1*69447290SJavier Almansa SobrinoRMM-EL3 Communication interface 2*69447290SJavier Almansa Sobrino******************************* 3*69447290SJavier Almansa Sobrino 4*69447290SJavier Almansa SobrinoThis document defines the communication interface between RMM and EL3. 5*69447290SJavier Almansa SobrinoThere are two parts in this interface: the boot interface and the runtime 6*69447290SJavier Almansa Sobrinointerface. 7*69447290SJavier Almansa Sobrino 8*69447290SJavier Almansa SobrinoThe Boot Interface defines the ABI between EL3 and RMM when the CPU enters 9*69447290SJavier Almansa SobrinoR-EL2 for the first time after boot. The cold boot interface defines the ABI 10*69447290SJavier Almansa Sobrinofor the cold boot path and the warm boot interface defines the same for the 11*69447290SJavier Almansa Sobrinowarm path. 12*69447290SJavier Almansa Sobrino 13*69447290SJavier Almansa SobrinoThe RMM-EL3 runtime interface defines the ABI for EL3 services which can be 14*69447290SJavier Almansa Sobrinoinvoked by RMM as well as the register save-restore convention when handling an 15*69447290SJavier Almansa SobrinoSMC call from NS. 16*69447290SJavier Almansa Sobrino 17*69447290SJavier Almansa SobrinoThe below sections discuss these interfaces more in detail. 18*69447290SJavier Almansa Sobrino 19*69447290SJavier Almansa Sobrino.. _rmm_el3_ifc_versioning: 20*69447290SJavier Almansa Sobrino 21*69447290SJavier Almansa SobrinoRMM-EL3 Interface versioning 22*69447290SJavier Almansa Sobrino____________________________ 23*69447290SJavier Almansa Sobrino 24*69447290SJavier Almansa SobrinoThe RMM Boot and Runtime Interface uses a version number to check 25*69447290SJavier Almansa Sobrinocompatibility with the register arguments passed as part of Boot Interface and 26*69447290SJavier Almansa SobrinoRMM-EL3 runtime interface. 27*69447290SJavier Almansa Sobrino 28*69447290SJavier Almansa SobrinoThe Boot Manifest, discussed later in section :ref:`rmm_el3_boot_manifest`, 29*69447290SJavier Almansa Sobrinouses a separate version number but with the same scheme. 30*69447290SJavier Almansa Sobrino 31*69447290SJavier Almansa SobrinoThe version number is a 32-bit type with the following fields: 32*69447290SJavier Almansa Sobrino 33*69447290SJavier Almansa Sobrino.. csv-table:: 34*69447290SJavier Almansa Sobrino :header: "Bits", "Value" 35*69447290SJavier Almansa Sobrino 36*69447290SJavier Almansa Sobrino [0:15],``VERSION_MINOR`` 37*69447290SJavier Almansa Sobrino [16:30],``VERSION_MAJOR`` 38*69447290SJavier Almansa Sobrino [31],RES0 39*69447290SJavier Almansa Sobrino 40*69447290SJavier Almansa SobrinoThe version numbers are sequentially increased and the rules for updating them 41*69447290SJavier Almansa Sobrinoare explained below: 42*69447290SJavier Almansa Sobrino 43*69447290SJavier Almansa Sobrino - ``VERSION_MAJOR``: This value is increased when changes break 44*69447290SJavier Almansa Sobrino compatibility with previous versions. If the changes 45*69447290SJavier Almansa Sobrino on the ABI are compatible with the previous one, ``VERSION_MAJOR`` 46*69447290SJavier Almansa Sobrino remains unchanged. 47*69447290SJavier Almansa Sobrino 48*69447290SJavier Almansa Sobrino - ``VERSION_MINOR``: This value is increased on any change that is backwards 49*69447290SJavier Almansa Sobrino compatible with the previous version. When ``VERSION_MAJOR`` is increased, 50*69447290SJavier Almansa Sobrino ``VERSION_MINOR`` must be set to 0. 51*69447290SJavier Almansa Sobrino 52*69447290SJavier Almansa Sobrino - ``RES0``: Bit 31 of the version number is reserved 0 as to maintain 53*69447290SJavier Almansa Sobrino consistency with the versioning schemes used in other parts of RMM. 54*69447290SJavier Almansa Sobrino 55*69447290SJavier Almansa SobrinoThis document specifies the 0.1 version of Boot Interface ABI and RMM-EL3 56*69447290SJavier Almansa Sobrinoservices specification and the 0.1 version of the Boot Manifest. 57*69447290SJavier Almansa Sobrino 58*69447290SJavier Almansa Sobrino.. _rmm_el3_boot_interface: 59*69447290SJavier Almansa Sobrino 60*69447290SJavier Almansa SobrinoRMM Boot Interface 61*69447290SJavier Almansa Sobrino__________________ 62*69447290SJavier Almansa Sobrino 63*69447290SJavier Almansa SobrinoThis section deals with the Boot Interface part of the specification. 64*69447290SJavier Almansa Sobrino 65*69447290SJavier Almansa SobrinoOne of the goals of the Boot Interface is to allow EL3 firmware to pass 66*69447290SJavier Almansa Sobrinodown into RMM certain platform specific information dynamically. This allows 67*69447290SJavier Almansa SobrinoRMM to be less platform dependent and be more generic across platform 68*69447290SJavier Almansa Sobrinovariations. It also allows RMM to be decoupled from the other boot loader 69*69447290SJavier Almansa Sobrinoimages in the boot sequence and remain agnostic of any particular format used 70*69447290SJavier Almansa Sobrinofor configuration files. 71*69447290SJavier Almansa Sobrino 72*69447290SJavier Almansa SobrinoThe Boot Interface ABI defines a set of register conventions and 73*69447290SJavier Almansa Sobrinoalso a memory based manifest file to pass information from EL3 to RMM. The 74*69447290SJavier Almansa Sobrinoboot manifest and the associated platform data in it can be dynamically created 75*69447290SJavier Almansa Sobrinoby EL3 and there is no restriction on how the data can be obtained (e.g by DTB, 76*69447290SJavier Almansa Sobrinohoblist or other). 77*69447290SJavier Almansa Sobrino 78*69447290SJavier Almansa SobrinoThe register convention and the manifest are versioned separately to manage 79*69447290SJavier Almansa Sobrinofuture enhancements and compatibility. 80*69447290SJavier Almansa Sobrino 81*69447290SJavier Almansa SobrinoRMM completes the boot by issuing the ``RMM_BOOT_COMPLETE`` SMC (0xC40001CF) 82*69447290SJavier Almansa Sobrinoback to EL3. After the RMM has finished the boot process, it can only be 83*69447290SJavier Almansa Sobrinoentered from EL3 as part of RMI handling. 84*69447290SJavier Almansa Sobrino 85*69447290SJavier Almansa SobrinoIf RMM returns an error during boot (in any CPU), then RMM must not be entered 86*69447290SJavier Almansa Sobrinofrom any CPU. 87*69447290SJavier Almansa Sobrino 88*69447290SJavier Almansa Sobrino.. _rmm_cold_boot_interface: 89*69447290SJavier Almansa Sobrino 90*69447290SJavier Almansa SobrinoCold Boot Interface 91*69447290SJavier Almansa Sobrino~~~~~~~~~~~~~~~~~~~ 92*69447290SJavier Almansa Sobrino 93*69447290SJavier Almansa SobrinoDuring cold boot RMM expects the following register values: 94*69447290SJavier Almansa Sobrino 95*69447290SJavier Almansa Sobrino.. csv-table:: 96*69447290SJavier Almansa Sobrino :header: "Register", "Value" 97*69447290SJavier Almansa Sobrino :widths: 1, 5 98*69447290SJavier Almansa Sobrino 99*69447290SJavier Almansa Sobrino x0,Linear index of this PE. This index starts from 0 and must be less than the maximum number of CPUs to be supported at runtime (see x2). 100*69447290SJavier Almansa Sobrino x1,Version for this Boot Interface as defined in :ref:`rmm_el3_ifc_versioning`. 101*69447290SJavier Almansa Sobrino x2,Maximum number of CPUs to be supported at runtime. RMM should ensure that it can support this maximum number. 102*69447290SJavier Almansa Sobrino x3,Base address for the shared buffer used for communication between EL3 firmware and RMM. This buffer must be of 4KB size (1 page). The boot manifest must be present at the base of this shared buffer during cold boot. 103*69447290SJavier Almansa Sobrino 104*69447290SJavier Almansa SobrinoDuring cold boot, EL3 firmware needs to allocate a 4K page that will be 105*69447290SJavier Almansa Sobrinopassed to RMM in x3. This memory will be used as shared buffer for communication 106*69447290SJavier Almansa Sobrinobetween EL3 and RMM. It must be assigned to Realm world and must be mapped with 107*69447290SJavier Almansa SobrinoNormal memory attributes (IWB-OWB-ISH) at EL3. At boot, this memory will be 108*69447290SJavier Almansa Sobrinoused to populate the Boot Manifest. Since the Boot Manifest can be accessed by 109*69447290SJavier Almansa SobrinoRMM prior to enabling its MMU, EL3 must ensure that proper cache maintenance 110*69447290SJavier Almansa Sobrinooperations are performed after the Boot Manifest is populated. 111*69447290SJavier Almansa Sobrino 112*69447290SJavier Almansa SobrinoEL3 should also ensure that this shared buffer is always available for use by RMM 113*69447290SJavier Almansa Sobrinoduring the lifetime of the system and that it can be used for runtime 114*69447290SJavier Almansa Sobrinocommunication between RMM and EL3. For example, when RMM invokes attestation 115*69447290SJavier Almansa Sobrinoservice commands in EL3, this buffer can be used to exchange data between RMM 116*69447290SJavier Almansa Sobrinoand EL3. It is also allowed for RMM to invoke runtime services provided by EL3 117*69447290SJavier Almansa Sobrinoutilizing this buffer during the boot phase, prior to return back to EL3 via 118*69447290SJavier Almansa SobrinoRMM_BOOT_COMPLETE SMC. 119*69447290SJavier Almansa Sobrino 120*69447290SJavier Almansa SobrinoRMM should map this memory page into its Stage 1 page-tables using Normal 121*69447290SJavier Almansa Sobrinomemory attributes. 122*69447290SJavier Almansa Sobrino 123*69447290SJavier Almansa SobrinoDuring runtime, it is the RMM which initiates any communication with EL3. If that 124*69447290SJavier Almansa Sobrinocommunication requires the use of the shared area, it is expected that RMM needs 125*69447290SJavier Almansa Sobrinoto do the necessary concurrency protection to prevent the use of the same buffer 126*69447290SJavier Almansa Sobrinoby other PEs. 127*69447290SJavier Almansa Sobrino 128*69447290SJavier Almansa SobrinoThe following sequence diagram shows how a generic EL3 Firmware would boot RMM. 129*69447290SJavier Almansa Sobrino 130*69447290SJavier Almansa Sobrino.. image:: ../resources/diagrams/rmm_cold_boot_generic.png 131*69447290SJavier Almansa Sobrino 132*69447290SJavier Almansa SobrinoWarm Boot Interface 133*69447290SJavier Almansa Sobrino~~~~~~~~~~~~~~~~~~~ 134*69447290SJavier Almansa Sobrino 135*69447290SJavier Almansa SobrinoAt warm boot, RMM is already initialized and only some per-CPU initialization 136*69447290SJavier Almansa Sobrinois still pending. The only argument that is required by RMM at this stage is 137*69447290SJavier Almansa Sobrinothe CPU Id, which will be passed through register x0 whilst x1 to x3 are RES0. 138*69447290SJavier Almansa SobrinoThis is summarized in the following table: 139*69447290SJavier Almansa Sobrino 140*69447290SJavier Almansa Sobrino.. csv-table:: 141*69447290SJavier Almansa Sobrino :header: "Register", "Value" 142*69447290SJavier Almansa Sobrino :widths: 1, 5 143*69447290SJavier Almansa Sobrino 144*69447290SJavier Almansa Sobrino x0,Linear index of this PE. This index starts from 0 and must be less than the maximum number of CPUs to be supported at runtime (see x2). 145*69447290SJavier Almansa Sobrino x1 - x3,RES0 146*69447290SJavier Almansa Sobrino 147*69447290SJavier Almansa SobrinoBoot error handling and return values 148*69447290SJavier Almansa Sobrino~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 149*69447290SJavier Almansa Sobrino 150*69447290SJavier Almansa SobrinoAfter boot up and initialization, RMM returns control back to EL3 through a 151*69447290SJavier Almansa Sobrino``RMM_BOOT_COMPLETE`` SMC call. The only argument of this SMC call will 152*69447290SJavier Almansa Sobrinobe returned in x1 and it will encode a signed integer with the error reason 153*69447290SJavier Almansa Sobrinoas per the following table: 154*69447290SJavier Almansa Sobrino 155*69447290SJavier Almansa Sobrino.. csv-table:: 156*69447290SJavier Almansa Sobrino :header: "Error code", "Description", "ID" 157*69447290SJavier Almansa Sobrino :widths: 2 4 1 158*69447290SJavier Almansa Sobrino 159*69447290SJavier Almansa Sobrino ``E_RMM_BOOT_SUCCESS``,Boot successful,0 160*69447290SJavier Almansa Sobrino ``E_RMM_BOOT_ERR_UNKNOWN``,Unknown error,-1 161*69447290SJavier Almansa Sobrino ``E_RMM_BOOT_VERSION_NOT_VALID``,Boot Interface version reported by EL3 is not supported by RMM,-2 162*69447290SJavier Almansa Sobrino ``E_RMM_BOOT_CPUS_OUT_OF_RAGE``,Number of CPUs reported by EL3 larger than maximum supported by RMM,-3 163*69447290SJavier Almansa Sobrino ``E_RMM_BOOT_CPU_ID_OUT_OF_RAGE``,Current CPU Id is higher or equal than the number of CPUs supported by RMM,-4 164*69447290SJavier Almansa Sobrino ``E_RMM_BOOT_INVALID_SHARED_BUFFER``,Invalid pointer to shared memory area,-5 165*69447290SJavier Almansa Sobrino ``E_RMM_BOOT_MANIFEST_VERSION_NOT_SUPPORTED``,Version reported by the boot manifest not supported by RMM,-6 166*69447290SJavier Almansa Sobrino ``E_RMM_BOOT_MANIFEST_DATA_ERROR``,Error parsing core boot manifest,-7 167*69447290SJavier Almansa Sobrino 168*69447290SJavier Almansa SobrinoFor any error detected in RMM during cold or warm boot, RMM will return back to 169*69447290SJavier Almansa SobrinoEL3 using ``RMM_BOOT_COMPLETE`` SMC with an appropriate error code. It is 170*69447290SJavier Almansa Sobrinoexpected that EL3 will take necessary action to disable Realm world for further 171*69447290SJavier Almansa Sobrinoentry from NS Host on receiving an error. This will be done across all the PEs 172*69447290SJavier Almansa Sobrinoin the system so as to present a symmetric view to the NS Host. Any further 173*69447290SJavier Almansa Sobrinowarm boot by any PE should not enter RMM using the warm boot interface. 174*69447290SJavier Almansa Sobrino 175*69447290SJavier Almansa Sobrino.. _rmm_el3_boot_manifest: 176*69447290SJavier Almansa Sobrino 177*69447290SJavier Almansa SobrinoBoot Manifest 178*69447290SJavier Almansa Sobrino~~~~~~~~~~~~~ 179*69447290SJavier Almansa Sobrino 180*69447290SJavier Almansa SobrinoDuring cold boot, EL3 Firmware passes a memory boot manifest to RMM containing 181*69447290SJavier Almansa Sobrinoplatform information. 182*69447290SJavier Almansa Sobrino 183*69447290SJavier Almansa SobrinoThis boot manifest is versioned independently of the boot interface, to help 184*69447290SJavier Almansa Sobrinoevolve the boot manifest independent of the rest of Boot Manifest. 185*69447290SJavier Almansa SobrinoThe current version for the boot manifest is ``v0.1`` and the rules explained 186*69447290SJavier Almansa Sobrinoin :ref:`rmm_el3_ifc_versioning` apply on this version as well. 187*69447290SJavier Almansa Sobrino 188*69447290SJavier Almansa SobrinoThe boot manifest is divided into two different components: 189*69447290SJavier Almansa Sobrino 190*69447290SJavier Almansa Sobrino - Core Manifest: This is the generic parameters passed to RMM by EL3 common to all platforms. 191*69447290SJavier Almansa Sobrino - Platform data: This is defined by the platform owner and contains information specific to that platform. 192*69447290SJavier Almansa Sobrino 193*69447290SJavier Almansa SobrinoFor the current version of the manifest, the core manifest contains a pointer 194*69447290SJavier Almansa Sobrinoto the platform data. EL3 must ensure that the whole boot manifest, 195*69447290SJavier Almansa Sobrinoincluding the platform data, if available, fits inside the RMM EL3 shared 196*69447290SJavier Almansa Sobrinobuffer. 197*69447290SJavier Almansa Sobrino 198*69447290SJavier Almansa SobrinoFor the type specification of the RMM Boot Manifest v0.1, refer to 199*69447290SJavier Almansa Sobrino:ref:`rmm_el3_manifest_struct` 200*69447290SJavier Almansa Sobrino 201*69447290SJavier Almansa Sobrino.. _runtime_services_and_interface: 202*69447290SJavier Almansa Sobrino 203*69447290SJavier Almansa SobrinoRMMM-EL3 Runtime Interface 204*69447290SJavier Almansa Sobrino__________________________ 205*69447290SJavier Almansa Sobrino 206*69447290SJavier Almansa SobrinoThis section defines the RMM-EL3 runtime interface which specifies the ABI for 207*69447290SJavier Almansa SobrinoEL3 services expected by RMM at runtime as well as the register save and 208*69447290SJavier Almansa Sobrinorestore convention between EL3 and RMM as part of RMI call handling. It is 209*69447290SJavier Almansa Sobrinoimportant to note that RMM is allowed to invoke EL3-RMM runtime interface 210*69447290SJavier Almansa Sobrinoservices during the boot phase as well. The EL3 runtime service handling must 211*69447290SJavier Almansa Sobrinonot result in a world switch to another world unless specified. Both the RMM 212*69447290SJavier Almansa Sobrinoand EL3 are allowed to make suitable optimizations based on this assumption. 213*69447290SJavier Almansa Sobrino 214*69447290SJavier Almansa SobrinoIf the interface requires the use of memory, then the memory references should 215*69447290SJavier Almansa Sobrinobe within the shared buffer communicated as part of the boot interface. See 216*69447290SJavier Almansa Sobrino:ref:`rmm_cold_boot_interface` for properties of this shared buffer which both 217*69447290SJavier Almansa SobrinoEL3 and RMM must adhere to. 218*69447290SJavier Almansa Sobrino 219*69447290SJavier Almansa SobrinoRMM-EL3 runtime service return codes 220*69447290SJavier Almansa Sobrino~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 221*69447290SJavier Almansa Sobrino 222*69447290SJavier Almansa SobrinoThe return codes from EL3 to RMM is a 32 bit signed integer which encapsulates 223*69447290SJavier Almansa Sobrinoerror condition as described in the following table: 224*69447290SJavier Almansa Sobrino 225*69447290SJavier Almansa Sobrino.. csv-table:: 226*69447290SJavier Almansa Sobrino :header: "Error code", "Description", "ID" 227*69447290SJavier Almansa Sobrino :widths: 2 4 1 228*69447290SJavier Almansa Sobrino 229*69447290SJavier Almansa Sobrino ``E_RMM_OK``,No errors detected,0 230*69447290SJavier Almansa Sobrino ``E_RMM_UNK``,Unknown/Generic error,-1 231*69447290SJavier Almansa Sobrino ``E_RMM_BAD_ADDR``,The value of an address used as argument was invalid,-2 232*69447290SJavier Almansa Sobrino ``E_RMM_BAD_PAS``,Incorrect PAS,-3 233*69447290SJavier Almansa Sobrino ``E_RMM_NOMEM``,Not enough memory to perform an operation,-4 234*69447290SJavier Almansa Sobrino ``E_RMM_INVAL``,The value of an argument was invalid,-5 235*69447290SJavier Almansa Sobrino 236*69447290SJavier Almansa SobrinoIf multiple failure conditions are detected in an RMM to EL3 command, then EL3 237*69447290SJavier Almansa Sobrinois allowed to return an error code corresponding to any of the failure 238*69447290SJavier Almansa Sobrinoconditions. 239*69447290SJavier Almansa Sobrino 240*69447290SJavier Almansa SobrinoRMM-EL3 runtime services 241*69447290SJavier Almansa Sobrino~~~~~~~~~~~~~~~~~~~~~~~~ 242*69447290SJavier Almansa Sobrino 243*69447290SJavier Almansa SobrinoThe following table summarizes the RMM runtime services that need to be 244*69447290SJavier Almansa Sobrinoimplemented by EL3 Firmware. 245*69447290SJavier Almansa Sobrino 246*69447290SJavier Almansa Sobrino.. csv-table:: 247*69447290SJavier Almansa Sobrino :header: "FID", "Command" 248*69447290SJavier Almansa Sobrino :widths: 2 5 249*69447290SJavier Almansa Sobrino 250*69447290SJavier Almansa Sobrino 0xC40001B2,``RMM_ATTEST_GET_REALM_KEY`` 251*69447290SJavier Almansa Sobrino 0xC40001B3,``RMM_ATTEST_GET_PLAT_TOKEN`` 252*69447290SJavier Almansa Sobrino 253*69447290SJavier Almansa SobrinoRMM_ATTEST_GET_REALM_KEY command 254*69447290SJavier Almansa Sobrino================================ 255*69447290SJavier Almansa Sobrino 256*69447290SJavier Almansa SobrinoRetrieve the Realm Attestation Token Signing key from EL3. 257*69447290SJavier Almansa Sobrino 258*69447290SJavier Almansa SobrinoFID 259*69447290SJavier Almansa Sobrino--- 260*69447290SJavier Almansa Sobrino 261*69447290SJavier Almansa Sobrino``0xC40001B2`` 262*69447290SJavier Almansa Sobrino 263*69447290SJavier Almansa SobrinoInput values 264*69447290SJavier Almansa Sobrino------------ 265*69447290SJavier Almansa Sobrino 266*69447290SJavier Almansa Sobrino.. csv-table:: 267*69447290SJavier Almansa Sobrino :header: "Name", "Register", "Field", "Type", "Description" 268*69447290SJavier Almansa Sobrino :widths: 1 1 1 1 5 269*69447290SJavier Almansa Sobrino 270*69447290SJavier Almansa Sobrino fid,x0,[63:0],UInt64,Command FID 271*69447290SJavier Almansa Sobrino buf_pa,x1,[63:0],Address,PA where the Realm Attestation Key must be stored by EL3. The PA must belong to the shared buffer 272*69447290SJavier Almansa Sobrino buf_size,x2,[63:0],Size,Size in bytes of the Realm Attestation Key buffer. ``bufPa + bufSize`` must lie within the shared buffer 273*69447290SJavier Almansa Sobrino ecc_curve,x3,[63:0],Enum,Type of the elliptic curve to which the requested attestation key belongs to. See :ref:`ecc_curves` 274*69447290SJavier Almansa Sobrino 275*69447290SJavier Almansa SobrinoOutput values 276*69447290SJavier Almansa Sobrino------------- 277*69447290SJavier Almansa Sobrino 278*69447290SJavier Almansa Sobrino.. csv-table:: 279*69447290SJavier Almansa Sobrino :header: "Name", "Register", "Field", "Type", "Description" 280*69447290SJavier Almansa Sobrino :widths: 1 1 1 1 5 281*69447290SJavier Almansa Sobrino 282*69447290SJavier Almansa Sobrino Result,x0,[63:0],Error Code,Command return status 283*69447290SJavier Almansa Sobrino keySize,x1,[63:0],Size,Size of the Realm Attestation Key 284*69447290SJavier Almansa Sobrino 285*69447290SJavier Almansa SobrinoFailure conditions 286*69447290SJavier Almansa Sobrino------------------ 287*69447290SJavier Almansa Sobrino 288*69447290SJavier Almansa SobrinoThe table below shows all the possible error codes returned in ``Result`` upon 289*69447290SJavier Almansa Sobrinoa failure. The errors are ordered by condition check. 290*69447290SJavier Almansa Sobrino 291*69447290SJavier Almansa Sobrino.. csv-table:: 292*69447290SJavier Almansa Sobrino :header: "ID", "Condition" 293*69447290SJavier Almansa Sobrino :widths: 1 5 294*69447290SJavier Almansa Sobrino 295*69447290SJavier Almansa Sobrino ``E_RMM_BAD_ADDR``,``PA`` is outside the shared buffer 296*69447290SJavier Almansa Sobrino ``E_RMM_INVAL``,``PA + BSize`` is outside the shared buffer 297*69447290SJavier Almansa Sobrino ``E_RMM_INVAL``,``Curve`` is not one of the listed in :ref:`ecc_curves` 298*69447290SJavier Almansa Sobrino ``E_RMM_UNK``,An unknown error occurred whilst processing the command 299*69447290SJavier Almansa Sobrino ``E_RMM_OK``,No errors detected 300*69447290SJavier Almansa Sobrino 301*69447290SJavier Almansa Sobrino.. _ecc_curves: 302*69447290SJavier Almansa Sobrino 303*69447290SJavier Almansa SobrinoSupported ECC Curves 304*69447290SJavier Almansa Sobrino-------------------- 305*69447290SJavier Almansa Sobrino 306*69447290SJavier Almansa Sobrino.. csv-table:: 307*69447290SJavier Almansa Sobrino :header: "ID", "Curve" 308*69447290SJavier Almansa Sobrino :widths: 1 5 309*69447290SJavier Almansa Sobrino 310*69447290SJavier Almansa Sobrino 0,ECC SECP384R1 311*69447290SJavier Almansa Sobrino 312*69447290SJavier Almansa SobrinoRMM_ATTEST_GET_PLAT_TOKEN command 313*69447290SJavier Almansa Sobrino================================= 314*69447290SJavier Almansa Sobrino 315*69447290SJavier Almansa SobrinoRetrieve the Platform Token from EL3. 316*69447290SJavier Almansa Sobrino 317*69447290SJavier Almansa SobrinoFID 318*69447290SJavier Almansa Sobrino--- 319*69447290SJavier Almansa Sobrino 320*69447290SJavier Almansa Sobrino``0xC40001B3`` 321*69447290SJavier Almansa Sobrino 322*69447290SJavier Almansa SobrinoInput values 323*69447290SJavier Almansa Sobrino------------ 324*69447290SJavier Almansa Sobrino 325*69447290SJavier Almansa Sobrino.. csv-table:: 326*69447290SJavier Almansa Sobrino :header: "Name", "Register", "Field", "Type", "Description" 327*69447290SJavier Almansa Sobrino :widths: 1 1 1 1 5 328*69447290SJavier Almansa Sobrino 329*69447290SJavier Almansa Sobrino fid,x0,[63:0],UInt64,Command FID 330*69447290SJavier Almansa Sobrino buf_pa,x1,[63:0],Address,PA of the platform attestation token. The challenge object is passed in this buffer. The PA must belong to the shared buffer 331*69447290SJavier Almansa Sobrino buf_size,x2,[63:0],Size,Size in bytes of the platform attestation token buffer. ``bufPa + bufSize`` must lie within the shared buffer 332*69447290SJavier Almansa Sobrino c_size,x3,[63:0],Size,Size in bytes of the challenge object. It corresponds to the size of one of the defined SHA algorithms 333*69447290SJavier Almansa Sobrino 334*69447290SJavier Almansa SobrinoOutput values 335*69447290SJavier Almansa Sobrino------------- 336*69447290SJavier Almansa Sobrino 337*69447290SJavier Almansa Sobrino.. csv-table:: 338*69447290SJavier Almansa Sobrino :header: "Name", "Register", "Field", "Type", "Description" 339*69447290SJavier Almansa Sobrino :widths: 1 1 1 1 5 340*69447290SJavier Almansa Sobrino 341*69447290SJavier Almansa Sobrino Result,x0,[63:0],Error Code,Command return status 342*69447290SJavier Almansa Sobrino tokenSize,x1,[63:0],Size,Size of the platform token 343*69447290SJavier Almansa Sobrino 344*69447290SJavier Almansa SobrinoFailure conditions 345*69447290SJavier Almansa Sobrino------------------ 346*69447290SJavier Almansa Sobrino 347*69447290SJavier Almansa SobrinoThe table below shows all the possible error codes returned in ``Result`` upon 348*69447290SJavier Almansa Sobrinoa failure. The errors are ordered by condition check. 349*69447290SJavier Almansa Sobrino 350*69447290SJavier Almansa Sobrino.. csv-table:: 351*69447290SJavier Almansa Sobrino :header: "ID", "Condition" 352*69447290SJavier Almansa Sobrino :widths: 1 5 353*69447290SJavier Almansa Sobrino 354*69447290SJavier Almansa Sobrino ``E_RMM_BAD_ADDR``,``PA`` is outside the shared buffer 355*69447290SJavier Almansa Sobrino ``E_RMM_INVAL``,``PA + BSize`` is outside the shared buffer 356*69447290SJavier Almansa Sobrino ``E_RMM_INVAL``,``CSize`` does not represent the size of a supported SHA algorithm 357*69447290SJavier Almansa Sobrino ``E_RMM_UNK``,An unknown error occurred whilst processing the command 358*69447290SJavier Almansa Sobrino ``E_RMM_OK``,No errors detected 359*69447290SJavier Almansa Sobrino 360*69447290SJavier Almansa SobrinoRMM-EL3 world switch register save restore convention 361*69447290SJavier Almansa Sobrino_____________________________________________________ 362*69447290SJavier Almansa Sobrino 363*69447290SJavier Almansa SobrinoAs part of NS world switch, EL3 is expected to maintain a register context 364*69447290SJavier Almansa Sobrinospecific to each world and will save and restore the registers 365*69447290SJavier Almansa Sobrinoappropriately. This section captures the contract between EL3 and RMM on the 366*69447290SJavier Almansa Sobrinoregister set to be saved and restored. 367*69447290SJavier Almansa Sobrino 368*69447290SJavier Almansa SobrinoEL3 must maintain a separate register context for the following: 369*69447290SJavier Almansa Sobrino 370*69447290SJavier Almansa Sobrino #. General purpose registers (x0-x30) and ``sp_el0``, ``sp_el2`` stack pointers 371*69447290SJavier Almansa Sobrino #. EL2 system register context for all enabled features by EL3. These include system registers with the ``_EL2`` prefix. The EL2 physical and virtual timer registers must not be included in this. 372*69447290SJavier Almansa Sobrino 373*69447290SJavier Almansa SobrinoIt is the responsibility of EL3 that the above registers will not be leaked to 374*69447290SJavier Almansa Sobrinothe NS Host and to maintain the confidentiality of the Realm World. 375*69447290SJavier Almansa Sobrino 376*69447290SJavier Almansa SobrinoEL3 will not save some registers as mentioned in the below list. It is the 377*69447290SJavier Almansa Sobrinoresponsibility of RMM to ensure that these are appropriately saved if the 378*69447290SJavier Almansa SobrinoRealm World makes use of them: 379*69447290SJavier Almansa Sobrino 380*69447290SJavier Almansa Sobrino #. FP/SIMD registers 381*69447290SJavier Almansa Sobrino #. SVE registers 382*69447290SJavier Almansa Sobrino #. SME registers 383*69447290SJavier Almansa Sobrino #. EL1/0 registers 384*69447290SJavier Almansa Sobrino 385*69447290SJavier Almansa SobrinoSMCCC v1.3 allows NS world to specify whether SVE context is in use. In this 386*69447290SJavier Almansa Sobrinocase, RMM could choose to not save the incoming SVE context but must ensure 387*69447290SJavier Almansa Sobrinoto clear SVE registers if they have been used in Realm World. The same applies 388*69447290SJavier Almansa Sobrinoto SME registers. 389*69447290SJavier Almansa Sobrino 390*69447290SJavier Almansa SobrinoTypes 391*69447290SJavier Almansa Sobrino_____ 392*69447290SJavier Almansa Sobrino 393*69447290SJavier Almansa Sobrino.. _rmm_el3_manifest_struct: 394*69447290SJavier Almansa Sobrino 395*69447290SJavier Almansa SobrinoRMM-EL3 Boot Manifest Version 396*69447290SJavier Almansa Sobrino~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 397*69447290SJavier Almansa Sobrino 398*69447290SJavier Almansa SobrinoThe RMM-EL3 Boot Manifest structure contains platform boot information passed 399*69447290SJavier Almansa Sobrinofrom EL3 to RMM. The width of the Boot Manifest is 128 bits 400*69447290SJavier Almansa Sobrino 401*69447290SJavier Almansa Sobrino.. image:: ../resources/diagrams/rmm_el3_manifest_struct.png 402*69447290SJavier Almansa Sobrino 403*69447290SJavier Almansa SobrinoThe members of the RMM-EL3 Boot Manifest structure are shown in the following 404*69447290SJavier Almansa Sobrinotable: 405*69447290SJavier Almansa Sobrino 406*69447290SJavier Almansa Sobrino.. csv-table:: 407*69447290SJavier Almansa Sobrino :header: "Name", "Range", "Type", Description 408*69447290SJavier Almansa Sobrino :widths: 2 1 1 4 409*69447290SJavier Almansa Sobrino 410*69447290SJavier Almansa Sobrino ``Version Minor``,15:0,uint16_t,Version Minor part of the Boot Manifest Version. 411*69447290SJavier Almansa Sobrino ``Version Major``,30:16,uint16_t,Version Major part of the Boot Manifest Version. 412*69447290SJavier Almansa Sobrino ``RES0``,31,bit,Reserved. Set to 0. 413*69447290SJavier Almansa Sobrino ``Platform Data``,127:64,Address,Pointer to the Platform Data section of the Boot Manifest. 414
