1 /* 2 * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <errno.h> 9 #include <string.h> 10 11 #include <arch_helpers.h> 12 #include <arch/aarch64/arch_features.h> 13 #include <bl31/bl31.h> 14 #include <common/debug.h> 15 #include <common/runtime_svc.h> 16 #include <lib/el3_runtime/context_mgmt.h> 17 #include <lib/smccc.h> 18 #include <lib/spinlock.h> 19 #include <lib/utils.h> 20 #include <plat/common/common_def.h> 21 #include <plat/common/platform.h> 22 #include <platform_def.h> 23 #include <services/ffa_svc.h> 24 #include <services/spmd_svc.h> 25 #include <smccc_helpers.h> 26 #include "spmd_private.h" 27 28 /******************************************************************************* 29 * SPM Core context information. 30 ******************************************************************************/ 31 static spmd_spm_core_context_t spm_core_context[PLATFORM_CORE_COUNT]; 32 33 /******************************************************************************* 34 * SPM Core attribute information read from its manifest. 35 ******************************************************************************/ 36 static spmc_manifest_attribute_t spmc_attrs; 37 38 /******************************************************************************* 39 * SPM Core entry point information. Discovered on the primary core and reused 40 * on secondary cores. 41 ******************************************************************************/ 42 static entry_point_info_t *spmc_ep_info; 43 44 /******************************************************************************* 45 * SPM Core context on CPU based on mpidr. 46 ******************************************************************************/ 47 spmd_spm_core_context_t *spmd_get_context_by_mpidr(uint64_t mpidr) 48 { 49 int core_idx = plat_core_pos_by_mpidr(mpidr); 50 51 if (core_idx < 0) { 52 ERROR("Invalid mpidr: %llx, returned ID: %d\n", mpidr, core_idx); 53 panic(); 54 } 55 56 return &spm_core_context[core_idx]; 57 } 58 59 /******************************************************************************* 60 * SPM Core context on current CPU get helper. 61 ******************************************************************************/ 62 spmd_spm_core_context_t *spmd_get_context(void) 63 { 64 return spmd_get_context_by_mpidr(read_mpidr()); 65 } 66 67 /******************************************************************************* 68 * SPM Core entry point information get helper. 69 ******************************************************************************/ 70 entry_point_info_t *spmd_spmc_ep_info_get(void) 71 { 72 return spmc_ep_info; 73 } 74 75 /******************************************************************************* 76 * SPM Core ID getter. 77 ******************************************************************************/ 78 uint16_t spmd_spmc_id_get(void) 79 { 80 return spmc_attrs.spmc_id; 81 } 82 83 /******************************************************************************* 84 * Static function declaration. 85 ******************************************************************************/ 86 static int32_t spmd_init(void); 87 static int spmd_spmc_init(void *pm_addr); 88 static uint64_t spmd_ffa_error_return(void *handle, 89 int error_code); 90 static uint64_t spmd_smc_forward(uint32_t smc_fid, 91 bool secure_origin, 92 uint64_t x1, 93 uint64_t x2, 94 uint64_t x3, 95 uint64_t x4, 96 void *handle); 97 98 /******************************************************************************* 99 * This function takes an SPMC context pointer and performs a synchronous 100 * SPMC entry. 101 ******************************************************************************/ 102 uint64_t spmd_spm_core_sync_entry(spmd_spm_core_context_t *spmc_ctx) 103 { 104 uint64_t rc; 105 106 assert(spmc_ctx != NULL); 107 108 cm_set_context(&(spmc_ctx->cpu_ctx), SECURE); 109 110 /* Restore the context assigned above */ 111 cm_el1_sysregs_context_restore(SECURE); 112 #if SPMD_SPM_AT_SEL2 113 cm_el2_sysregs_context_restore(SECURE); 114 #endif 115 cm_set_next_eret_context(SECURE); 116 117 /* Enter SPMC */ 118 rc = spmd_spm_core_enter(&spmc_ctx->c_rt_ctx); 119 120 /* Save secure state */ 121 cm_el1_sysregs_context_save(SECURE); 122 #if SPMD_SPM_AT_SEL2 123 cm_el2_sysregs_context_save(SECURE); 124 #endif 125 126 return rc; 127 } 128 129 /******************************************************************************* 130 * This function returns to the place where spmd_spm_core_sync_entry() was 131 * called originally. 132 ******************************************************************************/ 133 __dead2 void spmd_spm_core_sync_exit(uint64_t rc) 134 { 135 spmd_spm_core_context_t *ctx = spmd_get_context(); 136 137 /* Get current CPU context from SPMC context */ 138 assert(cm_get_context(SECURE) == &(ctx->cpu_ctx)); 139 140 /* 141 * The SPMD must have initiated the original request through a 142 * synchronous entry into SPMC. Jump back to the original C runtime 143 * context with the value of rc in x0; 144 */ 145 spmd_spm_core_exit(ctx->c_rt_ctx, rc); 146 147 panic(); 148 } 149 150 /******************************************************************************* 151 * Jump to the SPM Core for the first time. 152 ******************************************************************************/ 153 static int32_t spmd_init(void) 154 { 155 spmd_spm_core_context_t *ctx = spmd_get_context(); 156 uint64_t rc; 157 unsigned int linear_id = plat_my_core_pos(); 158 unsigned int core_id; 159 160 VERBOSE("SPM Core init start.\n"); 161 ctx->state = SPMC_STATE_ON_PENDING; 162 163 /* Set the SPMC context state on other CPUs to OFF */ 164 for (core_id = 0U; core_id < PLATFORM_CORE_COUNT; core_id++) { 165 if (core_id != linear_id) { 166 spm_core_context[core_id].state = SPMC_STATE_OFF; 167 spm_core_context[core_id].secondary_ep.entry_point = 0UL; 168 } 169 } 170 171 rc = spmd_spm_core_sync_entry(ctx); 172 if (rc != 0ULL) { 173 ERROR("SPMC initialisation failed 0x%llx\n", rc); 174 return 0; 175 } 176 177 ctx->state = SPMC_STATE_ON; 178 179 VERBOSE("SPM Core init end.\n"); 180 181 return 1; 182 } 183 184 /******************************************************************************* 185 * Loads SPMC manifest and inits SPMC. 186 ******************************************************************************/ 187 static int spmd_spmc_init(void *pm_addr) 188 { 189 spmd_spm_core_context_t *spm_ctx = spmd_get_context(); 190 uint32_t ep_attr; 191 int rc; 192 193 /* Load the SPM Core manifest */ 194 rc = plat_spm_core_manifest_load(&spmc_attrs, pm_addr); 195 if (rc != 0) { 196 WARN("No or invalid SPM Core manifest image provided by BL2\n"); 197 return rc; 198 } 199 200 /* 201 * Ensure that the SPM Core version is compatible with the SPM 202 * Dispatcher version. 203 */ 204 if ((spmc_attrs.major_version != FFA_VERSION_MAJOR) || 205 (spmc_attrs.minor_version > FFA_VERSION_MINOR)) { 206 WARN("Unsupported FFA version (%u.%u)\n", 207 spmc_attrs.major_version, spmc_attrs.minor_version); 208 return -EINVAL; 209 } 210 211 VERBOSE("FFA version (%u.%u)\n", spmc_attrs.major_version, 212 spmc_attrs.minor_version); 213 214 VERBOSE("SPM Core run time EL%x.\n", 215 SPMD_SPM_AT_SEL2 ? MODE_EL2 : MODE_EL1); 216 217 /* Validate the SPMC ID, Ensure high bit is set */ 218 if (((spmc_attrs.spmc_id >> SPMC_SECURE_ID_SHIFT) & 219 SPMC_SECURE_ID_MASK) == 0U) { 220 WARN("Invalid ID (0x%x) for SPMC.\n", spmc_attrs.spmc_id); 221 return -EINVAL; 222 } 223 224 /* Validate the SPM Core execution state */ 225 if ((spmc_attrs.exec_state != MODE_RW_64) && 226 (spmc_attrs.exec_state != MODE_RW_32)) { 227 WARN("Unsupported %s%x.\n", "SPM Core execution state 0x", 228 spmc_attrs.exec_state); 229 return -EINVAL; 230 } 231 232 VERBOSE("%s%x.\n", "SPM Core execution state 0x", 233 spmc_attrs.exec_state); 234 235 #if SPMD_SPM_AT_SEL2 236 /* Ensure manifest has not requested AArch32 state in S-EL2 */ 237 if (spmc_attrs.exec_state == MODE_RW_32) { 238 WARN("AArch32 state at S-EL2 is not supported.\n"); 239 return -EINVAL; 240 } 241 242 /* 243 * Check if S-EL2 is supported on this system if S-EL2 244 * is required for SPM 245 */ 246 if (!is_armv8_4_sel2_present()) { 247 WARN("SPM Core run time S-EL2 is not supported.\n"); 248 return -EINVAL; 249 } 250 #endif /* SPMD_SPM_AT_SEL2 */ 251 252 /* Initialise an entrypoint to set up the CPU context */ 253 ep_attr = SECURE | EP_ST_ENABLE; 254 if ((read_sctlr_el3() & SCTLR_EE_BIT) != 0ULL) { 255 ep_attr |= EP_EE_BIG; 256 } 257 258 SET_PARAM_HEAD(spmc_ep_info, PARAM_EP, VERSION_1, ep_attr); 259 260 /* 261 * Populate SPSR for SPM Core based upon validated parameters from the 262 * manifest. 263 */ 264 if (spmc_attrs.exec_state == MODE_RW_32) { 265 spmc_ep_info->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM, 266 SPSR_E_LITTLE, 267 DAIF_FIQ_BIT | 268 DAIF_IRQ_BIT | 269 DAIF_ABT_BIT); 270 } else { 271 272 #if SPMD_SPM_AT_SEL2 273 static const uint32_t runtime_el = MODE_EL2; 274 #else 275 static const uint32_t runtime_el = MODE_EL1; 276 #endif 277 spmc_ep_info->spsr = SPSR_64(runtime_el, 278 MODE_SP_ELX, 279 DISABLE_ALL_EXCEPTIONS); 280 } 281 282 /* Initialise SPM Core context with this entry point information */ 283 cm_setup_context(&spm_ctx->cpu_ctx, spmc_ep_info); 284 285 /* Reuse PSCI affinity states to mark this SPMC context as off */ 286 spm_ctx->state = AFF_STATE_OFF; 287 288 INFO("SPM Core setup done.\n"); 289 290 /* Register power management hooks with PSCI */ 291 psci_register_spd_pm_hook(&spmd_pm); 292 293 /* Register init function for deferred init. */ 294 bl31_register_bl32_init(&spmd_init); 295 296 return 0; 297 } 298 299 /******************************************************************************* 300 * Initialize context of SPM Core. 301 ******************************************************************************/ 302 int spmd_setup(void) 303 { 304 void *spmc_manifest; 305 int rc; 306 307 spmc_ep_info = bl31_plat_get_next_image_ep_info(SECURE); 308 if (spmc_ep_info == NULL) { 309 WARN("No SPM Core image provided by BL2 boot loader.\n"); 310 return -EINVAL; 311 } 312 313 /* Under no circumstances will this parameter be 0 */ 314 assert(spmc_ep_info->pc != 0ULL); 315 316 /* 317 * Check if BL32 ep_info has a reference to 'tos_fw_config'. This will 318 * be used as a manifest for the SPM Core at the next lower EL/mode. 319 */ 320 spmc_manifest = (void *)spmc_ep_info->args.arg0; 321 if (spmc_manifest == NULL) { 322 ERROR("Invalid or absent SPM Core manifest.\n"); 323 return -EINVAL; 324 } 325 326 /* Load manifest, init SPMC */ 327 rc = spmd_spmc_init(spmc_manifest); 328 if (rc != 0) { 329 WARN("Booting device without SPM initialization.\n"); 330 } 331 332 return rc; 333 } 334 335 /******************************************************************************* 336 * Forward SMC to the other security state 337 ******************************************************************************/ 338 static uint64_t spmd_smc_forward(uint32_t smc_fid, 339 bool secure_origin, 340 uint64_t x1, 341 uint64_t x2, 342 uint64_t x3, 343 uint64_t x4, 344 void *handle) 345 { 346 unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE; 347 unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE; 348 349 /* Save incoming security state */ 350 cm_el1_sysregs_context_save(secure_state_in); 351 #if SPMD_SPM_AT_SEL2 352 cm_el2_sysregs_context_save(secure_state_in); 353 #endif 354 355 /* Restore outgoing security state */ 356 cm_el1_sysregs_context_restore(secure_state_out); 357 #if SPMD_SPM_AT_SEL2 358 cm_el2_sysregs_context_restore(secure_state_out); 359 #endif 360 cm_set_next_eret_context(secure_state_out); 361 362 SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4, 363 SMC_GET_GP(handle, CTX_GPREG_X5), 364 SMC_GET_GP(handle, CTX_GPREG_X6), 365 SMC_GET_GP(handle, CTX_GPREG_X7)); 366 } 367 368 /******************************************************************************* 369 * Return FFA_ERROR with specified error code 370 ******************************************************************************/ 371 static uint64_t spmd_ffa_error_return(void *handle, int error_code) 372 { 373 SMC_RET8(handle, FFA_ERROR, 374 FFA_TARGET_INFO_MBZ, error_code, 375 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 376 FFA_PARAM_MBZ, FFA_PARAM_MBZ); 377 } 378 379 /******************************************************************************* 380 * spmd_check_address_in_binary_image 381 ******************************************************************************/ 382 bool spmd_check_address_in_binary_image(uint64_t address) 383 { 384 assert(!check_uptr_overflow(spmc_attrs.load_address, spmc_attrs.binary_size)); 385 386 return ((address >= spmc_attrs.load_address) && 387 (address < (spmc_attrs.load_address + spmc_attrs.binary_size))); 388 } 389 390 /****************************************************************************** 391 * spmd_is_spmc_message 392 *****************************************************************************/ 393 static bool spmd_is_spmc_message(unsigned int ep) 394 { 395 return ((ffa_endpoint_destination(ep) == SPMD_DIRECT_MSG_ENDPOINT_ID) 396 && (ffa_endpoint_source(ep) == spmc_attrs.spmc_id)); 397 } 398 399 /****************************************************************************** 400 * spmd_handle_spmc_message 401 *****************************************************************************/ 402 static int spmd_handle_spmc_message(unsigned long long msg, 403 unsigned long long parm1, unsigned long long parm2, 404 unsigned long long parm3, unsigned long long parm4) 405 { 406 VERBOSE("%s %llx %llx %llx %llx %llx\n", __func__, 407 msg, parm1, parm2, parm3, parm4); 408 409 switch (msg) { 410 case SPMD_DIRECT_MSG_SET_ENTRY_POINT: 411 return spmd_pm_secondary_core_set_ep(parm1, parm2, parm3); 412 default: 413 break; 414 } 415 416 return -EINVAL; 417 } 418 419 /******************************************************************************* 420 * This function handles all SMCs in the range reserved for FFA. Each call is 421 * either forwarded to the other security state or handled by the SPM dispatcher 422 ******************************************************************************/ 423 uint64_t spmd_smc_handler(uint32_t smc_fid, 424 uint64_t x1, 425 uint64_t x2, 426 uint64_t x3, 427 uint64_t x4, 428 void *cookie, 429 void *handle, 430 uint64_t flags) 431 { 432 spmd_spm_core_context_t *ctx = spmd_get_context(); 433 bool secure_origin; 434 int32_t ret; 435 uint32_t input_version; 436 437 /* Determine which security state this SMC originated from */ 438 secure_origin = is_caller_secure(flags); 439 440 INFO("SPM: 0x%x 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx\n", 441 smc_fid, x1, x2, x3, x4, SMC_GET_GP(handle, CTX_GPREG_X5), 442 SMC_GET_GP(handle, CTX_GPREG_X6), 443 SMC_GET_GP(handle, CTX_GPREG_X7)); 444 445 switch (smc_fid) { 446 case FFA_ERROR: 447 /* 448 * Check if this is the first invocation of this interface on 449 * this CPU. If so, then indicate that the SPM Core initialised 450 * unsuccessfully. 451 */ 452 if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) { 453 spmd_spm_core_sync_exit(x2); 454 } 455 456 return spmd_smc_forward(smc_fid, secure_origin, 457 x1, x2, x3, x4, handle); 458 break; /* not reached */ 459 460 case FFA_VERSION: 461 input_version = (uint32_t)(0xFFFFFFFF & x1); 462 /* 463 * If caller is secure and SPMC was initialized, 464 * return FFA_VERSION of SPMD. 465 * If caller is non secure and SPMC was initialized, 466 * return SPMC's version. 467 * Sanity check to "input_version". 468 */ 469 if ((input_version & FFA_VERSION_BIT31_MASK) || 470 (ctx->state == SPMC_STATE_RESET)) { 471 ret = FFA_ERROR_NOT_SUPPORTED; 472 } else if (!secure_origin) { 473 ret = MAKE_FFA_VERSION(spmc_attrs.major_version, spmc_attrs.minor_version); 474 } else { 475 ret = MAKE_FFA_VERSION(FFA_VERSION_MAJOR, FFA_VERSION_MINOR); 476 } 477 478 SMC_RET8(handle, ret, FFA_TARGET_INFO_MBZ, FFA_TARGET_INFO_MBZ, 479 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 480 FFA_PARAM_MBZ, FFA_PARAM_MBZ); 481 break; /* not reached */ 482 483 case FFA_FEATURES: 484 /* 485 * This is an optional interface. Do the minimal checks and 486 * forward to SPM Core which will handle it if implemented. 487 */ 488 489 /* 490 * Check if x1 holds a valid FFA fid. This is an 491 * optimization. 492 */ 493 if (!is_ffa_fid(x1)) { 494 return spmd_ffa_error_return(handle, 495 FFA_ERROR_NOT_SUPPORTED); 496 } 497 498 /* Forward SMC from Normal world to the SPM Core */ 499 if (!secure_origin) { 500 return spmd_smc_forward(smc_fid, secure_origin, 501 x1, x2, x3, x4, handle); 502 } 503 504 /* 505 * Return success if call was from secure world i.e. all 506 * FFA functions are supported. This is essentially a 507 * nop. 508 */ 509 SMC_RET8(handle, FFA_SUCCESS_SMC32, x1, x2, x3, x4, 510 SMC_GET_GP(handle, CTX_GPREG_X5), 511 SMC_GET_GP(handle, CTX_GPREG_X6), 512 SMC_GET_GP(handle, CTX_GPREG_X7)); 513 514 break; /* not reached */ 515 516 case FFA_ID_GET: 517 /* 518 * Returns the ID of the calling FFA component. 519 */ 520 if (!secure_origin) { 521 SMC_RET8(handle, FFA_SUCCESS_SMC32, 522 FFA_TARGET_INFO_MBZ, FFA_NS_ENDPOINT_ID, 523 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 524 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 525 FFA_PARAM_MBZ); 526 } 527 528 SMC_RET8(handle, FFA_SUCCESS_SMC32, 529 FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id, 530 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 531 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 532 FFA_PARAM_MBZ); 533 534 break; /* not reached */ 535 536 case FFA_MSG_SEND_DIRECT_REQ_SMC32: 537 if (secure_origin && spmd_is_spmc_message(x1)) { 538 ret = spmd_handle_spmc_message(x3, x4, 539 SMC_GET_GP(handle, CTX_GPREG_X5), 540 SMC_GET_GP(handle, CTX_GPREG_X6), 541 SMC_GET_GP(handle, CTX_GPREG_X7)); 542 543 SMC_RET8(handle, FFA_SUCCESS_SMC32, 544 FFA_TARGET_INFO_MBZ, ret, 545 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 546 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 547 FFA_PARAM_MBZ); 548 } else { 549 /* Forward direct message to the other world */ 550 return spmd_smc_forward(smc_fid, secure_origin, 551 x1, x2, x3, x4, handle); 552 } 553 break; /* Not reached */ 554 555 case FFA_MSG_SEND_DIRECT_RESP_SMC32: 556 if (secure_origin && spmd_is_spmc_message(x1)) { 557 spmd_spm_core_sync_exit(0); 558 } else { 559 /* Forward direct message to the other world */ 560 return spmd_smc_forward(smc_fid, secure_origin, 561 x1, x2, x3, x4, handle); 562 } 563 break; /* Not reached */ 564 565 case FFA_RX_RELEASE: 566 case FFA_RXTX_MAP_SMC32: 567 case FFA_RXTX_MAP_SMC64: 568 case FFA_RXTX_UNMAP: 569 case FFA_PARTITION_INFO_GET: 570 /* 571 * Should not be allowed to forward FFA_PARTITION_INFO_GET 572 * from Secure world to Normal world 573 * 574 * Fall through to forward the call to the other world 575 */ 576 case FFA_MSG_RUN: 577 /* This interface must be invoked only by the Normal world */ 578 579 if (secure_origin) { 580 return spmd_ffa_error_return(handle, 581 FFA_ERROR_NOT_SUPPORTED); 582 } 583 584 /* Fall through to forward the call to the other world */ 585 case FFA_MSG_SEND: 586 case FFA_MSG_SEND_DIRECT_REQ_SMC64: 587 case FFA_MSG_SEND_DIRECT_RESP_SMC64: 588 case FFA_MEM_DONATE_SMC32: 589 case FFA_MEM_DONATE_SMC64: 590 case FFA_MEM_LEND_SMC32: 591 case FFA_MEM_LEND_SMC64: 592 case FFA_MEM_SHARE_SMC32: 593 case FFA_MEM_SHARE_SMC64: 594 case FFA_MEM_RETRIEVE_REQ_SMC32: 595 case FFA_MEM_RETRIEVE_REQ_SMC64: 596 case FFA_MEM_RETRIEVE_RESP: 597 case FFA_MEM_RELINQUISH: 598 case FFA_MEM_RECLAIM: 599 case FFA_SUCCESS_SMC32: 600 case FFA_SUCCESS_SMC64: 601 /* 602 * TODO: Assume that no requests originate from EL3 at the 603 * moment. This will change if a SP service is required in 604 * response to secure interrupts targeted to EL3. Until then 605 * simply forward the call to the Normal world. 606 */ 607 608 return spmd_smc_forward(smc_fid, secure_origin, 609 x1, x2, x3, x4, handle); 610 break; /* not reached */ 611 612 case FFA_MSG_WAIT: 613 /* 614 * Check if this is the first invocation of this interface on 615 * this CPU from the Secure world. If so, then indicate that the 616 * SPM Core initialised successfully. 617 */ 618 if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) { 619 spmd_spm_core_sync_exit(0); 620 } 621 622 /* Fall through to forward the call to the other world */ 623 624 case FFA_MSG_YIELD: 625 /* This interface must be invoked only by the Secure world */ 626 if (!secure_origin) { 627 return spmd_ffa_error_return(handle, 628 FFA_ERROR_NOT_SUPPORTED); 629 } 630 631 return spmd_smc_forward(smc_fid, secure_origin, 632 x1, x2, x3, x4, handle); 633 break; /* not reached */ 634 635 default: 636 WARN("SPM: Unsupported call 0x%08x\n", smc_fid); 637 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 638 } 639 } 640