Lines Matching refs:of
20 fulfils the requirements of a security service as described above.
22 Management services are typically implemented at the highest level of privilege
35 Placement of management and security functions with diverse requirements in a
36 privileged Exception Level (i.e. EL3 or S-EL1) makes security auditing of
37 firmware more difficult and does not allow isolation of unrelated services from
48 under the control of privileged software, provides one or more services and
55 - A range of synchronous exceptions (e.g. SMC function identifiers).
64 The following diagram illustrates the place of a Secure Partition in a typical
96 Alternatively, a partition can be viewed as a thread of execution running under
97 the control of the SPM. Hence common programming concepts described below are
103 The previous section introduced some general aspects of the software
104 architecture of a Secure Partition. This section describes the specific choices
105 made in the current implementation of this software architecture. Subsequent
106 revisions of the implementation will include a richer set of features that
113 implementation supports inclusion of only a single Secure Partition in which a
123 A working prototype of a SP has been implemented by re-purposing the EDK2 code
124 and tools, leveraging the concept of the *Standalone Management Mode (MM)* in
127 the rest of this document.
132 location of the binary that contains the BL32 image
166 - ``plat_get_secure_partition_mmap()`` returns an array of mmap regions that
172 with information about the memory map of the Secure Partition.
174 For an example of all the changes in context, you may refer to commit
186 service implementation. It is assumed that the caller of the service will be
194 A Fast Call appears to be atomic from the perspective of the caller and returns
203 The exchange of data between the Non-secure world and the partition takes place
204 through a shared memory region. The location of data in the shared memory area
211 specified in Section 3.2.3 of the `Management Mode Interface Specification`_
214 The format of data structures used to encapsulate data in the shared memory is
218 the Management Mode (MM) in the Secure world must be of the type
221 Any caller of a MM service will have to use the ``EFI_MM_COMMUNICATE_HEADER``
224 Runtime model of the Secure Partition
233 S-EL0, the SPM should define the following types of interfaces:
258 A SVC causes an exception to be taken to S-EL1. TF-A assumes ownership of S-EL1
269 conduit introduces the concept of SVC32 and SVC64 calling conventions. The SVC32
278 instruction to signal completion of the request. Some example use cases are
289 An ERET instruction is used by TF-A to return to S-EL0 with the result of the
292 For instance, a request to perform privileged operations on behalf of a
293 partition (e.g. management of memory attributes in the translation tables for
303 or both of the SVC32 and SVC64 calling conventions can be used to invoke the
314 - Indicate completion of a service request delegated by the SPM
324 Returns the version of the interface exported by SPM.
336 On success, the format of the value is as follows:
339 - Bits [30:16]: Major Version. Must be 0 for this revision of the SPM
341 - Bits [15:0]: Minor Version. Must be 1 for this revision of the SPM
344 On error, the format of the value is as follows:
351 This function returns the version of the Secure Partition Manager
360 identical, if the minor revision value of revision B is greater than the
361 minor revision value of revision A, then every function in revision A must
378 enable initialisation of a service in S-EL0. The responsibilities of the SPM are
379 listed below. At the end of initialisation, the partition issues a
388 used as the target of the ERET instruction to start initialisation of the Secure
401 The platform port of a Secure Partition specifies to the SPM a list of regions
417 5. If the resource description does not explicitly describe the type of memory
460 SPM will invoke the entry point of a service by executing an ERET instruction.
463 general purpose register usage at the time of entry will be as specified in the
464 "Return State" column of Table 3-1 in Section 3.1 "Register use in AArch64 SMC
465 calls" of the `SMC Calling Convention`_ (*Arm DEN 0028B*) specification. In
477 The values of these registers will be 0.
483 - ``X0``: Virtual address of a buffer shared between EL3 and S-EL0. The
487 - ``X1``: Size of the buffer in bytes.
500 was made to signal either completion of Secure Partition initialisation or
501 completion of a partition service request.
508 Signal completion of the last SP service request.
528 A negative value indicates an error. The values of Event Status code depend
535 Zero or a positive value specifies the unique ID of the event being
538 In the current implementation, this parameter contains the function ID of
543 A negative value indicates an error. The format of the value is as follows:
552 Address of a buffer shared between the SPM and Secure Partition to pass
553 event specific information. The format of the data populated in the buffer
565 Size of the memory starting at Event Address.
573 This function signals to the SPM that the handling of the last event delegated
581 completion of a request that was delegated to it by the SPM.
588 Partition context. This syndrome information comprises of general purpose and
592 event to the Secure Partition. The return parameters of this interface must
593 specify the properties of the event and be populated in ``X0-X3/W0-W3``
600 The SPM is responsible for enabling access to regions of memory in the system
604 attributes used in the Translation tables. The definitions of these attributes
609 access permissions of the memory regions are statically provided by the platform
612 However, they might not suit the final needs of the Secure Partition because its
618 a part of the Secure Partition image. The location of various sections in an
623 of its memory regions. The SPM provides this feature through the
632 to determine and change permission attributes of memory regions that belong to a
640 Request the permission attributes of a memory region from S-EL0.
653 attributes of the translation granule it lies in are returned.
657 This parameter is the number of translation granule size pages from
666 On success the format of the Return Code is as follows:
689 - ``NOT_SUPPORTED`` : The SPM does not support retrieval of attributes of
699 On success, the number of translation granule size pages from
710 memory region accessible from a Secure Partition. The size of the memory
717 The caller must obtain the Translation Granule Size of the Secure EL1&0
722 The SPM must not return the memory access controls for a page of memory that
730 Set the permission attributes of a memory region from S-EL0.
742 The alignment of the Base Address must be greater than or equal to the size
743 of the Translation Granule Size used in the Secure EL1&0 translation
748 Number of pages starting from the Base Address whose memory attributes
767 A combination of attributes that mark the region with RW and Executable
777 - ``DENIED``: The SPM is servicing a request to change the attributes of a
780 - ``INVALID_PARAMETER``: An invalid combination of Memory Access Controls
782 Partition is not allowed to access part or all of the memory region
786 attributes of the memory region in the translation tables.
788 - ``NOT_SUPPORTED``: The SPM does not permit change of attributes of any
799 memory region accessible from a Secure Partition. The size of the memory
810 The caller must obtain the Translation Granule Size of the Secure EL1&0
815 The SPM must preserve the original memory access controls of the region of
816 memory in case of an unsuccessful call. The SPM must preserve the consistency
817 of the S-EL1 translation regime if this function is called on different PEs