1 /* 2 * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <errno.h> 9 #include <string.h> 10 11 #include <arch_helpers.h> 12 #include <arch/aarch64/arch_features.h> 13 #include <bl31/bl31.h> 14 #include <common/debug.h> 15 #include <common/runtime_svc.h> 16 #include <lib/el3_runtime/context_mgmt.h> 17 #include <lib/smccc.h> 18 #include <lib/spinlock.h> 19 #include <lib/utils.h> 20 #include <plat/common/common_def.h> 21 #include <plat/common/platform.h> 22 #include <platform_def.h> 23 #include <services/ffa_svc.h> 24 #include <services/spmd_svc.h> 25 #include <smccc_helpers.h> 26 #include "spmd_private.h" 27 28 /******************************************************************************* 29 * SPM Core context information. 30 ******************************************************************************/ 31 static spmd_spm_core_context_t spm_core_context[PLATFORM_CORE_COUNT]; 32 33 /******************************************************************************* 34 * SPM Core attribute information read from its manifest. 35 ******************************************************************************/ 36 static spmc_manifest_attribute_t spmc_attrs; 37 38 /******************************************************************************* 39 * SPM Core entry point information. Discovered on the primary core and reused 40 * on secondary cores. 41 ******************************************************************************/ 42 static entry_point_info_t *spmc_ep_info; 43 44 /******************************************************************************* 45 * SPM Core context on CPU based on mpidr. 46 ******************************************************************************/ 47 spmd_spm_core_context_t *spmd_get_context_by_mpidr(uint64_t mpidr) 48 { 49 int core_idx = plat_core_pos_by_mpidr(mpidr); 50 51 if (core_idx < 0) { 52 ERROR("Invalid mpidr: %llx, returned ID: %d\n", mpidr, core_idx); 53 panic(); 54 } 55 56 return &spm_core_context[core_idx]; 57 } 58 59 /******************************************************************************* 60 * SPM Core context on current CPU get helper. 61 ******************************************************************************/ 62 spmd_spm_core_context_t *spmd_get_context(void) 63 { 64 return spmd_get_context_by_mpidr(read_mpidr()); 65 } 66 67 /******************************************************************************* 68 * SPM Core entry point information get helper. 69 ******************************************************************************/ 70 entry_point_info_t *spmd_spmc_ep_info_get(void) 71 { 72 return spmc_ep_info; 73 } 74 75 /******************************************************************************* 76 * SPM Core ID getter. 77 ******************************************************************************/ 78 uint16_t spmd_spmc_id_get(void) 79 { 80 return spmc_attrs.spmc_id; 81 } 82 83 /******************************************************************************* 84 * Static function declaration. 85 ******************************************************************************/ 86 static int32_t spmd_init(void); 87 static int spmd_spmc_init(void *pm_addr); 88 static uint64_t spmd_ffa_error_return(void *handle, 89 int error_code); 90 static uint64_t spmd_smc_forward(uint32_t smc_fid, 91 bool secure_origin, 92 uint64_t x1, 93 uint64_t x2, 94 uint64_t x3, 95 uint64_t x4, 96 void *handle); 97 98 /******************************************************************************* 99 * This function takes an SPMC context pointer and performs a synchronous 100 * SPMC entry. 101 ******************************************************************************/ 102 uint64_t spmd_spm_core_sync_entry(spmd_spm_core_context_t *spmc_ctx) 103 { 104 uint64_t rc; 105 106 assert(spmc_ctx != NULL); 107 108 cm_set_context(&(spmc_ctx->cpu_ctx), SECURE); 109 110 /* Restore the context assigned above */ 111 cm_el1_sysregs_context_restore(SECURE); 112 #if SPMD_SPM_AT_SEL2 113 cm_el2_sysregs_context_restore(SECURE); 114 #endif 115 cm_set_next_eret_context(SECURE); 116 117 /* Enter SPMC */ 118 rc = spmd_spm_core_enter(&spmc_ctx->c_rt_ctx); 119 120 /* Save secure state */ 121 cm_el1_sysregs_context_save(SECURE); 122 #if SPMD_SPM_AT_SEL2 123 cm_el2_sysregs_context_save(SECURE); 124 #endif 125 126 return rc; 127 } 128 129 /******************************************************************************* 130 * This function returns to the place where spmd_spm_core_sync_entry() was 131 * called originally. 132 ******************************************************************************/ 133 __dead2 void spmd_spm_core_sync_exit(uint64_t rc) 134 { 135 spmd_spm_core_context_t *ctx = spmd_get_context(); 136 137 /* Get current CPU context from SPMC context */ 138 assert(cm_get_context(SECURE) == &(ctx->cpu_ctx)); 139 140 /* 141 * The SPMD must have initiated the original request through a 142 * synchronous entry into SPMC. Jump back to the original C runtime 143 * context with the value of rc in x0; 144 */ 145 spmd_spm_core_exit(ctx->c_rt_ctx, rc); 146 147 panic(); 148 } 149 150 /******************************************************************************* 151 * Jump to the SPM Core for the first time. 152 ******************************************************************************/ 153 static int32_t spmd_init(void) 154 { 155 spmd_spm_core_context_t *ctx = spmd_get_context(); 156 uint64_t rc; 157 unsigned int linear_id = plat_my_core_pos(); 158 unsigned int core_id; 159 160 VERBOSE("SPM Core init start.\n"); 161 ctx->state = SPMC_STATE_ON_PENDING; 162 163 /* Set the SPMC context state on other CPUs to OFF */ 164 for (core_id = 0U; core_id < PLATFORM_CORE_COUNT; core_id++) { 165 if (core_id != linear_id) { 166 spm_core_context[core_id].state = SPMC_STATE_OFF; 167 spm_core_context[core_id].secondary_ep.entry_point = 0UL; 168 } 169 } 170 171 rc = spmd_spm_core_sync_entry(ctx); 172 if (rc != 0ULL) { 173 ERROR("SPMC initialisation failed 0x%llx\n", rc); 174 return 0; 175 } 176 177 ctx->state = SPMC_STATE_ON; 178 179 VERBOSE("SPM Core init end.\n"); 180 181 return 1; 182 } 183 184 /******************************************************************************* 185 * Loads SPMC manifest and inits SPMC. 186 ******************************************************************************/ 187 static int spmd_spmc_init(void *pm_addr) 188 { 189 spmd_spm_core_context_t *spm_ctx = spmd_get_context(); 190 uint32_t ep_attr; 191 int rc; 192 193 /* Load the SPM Core manifest */ 194 rc = plat_spm_core_manifest_load(&spmc_attrs, pm_addr); 195 if (rc != 0) { 196 WARN("No or invalid SPM Core manifest image provided by BL2\n"); 197 return rc; 198 } 199 200 /* 201 * Ensure that the SPM Core version is compatible with the SPM 202 * Dispatcher version. 203 */ 204 if ((spmc_attrs.major_version != FFA_VERSION_MAJOR) || 205 (spmc_attrs.minor_version > FFA_VERSION_MINOR)) { 206 WARN("Unsupported FFA version (%u.%u)\n", 207 spmc_attrs.major_version, spmc_attrs.minor_version); 208 return -EINVAL; 209 } 210 211 VERBOSE("FFA version (%u.%u)\n", spmc_attrs.major_version, 212 spmc_attrs.minor_version); 213 214 VERBOSE("SPM Core run time EL%x.\n", 215 SPMD_SPM_AT_SEL2 ? MODE_EL2 : MODE_EL1); 216 217 /* Validate the SPMC ID, Ensure high bit is set */ 218 if (((spmc_attrs.spmc_id >> SPMC_SECURE_ID_SHIFT) & 219 SPMC_SECURE_ID_MASK) == 0U) { 220 WARN("Invalid ID (0x%x) for SPMC.\n", spmc_attrs.spmc_id); 221 return -EINVAL; 222 } 223 224 /* Validate the SPM Core execution state */ 225 if ((spmc_attrs.exec_state != MODE_RW_64) && 226 (spmc_attrs.exec_state != MODE_RW_32)) { 227 WARN("Unsupported %s%x.\n", "SPM Core execution state 0x", 228 spmc_attrs.exec_state); 229 return -EINVAL; 230 } 231 232 VERBOSE("%s%x.\n", "SPM Core execution state 0x", 233 spmc_attrs.exec_state); 234 235 #if SPMD_SPM_AT_SEL2 236 /* Ensure manifest has not requested AArch32 state in S-EL2 */ 237 if (spmc_attrs.exec_state == MODE_RW_32) { 238 WARN("AArch32 state at S-EL2 is not supported.\n"); 239 return -EINVAL; 240 } 241 242 /* 243 * Check if S-EL2 is supported on this system if S-EL2 244 * is required for SPM 245 */ 246 if (!is_armv8_4_sel2_present()) { 247 WARN("SPM Core run time S-EL2 is not supported.\n"); 248 return -EINVAL; 249 } 250 #endif /* SPMD_SPM_AT_SEL2 */ 251 252 /* Initialise an entrypoint to set up the CPU context */ 253 ep_attr = SECURE | EP_ST_ENABLE; 254 if ((read_sctlr_el3() & SCTLR_EE_BIT) != 0ULL) { 255 ep_attr |= EP_EE_BIG; 256 } 257 258 SET_PARAM_HEAD(spmc_ep_info, PARAM_EP, VERSION_1, ep_attr); 259 assert(spmc_ep_info->pc == BL32_BASE); 260 261 /* 262 * Populate SPSR for SPM Core based upon validated parameters from the 263 * manifest. 264 */ 265 if (spmc_attrs.exec_state == MODE_RW_32) { 266 spmc_ep_info->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM, 267 SPSR_E_LITTLE, 268 DAIF_FIQ_BIT | 269 DAIF_IRQ_BIT | 270 DAIF_ABT_BIT); 271 } else { 272 273 #if SPMD_SPM_AT_SEL2 274 static const uint32_t runtime_el = MODE_EL2; 275 #else 276 static const uint32_t runtime_el = MODE_EL1; 277 #endif 278 spmc_ep_info->spsr = SPSR_64(runtime_el, 279 MODE_SP_ELX, 280 DISABLE_ALL_EXCEPTIONS); 281 } 282 283 /* Initialise SPM Core context with this entry point information */ 284 cm_setup_context(&spm_ctx->cpu_ctx, spmc_ep_info); 285 286 /* Reuse PSCI affinity states to mark this SPMC context as off */ 287 spm_ctx->state = AFF_STATE_OFF; 288 289 INFO("SPM Core setup done.\n"); 290 291 /* Register power management hooks with PSCI */ 292 psci_register_spd_pm_hook(&spmd_pm); 293 294 /* Register init function for deferred init. */ 295 bl31_register_bl32_init(&spmd_init); 296 297 return 0; 298 } 299 300 /******************************************************************************* 301 * Initialize context of SPM Core. 302 ******************************************************************************/ 303 int spmd_setup(void) 304 { 305 void *spmc_manifest; 306 int rc; 307 308 spmc_ep_info = bl31_plat_get_next_image_ep_info(SECURE); 309 if (spmc_ep_info == NULL) { 310 WARN("No SPM Core image provided by BL2 boot loader.\n"); 311 return -EINVAL; 312 } 313 314 /* Under no circumstances will this parameter be 0 */ 315 assert(spmc_ep_info->pc != 0ULL); 316 317 /* 318 * Check if BL32 ep_info has a reference to 'tos_fw_config'. This will 319 * be used as a manifest for the SPM Core at the next lower EL/mode. 320 */ 321 spmc_manifest = (void *)spmc_ep_info->args.arg0; 322 if (spmc_manifest == NULL) { 323 ERROR("Invalid or absent SPM Core manifest.\n"); 324 return -EINVAL; 325 } 326 327 /* Load manifest, init SPMC */ 328 rc = spmd_spmc_init(spmc_manifest); 329 if (rc != 0) { 330 WARN("Booting device without SPM initialization.\n"); 331 } 332 333 return rc; 334 } 335 336 /******************************************************************************* 337 * Forward SMC to the other security state 338 ******************************************************************************/ 339 static uint64_t spmd_smc_forward(uint32_t smc_fid, 340 bool secure_origin, 341 uint64_t x1, 342 uint64_t x2, 343 uint64_t x3, 344 uint64_t x4, 345 void *handle) 346 { 347 unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE; 348 unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE; 349 350 /* Save incoming security state */ 351 cm_el1_sysregs_context_save(secure_state_in); 352 #if SPMD_SPM_AT_SEL2 353 cm_el2_sysregs_context_save(secure_state_in); 354 #endif 355 356 /* Restore outgoing security state */ 357 cm_el1_sysregs_context_restore(secure_state_out); 358 #if SPMD_SPM_AT_SEL2 359 cm_el2_sysregs_context_restore(secure_state_out); 360 #endif 361 cm_set_next_eret_context(secure_state_out); 362 363 SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4, 364 SMC_GET_GP(handle, CTX_GPREG_X5), 365 SMC_GET_GP(handle, CTX_GPREG_X6), 366 SMC_GET_GP(handle, CTX_GPREG_X7)); 367 } 368 369 /******************************************************************************* 370 * Return FFA_ERROR with specified error code 371 ******************************************************************************/ 372 static uint64_t spmd_ffa_error_return(void *handle, int error_code) 373 { 374 SMC_RET8(handle, FFA_ERROR, 375 FFA_TARGET_INFO_MBZ, error_code, 376 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 377 FFA_PARAM_MBZ, FFA_PARAM_MBZ); 378 } 379 380 /******************************************************************************* 381 * spmd_check_address_in_binary_image 382 ******************************************************************************/ 383 bool spmd_check_address_in_binary_image(uint64_t address) 384 { 385 assert(!check_uptr_overflow(spmc_attrs.load_address, spmc_attrs.binary_size)); 386 387 return ((address >= spmc_attrs.load_address) && 388 (address < (spmc_attrs.load_address + spmc_attrs.binary_size))); 389 } 390 391 /****************************************************************************** 392 * spmd_is_spmc_message 393 *****************************************************************************/ 394 static bool spmd_is_spmc_message(unsigned int ep) 395 { 396 return ((ffa_endpoint_destination(ep) == SPMD_DIRECT_MSG_ENDPOINT_ID) 397 && (ffa_endpoint_source(ep) == spmc_attrs.spmc_id)); 398 } 399 400 /****************************************************************************** 401 * spmd_handle_spmc_message 402 *****************************************************************************/ 403 static int spmd_handle_spmc_message(unsigned long long msg, 404 unsigned long long parm1, unsigned long long parm2, 405 unsigned long long parm3, unsigned long long parm4) 406 { 407 VERBOSE("%s %llx %llx %llx %llx %llx\n", __func__, 408 msg, parm1, parm2, parm3, parm4); 409 410 switch (msg) { 411 case SPMD_DIRECT_MSG_SET_ENTRY_POINT: 412 return spmd_pm_secondary_core_set_ep(parm1, parm2, parm3); 413 default: 414 break; 415 } 416 417 return -EINVAL; 418 } 419 420 /******************************************************************************* 421 * This function handles all SMCs in the range reserved for FFA. Each call is 422 * either forwarded to the other security state or handled by the SPM dispatcher 423 ******************************************************************************/ 424 uint64_t spmd_smc_handler(uint32_t smc_fid, 425 uint64_t x1, 426 uint64_t x2, 427 uint64_t x3, 428 uint64_t x4, 429 void *cookie, 430 void *handle, 431 uint64_t flags) 432 { 433 spmd_spm_core_context_t *ctx = spmd_get_context(); 434 bool secure_origin; 435 int32_t ret; 436 uint32_t input_version; 437 438 /* Determine which security state this SMC originated from */ 439 secure_origin = is_caller_secure(flags); 440 441 INFO("SPM: 0x%x 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx\n", 442 smc_fid, x1, x2, x3, x4, SMC_GET_GP(handle, CTX_GPREG_X5), 443 SMC_GET_GP(handle, CTX_GPREG_X6), 444 SMC_GET_GP(handle, CTX_GPREG_X7)); 445 446 switch (smc_fid) { 447 case FFA_ERROR: 448 /* 449 * Check if this is the first invocation of this interface on 450 * this CPU. If so, then indicate that the SPM Core initialised 451 * unsuccessfully. 452 */ 453 if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) { 454 spmd_spm_core_sync_exit(x2); 455 } 456 457 return spmd_smc_forward(smc_fid, secure_origin, 458 x1, x2, x3, x4, handle); 459 break; /* not reached */ 460 461 case FFA_VERSION: 462 input_version = (uint32_t)(0xFFFFFFFF & x1); 463 /* 464 * If caller is secure and SPMC was initialized, 465 * return FFA_VERSION of SPMD. 466 * If caller is non secure and SPMC was initialized, 467 * return SPMC's version. 468 * Sanity check to "input_version". 469 */ 470 if ((input_version & FFA_VERSION_BIT31_MASK) || 471 (ctx->state == SPMC_STATE_RESET)) { 472 ret = FFA_ERROR_NOT_SUPPORTED; 473 } else if (!secure_origin) { 474 ret = MAKE_FFA_VERSION(spmc_attrs.major_version, spmc_attrs.minor_version); 475 } else { 476 ret = MAKE_FFA_VERSION(FFA_VERSION_MAJOR, FFA_VERSION_MINOR); 477 } 478 479 SMC_RET8(handle, ret, FFA_TARGET_INFO_MBZ, FFA_TARGET_INFO_MBZ, 480 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 481 FFA_PARAM_MBZ, FFA_PARAM_MBZ); 482 break; /* not reached */ 483 484 case FFA_FEATURES: 485 /* 486 * This is an optional interface. Do the minimal checks and 487 * forward to SPM Core which will handle it if implemented. 488 */ 489 490 /* 491 * Check if x1 holds a valid FFA fid. This is an 492 * optimization. 493 */ 494 if (!is_ffa_fid(x1)) { 495 return spmd_ffa_error_return(handle, 496 FFA_ERROR_NOT_SUPPORTED); 497 } 498 499 /* Forward SMC from Normal world to the SPM Core */ 500 if (!secure_origin) { 501 return spmd_smc_forward(smc_fid, secure_origin, 502 x1, x2, x3, x4, handle); 503 } 504 505 /* 506 * Return success if call was from secure world i.e. all 507 * FFA functions are supported. This is essentially a 508 * nop. 509 */ 510 SMC_RET8(handle, FFA_SUCCESS_SMC32, x1, x2, x3, x4, 511 SMC_GET_GP(handle, CTX_GPREG_X5), 512 SMC_GET_GP(handle, CTX_GPREG_X6), 513 SMC_GET_GP(handle, CTX_GPREG_X7)); 514 515 break; /* not reached */ 516 517 case FFA_ID_GET: 518 /* 519 * Returns the ID of the calling FFA component. 520 */ 521 if (!secure_origin) { 522 SMC_RET8(handle, FFA_SUCCESS_SMC32, 523 FFA_TARGET_INFO_MBZ, FFA_NS_ENDPOINT_ID, 524 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 525 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 526 FFA_PARAM_MBZ); 527 } 528 529 SMC_RET8(handle, FFA_SUCCESS_SMC32, 530 FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id, 531 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 532 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 533 FFA_PARAM_MBZ); 534 535 break; /* not reached */ 536 537 case FFA_MSG_SEND_DIRECT_REQ_SMC32: 538 if (secure_origin && spmd_is_spmc_message(x1)) { 539 ret = spmd_handle_spmc_message(x3, x4, 540 SMC_GET_GP(handle, CTX_GPREG_X5), 541 SMC_GET_GP(handle, CTX_GPREG_X6), 542 SMC_GET_GP(handle, CTX_GPREG_X7)); 543 544 SMC_RET8(handle, FFA_SUCCESS_SMC32, 545 FFA_TARGET_INFO_MBZ, ret, 546 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 547 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 548 FFA_PARAM_MBZ); 549 } else { 550 /* Forward direct message to the other world */ 551 return spmd_smc_forward(smc_fid, secure_origin, 552 x1, x2, x3, x4, handle); 553 } 554 break; /* Not reached */ 555 556 case FFA_MSG_SEND_DIRECT_RESP_SMC32: 557 if (secure_origin && spmd_is_spmc_message(x1)) { 558 spmd_spm_core_sync_exit(0); 559 } else { 560 /* Forward direct message to the other world */ 561 return spmd_smc_forward(smc_fid, secure_origin, 562 x1, x2, x3, x4, handle); 563 } 564 break; /* Not reached */ 565 566 case FFA_RX_RELEASE: 567 case FFA_RXTX_MAP_SMC32: 568 case FFA_RXTX_MAP_SMC64: 569 case FFA_RXTX_UNMAP: 570 case FFA_PARTITION_INFO_GET: 571 /* 572 * Should not be allowed to forward FFA_PARTITION_INFO_GET 573 * from Secure world to Normal world 574 * 575 * Fall through to forward the call to the other world 576 */ 577 case FFA_MSG_RUN: 578 /* This interface must be invoked only by the Normal world */ 579 580 if (secure_origin) { 581 return spmd_ffa_error_return(handle, 582 FFA_ERROR_NOT_SUPPORTED); 583 } 584 585 /* Fall through to forward the call to the other world */ 586 case FFA_MSG_SEND: 587 case FFA_MSG_SEND_DIRECT_REQ_SMC64: 588 case FFA_MSG_SEND_DIRECT_RESP_SMC64: 589 case FFA_MEM_DONATE_SMC32: 590 case FFA_MEM_DONATE_SMC64: 591 case FFA_MEM_LEND_SMC32: 592 case FFA_MEM_LEND_SMC64: 593 case FFA_MEM_SHARE_SMC32: 594 case FFA_MEM_SHARE_SMC64: 595 case FFA_MEM_RETRIEVE_REQ_SMC32: 596 case FFA_MEM_RETRIEVE_REQ_SMC64: 597 case FFA_MEM_RETRIEVE_RESP: 598 case FFA_MEM_RELINQUISH: 599 case FFA_MEM_RECLAIM: 600 case FFA_SUCCESS_SMC32: 601 case FFA_SUCCESS_SMC64: 602 /* 603 * TODO: Assume that no requests originate from EL3 at the 604 * moment. This will change if a SP service is required in 605 * response to secure interrupts targeted to EL3. Until then 606 * simply forward the call to the Normal world. 607 */ 608 609 return spmd_smc_forward(smc_fid, secure_origin, 610 x1, x2, x3, x4, handle); 611 break; /* not reached */ 612 613 case FFA_MSG_WAIT: 614 /* 615 * Check if this is the first invocation of this interface on 616 * this CPU from the Secure world. If so, then indicate that the 617 * SPM Core initialised successfully. 618 */ 619 if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) { 620 spmd_spm_core_sync_exit(0); 621 } 622 623 /* Fall through to forward the call to the other world */ 624 625 case FFA_MSG_YIELD: 626 /* This interface must be invoked only by the Secure world */ 627 if (!secure_origin) { 628 return spmd_ffa_error_return(handle, 629 FFA_ERROR_NOT_SUPPORTED); 630 } 631 632 return spmd_smc_forward(smc_fid, secure_origin, 633 x1, x2, x3, x4, handle); 634 break; /* not reached */ 635 636 default: 637 WARN("SPM: Unsupported call 0x%08x\n", smc_fid); 638 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 639 } 640 } 641