1 /* 2 * Copyright (c) 2022, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <errno.h> 9 10 #include <arch_helpers.h> 11 #include <bl31/bl31.h> 12 #include <bl31/ehf.h> 13 #include <common/debug.h> 14 #include <common/fdt_wrappers.h> 15 #include <common/runtime_svc.h> 16 #include <lib/el3_runtime/context_mgmt.h> 17 #include <lib/smccc.h> 18 #include <lib/utils.h> 19 #include <lib/xlat_tables/xlat_tables_v2.h> 20 #include <libfdt.h> 21 #include <plat/common/platform.h> 22 #include <services/el3_spmc_logical_sp.h> 23 #include <services/ffa_svc.h> 24 #include <services/spmc_svc.h> 25 #include <services/spmd_svc.h> 26 #include "spmc.h" 27 28 #include <platform_def.h> 29 30 /* 31 * Allocate a secure partition descriptor to describe each SP in the system that 32 * does not reside at EL3. 33 */ 34 static struct secure_partition_desc sp_desc[SECURE_PARTITION_COUNT]; 35 36 /* 37 * Allocate an NS endpoint descriptor to describe each VM and the Hypervisor in 38 * the system that interacts with a SP. It is used to track the Hypervisor 39 * buffer pair, version and ID for now. It could be extended to track VM 40 * properties when the SPMC supports indirect messaging. 41 */ 42 static struct ns_endpoint_desc ns_ep_desc[NS_PARTITION_COUNT]; 43 44 /* 45 * Helper function to obtain the array storing the EL3 46 * Logical Partition descriptors. 47 */ 48 struct el3_lp_desc *get_el3_lp_array(void) 49 { 50 return (struct el3_lp_desc *) EL3_LP_DESCS_START; 51 } 52 53 /* 54 * Helper function to obtain the descriptor of the last SP to whom control was 55 * handed to on this physical cpu. Currently, we assume there is only one SP. 56 * TODO: Expand to track multiple partitions when required. 57 */ 58 struct secure_partition_desc *spmc_get_current_sp_ctx(void) 59 { 60 return &(sp_desc[ACTIVE_SP_DESC_INDEX]); 61 } 62 63 /* 64 * Helper function to obtain the execution context of an SP on the 65 * current physical cpu. 66 */ 67 struct sp_exec_ctx *spmc_get_sp_ec(struct secure_partition_desc *sp) 68 { 69 return &(sp->ec[get_ec_index(sp)]); 70 } 71 72 /* Helper function to get pointer to SP context from its ID. */ 73 struct secure_partition_desc *spmc_get_sp_ctx(uint16_t id) 74 { 75 /* Check for SWd Partitions. */ 76 for (unsigned int i = 0U; i < SECURE_PARTITION_COUNT; i++) { 77 if (sp_desc[i].sp_id == id) { 78 return &(sp_desc[i]); 79 } 80 } 81 return NULL; 82 } 83 84 /* 85 * Helper function to obtain the descriptor of the Hypervisor or OS kernel. 86 * We assume that the first descriptor is reserved for this entity. 87 */ 88 struct ns_endpoint_desc *spmc_get_hyp_ctx(void) 89 { 90 return &(ns_ep_desc[0]); 91 } 92 93 /* 94 * Helper function to obtain the RX/TX buffer pair descriptor of the Hypervisor 95 * or OS kernel in the normal world or the last SP that was run. 96 */ 97 struct mailbox *spmc_get_mbox_desc(bool secure_origin) 98 { 99 /* Obtain the RX/TX buffer pair descriptor. */ 100 if (secure_origin) { 101 return &(spmc_get_current_sp_ctx()->mailbox); 102 } else { 103 return &(spmc_get_hyp_ctx()->mailbox); 104 } 105 } 106 107 /****************************************************************************** 108 * This function returns to the place where spmc_sp_synchronous_entry() was 109 * called originally. 110 ******************************************************************************/ 111 __dead2 void spmc_sp_synchronous_exit(struct sp_exec_ctx *ec, uint64_t rc) 112 { 113 /* 114 * The SPM must have initiated the original request through a 115 * synchronous entry into the secure partition. Jump back to the 116 * original C runtime context with the value of rc in x0; 117 */ 118 spm_secure_partition_exit(ec->c_rt_ctx, rc); 119 120 panic(); 121 } 122 123 /******************************************************************************* 124 * Return FFA_ERROR with specified error code. 125 ******************************************************************************/ 126 uint64_t spmc_ffa_error_return(void *handle, int error_code) 127 { 128 SMC_RET8(handle, FFA_ERROR, 129 FFA_TARGET_INFO_MBZ, error_code, 130 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 131 FFA_PARAM_MBZ, FFA_PARAM_MBZ); 132 } 133 134 /****************************************************************************** 135 * Helper function to validate a secure partition ID to ensure it does not 136 * conflict with any other FF-A component and follows the convention to 137 * indicate it resides within the secure world. 138 ******************************************************************************/ 139 bool is_ffa_secure_id_valid(uint16_t partition_id) 140 { 141 struct el3_lp_desc *el3_lp_descs = get_el3_lp_array(); 142 143 /* Ensure the ID is not the invalid partition ID. */ 144 if (partition_id == INV_SP_ID) { 145 return false; 146 } 147 148 /* Ensure the ID is not the SPMD ID. */ 149 if (partition_id == SPMD_DIRECT_MSG_ENDPOINT_ID) { 150 return false; 151 } 152 153 /* 154 * Ensure the ID follows the convention to indicate it resides 155 * in the secure world. 156 */ 157 if (!ffa_is_secure_world_id(partition_id)) { 158 return false; 159 } 160 161 /* Ensure we don't conflict with the SPMC partition ID. */ 162 if (partition_id == FFA_SPMC_ID) { 163 return false; 164 } 165 166 /* Ensure we do not already have an SP context with this ID. */ 167 if (spmc_get_sp_ctx(partition_id)) { 168 return false; 169 } 170 171 /* Ensure we don't clash with any Logical SP's. */ 172 for (unsigned int i = 0U; i < EL3_LP_DESCS_COUNT; i++) { 173 if (el3_lp_descs[i].sp_id == partition_id) { 174 return false; 175 } 176 } 177 178 return true; 179 } 180 181 /******************************************************************************* 182 * This function either forwards the request to the other world or returns 183 * with an ERET depending on the source of the call. 184 * We can assume that the destination is for an entity at a lower exception 185 * level as any messages destined for a logical SP resident in EL3 will have 186 * already been taken care of by the SPMC before entering this function. 187 ******************************************************************************/ 188 static uint64_t spmc_smc_return(uint32_t smc_fid, 189 bool secure_origin, 190 uint64_t x1, 191 uint64_t x2, 192 uint64_t x3, 193 uint64_t x4, 194 void *handle, 195 void *cookie, 196 uint64_t flags, 197 uint16_t dst_id) 198 { 199 /* If the destination is in the normal world always go via the SPMD. */ 200 if (ffa_is_normal_world_id(dst_id)) { 201 return spmd_smc_handler(smc_fid, x1, x2, x3, x4, 202 cookie, handle, flags); 203 } 204 /* 205 * If the caller is secure and we want to return to the secure world, 206 * ERET directly. 207 */ 208 else if (secure_origin && ffa_is_secure_world_id(dst_id)) { 209 SMC_RET5(handle, smc_fid, x1, x2, x3, x4); 210 } 211 /* If we originated in the normal world then switch contexts. */ 212 else if (!secure_origin && ffa_is_secure_world_id(dst_id)) { 213 return spmd_smc_switch_state(smc_fid, secure_origin, x1, x2, 214 x3, x4, handle); 215 } else { 216 /* Unknown State. */ 217 panic(); 218 } 219 220 /* Shouldn't be Reached. */ 221 return 0; 222 } 223 224 /******************************************************************************* 225 * FF-A ABI Handlers. 226 ******************************************************************************/ 227 228 /******************************************************************************* 229 * Helper function to validate arg2 as part of a direct message. 230 ******************************************************************************/ 231 static inline bool direct_msg_validate_arg2(uint64_t x2) 232 { 233 /* 234 * We currently only support partition messages, therefore ensure x2 is 235 * not set. 236 */ 237 if (x2 != (uint64_t) 0) { 238 VERBOSE("Arg2 MBZ for partition messages (0x%lx).\n", x2); 239 return false; 240 } 241 return true; 242 } 243 244 /******************************************************************************* 245 * Handle direct request messages and route to the appropriate destination. 246 ******************************************************************************/ 247 static uint64_t direct_req_smc_handler(uint32_t smc_fid, 248 bool secure_origin, 249 uint64_t x1, 250 uint64_t x2, 251 uint64_t x3, 252 uint64_t x4, 253 void *cookie, 254 void *handle, 255 uint64_t flags) 256 { 257 uint16_t dst_id = ffa_endpoint_destination(x1); 258 struct el3_lp_desc *el3_lp_descs; 259 struct secure_partition_desc *sp; 260 unsigned int idx; 261 262 /* Check if arg2 has been populated correctly based on message type. */ 263 if (!direct_msg_validate_arg2(x2)) { 264 return spmc_ffa_error_return(handle, 265 FFA_ERROR_INVALID_PARAMETER); 266 } 267 268 el3_lp_descs = get_el3_lp_array(); 269 270 /* Check if the request is destined for a Logical Partition. */ 271 for (unsigned int i = 0U; i < MAX_EL3_LP_DESCS_COUNT; i++) { 272 if (el3_lp_descs[i].sp_id == dst_id) { 273 return el3_lp_descs[i].direct_req( 274 smc_fid, secure_origin, x1, x2, x3, x4, 275 cookie, handle, flags); 276 } 277 } 278 279 /* 280 * If the request was not targeted to a LSP and from the secure world 281 * then it is invalid since a SP cannot call into the Normal world and 282 * there is no other SP to call into. If there are other SPs in future 283 * then the partition runtime model would need to be validated as well. 284 */ 285 if (secure_origin) { 286 VERBOSE("Direct request not supported to the Normal World.\n"); 287 return spmc_ffa_error_return(handle, 288 FFA_ERROR_INVALID_PARAMETER); 289 } 290 291 /* Check if the SP ID is valid. */ 292 sp = spmc_get_sp_ctx(dst_id); 293 if (sp == NULL) { 294 VERBOSE("Direct request to unknown partition ID (0x%x).\n", 295 dst_id); 296 return spmc_ffa_error_return(handle, 297 FFA_ERROR_INVALID_PARAMETER); 298 } 299 300 /* 301 * Check that the target execution context is in a waiting state before 302 * forwarding the direct request to it. 303 */ 304 idx = get_ec_index(sp); 305 if (sp->ec[idx].rt_state != RT_STATE_WAITING) { 306 VERBOSE("SP context on core%u is not waiting (%u).\n", 307 idx, sp->ec[idx].rt_model); 308 return spmc_ffa_error_return(handle, FFA_ERROR_BUSY); 309 } 310 311 /* 312 * Everything checks out so forward the request to the SP after updating 313 * its state and runtime model. 314 */ 315 sp->ec[idx].rt_state = RT_STATE_RUNNING; 316 sp->ec[idx].rt_model = RT_MODEL_DIR_REQ; 317 return spmc_smc_return(smc_fid, secure_origin, x1, x2, x3, x4, 318 handle, cookie, flags, dst_id); 319 } 320 321 /******************************************************************************* 322 * Handle direct response messages and route to the appropriate destination. 323 ******************************************************************************/ 324 static uint64_t direct_resp_smc_handler(uint32_t smc_fid, 325 bool secure_origin, 326 uint64_t x1, 327 uint64_t x2, 328 uint64_t x3, 329 uint64_t x4, 330 void *cookie, 331 void *handle, 332 uint64_t flags) 333 { 334 uint16_t dst_id = ffa_endpoint_destination(x1); 335 struct secure_partition_desc *sp; 336 unsigned int idx; 337 338 /* Check if arg2 has been populated correctly based on message type. */ 339 if (!direct_msg_validate_arg2(x2)) { 340 return spmc_ffa_error_return(handle, 341 FFA_ERROR_INVALID_PARAMETER); 342 } 343 344 /* Check that the response did not originate from the Normal world. */ 345 if (!secure_origin) { 346 VERBOSE("Direct Response not supported from Normal World.\n"); 347 return spmc_ffa_error_return(handle, 348 FFA_ERROR_INVALID_PARAMETER); 349 } 350 351 /* 352 * Check that the response is either targeted to the Normal world or the 353 * SPMC e.g. a PM response. 354 */ 355 if ((dst_id != FFA_SPMC_ID) && ffa_is_secure_world_id(dst_id)) { 356 VERBOSE("Direct response to invalid partition ID (0x%x).\n", 357 dst_id); 358 return spmc_ffa_error_return(handle, 359 FFA_ERROR_INVALID_PARAMETER); 360 } 361 362 /* Obtain the SP descriptor and update its runtime state. */ 363 sp = spmc_get_sp_ctx(ffa_endpoint_source(x1)); 364 if (sp == NULL) { 365 VERBOSE("Direct response to unknown partition ID (0x%x).\n", 366 dst_id); 367 return spmc_ffa_error_return(handle, 368 FFA_ERROR_INVALID_PARAMETER); 369 } 370 371 /* Sanity check state is being tracked correctly in the SPMC. */ 372 idx = get_ec_index(sp); 373 assert(sp->ec[idx].rt_state == RT_STATE_RUNNING); 374 375 /* Ensure SP execution context was in the right runtime model. */ 376 if (sp->ec[idx].rt_model != RT_MODEL_DIR_REQ) { 377 VERBOSE("SP context on core%u not handling direct req (%u).\n", 378 idx, sp->ec[idx].rt_model); 379 return spmc_ffa_error_return(handle, FFA_ERROR_DENIED); 380 } 381 382 /* Update the state of the SP execution context. */ 383 sp->ec[idx].rt_state = RT_STATE_WAITING; 384 385 /* 386 * If the receiver is not the SPMC then forward the response to the 387 * Normal world. 388 */ 389 if (dst_id == FFA_SPMC_ID) { 390 spmc_sp_synchronous_exit(&sp->ec[idx], x4); 391 /* Should not get here. */ 392 panic(); 393 } 394 395 return spmc_smc_return(smc_fid, secure_origin, x1, x2, x3, x4, 396 handle, cookie, flags, dst_id); 397 } 398 399 /******************************************************************************* 400 * This function handles the FFA_MSG_WAIT SMC to allow an SP to relinquish its 401 * cycles. 402 ******************************************************************************/ 403 static uint64_t msg_wait_handler(uint32_t smc_fid, 404 bool secure_origin, 405 uint64_t x1, 406 uint64_t x2, 407 uint64_t x3, 408 uint64_t x4, 409 void *cookie, 410 void *handle, 411 uint64_t flags) 412 { 413 struct secure_partition_desc *sp; 414 unsigned int idx; 415 416 /* 417 * Check that the response did not originate from the Normal world as 418 * only the secure world can call this ABI. 419 */ 420 if (!secure_origin) { 421 VERBOSE("Normal world cannot call FFA_MSG_WAIT.\n"); 422 return spmc_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 423 } 424 425 /* Get the descriptor of the SP that invoked FFA_MSG_WAIT. */ 426 sp = spmc_get_current_sp_ctx(); 427 if (sp == NULL) { 428 return spmc_ffa_error_return(handle, 429 FFA_ERROR_INVALID_PARAMETER); 430 } 431 432 /* 433 * Get the execution context of the SP that invoked FFA_MSG_WAIT. 434 */ 435 idx = get_ec_index(sp); 436 437 /* Ensure SP execution context was in the right runtime model. */ 438 if (sp->ec[idx].rt_model == RT_MODEL_DIR_REQ) { 439 return spmc_ffa_error_return(handle, FFA_ERROR_DENIED); 440 } 441 442 /* Sanity check the state is being tracked correctly in the SPMC. */ 443 assert(sp->ec[idx].rt_state == RT_STATE_RUNNING); 444 445 /* 446 * Perform a synchronous exit if the partition was initialising. The 447 * state is updated after the exit. 448 */ 449 if (sp->ec[idx].rt_model == RT_MODEL_INIT) { 450 spmc_sp_synchronous_exit(&sp->ec[idx], x4); 451 /* Should not get here */ 452 panic(); 453 } 454 455 /* Update the state of the SP execution context. */ 456 sp->ec[idx].rt_state = RT_STATE_WAITING; 457 458 /* Resume normal world if a secure interrupt was handled. */ 459 if (sp->ec[idx].rt_model == RT_MODEL_INTR) { 460 /* FFA_MSG_WAIT can only be called from the secure world. */ 461 unsigned int secure_state_in = SECURE; 462 unsigned int secure_state_out = NON_SECURE; 463 464 cm_el1_sysregs_context_save(secure_state_in); 465 cm_el1_sysregs_context_restore(secure_state_out); 466 cm_set_next_eret_context(secure_state_out); 467 SMC_RET0(cm_get_context(secure_state_out)); 468 } 469 470 /* Forward the response to the Normal world. */ 471 return spmc_smc_return(smc_fid, secure_origin, x1, x2, x3, x4, 472 handle, cookie, flags, FFA_NWD_ID); 473 } 474 475 static uint64_t ffa_error_handler(uint32_t smc_fid, 476 bool secure_origin, 477 uint64_t x1, 478 uint64_t x2, 479 uint64_t x3, 480 uint64_t x4, 481 void *cookie, 482 void *handle, 483 uint64_t flags) 484 { 485 struct secure_partition_desc *sp; 486 unsigned int idx; 487 488 /* Check that the response did not originate from the Normal world. */ 489 if (!secure_origin) { 490 return spmc_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 491 } 492 493 /* Get the descriptor of the SP that invoked FFA_ERROR. */ 494 sp = spmc_get_current_sp_ctx(); 495 if (sp == NULL) { 496 return spmc_ffa_error_return(handle, 497 FFA_ERROR_INVALID_PARAMETER); 498 } 499 500 /* Get the execution context of the SP that invoked FFA_ERROR. */ 501 idx = get_ec_index(sp); 502 503 /* 504 * We only expect FFA_ERROR to be received during SP initialisation 505 * otherwise this is an invalid call. 506 */ 507 if (sp->ec[idx].rt_model == RT_MODEL_INIT) { 508 ERROR("SP 0x%x failed to initialize.\n", sp->sp_id); 509 spmc_sp_synchronous_exit(&sp->ec[idx], x2); 510 /* Should not get here. */ 511 panic(); 512 } 513 514 return spmc_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 515 } 516 517 /******************************************************************************* 518 * This function will parse the Secure Partition Manifest. From manifest, it 519 * will fetch details for preparing Secure partition image context and secure 520 * partition image boot arguments if any. 521 ******************************************************************************/ 522 static int sp_manifest_parse(void *sp_manifest, int offset, 523 struct secure_partition_desc *sp, 524 entry_point_info_t *ep_info) 525 { 526 int32_t ret, node; 527 uint32_t config_32; 528 529 /* 530 * Look for the mandatory fields that are expected to be present in 531 * the SP manifests. 532 */ 533 node = fdt_path_offset(sp_manifest, "/"); 534 if (node < 0) { 535 ERROR("Did not find root node.\n"); 536 return node; 537 } 538 539 ret = fdt_read_uint32_array(sp_manifest, node, "uuid", 540 ARRAY_SIZE(sp->uuid), sp->uuid); 541 if (ret != 0) { 542 ERROR("Missing Secure Partition UUID.\n"); 543 return ret; 544 } 545 546 ret = fdt_read_uint32(sp_manifest, node, "exception-level", &config_32); 547 if (ret != 0) { 548 ERROR("Missing SP Exception Level information.\n"); 549 return ret; 550 } 551 552 sp->runtime_el = config_32; 553 554 ret = fdt_read_uint32(sp_manifest, node, "ffa-version", &config_32); 555 if (ret != 0) { 556 ERROR("Missing Secure Partition FF-A Version.\n"); 557 return ret; 558 } 559 560 sp->ffa_version = config_32; 561 562 ret = fdt_read_uint32(sp_manifest, node, "execution-state", &config_32); 563 if (ret != 0) { 564 ERROR("Missing Secure Partition Execution State.\n"); 565 return ret; 566 } 567 568 sp->execution_state = config_32; 569 570 ret = fdt_read_uint32(sp_manifest, node, 571 "messaging-method", &config_32); 572 if (ret != 0) { 573 ERROR("Missing Secure Partition messaging method.\n"); 574 return ret; 575 } 576 577 /* Validate this entry, we currently only support direct messaging. */ 578 if ((config_32 & ~(FFA_PARTITION_DIRECT_REQ_RECV | 579 FFA_PARTITION_DIRECT_REQ_SEND)) != 0U) { 580 WARN("Invalid Secure Partition messaging method (0x%x)\n", 581 config_32); 582 return -EINVAL; 583 } 584 585 sp->properties = config_32; 586 587 ret = fdt_read_uint32(sp_manifest, node, 588 "execution-ctx-count", &config_32); 589 590 if (ret != 0) { 591 ERROR("Missing SP Execution Context Count.\n"); 592 return ret; 593 } 594 595 /* 596 * Ensure this field is set correctly in the manifest however 597 * since this is currently a hardcoded value for S-EL1 partitions 598 * we don't need to save it here, just validate. 599 */ 600 if (config_32 != PLATFORM_CORE_COUNT) { 601 ERROR("SP Execution Context Count (%u) must be %u.\n", 602 config_32, PLATFORM_CORE_COUNT); 603 return -EINVAL; 604 } 605 606 /* 607 * Look for the optional fields that are expected to be present in 608 * an SP manifest. 609 */ 610 ret = fdt_read_uint32(sp_manifest, node, "id", &config_32); 611 if (ret != 0) { 612 WARN("Missing Secure Partition ID.\n"); 613 } else { 614 if (!is_ffa_secure_id_valid(config_32)) { 615 ERROR("Invalid Secure Partition ID (0x%x).\n", 616 config_32); 617 return -EINVAL; 618 } 619 sp->sp_id = config_32; 620 } 621 622 return 0; 623 } 624 625 /******************************************************************************* 626 * This function gets the Secure Partition Manifest base and maps the manifest 627 * region. 628 * Currently only one Secure Partition manifest is considered which is used to 629 * prepare the context for the single Secure Partition. 630 ******************************************************************************/ 631 static int find_and_prepare_sp_context(void) 632 { 633 void *sp_manifest; 634 uintptr_t manifest_base; 635 uintptr_t manifest_base_align; 636 entry_point_info_t *next_image_ep_info; 637 int32_t ret; 638 struct secure_partition_desc *sp; 639 640 next_image_ep_info = bl31_plat_get_next_image_ep_info(SECURE); 641 if (next_image_ep_info == NULL) { 642 WARN("No Secure Partition image provided by BL2.\n"); 643 return -ENOENT; 644 } 645 646 sp_manifest = (void *)next_image_ep_info->args.arg0; 647 if (sp_manifest == NULL) { 648 WARN("Secure Partition manifest absent.\n"); 649 return -ENOENT; 650 } 651 652 manifest_base = (uintptr_t)sp_manifest; 653 manifest_base_align = page_align(manifest_base, DOWN); 654 655 /* 656 * Map the secure partition manifest region in the EL3 translation 657 * regime. 658 * Map an area equal to (2 * PAGE_SIZE) for now. During manifest base 659 * alignment the region of 1 PAGE_SIZE from manifest align base may 660 * not completely accommodate the secure partition manifest region. 661 */ 662 ret = mmap_add_dynamic_region((unsigned long long)manifest_base_align, 663 manifest_base_align, 664 PAGE_SIZE * 2, 665 MT_RO_DATA); 666 if (ret != 0) { 667 ERROR("Error while mapping SP manifest (%d).\n", ret); 668 return ret; 669 } 670 671 ret = fdt_node_offset_by_compatible(sp_manifest, -1, 672 "arm,ffa-manifest-1.0"); 673 if (ret < 0) { 674 ERROR("Error happened in SP manifest reading.\n"); 675 return -EINVAL; 676 } 677 678 /* 679 * Store the size of the manifest so that it can be used later to pass 680 * the manifest as boot information later. 681 */ 682 next_image_ep_info->args.arg1 = fdt_totalsize(sp_manifest); 683 INFO("Manifest size = %lu bytes.\n", next_image_ep_info->args.arg1); 684 685 /* 686 * Select an SP descriptor for initialising the partition's execution 687 * context on the primary CPU. 688 */ 689 sp = spmc_get_current_sp_ctx(); 690 691 /* Initialize entry point information for the SP */ 692 SET_PARAM_HEAD(next_image_ep_info, PARAM_EP, VERSION_1, 693 SECURE | EP_ST_ENABLE); 694 695 /* Parse the SP manifest. */ 696 ret = sp_manifest_parse(sp_manifest, ret, sp, next_image_ep_info); 697 if (ret != 0) { 698 ERROR("Error in Secure Partition manifest parsing.\n"); 699 return ret; 700 } 701 702 /* Check that the runtime EL in the manifest was correct. */ 703 if (sp->runtime_el != S_EL1) { 704 ERROR("Unexpected runtime EL: %d\n", sp->runtime_el); 705 return -EINVAL; 706 } 707 708 /* Perform any common initialisation. */ 709 spmc_sp_common_setup(sp, next_image_ep_info); 710 711 /* Perform any initialisation specific to S-EL1 SPs. */ 712 spmc_el1_sp_setup(sp, next_image_ep_info); 713 714 /* Initialize the SP context with the required ep info. */ 715 spmc_sp_common_ep_commit(sp, next_image_ep_info); 716 717 return 0; 718 } 719 720 /******************************************************************************* 721 * This function takes an SP context pointer and performs a synchronous entry 722 * into it. 723 ******************************************************************************/ 724 static int32_t logical_sp_init(void) 725 { 726 int32_t rc = 0; 727 struct el3_lp_desc *el3_lp_descs; 728 729 /* Perform initial validation of the Logical Partitions. */ 730 rc = el3_sp_desc_validate(); 731 if (rc != 0) { 732 ERROR("Logical Partition validation failed!\n"); 733 return rc; 734 } 735 736 el3_lp_descs = get_el3_lp_array(); 737 738 INFO("Logical Secure Partition init start.\n"); 739 for (unsigned int i = 0U; i < EL3_LP_DESCS_COUNT; i++) { 740 rc = el3_lp_descs[i].init(); 741 if (rc != 0) { 742 ERROR("Logical SP (0x%x) Failed to Initialize\n", 743 el3_lp_descs[i].sp_id); 744 return rc; 745 } 746 VERBOSE("Logical SP (0x%x) Initialized\n", 747 el3_lp_descs[i].sp_id); 748 } 749 750 INFO("Logical Secure Partition init completed.\n"); 751 752 return rc; 753 } 754 755 uint64_t spmc_sp_synchronous_entry(struct sp_exec_ctx *ec) 756 { 757 uint64_t rc; 758 759 assert(ec != NULL); 760 761 /* Assign the context of the SP to this CPU */ 762 cm_set_context(&(ec->cpu_ctx), SECURE); 763 764 /* Restore the context assigned above */ 765 cm_el1_sysregs_context_restore(SECURE); 766 cm_set_next_eret_context(SECURE); 767 768 /* Invalidate TLBs at EL1. */ 769 tlbivmalle1(); 770 dsbish(); 771 772 /* Enter Secure Partition */ 773 rc = spm_secure_partition_enter(&ec->c_rt_ctx); 774 775 /* Save secure state */ 776 cm_el1_sysregs_context_save(SECURE); 777 778 return rc; 779 } 780 781 /******************************************************************************* 782 * SPMC Helper Functions. 783 ******************************************************************************/ 784 static int32_t sp_init(void) 785 { 786 uint64_t rc; 787 struct secure_partition_desc *sp; 788 struct sp_exec_ctx *ec; 789 790 sp = spmc_get_current_sp_ctx(); 791 ec = spmc_get_sp_ec(sp); 792 ec->rt_model = RT_MODEL_INIT; 793 ec->rt_state = RT_STATE_RUNNING; 794 795 INFO("Secure Partition (0x%x) init start.\n", sp->sp_id); 796 797 rc = spmc_sp_synchronous_entry(ec); 798 if (rc != 0) { 799 /* Indicate SP init was not successful. */ 800 ERROR("SP (0x%x) failed to initialize (%lu).\n", 801 sp->sp_id, rc); 802 return 0; 803 } 804 805 ec->rt_state = RT_STATE_WAITING; 806 INFO("Secure Partition initialized.\n"); 807 808 return 1; 809 } 810 811 static void initalize_sp_descs(void) 812 { 813 struct secure_partition_desc *sp; 814 815 for (unsigned int i = 0U; i < SECURE_PARTITION_COUNT; i++) { 816 sp = &sp_desc[i]; 817 sp->sp_id = INV_SP_ID; 818 sp->mailbox.rx_buffer = NULL; 819 sp->mailbox.tx_buffer = NULL; 820 sp->mailbox.state = MAILBOX_STATE_EMPTY; 821 sp->secondary_ep = 0; 822 } 823 } 824 825 static void initalize_ns_ep_descs(void) 826 { 827 struct ns_endpoint_desc *ns_ep; 828 829 for (unsigned int i = 0U; i < NS_PARTITION_COUNT; i++) { 830 ns_ep = &ns_ep_desc[i]; 831 /* 832 * Clashes with the Hypervisor ID but will not be a 833 * problem in practice. 834 */ 835 ns_ep->ns_ep_id = 0; 836 ns_ep->ffa_version = 0; 837 ns_ep->mailbox.rx_buffer = NULL; 838 ns_ep->mailbox.tx_buffer = NULL; 839 ns_ep->mailbox.state = MAILBOX_STATE_EMPTY; 840 } 841 } 842 843 /******************************************************************************* 844 * Initialize SPMC attributes for the SPMD. 845 ******************************************************************************/ 846 void spmc_populate_attrs(spmc_manifest_attribute_t *spmc_attrs) 847 { 848 spmc_attrs->major_version = FFA_VERSION_MAJOR; 849 spmc_attrs->minor_version = FFA_VERSION_MINOR; 850 spmc_attrs->exec_state = MODE_RW_64; 851 spmc_attrs->spmc_id = FFA_SPMC_ID; 852 } 853 854 /******************************************************************************* 855 * Initialize contexts of all Secure Partitions. 856 ******************************************************************************/ 857 int32_t spmc_setup(void) 858 { 859 int32_t ret; 860 861 /* Initialize endpoint descriptors */ 862 initalize_sp_descs(); 863 initalize_ns_ep_descs(); 864 865 /* Setup logical SPs. */ 866 ret = logical_sp_init(); 867 if (ret != 0) { 868 ERROR("Failed to initialize Logical Partitions.\n"); 869 return ret; 870 } 871 872 /* Perform physical SP setup. */ 873 874 /* Disable MMU at EL1 (initialized by BL2) */ 875 disable_mmu_icache_el1(); 876 877 /* Initialize context of the SP */ 878 INFO("Secure Partition context setup start.\n"); 879 880 ret = find_and_prepare_sp_context(); 881 if (ret != 0) { 882 ERROR("Error in SP finding and context preparation.\n"); 883 return ret; 884 } 885 886 /* Register init function for deferred init. */ 887 bl31_register_bl32_init(&sp_init); 888 889 INFO("Secure Partition setup done.\n"); 890 891 return 0; 892 } 893 894 /******************************************************************************* 895 * Secure Partition Manager SMC handler. 896 ******************************************************************************/ 897 uint64_t spmc_smc_handler(uint32_t smc_fid, 898 bool secure_origin, 899 uint64_t x1, 900 uint64_t x2, 901 uint64_t x3, 902 uint64_t x4, 903 void *cookie, 904 void *handle, 905 uint64_t flags) 906 { 907 switch (smc_fid) { 908 909 case FFA_MSG_SEND_DIRECT_REQ_SMC32: 910 case FFA_MSG_SEND_DIRECT_REQ_SMC64: 911 return direct_req_smc_handler(smc_fid, secure_origin, x1, x2, 912 x3, x4, cookie, handle, flags); 913 914 case FFA_MSG_SEND_DIRECT_RESP_SMC32: 915 case FFA_MSG_SEND_DIRECT_RESP_SMC64: 916 return direct_resp_smc_handler(smc_fid, secure_origin, x1, x2, 917 x3, x4, cookie, handle, flags); 918 919 case FFA_MSG_WAIT: 920 return msg_wait_handler(smc_fid, secure_origin, x1, x2, x3, x4, 921 cookie, handle, flags); 922 923 case FFA_ERROR: 924 return ffa_error_handler(smc_fid, secure_origin, x1, x2, x3, x4, 925 cookie, handle, flags); 926 927 default: 928 WARN("Unsupported FF-A call 0x%08x.\n", smc_fid); 929 break; 930 } 931 return spmc_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 932 } 933