Merge "refactor(el3-runtime): move context security states to context.h" into integration

refactor(el3-runtime): move context security states to context.h

The three security states (S, NS, RL) are architecturally quite
consistent - anything that uses them has the same numerical assignmen

refactor(el3-runtime): move context security states to context.h

The three security states (S, NS, RL) are architecturally quite
consistent - anything that uses them has the same numerical assignments
(0, 1, 2) and they are quite convenient for indexing. However, we're not
as consistent in tf-a and this is defined in a few places. Since
cpu_data has a dependency on the context management library, use its
security state convention in a few more places and take away this
responsibility from cpu_data.

Change-Id: Iec73b2be2eef91975554767557de72424d0031f1
Signed-off-by: Boyan Karatotev <boyan.karatotev@arm.com>

show more ...

Merge changes from topic "rmm-lfa" into integration

* changes:
feat(rmmd): add RMM_RESERVE_MEMORY SMC handler
feat(rmmd): add per-CPU activation token

feat(rmmd): add RMM_RESERVE_MEMORY SMC handler

At the moment any memory required by an R-EL2 manager (RMM) needs to
be known at compile time: that sets the size of the .data and .bss
segments. Some

feat(rmmd): add RMM_RESERVE_MEMORY SMC handler

At the moment any memory required by an R-EL2 manager (RMM) needs to
be known at compile time: that sets the size of the .data and .bss
segments. Some resources depend on the particular machine this will be
running on, the prime example is TF-RMM's granule array, which needs to
know the maximum memory supported beforehand. Other data structures
might depend on the number of CPU cores.

To provide more flexibility, but keep the memory footprint as small as
possible, let's introduce some memory reservation SMC. Any RMM
implementation can ask EL3 for some memory, and would get the physical
address of a usable chunk of memory back. This must happen at RMM boot
time, so before the RMM concluded the boot phase with the
RMM_BOOT_COMPLETE SMC call. Also there is no provision to free memory
again, this would not be needed for the use case of sizing platform
resources, and avoids the complexity of a full-fledged memory allocator.

Add the new RMM_RESERVE_MEMORY command to the implementation defined
RMM-EL3 SMC interface, both in code and documentation. The actual memory
reservation is made a platform implementation, but a simple
implementation is provided, which is used for the FVP platform already:
it will just pick the next matching chunk of memory from the top end of
the RMM carveout. This way the memory reservation will grow down from
the end of the carveout, in a stack-like fashion, until it reaches the
end of the RMM payload, located at the beginning of the carveout. Since
secondary cores might also reserve memory at boot time, there is a
spinlock to protect the simple allocation algorithm.
Other platforms can choose to provide a more sophisticated reservation
algorithm, for instance one taking NUMA locality into account.

This patch just provides the call, at this point there is no obligation
to use the feature, although future TF-RMM versions would rely on it.

Change-Id: I096ac8870ee38f44e18850779fcae829a43a8fd1
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

feat(rmmd): add per-CPU activation token

To accommodate Live Firmware Activation (LFA), the RMM needs to preserve
some state, between an old and the new copy of itself.
The state which needs to be p

feat(rmmd): add per-CPU activation token

To accommodate Live Firmware Activation (LFA), the RMM needs to preserve
some state, between an old and the new copy of itself.
The state which needs to be preserved and its organisation would be
completely under control of the RMM; it will be different between
different RMM implementations and even between releases.

To keep the interface small, generic and robust, introduce an
"activation token", which is an opaque 64-bit value to gets passed to
each RMM as part of the boot/init phase. On the first initialisation,
after a cold boot, this value would be initialised to 0. The RMM is
expected to pass the actual value (for instance a pointer to a
persistent data structure) back to BL31 as an additional argument of the
RMM_BOOT_COMPLETE SMC call. On subsequent live activations, this updated
token value gets passed to the (updated) RMM init routines, using the
respective CPU registers.

Add an activation_token member to the (per-CPU) RMM context, and update
its value with the value passed via the x2 register, at the
RMM_BOOT_COMPLETE SMC call. Then pass that value into RMM either via x4
(on the primary core) or via x1 (on secondary cores). How the value is
used or updated on the RMM side is of no further concern to BL31, it
just passes the opaque value around.
The TRP seems to be very jealous about the values in the first three
registers, so let it ignore the value of x1 on a warmboot, to avoid a
panic.

Change-Id: Ie8d96a046b74adb00e2ca5ce3b8458465bacf2b2
Signed-off-by: Andre Przywara <andre.przywara@arm.com>

show more ...

Merge changes from topic "sm/rpkm" into integration

* changes:
docs(rmmd): document the EL3-RMM IDE KM Interface
feat(trp): test el3-rmm ide km interface
feat(rmmd): el3-rmm ide key management

Merge changes from topic "sm/rpkm" into integration

* changes:
docs(rmmd): document the EL3-RMM IDE KM Interface
feat(trp): test el3-rmm ide km interface
feat(rmmd): el3-rmm ide key management interface

show more ...

feat(rmmd): el3-rmm ide key management interface

Patch introduces the EL3-RMM SMC Interface for Root Port
Key management as per RFC discussed here:
https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM

feat(rmmd): el3-rmm ide key management interface

Patch introduces the EL3-RMM SMC Interface for Root Port
Key management as per RFC discussed here:
https://github.com/TF-RMM/tf-rmm/wiki/RFC:-EL3-RMM-IDE-KM-Interface

Three IDE Key management smc calls have been added:
- RMM_IDE_KEY_PROG()
- RMM_IDE_KEY_SET_GO()
- RMM_IDE_KEY_SET_STOP()
- RMM_IDE_KM_PULL_RESPONSE()

Due to the absence of root port support in FVP, we are
currently adding placeholders in this patch for the platform
APIs to return success irrespective of the arguments being passed
by the caller(Realms). The SMCs are guarded by
`RMMD_ENABLE_IDE_KEY_PROG` build flag and is disabled by default.
We expect that once the SMCs are stabilized, this build flag will
not be required anymore.

Change-Id: I9411eb7787dac2a207bd14710d251503bd9626ce
Signed-off-by: Sona Mathew <sonarebecca.mathew@arm.com>

show more ...

Merge "feat(rmmd): el3 token sign during attestation" into integration

feat(rmmd): el3 token sign during attestation

Add required SMCs by RMM to push attestation signing requests to EL3
and get responses. EL3 may then choose to push these requests to a HES
as suitable

feat(rmmd): el3 token sign during attestation

Add required SMCs by RMM to push attestation signing requests to EL3
and get responses. EL3 may then choose to push these requests to a HES
as suitable for a platform. This patch also supports the new
RMM_EL3_FEATURES interface, that RMM can use to query for support for
HES based signing. The new interface exposes a feature register with
different bits defining different discoverable features. This new
interface is available starting the 0.4 version of the RMM-EL3
interface, causing the version to bump up. This patch also adds a
platform port for FVP that implements the platform hooks required to
enable the new SMCs, but it does not push to a HES and instead copies a
zeroed buffer in EL3.

Change-Id: I69c110252835122a9533e71bdcce10b5f2a686b2
Signed-off-by: Raghu Krishnamurthy <raghupathyk@nvidia.com>

show more ...

Merge "refactor(rmmd): plat token requests in pieces" into integration

refactor(rmmd): plat token requests in pieces

Until now, the attestation token size was limited by the size of the
shared buffer between RMM and TF-A. With this change, RMM can now
request the token

refactor(rmmd): plat token requests in pieces

Until now, the attestation token size was limited by the size of the
shared buffer between RMM and TF-A. With this change, RMM can now
request the token in pieces, so they fit in the shared buffer. A new
output parameter was added to the SMC call, which will return (along
with the size of bytes copied into the buffer) the number of bytes
of the token that remain to be retrieved.

TF-A will keep an offset variable that will indicate the position in
the token where the next call will retrieve bytes from. This offset
will be increased on every call by adding the number number of bytes
copied. If the received hash size is not 0, TF-A will reset the
offset to 0 and copy from that position on.

The SMC call will now return at most the size of the shared buffer
in bytes on every call. Therefore, from now on, multiple SMC calls
may be needed to be issued if the token size exceeds the shared
buffer size.

Change-Id: I591f7013d06f64e98afaf9535dbea6f815799723
Signed-off-by: Juan Pablo Conde <juanpablo.conde@arm.com>

show more ...

Merge changes from topic "jas/rmm-el3-ifc" into integration

* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer

Merge changes from topic "jas/rmm-el3-ifc" into integration

* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface

show more ...

fix(rme): use RMM shared buffer for attest SMCs

Use the RMM shared buffer to attestation token and signing key SMCs.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id:

fix(rme): use RMM shared buffer for attest SMCs

Use the RMM shared buffer to attestation token and signing key SMCs.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I313838b26d3d9334fb0fe8cd4b229a326440d2f4

show more ...

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, am

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.

The RMM boot manifest is not implemented by this patch.

In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a

show more ...

Merge changes from topic "rme-attest" into integration

* changes:
feat(rme): add dummy realm attestation key to RMMD
feat(rme): add dummy platform token to RMMD

feat(rme): add dummy realm attestation key to RMMD

Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
paramete

feat(rme): add dummy realm attestation key to RMMD

Add a dummy realm attestation key to RMMD, and return it on request.
The realm attestation key is requested with an SMC with the following
parameters:
* Fid (0xC400001B2).
* Attestation key buffer PA (the realm attestation key is copied
at this address by the monitor).
* Attestation key buffer length as input and size of realm
attesation key as output.
* Type of elliptic curve.

Signed-off-by: Tamas Ban <tamas.ban@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: I12d8d98fd221f4638ef225c9383374ddf6e65eac

show more ...

feat(rme): add dummy platform token to RMMD

Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC4000

feat(rme): add dummy platform token to RMMD

Add a dummy platform token to RMMD and return it on request. The
platform token is requested with an SMC with the following parameters:
* Fid (0xC40001B3).
* Platform token PA (the platform token is copied at this address by
the monitor). The challenge object needs to be passed by
the caller in this buffer.
* Platform token len.
* Challenge object len.

When calling the SMC, the platform token buffer received by EL3 contains
the challenge object. It is not used on the FVP and is only printed to
the log.

Signed-off-by: Mate Toth-Pal <mate.toth-pal@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I8b2f1d54426c04e76d7a3baa6b0fbc40b0116348

show more ...

Merge "refactor(rme): reorg existing RMMD EL3 service FIDs" into integration

refactor(rme): reorg existing RMMD EL3 service FIDs

This patch reworks the GTSI service implementation in RMMD
such that it is made internal to RMMD. This rework also
lays the ground work for additi

refactor(rme): reorg existing RMMD EL3 service FIDs

This patch reworks the GTSI service implementation in RMMD
such that it is made internal to RMMD. This rework also
lays the ground work for additional RMMD services which
can be invoked from RMM.

The rework renames some of the FID macros to make it
more suited for adding more RMMD services. All the RMM-EL31
service SMCs are now routed via rmmd_rmm_el3_handler().

Signed-off-by: Soby Mathew <soby.mathew@arm.com>
Change-Id: Ic52ca0f33b79a1fd1deefa8136f9586b088b2e07

show more ...

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme

Merge changes from topic "za/feat_rme" into integration

* changes:
refactor(gpt): productize and refactor GPT library
feat(rme): disable Watchdog for Arm platforms if FEAT_RME enabled
docs(rme): add build and run instructions for FEAT_RME
fix(plat/fvp): bump BL2 stack size
fix(plat/fvp): allow changing the kernel DTB load address
refactor(plat/arm): rename ARM_DTB_DRAM_NS region macros
refactor(plat/fvp): update FVP platform DTS for FEAT_RME
feat(plat/arm): add GPT initialization code for Arm platforms
feat(plat/fvp): add memory map for FVP platform for FEAT_RME
refactor(plat/arm): modify memory region attributes to account for FEAT_RME
feat(plat/fvp): add RMM image support for FVP platform
feat(rme): add GPT Library
feat(rme): add ENABLE_RME build option and support for RMM image
refactor(makefile): remove BL prefixes in build macros
feat(rme): add context management changes for FEAT_RME
feat(rme): add Test Realm Payload (TRP)
feat(rme): add RMM dispatcher (RMMD)
feat(rme): run BL2 in root world when FEAT_RME is enabled
feat(rme): add xlat table library changes for FEAT_RME
feat(rme): add Realm security state definition
feat(rme): add register definitions and helper functions for FEAT_RME

show more ...

feat(rme): add RMM dispatcher (RMMD)

This patch introduces the RMM dispatcher into BL31. This
will be the mechanism that will enable communication to
take place between the Realm and non-secure worl

feat(rme): add RMM dispatcher (RMMD)

This patch introduces the RMM dispatcher into BL31. This
will be the mechanism that will enable communication to
take place between the Realm and non-secure world. Currently
gives the capability for granules to be
transitioned from non-secure type to realm and vice versa.

Signed-off-by: Zelalem Aweke <zelalem.aweke@arm.com>
Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I1fdc99a4bdd42bc14911aa0c6954b131de309511

show more ...