Merge "feat(spmd): avoid spoofing in FF-A direct request" into integration

feat(rmmd): add support to create a boot manifest

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Ch

feat(rmmd): add support to create a boot manifest

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1374f8f9cb207028f1820953cd2a5cf6d6c3b948

show more ...

fix(rme): use RMM shared buffer for attest SMCs

Use the RMM shared buffer to attestation token and signing key SMCs.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id:

fix(rme): use RMM shared buffer for attest SMCs

Use the RMM shared buffer to attestation token and signing key SMCs.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I313838b26d3d9334fb0fe8cd4b229a326440d2f4

show more ...

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, am

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.

The RMM boot manifest is not implemented by this patch.

In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a

show more ...

feat(spmd): avoid spoofing in FF-A direct request

Validate that non-secure caller does not spoof
SPMD, SPMC or any secure endpoint ID
in FFA_MSG_SEND_DIRECT_REQ.

Change-Id: I7eadb8886142d94bef107cf

feat(spmd): avoid spoofing in FF-A direct request

Validate that non-secure caller does not spoof
SPMD, SPMC or any secure endpoint ID
in FFA_MSG_SEND_DIRECT_REQ.

Change-Id: I7eadb8886142d94bef107cf485462dfcda828895
Signed-off-by: Shruti <shruti.gupta@arm.com>

show more ...

fix(rme/fid): refactor RME fid macros

Refactored RME FID macros to simplify usage.

Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I68f51f43d6c100d90069577412c2e495fe7b7e40

fix(spmc): fix incorrect FF-A version usage

Fix the wrong FF-A version being used for retrieving existing memory
descriptors for v1.0 clients. Internally these should always be stored
using the late

fix(spmc): fix incorrect FF-A version usage

Fix the wrong FF-A version being used for retrieving existing memory
descriptors for v1.0 clients. Internally these should always be stored
using the latest version rather than client version.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ibee1b2452c8d6ebd23bbd9d703c96ca185444093

show more ...

fix(spmc): fix FF-A memory transaction validation

Fix an incorrect bound check for overlapping memory regions which can
give false positives if the two regions are consecutive to each other.

Signed

fix(spmc): fix FF-A memory transaction validation

Fix an incorrect bound check for overlapping memory regions which can
give false positives if the two regions are consecutive to each other.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I997dc4d1ef2014660cc964aff0a73e348c44eff0

show more ...

feat(fvp): add plat hook for memory transactions

Add call to platform hooks upon successful transmission of a
memory transaction request and as part of a memory reclaim request.
This allows for plat

feat(fvp): add plat hook for memory transactions

Add call to platform hooks upon successful transmission of a
memory transaction request and as part of a memory reclaim request.
This allows for platform specific functionality to be performed
accordingly.

Note the hooks must be placed in the initial share request and final
reclaim to prevent order dependencies with operations that may take
place in the normal world without visibility of the SPMC.

Add a dummy implementation to the FVP platform.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0c7441a9fdf953c4db0651512e5e2cdbc6656c79

show more ...

feat(spmc): enable handling of the NS bit

In FF-A v1.1 the NS bit is used by the SPMC to specify the
security state of a memory region retrieved by a SP.

Enable the SPMC to set the bit for v1.1 cal

feat(spmc): enable handling of the NS bit

In FF-A v1.1 the NS bit is used by the SPMC to specify the
security state of a memory region retrieved by a SP.

Enable the SPMC to set the bit for v1.1 callers or v1.0
callers that explicitly request the usage via FFA_FEATURES.

In this implementation the sender of the memory region must
reside in the normal world and the SPMC does not support
changing the security state of memory regions therefore
always set the NS bit if required by the caller.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I215756b28e2382082933ba1dcc7584e7faf4b36b

show more ...

feat(spmc): add support for v1.1 FF-A memory data structures

Add support for the FF-A v1.1 data structures to the EL3 SPMC
and enable the ability to convert between v1.0 and the v1.1
forwards compat

feat(spmc): add support for v1.1 FF-A memory data structures

Add support for the FF-A v1.1 data structures to the EL3 SPMC
and enable the ability to convert between v1.0 and the v1.1
forwards compatible data structures.

The SPMC now uses the v1.1 data structures internally and will
convert descriptors as required depending on the FF-A version
supported by the calling partition.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ic14a95ea2e49c989aecf19b927a6b21ac50f863e

show more ...

feat(spmc/mem): prevent duplicated sharing of memory regions

Allow the SPMC to reject incoming memory sharing/lending requests
that contain memory regions which overlap with an existing
request.

To

feat(spmc/mem): prevent duplicated sharing of memory regions

Allow the SPMC to reject incoming memory sharing/lending requests
that contain memory regions which overlap with an existing
request.

To enable this functionality the SPMC compares each requested
memory region to those in ongoing memory transactions and rejects
the request if the ranges overlap.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I7588846f272ec2add2a341d9f24836c73a046e2f

show more ...

feat(spmc/mem): support multiple endpoints in memory transactions

Enable FFA_MEM_LEND and FFA_MEM_SHARE transactions to support multiple
borrowers and add the appropriate validation. Since we curren

feat(spmc/mem): support multiple endpoints in memory transactions

Enable FFA_MEM_LEND and FFA_MEM_SHARE transactions to support multiple
borrowers and add the appropriate validation. Since we currently
only support a single S-EL1 partition, this functionality is to
support the use case where a VM shares or lends memory to one or
more VMs in the normal world as part of the same transaction to
the SP.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ia12c4357e9d015cb5f9b38e518b7a25b1ea2e30e

show more ...

feat(spmc): add support for v1.1 FF-A boot protocol

A partition can request the use of the FF-A boot protocol via
an entry in its manifest along with the register (0-3)
that should be populated with

feat(spmc): add support for v1.1 FF-A boot protocol

A partition can request the use of the FF-A boot protocol via
an entry in its manifest along with the register (0-3)
that should be populated with a pointer to a data structure
containing boot related information. Currently the boot
information consists of an allocated memory region
containing the SP's manifest, allowing it to map and parse
any extra information as required.

This implementation only supports the v1.1 data structures
and will return an error if a v1.0 client requests the usage
of the protocol.

Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I67692553a90a7e7d94c64fe275edd247b512efca

show more ...

feat(spmc/mem): add FF-A memory management code

Originally taken from the downstream Trusty SPD [1]
implementation and modified to integrate with
the EL3 SPMC internals.

Add support to the EL3 SPMC

feat(spmc/mem): add FF-A memory management code

Originally taken from the downstream Trusty SPD [1]
implementation and modified to integrate with
the EL3 SPMC internals.

Add support to the EL3 SPMC for a subset of the FF-A
memory management ABIs:
- FFA_MEM_SHARE
- FFA_MEM_LEND
- FFA_MEM_RETRIEVE_REQ
- FFA_MEM_RETRIEVE_RESP
- FFA_MEM_RELINQUISH
- FFA_MEM_RECLAIM
- FFA_MEM_FRAG_RX
- FFA_MEM_FRAG_TX

This implementation relies on a datastore allocated in
platform specific code in order to store memory descriptors
about ongoing memory transactions. This mechanism
will be implemented in the following commit.

[1] https://android.googlesource.com/trusty/external/trusted-firmware-a/+/refs/heads/master/services/spd/trusty/

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib042f73c8a6e0f0aed00f6762be175cb9dedc042

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls
feat(spmc): add support for FFA_SPM_ID_GET
feat(spmc): add support for

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls
feat(spmc): add support for FFA_SPM_ID_GET
feat(spmc): add support for forwarding a secure interrupt to the SP
feat(spmc): add support for FF-A power mgmt. messages in the EL3 SPMC

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): enable the SPMC to pass the linear core ID in a register
feat(spmc): add FFA_RX_RELEASE handler
feat(spmc): add

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): enable the SPMC to pass the linear core ID in a register
feat(spmc): add FFA_RX_RELEASE handler
feat(spmc): add FFA_RUN handler
feat(spmc): support FFA_ID_GET ABI
feat(spmc): add FFA_FEATURES handler
feat(spmc): add FFA_PARTITION_INFO_GET handler
feat(spmc): enable handling FF-A RX/TX Mapping ABIs
docs(maintainers): introduce SPMC maintainer section

show more ...

feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls

Enable the SPMD to forward FFA_FRAG_RX/TX calls between
the normal world and the SPMC.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change

feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls

Enable the SPMD to forward FFA_FRAG_RX/TX calls between
the normal world and the SPMC.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I097a48552827a8527dd3efe1155bc601d7cbf887

show more ...

feat(spmc): add support for FFA_SPM_ID_GET

Enable a Secure Partition to query the ID assigned to the SPMC.
The SPMD will take care of any calls from the normal world
therefore we should not need to

feat(spmc): add support for FFA_SPM_ID_GET

Enable a Secure Partition to query the ID assigned to the SPMC.
The SPMD will take care of any calls from the normal world
therefore we should not need to handle this case in the SPMC.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I97903e920e928df385addbb2d383f24e602bf2db

show more ...

feat(spmc): add support for forwarding a secure interrupt to the SP

This patch adds support for forwarding a secure interrupt that
preempts the normal world to a SP for top-half interrupt handling.

feat(spmc): add support for forwarding a secure interrupt to the SP

This patch adds support for forwarding a secure interrupt that
preempts the normal world to a SP for top-half interrupt handling.

Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Iaa6e96f4cf8922ba5b6d128a19359df15e44158d

show more ...

Merge changes from topic "ns/save_fpregs_context" into integration

* changes:
feat(sgi): enable fpregs context save and restore
feat(spm_mm): add support to save and restore fp regs

feat(spmc): enable the SPMC to pass the linear core ID in a register

Add TF-A implementation defined behaviour to provide the linear core
ID in the x4 register when bringing up an SP.

Signed-off-by

feat(spmc): enable the SPMC to pass the linear core ID in a register

Add TF-A implementation defined behaviour to provide the linear core
ID in the x4 register when bringing up an SP.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I6cb215841097b264d252ec0262b0b7272be99d41

show more ...

feat(spmc): add support for FF-A power mgmt. messages in the EL3 SPMC

This patch adds support for forwarding the following PSCI messages
received by the SPMC at EL3 to the S-EL1 SP if the SP has ind

feat(spmc): add support for FF-A power mgmt. messages in the EL3 SPMC

This patch adds support for forwarding the following PSCI messages
received by the SPMC at EL3 to the S-EL1 SP if the SP has indicated
that it wishes to receive the appropriate message via its manifest.

1. A PSCI CPU_OFF message in response to a cpu hot unplug request
from the OS.
2. A message to indicate warm boot of a cpu in response to a cpu
hot plug request from the OS.
3. A PSCI CPU_SUSPEND message in response to a cpu idle event
initiated from the OS.
4. A message to indicate warm boot of a cpu from a shallow power
state in response to a cpu resume power event.

This patch also implements the FFA_SECONDARY_EP_REGISTER function to
enable the SP specify its secondary entrypoint.

Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I375d0655b2c6fc27445facc39213d1d0678557f4

show more ...

feat(spmc): add FFA_RX_RELEASE handler

Enable a partition to release its RX buffer and the SPMC
to update the appropriate state tracking.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-I

feat(spmc): add FFA_RX_RELEASE handler

Enable a partition to release its RX buffer and the SPMC
to update the appropriate state tracking.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I5fb6d92244b5ed5f032269b29b102aa874bf3ae3

show more ...

feat(spmc): add FFA_RUN handler

Enable the SPMC to handle the FFA_RUN ABI and update
the state tracking accordingly.

Change-Id: I3e8a3fa3ec9b03830055d2fbd6124b8ff1ed4103
Signed-off-by: Marc Bonnici

feat(spmc): add FFA_RUN handler

Enable the SPMC to handle the FFA_RUN ABI and update
the state tracking accordingly.

Change-Id: I3e8a3fa3ec9b03830055d2fbd6124b8ff1ed4103
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>

show more ...