1. 20 Apr, 2021 1 commit
    • Olivier Deprez's avatar
      spmd: add FFA_INTERRUPT forwarding · 386dc365
      Olivier Deprez authored
      
      
      In the case of a SP pre-empted by a non-secure interrupt, the SPMC
      returns to the SPMD through the FFA_INTERRUPT ABI. It is then forwarded
      to the normal world driver hinting the SP has to be resumed after the
      non-secure interrupt has been serviced.
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: I51a694dddcb8ea30fa84e1f11d018bc2abec0a56
      386dc365
  2. 19 Apr, 2021 1 commit
    • Mayur Gudmeti's avatar
      services: spm_mm: Use sp_boot_info to set SP context · 21583a31
      Mayur Gudmeti authored
      
      
      The current SPM_MM implementations expects the SP image addresses
      as static macros. This means platforms wanting to use dynamically
      allocated memory addresses are left out. This patch gets sp_boot_info
      at the beginning of spm_sp_setup function and uses member variables
      of sp_boot_info to setup the context. So member variables of
      struct sp_boot_info and consequently the context can be initialized
      by static macros or dynamiclly allocated memory address..
      
      Change-Id: I1cb75190ab8026b845ae20a9c6cc416945b5d7b9
      Signed-off-by: default avatarMayur Gudmeti <mgudmeti@nvidia.com>
      21583a31
  3. 19 Mar, 2021 1 commit
    • J-Alves's avatar
      SPM: Fix error codes size in SPMD handler · e46b2fd2
      J-Alves authored
      
      
      FF-A specification states that error codes should be typed int32_t.
      SPMD's uses uint64_t for return values, which if assigned with a signed
      type would have sign extension, and change the size of the return from
      32-bit to 64-bit.
      Signed-off-by: default avatarJ-Alves <joao.alves@arm.com>
      Change-Id: I288ab2ffec8330a2fe1f21df14e22c34bd83ced3
      e46b2fd2
  4. 18 Mar, 2021 1 commit
    • Madhukar Pappireddy's avatar
      Bug fix in tspd interrupt handling when TSP_NS_INTR_ASYNC_PREEMPT is enabled · 51bb1d73
      Madhukar Pappireddy authored
      
      
      Typically, interrupts for a specific security state get handled in the
      same security execption level if the execution is in the same security
      state. For example, if a non-secure interrupt gets fired when CPU is
      executing in NS-EL2 it gets handled in the non-secure world.
      
      However, interrupts belonging to the opposite security state typically
      demand a world(context) switch. This is inline with the security
      principle which states a secure interrupt has to be handled in the
      secure world. Hence, the TSPD in EL3 expects the context(handle) for a
      secure interrupt to be non-secure and vice versa.
      
      The function "tspd_sel1_interrupt_handler" is the handler registered
      for S-EL1 interrupts by the TSPD. Based on the above assumption, it
      provides an assertion to validate if the interrupt originated from
      non-secure world and upon success arranges entry into the TSP at
      'tsp_sel1_intr_entry' for handling the interrupt.
      
      However, a race condition between non-secure and secure interrupts can
      lead to a scenario where the above assumptions do not hold true and
      further leading to following assert fail.
      
      This patch fixes the bug which causes this assert fail:
      
      	ASSERT: services/spd/tspd/tspd_main.c:105
      	BACKTRACE: START: assert
      	0: EL3: 0x400c128
      	1: EL3: 0x400faf8
      	2: EL3: 0x40099a4
      	3: EL3: 0x4010d54
      	BACKTRACE: END: assert
      
      Change-Id: I359d30fb5dbb1429a4a3c3fff37fdc64c07e9414
      Signed-off-by: default avatarMadhukar Pappireddy <madhukar.pappireddy@arm.com>
      51bb1d73
  5. 15 Mar, 2021 2 commits
  6. 05 Mar, 2021 1 commit
  7. 18 Feb, 2021 1 commit
  8. 12 Feb, 2021 1 commit
  9. 10 Feb, 2021 1 commit
    • Andre Przywara's avatar
      services: TRNG: Fix -O0 compilation · 323b6c63
      Andre Przywara authored
      
      
      The code to check for the presence of the TRNG service relies on
      toolchain garbage collection, which is not enabled with -O0.
      
      Add #ifdef guards around the call to the TRNG service handler to
      cover builds without optimisation as well.
      
      Change-Id: I08ece2005ea1c8fa96afa13904a851dec6b24216
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      323b6c63
  10. 05 Feb, 2021 1 commit
  11. 30 Nov, 2020 1 commit
    • Alexei Fedorov's avatar
      Aarch64: Add support for FEAT_PANx extensions · a83103c8
      Alexei Fedorov authored
      
      
      This patch provides the changes listed below:
      - Adds new bit fields definitions for SCTLR_EL1/2 registers
      - Corrects the name of SCTLR_EL1/2.[20] bit field from
      SCTLR_UWXN_BIT to SCTLR_TSCXT_BIT
      - Adds FEAT_PANx bit field definitions and their possible
      values for ID_AA64MMFR1_EL1 register.
      - Adds setting of SCTLR_EL1.SPAN bit to preserve PSTATE.PAN
      on taking an exception to EL1 in spm_sp_setup() function
      (services\std_svc\spm_mm\spm_mm_setup.c)
      
      Change-Id: If51f20e7995c649126a7728a4d0867041fdade19
      Signed-off-by: default avatarAlexei Fedorov <Alexei.Fedorov@arm.com>
      a83103c8
  12. 02 Oct, 2020 1 commit
    • Andre Przywara's avatar
      spmd: Fix signedness comparison warning · 6e4da01f
      Andre Przywara authored
      
      
      With -Wsign-compare, compilers issue a warning in the SPMD code:
      ====================
      services/std_svc/spmd/spmd_pm.c:35:22: error: comparison of integer
      expressions of different signedness: 'int' and 'unsigned int'
      [-Werror=sign-compare]
         35 |  if ((id < 0) || (id >= PLATFORM_CORE_COUNT)) {
            |                      ^~
      cc1: all warnings being treated as errors
      ====================
      
      Since we just established that "id" is positive, we can safely cast it
      to an unsigned type to make the comparison have matching types.
      
      Change-Id: I6ef24804c88136d7e3f15de008e4fea854f10ffe
      Signed-off-by: default avatarAndre Przywara <andre.przywara@arm.com>
      6e4da01f
  13. 07 Sep, 2020 1 commit
  14. 01 Sep, 2020 1 commit
    • Varun Wadekar's avatar
      spmd: remove assert for SPMC PC value · 75e1dfa0
      Varun Wadekar authored
      
      
      This patch removes the assert that expects the SPMC PC
      value to be same as BL32_BASE. This assumption is not
      true for all platforms e.g. Tegra, and so will be removed
      from the SPMD.
      
      Platforms can always add this check to the platform files,
      if required.
      
      Change-Id: Ic40620b43d160feb4f72f4af18e6d01861d4bf37
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      75e1dfa0
  15. 31 Aug, 2020 1 commit
    • Varun Wadekar's avatar
      spd: trusty: allow clients to retrieve service UUID · fc198188
      Varun Wadekar authored
      
      
      This patch implements support for the 64-bit and 32-bit versions of
      0xBF00FF01 SMC function ID, as documented by the SMCCC, to allow
      non-secure world clients to query SPD's UUID.
      
      In order to service this FID, the Trusty SPD now increases the range
      of SMCs that it services. To restrict Trusty from receiving the extra
      SMC FIDs, this patch drops any unsupported FID.
      
      Verified with TFTF tests for UID query and internal gtest for Trusty.
      
      Change-Id: If96fe4993f7e641595cfe67cc6b4210a0d52403f
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      fc198188
  16. 21 Aug, 2020 1 commit
  17. 20 Aug, 2020 8 commits
  18. 18 Aug, 2020 1 commit
    • Manish V Badarkhe's avatar
      Add wrapper for AT instruction · 86ba5853
      Manish V Badarkhe authored
      
      
      In case of AT speculative workaround applied, page table walk
      is disabled for lower ELs (EL1 and EL0) in EL3.
      Hence added a wrapper function which temporarily enables page
      table walk to execute AT instruction for lower ELs and then
      disables page table walk.
      
      Execute AT instructions directly for lower ELs (EL1 and EL0)
      assuming page table walk is enabled always when AT speculative
      workaround is not applied.
      
      Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      86ba5853
  19. 26 Jul, 2020 1 commit
    • Manish V Badarkhe's avatar
      SMCCC: Introduce function to check SMCCC function availability · 6f0a2f04
      Manish V Badarkhe authored
      
      
      Currently, 'SMCCC_ARCH_FEATURES' SMC call handler unconditionally
      returns 'SMC_OK' for 'SMCCC_ARCH_SOC_ID' function. This seems to
      be not correct for the platform which doesn't implement soc-id
      functionality i.e. functions to retrieve both soc-version and
      soc-revision.
      Hence introduced a platform function which will check whether SMCCC
      feature is available for the platform.
      
      Also, updated porting guide for the newly added platform function.
      
      Change-Id: I389f0ef6b0837bb24c712aa995b7176117bc7961
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      6f0a2f04
  20. 23 Jun, 2020 1 commit
    • J-Alves's avatar
      FFA Version interface update · 4388f28f
      J-Alves authored
      
      
      Change handler of FFA version interface:
      - Return SPMD's version if the origin of the call is secure;
      - Return SPMC's version if origin is non-secure.
      Signed-off-by: default avatarJ-Alves <joao.alves@arm.com>
      Change-Id: I0d1554da79b72b1e02da6cc363a2288119c32f44
      4388f28f
  21. 02 Jun, 2020 1 commit
    • Masahisa Kojima's avatar
      xlat_tables_v2: add base table section name parameter for spm_mm · 0922e481
      Masahisa Kojima authored
      Core spm_mm code expects the translation tables are located in the
      inner & outer WBWA & shareable memory.
      REGISTER_XLAT_CONTEXT2 macro is used to specify the translation
      table section in spm_mm.
      
      In the commit 363830df
      
       (xlat_tables_v2: merge
      REGISTER_XLAT_CONTEXT_{FULL_SPEC,RO_BASE_TABLE}), REGISTER_XLAT_CONTEXT2
      macro explicitly specifies the base xlat table goes into .bss by default.
      This change affects the existing SynQuacer spm_mm implementation.
      plat/socionext/synquacer/include/plat.ld.S linker script intends to
      locate ".bss.sp_base_xlat_table" into "sp_xlat_table" section,
      but this implementation is no longer available.
      
      This patch adds the base table section name parameter for
      REGISTER_XLAT_CONTEXT2 so that platform can specify the
      inner & outer WBWA & shareable memory for spm_mm base xlat table.
      If PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME is not defined, base xlat table
      goes into .bss by default, the result is same as before.
      
      Change-Id: Ie0e1a235e5bd4288dc376f582d6c44c5df6d31b2
      Signed-off-by: default avatarMasahisa Kojima <masahisa.kojima@linaro.org>
      0922e481
  22. 25 May, 2020 1 commit
    • J-Alves's avatar
      SPCI is now called PSA FF-A · 662af36d
      J-Alves authored
      
      
      SPCI is renamed as PSA FF-A which stands for Platform Security
      Architecture Firmware Framework for A class processors.
      This patch replaces the occurrence of SPCI with PSA FF-A(in documents)
      or simply FFA(in code).
      
      Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760
      Signed-off-by: default avatarJ-Alves <joao.alves@arm.com>
      662af36d
  23. 15 May, 2020 1 commit
  24. 13 May, 2020 2 commits
    • Olivier Deprez's avatar
      SPMD: extract SPMC DTB header size from SPMD · 23d5ba86
      Olivier Deprez authored
      
      
      Currently BL2 passes TOS_FW_CONFIG address and size through registers to
      BL31. This corresponds to SPMC manifest load address and size. The SPMC
      manifest is mapped in BL31 by dynamic mapping. This patch removes BL2
      changes from generic code (which were enclosed by SPD=spmd) and retrieves
      SPMC manifest size directly from within SPMD. The SPMC manifest load
      address is still passed through a register by generic code.
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: I35c5abd95c616ae25677302f0b1d0c45c51c042f
      23d5ba86
    • Olivier Deprez's avatar
      SPMD: code/comments cleanup · 52696946
      Olivier Deprez authored
      As a follow-up to bdd2596d
      
      , and related to SPM Dispatcher
      EL3 component and SPM Core S-EL2/S-EL1 component: update
      with cosmetic and coding rules changes. In addition:
      -Add Armv8.4-SecEL2 arch detection helper.
      -Add an SPMC context (on current core) get helper.
      -Return more meaningful error return codes.
      -Remove complexity in few spmd_smc_handler switch-cases.
      -Remove unused defines and structures from spmd_private.h
      Signed-off-by: default avatarOlivier Deprez <olivier.deprez@arm.com>
      Change-Id: I99e642450b0dafb19d3218a2f0e2d3107e8ca3fe
      52696946
  25. 05 May, 2020 1 commit
    • Manish V Badarkhe's avatar
      Fix SMCCC_ARCH_SOC_ID implementation · a718c3d6
      Manish V Badarkhe authored
      Commit 0e753437
      
       ("Implement SMCCC_ARCH_SOC_ID SMC call") executes
      and return the result of SMCCC_ARCH_SOC_ID(soc_id_type) to the
      SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) itself. Moreover it expect to
      pass soc_id_type for SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) which is
      incorrect.
      
      Fix the implementation by returning SMC_OK for
      SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) always and move the current
      implementation under "smccc_arch_id" function which gets called from
      SMC handler on receiving "SMCCC_ARCH_SOC_ID" command.
      
      This change is tested over linux operating system
      
      Change-Id: I61a980045081eae786b907d408767ba9ecec3468
      Signed-off-by: default avatarSudeep Holla <sudeep.holla@arm.com>
      Signed-off-by: default avatarManish V Badarkhe <Manish.Badarkhe@arm.com>
      a718c3d6
  26. 22 Mar, 2020 1 commit
    • Mustafa Yigit Bilgen's avatar
      spd: tlkd: support new TLK SMCs for RPMB service · bd0c2f8d
      Mustafa Yigit Bilgen authored
      
      
      This patch adds support to handle following TLK SMCs:
      {TLK_SET_BL_VERSION, TLK_LOCK_BL_INTERFACE, TLK_BL_RPMB_SERVICE}
      
      These SMCs need to be supported in ATF in order to forward them to
      TLK. Otherwise, these functionalities won't work.
      
      Brief:
      TLK_SET_BL_VERSION: This SMC is issued by the bootloader to supply its
      version to TLK. TLK can use this to prevent rollback attacks.
      
      TLK_LOCK_BL_INTERFACE: This SMC is issued by bootloader before handing off
      execution to the OS. This allows preventing sensitive SMCs being used
      by the OS.
      
      TLK_BL_RPMB_SERVICE: bootloader issues this SMC to sign or verify RPMB
      frames.
      
      Tested by: Tests TLK can receive the new SMCs issued by bootloader
      
      Change-Id: I57c2d189a5f7a77cea26c3f8921866f2a6f0f944
      Signed-off-by: default avatarMustafa Yigit Bilgen <mbilgen@nvidia.com>
      bd0c2f8d
  27. 19 Mar, 2020 2 commits
  28. 17 Mar, 2020 1 commit
  29. 12 Mar, 2020 1 commit
  30. 11 Mar, 2020 1 commit
    • Varun Wadekar's avatar
      spd: tlkd: secure timer interrupt handler · d205cda6
      Varun Wadekar authored
      
      
      This patch adds an interrupt handler for TLK. On receiving an
      interrupt, the source of the interrupt is determined and the
      interrupt is marked complete. The IRQ number is passed to
      TLK along with a special SMC function ID. TLK issues an SMC
      to notify completion of the interrupt handler in the S-EL1
      world.
      
      Change-Id: I76f28cee6537245c5e448d2078f86312219cea1a
      Signed-off-by: default avatarVarun Wadekar <vwadekar@nvidia.com>
      d205cda6