_uuid parameter,
which will be the full 128 bits, for the comparison.

Change-Id: I258fb0cca3bf19f97b8f2a4c133981647cd050e4
Signed-off-by: default avatarPaul Beesley <paul.beesley@arm.com>
      00e51ca3
  3. 03 Apr, 2019 2 commits
    • Antonio Nino Diaz's avatar
      SPM: Refactor xlat context creation · 014df18b
      Antonio Nino Diaz authored 
      

Right now the virtual address space is fixed to
PLAT_VIRT_ADDR_SPACE_SIZE, so all base translation tables are the same
size and need the same alignment. The current code allocates the exact
space needed by this initial table.

However, a following patch is going to allow each partition to choose
the size of its address space based on the memory regions defined in
their resource description, so it isn't possible to determine this at
build time. As this optimization no longer applies, it has to be
removed.

Change-Id: Ia8d19f4981e1017e4ffe0ba136de73d701044cb0
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      014df18b
    • Antonio Nino Diaz's avatar
      SPM: Move shim layer to TTBR1_EL1 · 6de6965b
      Antonio Nino Diaz authored 
      

This gives each Secure Partition complete freedom on its address space.
Previously, the memory used by the exception vectors was reserved and
couldn't be used. Also, it always had to be mapped, forcing SPM to
generate translation tables that included the exception vectors as well
as the Partition memory regions. With this change, partitions can reduce
their address space size easily.

Change-Id: I67fb5e9bdf2870b73347f23bff702fab0a8f8711
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      6de6965b
  5. 01 Apr, 2019 1 commit
    • Ambroise Vincent's avatar
      Remove several warnings reported with W=1 · 609e053c
      Ambroise Vincent authored 
      

Improved support for W=1 compilation flag by solving missing-prototypes
and old-style-definition warnings.

The libraries are compiling with warnings (which turn into errors with
the Werror flag).

Outside of libraries, some warnings cannot be fixed without heavy
structural changes.

Change-Id: I1668cf99123ac4195c2a6a1d48945f7a64c67f16
Signed-off-by: default avatarAmbroise Vincent <ambroise.vincent@arm.com>
      609e053c
  7. 04 Jan, 2019 1 commit
    • Antonio Nino Diaz's avatar
      Sanitise includes across codebase · 09d40e0e
      Antonio Nino Diaz authored 
      Enforce full include path for includes. Deprecate old paths.

The following folders inside include/lib have been left unchanged:

- include/lib/cpus/${ARCH}
- include/lib/el3_runtime/${ARCH}

The reason for this change is that having a global namespace for
includes isn't a good idea. It defeats one of the advantages of having
folders and it introduces problems that are sometimes subtle (because
you may not know the header you are actually including if there are two
of them).

For example, this patch had to be created because two headers were
called the same way: e0ea0928 ("Fix gpio includes of mt8173 platform
to avoid collision."). More recently, this patch has had similar
problems: 46f9b2c3 ("drivers: add tzc380 support").

This problem was introduced in commit 4ecca339

 ("Move include and
source files to logical locations"). At that time, there weren't too
many headers so it wasn't a real issue. However, time has shown that
this creates problems.

Platforms that want to preserve the way they include headers may add the
removed paths to PLAT_INCLUDES, but this is discouraged.

Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      09d40e0e
  9. 11 Dec, 2018 9 commits
  11. 10 Dec, 2018 1 commit
  13. 14 Nov, 2018 1 commit
    • Sughosh Ganu's avatar
      SPM: Raise running priority of the core while in Secure Partition · 6e3bad36
      Sughosh Ganu authored 
      

The current secure partition design mandates that a) at a point, only
a single core can be executing in the secure partition, and b) a core
cannot be preempted by an interrupt while executing in secure
partition.

Ensure this by activating the SPM priority prior to entering the
parition. Deactivate the priority on return from the
partition.

Change-Id: Icb3473496d16b733564592eef06304a1028e4f5c
Signed-off-by: default avatarSughosh Ganu <sughosh.ganu@arm.com>
      6e3bad36
  15. 20 Jun, 2018 1 commit
  17. 15 Jun, 2018 1 commit
  19. 23 May, 2018 5 commits
  21. 17 Apr, 2018 1 commit
  23. 21 Mar, 2018 1 commit
    • Antonio Nino Diaz's avatar
      Rename 'smcc' to 'smccc' · 085e80ec
      Antonio Nino Diaz authored 
      

When the source code says 'SMCC' it is talking about the SMC Calling
Convention. The correct acronym is SMCCC. This affects a few definitions
and file names.

Some files have been renamed (smcc.h, smcc_helpers.h and smcc_macros.S)
but the old files have been kept for compatibility, they include the
new ones with an ERROR_DEPRECATED guard.

Change-Id: I78f94052a502436fdd97ca32c0fe86bd58173f2f
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      085e80ec
  25. 10 Jan, 2018 1 commit
  27. 08 Jan, 2018 2 commits
  29. 12 Dec, 2017 1 commit
    • Sandrine Bailleux's avatar
      SPM: Fix MM_COMMUNICATE_AARCH32/64 parameters · 4d2787ce
      Sandrine Bailleux authored 
      This partially reverts commit d6b532b5

, keeping only the fixes to
the assertions. The changes related to the order of arguments passed
to the secure partition were not correct and violated the
specification of the SP_EVENT_COMPLETE SMC.

This patch also improves the MM_COMMUNICATE argument validation.  The
cookie argument, as it comes from normal world, can't be trusted and thus
needs to always be validated at run time rather than using an assertion.

Also validate the communication buffer address and return
INVALID_PARAMETER if it is zero, as per the MM specification.

Fix a few typos in comments and use the "secure partition" terminology
rather than "secure payload".

Change-Id: Ice6b7b5494b729dd44611f9a93d362c55ab244f7
Signed-off-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
      4d2787ce
  31. 05 Dec, 2017 2 commits
  33. 15 Nov, 2017 1 commit
  35. 08 Nov, 2017 1 commit
    • Antonio Nino Diaz's avatar
      SPM: Introduce Secure Partition Manager · 2fccb228
      Antonio Nino Diaz authored 
      

A Secure Partition is a software execution environment instantiated in
S-EL0 that can be used to implement simple management and security
services. Since S-EL0 is an unprivileged exception level, a Secure
Partition relies on privileged firmware e.g. ARM Trusted Firmware to be
granted access to system and processor resources. Essentially, it is a
software sandbox that runs under the control of privileged software in
the Secure World and accesses the following system resources:

- Memory and device regions in the system address map.
- PE system registers.
- A range of asynchronous exceptions e.g. interrupts.
- A range of synchronous exceptions e.g. SMC function identifiers.

A Secure Partition enables privileged firmware to implement only the
absolutely essential secure services in EL3 and instantiate the rest in
a partition. Since the partition executes in S-EL0, its implementation
cannot be overly complex.

The component in ARM Trusted Firmware responsible for managing a Secure
Partition is called the Secure Partition Manager (SPM). The SPM is
responsible for the following:

- Validating and allocating resources requested by a Secure Partition.
- Implementing a well defined interface that is used for initialising a
  Secure Partition.
- Implementing a well defined interface that is used by the normal world
  and other secure services for accessing the services exported by a
  Secure Partition.
- Implementing a well defined interface that is used by a Secure
  Partition to fulfil service requests.
- Instantiating the software execution environment required by a Secure
  Partition to fulfil a service request.

Change-Id: I6f7862d6bba8732db5b73f54e789d717a35e802f
Co-authored-by: default avatarDouglas Raillard <douglas.raillard@arm.com>
Co-authored-by: default avatarSandrine Bailleux <sandrine.bailleux@arm.com>
Co-authored-by: default avatarAchin Gupta <achin.gupta@arm.com>
Co-authored-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
Signed-off-by: default avatarAntonio Nino Diaz <antonio.ninodiaz@arm.com>
      2fccb228