core: support dynamic protected memory lending

With CFG_CORE_DYN_PROTMEM=y support dynamic protected memory lending.

A new internal struct mobj_ffa_rsm is added to handle dynamic protected
memory f

core: support dynamic protected memory lending

With CFG_CORE_DYN_PROTMEM=y support dynamic protected memory lending.

A new internal struct mobj_ffa_rsm is added to handle dynamic protected
memory for FF-A.

A new internal struct mobj_protmem is add to handle dynamic protected
memory without FF-A.

Lending non-secure memory to OP-TEE to use it as protected memory means
that it should to become inaccessible by the normal world as part of the
process. This part is currently not supported, since it must be done in
a platform specific way for platforms that support that. QEMU don't
support that.

Adding two platform specific functions, plat_get_protmem_config() and
plat_set_protmem_range() for dynamic protected memory. The functions has
__weak implementation to allow easier testing. However,
plat_set_protmem_range() requires CFG_INSECURE=y since it doesn't change
memory protection.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Jerome Forissier <jerome.forissier@linaro.org>

show more ...

core: arm: ffa: add framework for Logical SPs

Add a framework to register Logical Secure Partitions in parallel with
OP-TEE at S-EL1. This is akin to Pseudo TAs, it provides an ABI but it's
part of

core: arm: ffa: add framework for Logical SPs

Add a framework to register Logical Secure Partitions in parallel with
OP-TEE at S-EL1. This is akin to Pseudo TAs, it provides an ABI but it's
part of the OP-TEE binary. A critical difference is that it's only
available for FF-A and can only use the non-threaded environment, that
is, no mutexes or RPC.

The logical OP-TEE core partition is registered in the framework. The
SPMC is also registered in the framework, but with a nil UUID so it's
not returned by FFA_PARTITION_INFO_GET.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Akshay Belsare <akshay.belsare@amd.com>

show more ...

core: ffa: add spmc_is_reserved_id()

Add spmc_is_reserved_id() and replace direct checks against spmd_id and
spmc_id. spmd_id and spmc_id are changed to static variables since they
don't need to be

core: ffa: add spmc_is_reserved_id()

Add spmc_is_reserved_id() and replace direct checks against spmd_id and
spmc_id. spmd_id and spmc_id are changed to static variables since they
don't need to be exported any longer.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Akshay Belsare <akshay.belsare@amd.com>

show more ...

core: arm: ffa: use SMC Calling Convention 1.2

Add struct thread_smc_1_2_regs as a replacement for struct
thread_smc_args when dealing with FF-A SMCs. struct thread_smc_1_2_regs
covers the registers

core: arm: ffa: use SMC Calling Convention 1.2

Add struct thread_smc_1_2_regs as a replacement for struct
thread_smc_args when dealing with FF-A SMCs. struct thread_smc_1_2_regs
covers the registers x0-x17 to support passing arguments and results
according to SMC Calling Convention (SMCCC) version 1.2.

The difference is that before this change x8-x17 couldn't be used as
argument nor result and the content was preserved. With this patch are
x8-x17 returned as zeroes. New FF-A SMCs can take and return values in
the full range x0-x17.

64-bit SMCCC version 1.1 and earlier specified x4-x17 as unpredictable
or scratch registers. FF-A has specified x0-x7 as argument and result
registers, regardless of SMCCC. This has changed with SMCCC version 1.2
where the two standards harmonize on this.

struct thread_smc_1_2_regs is added in a 32-bit version for
compatibility, but it only covers r0-r7.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: spmc, sp: cleanup FF-A ID handling

When OP-TEE implements the S-EL1 SPMC, from an FF-A point-of-view the
core OP-TEE functionality is running in a logical SP that resides at the
same exception

core: spmc, sp: cleanup FF-A ID handling

When OP-TEE implements the S-EL1 SPMC, from an FF-A point-of-view the
core OP-TEE functionality is running in a logical SP that resides at the
same exception level as the SPMC. This means that the SPMC and the SP
should have separate FF-A IDs, i.e. the SPMC ID and a normal endpoint ID
for the SP. The SPMC ID is described in the SPMC manifest which gets
parsed by the SPMD, so this ID should be queried from the SPMD. OP-TEE's
endpoint ID is assigned by the SPMC.

Currently OP-TEE's FF-A endpoint ID and the SPMC ID are mixed together
and hardcoded, this patch implements the correct ID handling mechanism
as described above.

Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>

show more ...

core: ffa: add SPMC_CORE_SEL1_MAX_SHM_COUNT

Add SPMC_CORE_SEL1_MAX_SHM_COUNT, telling how many shared memory object
are supported in a configuration with SPMC at S-EL1.

Signed-off-by: Jens Wiklande

core: ffa: add SPMC_CORE_SEL1_MAX_SHM_COUNT

Add SPMC_CORE_SEL1_MAX_SHM_COUNT, telling how many shared memory object
are supported in a configuration with SPMC at S-EL1.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: add notifications with SPMC at S-EL1

Adds support for asynchronous notifications via FF-A with SPMC at S-EL1.

The OP-TEE FF-A ABI is extended to report support for asynchronous
notificat

core: ffa: add notifications with SPMC at S-EL1

Adds support for asynchronous notifications via FF-A with SPMC at S-EL1.

The OP-TEE FF-A ABI is extended to report support for asynchronous
notifications during OPTEE_FFA_EXCHANGE_CAPABILITIES.

The SPMC at S-EL1 is extended to provide the FF-A notifications ABI to a
normal world VM.

The notifications depends on having a non-secure SGI interrupt ID
available to notify normal world that a notification is pending.
Notifications becomes available once platform code has called
thread_spmc_set_async_notif_intid() with a designed SGI ID.

Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@foss.st.com>

show more ...

core: ffa: support FFA_VERSION from S-EL0 SPs only

FFA_VERSION using ERET as conduit is not permitted in the FF-A
specification. So remove support for it in thread_spmc_msg_recv() but
keep it in spm

core: ffa: support FFA_VERSION from S-EL0 SPs only

FFA_VERSION using ERET as conduit is not permitted in the FF-A
specification. So remove support for it in thread_spmc_msg_recv() but
keep it in spmc_sp_msg_handler() for S-EL0 SPs where the conduit is SVC.

Acked-by: Jerome Forissier <jerome.forissier@linaro.org>
Reviewed-by: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: spmc: support FF-A 1.1

Adds support for FF-A 1.1. Now OP-TEE will need to be able to work with
both version 1.0 and 1.1 depending on the other endpoint. The callee
supplies its implemented ver

core: spmc: support FF-A 1.1

Adds support for FF-A 1.1. Now OP-TEE will need to be able to work with
both version 1.0 and 1.1 depending on the other endpoint. The callee
supplies its implemented version and OP-TEE chooses the highest common
version and returns that. This is done per endpoint so some endpoint may
very well use version 1.0 while another uses version 1.1.

Two data structures, struct ffa_mem_transaction and struct
ffa_partition_info, are affected. Runtime conditionals are used to
select which version to use based on the negotiated FF-A version.

Reviewed-by: Balint Dobszay <balint.dobszay@arm.com>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: add support for SPMC at EL3

Adds support for SPMC at EL3 with CFG_CORE_EL3_SPMC. This is from OP-TEE
point of view almost identical to CFG_CORE_SEL2_SPMC with SPMC at S-EL2.

The previously S-

core: add support for SPMC at EL3

Adds support for SPMC at EL3 with CFG_CORE_EL3_SPMC. This is from OP-TEE
point of view almost identical to CFG_CORE_SEL2_SPMC with SPMC at S-EL2.

The previously S-EL2 specific functions mobj_ffa_sel2_spmc_new() and
mobj_ffa_sel2_spmc_delete() are renamed to mobj_ffa_spmc_new() and
mobj_ffa_spmc_delete() respectively since they are no longer reserved to
used only with SPMC at S-EL2.

Reviewed-by: Jerome Forissier <jerome@forissier.org>
Signed-off-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: arch: kernel: move spmc functions from thread.h to thread_spmc.h

It is more relevant to declare thread_spmc_populate_mobj_from_rx() and
thread_spmc_relinquish() in thread_spmc.h instead of thr

core: arch: kernel: move spmc functions from thread.h to thread_spmc.h

It is more relevant to declare thread_spmc_populate_mobj_from_rx() and
thread_spmc_relinquish() in thread_spmc.h instead of thread.h
Source file mobj_ffa.c makes use of these two functions, hence include
kernel/thread_spmc.h header.

Signed-off-by: Marouene Boubakri <marouene.boubakri@nxp.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add FFA_PARTITION_INFO

FFA_PARTITION_INFO is used to query all the Secure Partitions loaded in
the system.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.c

core: Add FFA_PARTITION_INFO

FFA_PARTITION_INFO is used to query all the Secure Partitions loaded in
the system.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
Acked-by: Jens Wiklander <jens.wiklander@linaro.org>

show more ...

core: Add FFA_FEATURES handling for SPs

FFA_FEATURES is used to signal the supported FF-A features.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linar

core: Add FFA_FEATURES handling for SPs

FFA_FEATURES is used to signal the supported FF-A features.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: Add FFA_VERSION handling for SPs

FFA_VERSION return the current support FF-A version

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

core: arm: Add FF-A rxtx buffer for SPs

Rx/Rx buffers are used for SPs and the SPMC to exchange information.
This change implements the following FF-A messages for SPs:
FFA_RXTX_MAP_64 and FFA_RXTX_

core: arm: Add FF-A rxtx buffer for SPs

Rx/Rx buffers are used for SPs and the SPMC to exchange information.
This change implements the following FF-A messages for SPs:
FFA_RXTX_MAP_64 and FFA_RXTX_MAP_32 to have a SP map a rxtx buffer
FFA_RXTX_UNMAP to unmap the rxtx buffer
FFA_RX_RELEASE to release have the SP release the rx buffer

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Reviewed-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...

core: Initiate and load Secure Partitions

Secure Partitions (SP) are S-El0 execution service defined in the Arm
FF-A specification.
The Secure Partitions are loaded as the last part of the boot proc

core: Initiate and load Secure Partitions

Secure Partitions (SP) are S-El0 execution service defined in the Arm
FF-A specification.
The Secure Partitions are loaded as the last part of the boot process.
A Secure Partitions can be added to image using the SP_PATHS build
option. The SPs are loaded using ldelf.

Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>

show more ...