- 03 Jun, 2021 1 commit
-
-
Olivier Deprez authored
The SPMC at S-EL2 manages S-EL1 execution contexts for SPs. The currently running SP vCPU state is always saved when the SPMC exits to SPMD. A fresh vCPU context is always restored when the SPMC is entered from the SPMD and a SP resumed. For performance optimization reasons this permits omitting the saving/restoring of the S-EL1 context from within the EL3 SPMD on entering/exiting the SPMC. The S-EL2 SPMC and NS-EL1 context save/restore remain done in the SPMD. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I66413ed5983913791ff5c9fc03c590ee65c6ccd7
-
- 25 May, 2021 2 commits
-
-
Jeremy Linton authored
Add SMC wrappers for handshaking the existence and basic parameter validation for the SMCCC/PCI API. The actual read/write/segment validation is implemented by a given platform which will enable the API by defining SMC_PCI_SUPPORT. Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> Change-Id: I4485ad0fe6003cec6f5eedef688914d100513c21
-
Jeremy Linton authored
The SMCCC, part 3 indicates that only the bottom 32-bits of a 32-bit SMC call are valid. The upper bits must be zero. Lets enforce that so standard service code can assume its been called that way. Signed-off-by: Jeremy Linton <jeremy.linton@arm.com> Change-Id: I1bac50fbdc3b6ddca5fe2d1d1f96166a65ac4eb4
-
- 04 May, 2021 1 commit
-
-
Andre Przywara authored
Standard Secure Services, complying to the SMCCC specification, are discoverable: Any user can do the SMC call, and derive from the return value (-1) if the service is implemented. Consequently we should not *warn* if BL31 does not implement a service, as some services (TRNG, for instance) might never be implemented for devices, as they are lacking hardware. Short of dropping the existing warning message altogether, change the level to VERBOSE, which should prevent it actually being printed in normal situations. This removes the pointless TF-A messages on the console when booting Linux, as modern kernels now call the SOCID and the TRNG service unconditionally. Change-Id: I08b0b02e0f46322ebe0b40b3991c3c9b5bed4f97 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 20 Apr, 2021 1 commit
-
-
Olivier Deprez authored
In the case of a SP pre-empted by a non-secure interrupt, the SPMC returns to the SPMD through the FFA_INTERRUPT ABI. It is then forwarded to the normal world driver hinting the SP has to be resumed after the non-secure interrupt has been serviced. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I51a694dddcb8ea30fa84e1f11d018bc2abec0a56
-
- 19 Apr, 2021 1 commit
-
-
Mayur Gudmeti authored
The current SPM_MM implementations expects the SP image addresses as static macros. This means platforms wanting to use dynamically allocated memory addresses are left out. This patch gets sp_boot_info at the beginning of spm_sp_setup function and uses member variables of sp_boot_info to setup the context. So member variables of struct sp_boot_info and consequently the context can be initialized by static macros or dynamiclly allocated memory address.. Change-Id: I1cb75190ab8026b845ae20a9c6cc416945b5d7b9 Signed-off-by: Mayur Gudmeti <mgudmeti@nvidia.com>
-
- 19 Mar, 2021 1 commit
-
-
J-Alves authored
FF-A specification states that error codes should be typed int32_t. SPMD's uses uint64_t for return values, which if assigned with a signed type would have sign extension, and change the size of the return from 32-bit to 64-bit. Signed-off-by: J-Alves <joao.alves@arm.com> Change-Id: I288ab2ffec8330a2fe1f21df14e22c34bd83ced3
-
- 18 Mar, 2021 1 commit
-
-
Madhukar Pappireddy authored
Typically, interrupts for a specific security state get handled in the same security execption level if the execution is in the same security state. For example, if a non-secure interrupt gets fired when CPU is executing in NS-EL2 it gets handled in the non-secure world. However, interrupts belonging to the opposite security state typically demand a world(context) switch. This is inline with the security principle which states a secure interrupt has to be handled in the secure world. Hence, the TSPD in EL3 expects the context(handle) for a secure interrupt to be non-secure and vice versa. The function "tspd_sel1_interrupt_handler" is the handler registered for S-EL1 interrupts by the TSPD. Based on the above assumption, it provides an assertion to validate if the interrupt originated from non-secure world and upon success arranges entry into the TSP at 'tsp_sel1_intr_entry' for handling the interrupt. However, a race condition between non-secure and secure interrupts can lead to a scenario where the above assumptions do not hold true and further leading to following assert fail. This patch fixes the bug which causes this assert fail: ASSERT: services/spd/tspd/tspd_main.c:105 BACKTRACE: START: assert 0: EL3: 0x400c128 1: EL3: 0x400faf8 2: EL3: 0x40099a4 3: EL3: 0x4010d54 BACKTRACE: END: assert Change-Id: I359d30fb5dbb1429a4a3c3fff37fdc64c07e9414 Signed-off-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 15 Mar, 2021 2 commits
-
-
Olivier Deprez authored
Add a lock and spin lock/unlock calls when accessing the fields of the SPMD PM structure. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I9bab705564dc1ba003c29512b1f9be5f126fbb0d
-
Olivier Deprez authored
Remove the former impdef SPMD service for SPMC entry point registration. Replace with FFA_SECONDARY_EP_REGISTER ABI providing a single entry point address into the SPMC for primary and secondary cold boot. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I067adeec25fc12cdae90c15a616903b4ac4d4d83
-
- 05 Mar, 2021 1 commit
-
-
Tony Xie authored
when updata routing of an SDEI event, if the registration flags is SDEI_REGF_RM_PE, need to updata the affinity of shared event. Signed-off-by: Tony Xie <tony.xie@rock-chips.com> Change-Id: Ie5d7cc4199253f6af1c28b407f712caac3092d06
-
- 18 Feb, 2021 1 commit
-
-
Max Shvetsov authored
This reverts commit bedb13f5. SIMD context is now saved in S-EL2 as opposed to EL3, see commit: https://review.trustedfirmware.org/c/hafnium/hafnium/+/8321 Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com> Change-Id: Ic81416464ffada1a6348d0abdcf3adc7c1879e61
-
- 12 Feb, 2021 1 commit
-
-
Olivier Deprez authored
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I8ed58ec5f97e05d91451020a2739464bb8e428b3
-
- 10 Feb, 2021 1 commit
-
-
Andre Przywara authored
The code to check for the presence of the TRNG service relies on toolchain garbage collection, which is not enabled with -O0. Add #ifdef guards around the call to the TRNG service handler to cover builds without optimisation as well. Change-Id: I08ece2005ea1c8fa96afa13904a851dec6b24216 Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 05 Feb, 2021 1 commit
-
-
Jimmy Brisson authored
This adds the TRNG Firmware Interface Service to the standard service dispatcher. This includes a method for dispatching entropy requests to platforms and includes an entropy pool implementation to avoid dropping any entropy requested from the platform. Change-Id: I71cadb3cb377a507652eca9e0d68714c973026e9 Signed-off-by: Jimmy Brisson <jimmy.brisson@arm.com> Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 30 Nov, 2020 1 commit
-
-
Alexei Fedorov authored
This patch provides the changes listed below: - Adds new bit fields definitions for SCTLR_EL1/2 registers - Corrects the name of SCTLR_EL1/2.[20] bit field from SCTLR_UWXN_BIT to SCTLR_TSCXT_BIT - Adds FEAT_PANx bit field definitions and their possible values for ID_AA64MMFR1_EL1 register. - Adds setting of SCTLR_EL1.SPAN bit to preserve PSTATE.PAN on taking an exception to EL1 in spm_sp_setup() function (services\std_svc\spm_mm\spm_mm_setup.c) Change-Id: If51f20e7995c649126a7728a4d0867041fdade19 Signed-off-by: Alexei Fedorov <Alexei.Fedorov@arm.com>
-
- 02 Oct, 2020 1 commit
-
-
Andre Przywara authored
With -Wsign-compare, compilers issue a warning in the SPMD code: ==================== services/std_svc/spmd/spmd_pm.c:35:22: error: comparison of integer expressions of different signedness: 'int' and 'unsigned int' [-Werror=sign-compare] 35 | if ((id < 0) || (id >= PLATFORM_CORE_COUNT)) { | ^~ cc1: all warnings being treated as errors ==================== Since we just established that "id" is positive, we can safely cast it to an unsigned type to make the comparison have matching types. Change-Id: I6ef24804c88136d7e3f15de008e4fea854f10ffe Signed-off-by: Andre Przywara <andre.przywara@arm.com>
-
- 07 Sep, 2020 1 commit
-
-
Max Shvetsov authored
spmd_get_context_by_mpidr was using potentially negative value as an array index. plat_core_pos_by_mpidr could return -1 on failure which is utilized by some platforms. Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com> Change-Id: I7f8827e77f18da389c9cafdc1fc841aba9f03120
-
- 01 Sep, 2020 1 commit
-
-
Varun Wadekar authored
This patch removes the assert that expects the SPMC PC value to be same as BL32_BASE. This assumption is not true for all platforms e.g. Tegra, and so will be removed from the SPMD. Platforms can always add this check to the platform files, if required. Change-Id: Ic40620b43d160feb4f72f4af18e6d01861d4bf37 Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 31 Aug, 2020 1 commit
-
-
Varun Wadekar authored
This patch implements support for the 64-bit and 32-bit versions of 0xBF00FF01 SMC function ID, as documented by the SMCCC, to allow non-secure world clients to query SPD's UUID. In order to service this FID, the Trusty SPD now increases the range of SMCs that it services. To restrict Trusty from receiving the extra SMC FIDs, this patch drops any unsupported FID. Verified with TFTF tests for UID query and internal gtest for Trusty. Change-Id: If96fe4993f7e641595cfe67cc6b4210a0d52403f Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-
- 21 Aug, 2020 1 commit
-
-
Ruari Phipps authored
Signed-off-by: Ruari Phipps <ruari.phipps@arm.com> Change-Id: I4e9fbfcfda4ed4b87d5ece1c609c57c73d617d4c
-
- 20 Aug, 2020 8 commits
-
-
Olivier Deprez authored
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com> Change-Id: Icdb15b8664fb3467ffd55b44d1f0660457192586
-
Olivier Deprez authored
Define SPMD PM hooks for warm boot and off events. svc_on_finish handler enters the SPMC at the entry point defined by the secondary EP register service. The svc_off handler notifies the SPMC that a physical core is being turned off through a notification message. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I2609a75a0c6ffb9f6313fc09553be2b29a41de59
-
Olivier Deprez authored
Upon booting, the SPMC running on the primary core shall register the secondary core entry points to which a given secondary core being woken up shall jump to into the SPMC . The current implementation assumes the SPMC calls a registering service implemented in the SPMD for each core identified by its MPIDR. This can typically happen in a simple loop implemented in the early SPMC initialization routines by passing each core identifier associated with an entry point address and context information. This service is implemented on top of a more generic SPMC<=>SPMD interface using direct request/response message passing as defined by the FF-A specification. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com> Change-Id: I1f70163b6b5cee0880bd2004e1fec41e3780ba35
-
Olivier Deprez authored
FF-A interface to handle SPMC to SPMD direct messages requests. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com> Change-Id: Ia707a308c55561a31dcfa86e554ea1c9e23f862a
-
Olivier Deprez authored
Change-Id: If88d64c0e3d60accd2638a55f9f3299ec700a8c8 Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
-
Olivier Deprez authored
This patch defines and registers the SPMD PM handler hooks. This is intended to relay boot and PM events to the SPMC. Change-Id: If5a758d22b8d2152cbbb83a0cad563b5e1c6bd49 Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
Olivier Deprez authored
This patch adds SPMC states used by the SPMD to track SPMC boot phases specifically on secondary cores. Change-Id: If97af7352dda7f04a8e46a56892a2aeddcfab91b Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Signed-off-by: Max Shvetsov <maksims.svecovs@arm.com>
-
Olivier Deprez authored
This patch provides a helper to get the entry_point_info structure used by the boot CPU as it is used to initialise the SPMC context on secondary CPUs. Change-Id: I99087dc7a86a7258e545d24a2ff06aa25170f00c Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
-
- 18 Aug, 2020 1 commit
-
-
Manish V Badarkhe authored
In case of AT speculative workaround applied, page table walk is disabled for lower ELs (EL1 and EL0) in EL3. Hence added a wrapper function which temporarily enables page table walk to execute AT instruction for lower ELs and then disables page table walk. Execute AT instructions directly for lower ELs (EL1 and EL0) assuming page table walk is enabled always when AT speculative workaround is not applied. Change-Id: I4ad4c0bcbb761448af257e9f72ae979473c0dde8 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 26 Jul, 2020 1 commit
-
-
Manish V Badarkhe authored
Currently, 'SMCCC_ARCH_FEATURES' SMC call handler unconditionally returns 'SMC_OK' for 'SMCCC_ARCH_SOC_ID' function. This seems to be not correct for the platform which doesn't implement soc-id functionality i.e. functions to retrieve both soc-version and soc-revision. Hence introduced a platform function which will check whether SMCCC feature is available for the platform. Also, updated porting guide for the newly added platform function. Change-Id: I389f0ef6b0837bb24c712aa995b7176117bc7961 Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 23 Jun, 2020 1 commit
-
-
J-Alves authored
Change handler of FFA version interface: - Return SPMD's version if the origin of the call is secure; - Return SPMC's version if origin is non-secure. Signed-off-by: J-Alves <joao.alves@arm.com> Change-Id: I0d1554da79b72b1e02da6cc363a2288119c32f44
-
- 02 Jun, 2020 1 commit
-
-
Masahisa Kojima authored
Core spm_mm code expects the translation tables are located in the inner & outer WBWA & shareable memory. REGISTER_XLAT_CONTEXT2 macro is used to specify the translation table section in spm_mm. In the commit 363830df (xlat_tables_v2: merge REGISTER_XLAT_CONTEXT_{FULL_SPEC,RO_BASE_TABLE}), REGISTER_XLAT_CONTEXT2 macro explicitly specifies the base xlat table goes into .bss by default. This change affects the existing SynQuacer spm_mm implementation. plat/socionext/synquacer/include/plat.ld.S linker script intends to locate ".bss.sp_base_xlat_table" into "sp_xlat_table" section, but this implementation is no longer available. This patch adds the base table section name parameter for REGISTER_XLAT_CONTEXT2 so that platform can specify the inner & outer WBWA & shareable memory for spm_mm base xlat table. If PLAT_SP_IMAGE_BASE_XLAT_SECTION_NAME is not defined, base xlat table goes into .bss by default, the result is same as before. Change-Id: Ie0e1a235e5bd4288dc376f582d6c44c5df6d31b2 Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org>
-
- 25 May, 2020 1 commit
-
-
J-Alves authored
SPCI is renamed as PSA FF-A which stands for Platform Security Architecture Firmware Framework for A class processors. This patch replaces the occurrence of SPCI with PSA FF-A(in documents) or simply FFA(in code). Change-Id: I4ab10adb9ffeef1ff784641dfafd99f515133760 Signed-off-by: J-Alves <joao.alves@arm.com>
-
- 15 May, 2020 1 commit
-
-
Balint Dobszay authored
This patch introduces dynamic configuration for SDEI setup and is supported when the new build flag SDEI_IN_FCONF is enabled. Instead of using C arrays and processing the configuration at compile time, the config is moved to dts files. It will be retrieved at runtime during SDEI init, using the fconf layer. Change-Id: If5c35a7517ba00a9f258d7f3e7c8c20cee169a31 Signed-off-by: Balint Dobszay <balint.dobszay@arm.com> Co-authored-by: Madhukar Pappireddy <madhukar.pappireddy@arm.com>
-
- 13 May, 2020 2 commits
-
-
Olivier Deprez authored
Currently BL2 passes TOS_FW_CONFIG address and size through registers to BL31. This corresponds to SPMC manifest load address and size. The SPMC manifest is mapped in BL31 by dynamic mapping. This patch removes BL2 changes from generic code (which were enclosed by SPD=spmd) and retrieves SPMC manifest size directly from within SPMD. The SPMC manifest load address is still passed through a register by generic code. Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I35c5abd95c616ae25677302f0b1d0c45c51c042f
-
Olivier Deprez authored
As a follow-up to bdd2596d , and related to SPM Dispatcher EL3 component and SPM Core S-EL2/S-EL1 component: update with cosmetic and coding rules changes. In addition: -Add Armv8.4-SecEL2 arch detection helper. -Add an SPMC context (on current core) get helper. -Return more meaningful error return codes. -Remove complexity in few spmd_smc_handler switch-cases. -Remove unused defines and structures from spmd_private.h Signed-off-by: Olivier Deprez <olivier.deprez@arm.com> Change-Id: I99e642450b0dafb19d3218a2f0e2d3107e8ca3fe
-
- 05 May, 2020 1 commit
-
-
Manish V Badarkhe authored
Commit 0e753437 ("Implement SMCCC_ARCH_SOC_ID SMC call") executes and return the result of SMCCC_ARCH_SOC_ID(soc_id_type) to the SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) itself. Moreover it expect to pass soc_id_type for SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) which is incorrect. Fix the implementation by returning SMC_OK for SMCCC_ARCH_FEATURES(SMCCC_ARCH_SOC_ID) always and move the current implementation under "smccc_arch_id" function which gets called from SMC handler on receiving "SMCCC_ARCH_SOC_ID" command. This change is tested over linux operating system Change-Id: I61a980045081eae786b907d408767ba9ecec3468 Signed-off-by: Sudeep Holla <sudeep.holla@arm.com> Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
-
- 22 Mar, 2020 1 commit
-
-
Mustafa Yigit Bilgen authored
This patch adds support to handle following TLK SMCs: {TLK_SET_BL_VERSION, TLK_LOCK_BL_INTERFACE, TLK_BL_RPMB_SERVICE} These SMCs need to be supported in ATF in order to forward them to TLK. Otherwise, these functionalities won't work. Brief: TLK_SET_BL_VERSION: This SMC is issued by the bootloader to supply its version to TLK. TLK can use this to prevent rollback attacks. TLK_LOCK_BL_INTERFACE: This SMC is issued by bootloader before handing off execution to the OS. This allows preventing sensitive SMCs being used by the OS. TLK_BL_RPMB_SERVICE: bootloader issues this SMC to sign or verify RPMB frames. Tested by: Tests TLK can receive the new SMCs issued by bootloader Change-Id: I57c2d189a5f7a77cea26c3f8921866f2a6f0f944 Signed-off-by: Mustafa Yigit Bilgen <mbilgen@nvidia.com>
-
- 19 Mar, 2020 1 commit
-
-
Varun Wadekar authored
TLK does not participate in the system off/reset process and so has no use for the SYSTEM_OFF/RESET notifications. This patch removes the system off/reset handlers as a result. Change-Id: Icf1430b1400cea88000e6d54426eb604a43cbe6c Signed-off-by: Varun Wadekar <vwadekar@nvidia.com>
-