feat(tsp): add FF-A support to the TSP

This patch adds the FF-A programming model in the test
secure payload to ensure that it can be used to test
the following spec features.

1. SP initialisation

feat(tsp): add FF-A support to the TSP

This patch adds the FF-A programming model in the test
secure payload to ensure that it can be used to test
the following spec features.

1. SP initialisation on the primary and secondary cpus.
2. An event loop to receive direct requests and respond
with direct responses.
3. Ability to receive messages that indicate power on
and off of a cpu.
4. Ability to handle a secure interrupt.

Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Signed-off-by: Shruti <shruti.gupta@arm.com>
Change-Id: I81cf744904d5cdc0b27862b5e4bc6f2cfe58a13a

show more ...

fix(spmc): fix relinquish validation check

The current implementation expects that the endpoint IDs of all
participants of a memory transaction to be listed in the relinquish
descriptor. As per the

fix(spmc): fix relinquish validation check

The current implementation expects that the endpoint IDs of all
participants of a memory transaction to be listed in the relinquish
descriptor. As per the FF-A spec, aside from the current partition
ID, only the IDs of stream endpoints whose behalf it is relinquishing
the memory region must be specified.

The current implementation does not currently support proxy endpoints
therefore ensure that the endpoint count is always equal to 1 and
no stream endpoint IDs are specified and instead just verify the
caller is a valid participant in the memory transaction.

Additionally reuse the updated check in the retrieve request flow
for additional verification.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I3b970196af8a16b2531607775398cb8a2473793b

show more ...

fix(doc): document missing RMM-EL3 runtime services

This patch adds documentation for the missing RMM-EL3
runtime services:

* RMM_RMI_REQ_COMPLETE
* RMM_GTSI_DELEGATE
* RMM_GTSI_UNDELEGATE

This pa

fix(doc): document missing RMM-EL3 runtime services

This patch adds documentation for the missing RMM-EL3
runtime services:

* RMM_RMI_REQ_COMPLETE
* RMM_GTSI_DELEGATE
* RMM_GTSI_UNDELEGATE

This patch also fixes a couple of minor bugs on return codes
for delegate/undelegate internal APIs.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: Ic721005e7851e838eebaee7865ba78fadc3309e4

show more ...

Merge changes from topic "jas/rmm-el3-ifc" into integration

* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer

Merge changes from topic "jas/rmm-el3-ifc" into integration

* changes:
docs(rmmd): document EL3-RMM Interfaces
feat(rmmd): add support to create a boot manifest
fix(rme): use RMM shared buffer for attest SMCs
feat(rmmd): add support for RMM Boot interface

show more ...

Merge "feat(spmd): avoid spoofing in FF-A direct request" into integration

feat(rmmd): add support to create a boot manifest

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Ch

feat(rmmd): add support to create a boot manifest

This patch also adds an initial RMM Boot Manifest (v0.1) for fvp
platform.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I1374f8f9cb207028f1820953cd2a5cf6d6c3b948

show more ...

fix(rme): use RMM shared buffer for attest SMCs

Use the RMM shared buffer to attestation token and signing key SMCs.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id:

fix(rme): use RMM shared buffer for attest SMCs

Use the RMM shared buffer to attestation token and signing key SMCs.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I313838b26d3d9334fb0fe8cd4b229a326440d2f4

show more ...

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, am

feat(rmmd): add support for RMM Boot interface

This patch adds the infrastructure needed to pass boot arguments from
EL3 to RMM and allocates a shared buffer between both worlds that can
be used, among others, to pass a boot manifest to RMM. The buffer is
composed a single memory page be used by a later EL3 <-> RMM interface
by all CPUs.

The RMM boot manifest is not implemented by this patch.

In addition to that, this patch also enables support for RMM when
RESET_TO_BL31 is enabled.

Signed-off-by: Javier Almansa Sobrino <javier.almansasobrino@arm.com>
Change-Id: I855cd4758ee3843eadd9fb482d70a6d18954d82a

show more ...

feat(spmd): avoid spoofing in FF-A direct request

Validate that non-secure caller does not spoof
SPMD, SPMC or any secure endpoint ID
in FFA_MSG_SEND_DIRECT_REQ.

Change-Id: I7eadb8886142d94bef107cf

feat(spmd): avoid spoofing in FF-A direct request

Validate that non-secure caller does not spoof
SPMD, SPMC or any secure endpoint ID
in FFA_MSG_SEND_DIRECT_REQ.

Change-Id: I7eadb8886142d94bef107cf485462dfcda828895
Signed-off-by: Shruti <shruti.gupta@arm.com>

show more ...

fix(rme/fid): refactor RME fid macros

Refactored RME FID macros to simplify usage.

Signed-off-by: Subhasish Ghosh <subhasish.ghosh@arm.com>
Change-Id: I68f51f43d6c100d90069577412c2e495fe7b7e40

fix(spmc): fix incorrect FF-A version usage

Fix the wrong FF-A version being used for retrieving existing memory
descriptors for v1.0 clients. Internally these should always be stored
using the late

fix(spmc): fix incorrect FF-A version usage

Fix the wrong FF-A version being used for retrieving existing memory
descriptors for v1.0 clients. Internally these should always be stored
using the latest version rather than client version.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ibee1b2452c8d6ebd23bbd9d703c96ca185444093

show more ...

fix(spmc): fix FF-A memory transaction validation

Fix an incorrect bound check for overlapping memory regions which can
give false positives if the two regions are consecutive to each other.

Signed

fix(spmc): fix FF-A memory transaction validation

Fix an incorrect bound check for overlapping memory regions which can
give false positives if the two regions are consecutive to each other.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I997dc4d1ef2014660cc964aff0a73e348c44eff0

show more ...

feat(fvp): add plat hook for memory transactions

Add call to platform hooks upon successful transmission of a
memory transaction request and as part of a memory reclaim request.
This allows for plat

feat(fvp): add plat hook for memory transactions

Add call to platform hooks upon successful transmission of a
memory transaction request and as part of a memory reclaim request.
This allows for platform specific functionality to be performed
accordingly.

Note the hooks must be placed in the initial share request and final
reclaim to prevent order dependencies with operations that may take
place in the normal world without visibility of the SPMC.

Add a dummy implementation to the FVP platform.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I0c7441a9fdf953c4db0651512e5e2cdbc6656c79

show more ...

feat(spmc): enable handling of the NS bit

In FF-A v1.1 the NS bit is used by the SPMC to specify the
security state of a memory region retrieved by a SP.

Enable the SPMC to set the bit for v1.1 cal

feat(spmc): enable handling of the NS bit

In FF-A v1.1 the NS bit is used by the SPMC to specify the
security state of a memory region retrieved by a SP.

Enable the SPMC to set the bit for v1.1 callers or v1.0
callers that explicitly request the usage via FFA_FEATURES.

In this implementation the sender of the memory region must
reside in the normal world and the SPMC does not support
changing the security state of memory regions therefore
always set the NS bit if required by the caller.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I215756b28e2382082933ba1dcc7584e7faf4b36b

show more ...

feat(spmc): add support for v1.1 FF-A memory data structures

Add support for the FF-A v1.1 data structures to the EL3 SPMC
and enable the ability to convert between v1.0 and the v1.1
forwards compat

feat(spmc): add support for v1.1 FF-A memory data structures

Add support for the FF-A v1.1 data structures to the EL3 SPMC
and enable the ability to convert between v1.0 and the v1.1
forwards compatible data structures.

The SPMC now uses the v1.1 data structures internally and will
convert descriptors as required depending on the FF-A version
supported by the calling partition.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ic14a95ea2e49c989aecf19b927a6b21ac50f863e

show more ...

feat(spmc/mem): prevent duplicated sharing of memory regions

Allow the SPMC to reject incoming memory sharing/lending requests
that contain memory regions which overlap with an existing
request.

To

feat(spmc/mem): prevent duplicated sharing of memory regions

Allow the SPMC to reject incoming memory sharing/lending requests
that contain memory regions which overlap with an existing
request.

To enable this functionality the SPMC compares each requested
memory region to those in ongoing memory transactions and rejects
the request if the ranges overlap.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I7588846f272ec2add2a341d9f24836c73a046e2f

show more ...

feat(spmc/mem): support multiple endpoints in memory transactions

Enable FFA_MEM_LEND and FFA_MEM_SHARE transactions to support multiple
borrowers and add the appropriate validation. Since we curren

feat(spmc/mem): support multiple endpoints in memory transactions

Enable FFA_MEM_LEND and FFA_MEM_SHARE transactions to support multiple
borrowers and add the appropriate validation. Since we currently
only support a single S-EL1 partition, this functionality is to
support the use case where a VM shares or lends memory to one or
more VMs in the normal world as part of the same transaction to
the SP.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ia12c4357e9d015cb5f9b38e518b7a25b1ea2e30e

show more ...

feat(spmc): add support for v1.1 FF-A boot protocol

A partition can request the use of the FF-A boot protocol via
an entry in its manifest along with the register (0-3)
that should be populated with

feat(spmc): add support for v1.1 FF-A boot protocol

A partition can request the use of the FF-A boot protocol via
an entry in its manifest along with the register (0-3)
that should be populated with a pointer to a data structure
containing boot related information. Currently the boot
information consists of an allocated memory region
containing the SP's manifest, allowing it to map and parse
any extra information as required.

This implementation only supports the v1.1 data structures
and will return an error if a v1.0 client requests the usage
of the protocol.

Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I67692553a90a7e7d94c64fe275edd247b512efca

show more ...

feat(spmc/mem): add FF-A memory management code

Originally taken from the downstream Trusty SPD [1]
implementation and modified to integrate with
the EL3 SPMC internals.

Add support to the EL3 SPMC

feat(spmc/mem): add FF-A memory management code

Originally taken from the downstream Trusty SPD [1]
implementation and modified to integrate with
the EL3 SPMC internals.

Add support to the EL3 SPMC for a subset of the FF-A
memory management ABIs:
- FFA_MEM_SHARE
- FFA_MEM_LEND
- FFA_MEM_RETRIEVE_REQ
- FFA_MEM_RETRIEVE_RESP
- FFA_MEM_RELINQUISH
- FFA_MEM_RECLAIM
- FFA_MEM_FRAG_RX
- FFA_MEM_FRAG_TX

This implementation relies on a datastore allocated in
platform specific code in order to store memory descriptors
about ongoing memory transactions. This mechanism
will be implemented in the following commit.

[1] https://android.googlesource.com/trusty/external/trusted-firmware-a/+/refs/heads/master/services/spd/trusty/

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Ib042f73c8a6e0f0aed00f6762be175cb9dedc042

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls
feat(spmc): add support for FFA_SPM_ID_GET
feat(spmc): add support for

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls
feat(spmc): add support for FFA_SPM_ID_GET
feat(spmc): add support for forwarding a secure interrupt to the SP
feat(spmc): add support for FF-A power mgmt. messages in the EL3 SPMC

show more ...

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): enable the SPMC to pass the linear core ID in a register
feat(spmc): add FFA_RX_RELEASE handler
feat(spmc): add

Merge changes from topic "ffa_el3_spmc" into integration

* changes:
feat(spmc): enable the SPMC to pass the linear core ID in a register
feat(spmc): add FFA_RX_RELEASE handler
feat(spmc): add FFA_RUN handler
feat(spmc): support FFA_ID_GET ABI
feat(spmc): add FFA_FEATURES handler
feat(spmc): add FFA_PARTITION_INFO_GET handler
feat(spmc): enable handling FF-A RX/TX Mapping ABIs
docs(maintainers): introduce SPMC maintainer section

show more ...

feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls

Enable the SPMD to forward FFA_FRAG_RX/TX calls between
the normal world and the SPMC.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change

feat(spmd): allow forwarding of FFA_FRAG_RX/TX calls

Enable the SPMD to forward FFA_FRAG_RX/TX calls between
the normal world and the SPMC.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I097a48552827a8527dd3efe1155bc601d7cbf887

show more ...

feat(spmc): add support for FFA_SPM_ID_GET

Enable a Secure Partition to query the ID assigned to the SPMC.
The SPMD will take care of any calls from the normal world
therefore we should not need to

feat(spmc): add support for FFA_SPM_ID_GET

Enable a Secure Partition to query the ID assigned to the SPMC.
The SPMD will take care of any calls from the normal world
therefore we should not need to handle this case in the SPMC.

Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: I97903e920e928df385addbb2d383f24e602bf2db

show more ...

feat(spmc): add support for forwarding a secure interrupt to the SP

This patch adds support for forwarding a secure interrupt that
preempts the normal world to a SP for top-half interrupt handling.

feat(spmc): add support for forwarding a secure interrupt to the SP

This patch adds support for forwarding a secure interrupt that
preempts the normal world to a SP for top-half interrupt handling.

Signed-off-by: Achin Gupta <achin.gupta@arm.com>
Signed-off-by: Marc Bonnici <marc.bonnici@arm.com>
Change-Id: Iaa6e96f4cf8922ba5b6d128a19359df15e44158d

show more ...

Merge changes from topic "ns/save_fpregs_context" into integration

* changes:
feat(sgi): enable fpregs context save and restore
feat(spm_mm): add support to save and restore fp regs