* changes:
docs(build): describes the SPMC_OPTEE build option
feat(qemu): support el3 spmc
feat(el3-spmc): make platform logical partition optional
feat(qemu): support s-el2 spmc
feat(qemu): update abi between spmd and spmc
fix(sptool): add dependency to SP image
Prior to this commit a logical platform specific partition is added when
compiling with SPMC at EL3. Not all platform need to add a logical
platform so make this optional.
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Change-Id: I3bdd2a91350330c1637e8d84765974bfb6b225d7
Ensure that there is sufficient space in the memory
descriptor to accommodate the size of the composite memory
struct as part of the descriptor.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Iea646b144c59a2a1a171298cabb5f31040a8af31
This patch also:
* Enforces the check of RES0 fields on EL3-RMM boot interface
and manifest
* Fixes a couple of nits on the EL3-RMM Boot Interface
documentation.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Idb9e38f9fcda2ba0655646a1e2c4fdbabd5cdc40
This patch adds X2-X6 and 'smc_ret' parameters to trp_rmi_handler().
The last 'smc_ret' parameter passed in X7 contains address of
'trp_smc_result' structure on stack to return result of RMI SMC call.
This allows to preserve X4 if not used as a return argument as per
SMCCCv1.2. The patch also removes use of trp_args_t in RMI handling.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I9e3387a7380b37863eeccc53d13e92e0ac5cffbd
Compiling with -Wimplicit-fallthrough=3 (enabled by -Wextra) produces
many warnings about fallthrough comments either missing or being wrong.
Unify the comments so we comply with -Wextra.
Note that Coverity recommends against using the __attribute__ directive.
Also, zlib does not build with a higher value of -Wimplicit-fallthrough.
Finally, compilers strip comments before expanding macros. As such,
checkpatch's fallthrough annotation (or higher levels of the flag) isn't
really possible.
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>
Change-Id: I060cf4f8dc04c02cbb45cf4ceb69569a8369ccee
This patch discards all the used entropy bits from the global memory
pool after being delivered to the requester (lower exception levels) by
overwriting them with zeroes.
It effectively implements the requirement, as part of TRNG FW interface
listed at DEN0098 (section 1.2).
https://developer.arm.com/documentation/den0098/latest
Change-Id: I447cbccc1a8ad972418a3569c99f010189d4b2f6
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Ensure that the correct execution state of an SP is reported
as part of an FF-A v1.1 PARTITION_INFO_GET response.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I714e53ae71c376463797a42cd5ab7a5e9c687fb7
This patch adds the following changes to complete the existing
TRNG implementation:
1. Adds a feature specific scope for buildlog generation.
2. Updates the docs on the build flag "TRNG_SUPPORT" and its values.
3. Makefile update and improves the existing comments at few sections
for better understanding of the underlying logic.
Change-Id: I3f72f0ccd5c94005a2df87158cf23199d2160d37
Signed-off-by: Jayanth Dodderi Chidanand <jayanthdodderi.chidanand@arm.com>
Ensure that the provided descriptor size used when reserving space
for a memory descriptor does not overflow to prevent scope for
memory corruption. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: If06985c4de9a88ff82ce60d10e346da948ed383f
Ensure that the fragment_length parameter is validated to prevent
a buffer overflow before it is used. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0323c096ffd988fbd85bbd4ade3abd8427aea977
The current logic does not cover all scenarios of overlapping
memory regions. Update the implementation to verify non-overlapping
regions instead. Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I16c53d081e4455bc0e28399d28a1b27b1a9eb49c
Ensure that the full memory transaction descriptor has been transmitted
before a request to reclaim the memory transaction is permitted.
This prevents any potential accesses to the incomplete descriptor.
Reported by Matt Oh, Google Android Red Team.
Reported-by: mattoh@google.com
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I33e993c6b754632051e899ab20edd19b18b6cf65
Added DRTM parameters structure version check that as per
the current released DRTM specification [1].
Mainly to cater below mentioned in the specification [1]
section 3.12 -
For a given DRTM major version number this structure will
always be extended in a backwards compatible manner.
[1]: https://developer.arm.com/documentation/den0113/a
Change-Id: I9f312c7f9f20152c5d7e40a22b462c7fe8db70bc
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Error check must be done on the previously allocated pointer, not a
random one from the code.
Change-Id: I1c8253eacbe778cc4a9a8d71081fc615fa7e5293
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Do not forget to pass via err_unlock_mailbox: label.
Change-Id: Icfb997b1c7cce196003af2c28bffc50dc73e30b4
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
This patch fixes an issue in spmc_ffa_fill_desc.
In order to compute the spmc_shm_get_v1_1_descriptor_size,
fragment_length which is a fraction of the descriptor size is used as
desc_size parameter. It has to be replaced with the
full V1.0 descriptor size(obj->desc_filled).
Ran a subset of our tests and they are passing.
Change-Id: Ia4bbc5dabf0b77fa53d923ff609ee48ecd5bf549
Signed-off-by: vallau01 <valentin.laurent@trustonic.com>
Signed-off-by: Lukas Hanel <lukas.hanel@trustonic.com>
Flush the data cache range before DLME launch to ensure that data
passed by DCE preamble is committed.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I9946fd3420a17b86d9f1483e8b2cd5880033454e
As per DRTM beta0 spec table #28, Before the DLME is called the DCE
must invalidate all instruction caches.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I7efbb03d1d13346a8d898882fdbd7bbe8f1d49b2
Ensured DLME data region and DRTM parameters are lies within Non-Secure
region of DRAM by calling platform function 'plat_drtm_validate_ns_region'.
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I93ead775f45ca7748193631f8f9eec4326fcf20a
Ensured no SDEI event are registered during dynamic launch.
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: Ied3b2d389aa3d9a96ace9078581d5e691f0b38a7
Taken measurement of various DRTM components in the Event Log
buffer to pass it to DLME.
Change-Id: Ic56620161f42596d22bf40d5c83c041cbce0b618
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added DRTM DMA protections APIs, and called them during
the DLME launch and DRTM SMC handling.
Change-Id: I29e7238c04e2ca9f26600276c5c05bff5387789e
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Added remediation driver for DRTM to set/get the error
from non-volatile memory
Change-Id: I8f0873dcef4936693e0f39a3c95096cb689c04b7
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Added Event Log driver support for DRTM. This driver
is responsible for the doing the hash measurement of
various DRTM components as per [1], and putting these
measurements in the Event Log buffer.
[1]: https://developer.arm.com/documentation/den0113/a, section 3.16
Change-Id: I9892c313cf6640b82e261738116fe00f7975ee12
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
This function is placeholder for checking all the necessary conditions
before doing drtm dynamic launch.
In this patch following conditions are checked (based on Table 31 of
DRTM spec beta0), rest of the conditions will be added in later
patches.
- Only boot PE is online
- Caller execution state is AArch64
- Caller exception level is NS-EL2 or NS-EL1
Signed-off-by: Manish Pandey <manish.pandey2@arm.com>
Change-Id: I622b946bc191bb39f828831336ceafbc10834c19
Added platform hooks to retrieve DRTM features and
address map.
Additionally, implemented these hooks for the FVP platform.
Signed-off-by: John Powell <john.powell@arm.com>
Signed-off-by: Manish V Badarkhe <Manish.Badarkhe@arm.com>
Change-Id: I5621cc9807ffff8139ae8876250147f7b2c76759
This patch adds a public API to return the total number of registered
events. The purpose of this is primarily for DRTM to ensure that no
SDEI event can interfere with a dynamic launch.
Signed-off-by: John Powell <john.powell@arm.com>
Change-Id: I1d1cba2da7d5566cc340620ee1ce7d7844740b86
Updated DRTM setup functionality that mainly does below 2 things
1. Initialise the DRTM DMA protection, this function assumes the
platform must support complete DMA protection.
2. Initialise the Crypto module that will be useful to calculate
the hash of various DRTM element involved.
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I3d6e4d534686d391fa7626094d2b2535dac74e00
Added a dummy DRTM setup function and also, introduced DRTM SMCs
handling as per DRTM spec [1]. Few basic SMCs are handled in this
change such as ARM_DRTM_SVC_VERSION and ARM_DRTM_SVC_FEATURES
that returns DRTM version and functions ids supported respectively,
and others are dummy for now.
[1]: https://developer.arm.com/documentation/den0113/latest
Signed-off-by: Manish V Badarkhe <manish.badarkhe@arm.com>
Signed-off-by: Lucian Paul-Trifu <lucian.paultrifu@gmail.com>
Change-Id: I8c7afe920c78e064cbab2298f59e6837c70ba8ff
Return values contained in 'smc_result' structure
are shifted down by one register:
X1 written by RMM is returned to NS in X0 and
X5 is returned in X4.
Signed-off-by: AlexeiFedorov <Alexei.Fedorov@arm.com>
Change-Id: I92907ac3ff3bac8554643ae7c198a4a758c38cb3
- Removing platform dependencies from libc modules.
- Replacing panicking with actual error handling.
- Debug macros are included indirectly from assert.h. Removing
"platform_def.h" from assert.h and adding "common/debug.h"
where the macros are used.
- Removing hack for fixing PLAT_LOG_LEVEL_ASSERT to 40.
Instead removing assert with expression, as this
does not provide additional information.
Signed-off-by: Claus Pedersen <claustbp@google.com>
Change-Id: Icc201ea7b63c1277e423c1cfd13fd6816c2bc568
This patch adds the FF-A programming model in the test
secure payload to ensure that it can be used to test
the following spec features.
1. SP initialisation on the primary and secondary cpus.
2. An event loop to receive direct requests and respond
with direct responses.
3. Ability to receive messages that indicate power on
and off of a cpu.
4. Ability to handle a secure interrupt.
Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Signed-off-by: Shruti <shruti.gupta@arm.com>
Change-Id: I81cf744904d5cdc0b27862b5e4bc6f2cfe58a13a
The current implementation expects that the endpoint IDs of all
participants of a memory transaction to be listed in the relinquish
descriptor. As per the FF-A spec, aside from the current partition
ID, only the IDs of stream endpoints whose behalf it is relinquishing
the memory region must be specified.
The current implementation does not currently support proxy endpoints
therefore ensure that the endpoint count is always equal to 1 and
no stream endpoint IDs are specified and instead just verify the
caller is a valid participant in the memory transaction.
Additionally reuse the updated check in the retrieve request flow
for additional verification.
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I3b970196af8a16b2531607775398cb8a2473793b
This patch adds documentation for the missing RMM-EL3
runtime services:
* RMM_RMI_REQ_COMPLETE
* RMM_GTSI_DELEGATE
* RMM_GTSI_UNDELEGATE
This patch also fixes a couple of minor bugs on return codes
for delegate/undelegate internal APIs.
Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Ic721005e7851e838eebaee7865ba78fadc3309e4
* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface
