1 /* 2 * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <errno.h> 9 #include <string.h> 10 11 #include <arch_helpers.h> 12 #include <arch/aarch64/arch_features.h> 13 #include <bl31/bl31.h> 14 #include <common/debug.h> 15 #include <common/runtime_svc.h> 16 #include <lib/el3_runtime/context_mgmt.h> 17 #include <lib/smccc.h> 18 #include <lib/spinlock.h> 19 #include <lib/utils.h> 20 #include <lib/xlat_tables/xlat_tables_v2.h> 21 #include <plat/common/common_def.h> 22 #include <plat/common/platform.h> 23 #include <platform_def.h> 24 #include <services/spci_svc.h> 25 #include <services/spmd_svc.h> 26 #include <smccc_helpers.h> 27 #include "spmd_private.h" 28 29 /******************************************************************************* 30 * SPM Core context information. 31 ******************************************************************************/ 32 static spmd_spm_core_context_t spm_core_context[PLATFORM_CORE_COUNT]; 33 34 /******************************************************************************* 35 * SPM Core attribute information read from its manifest. 36 ******************************************************************************/ 37 static spmc_manifest_attribute_t spmc_attrs; 38 39 /******************************************************************************* 40 * SPM Core entry point information. Discovered on the primary core and reused 41 * on secondary cores. 42 ******************************************************************************/ 43 static entry_point_info_t *spmc_ep_info; 44 45 /******************************************************************************* 46 * SPM Core context on current CPU get helper. 47 ******************************************************************************/ 48 spmd_spm_core_context_t *spmd_get_context(void) 49 { 50 unsigned int linear_id = plat_my_core_pos(); 51 52 return &spm_core_context[linear_id]; 53 } 54 55 /******************************************************************************* 56 * Static function declaration. 57 ******************************************************************************/ 58 static int32_t spmd_init(void); 59 static int spmd_spmc_init(void *rd_base, 60 size_t rd_size); 61 static uint64_t spmd_spci_error_return(void *handle, 62 int error_code); 63 static uint64_t spmd_smc_forward(uint32_t smc_fid, 64 bool secure_origin, 65 uint64_t x1, 66 uint64_t x2, 67 uint64_t x3, 68 uint64_t x4, 69 void *handle); 70 71 /******************************************************************************* 72 * This function takes an SPMC context pointer and performs a synchronous 73 * SPMC entry. 74 ******************************************************************************/ 75 uint64_t spmd_spm_core_sync_entry(spmd_spm_core_context_t *spmc_ctx) 76 { 77 uint64_t rc; 78 79 assert(spmc_ctx != NULL); 80 81 cm_set_context(&(spmc_ctx->cpu_ctx), SECURE); 82 83 /* Restore the context assigned above */ 84 cm_el1_sysregs_context_restore(SECURE); 85 #if SPMD_SPM_AT_SEL2 86 cm_el2_sysregs_context_restore(SECURE); 87 #endif 88 cm_set_next_eret_context(SECURE); 89 90 /* Enter SPMC */ 91 rc = spmd_spm_core_enter(&spmc_ctx->c_rt_ctx); 92 93 /* Save secure state */ 94 cm_el1_sysregs_context_save(SECURE); 95 #if SPMD_SPM_AT_SEL2 96 cm_el2_sysregs_context_save(SECURE); 97 #endif 98 99 return rc; 100 } 101 102 /******************************************************************************* 103 * This function returns to the place where spmd_spm_core_sync_entry() was 104 * called originally. 105 ******************************************************************************/ 106 __dead2 void spmd_spm_core_sync_exit(uint64_t rc) 107 { 108 spmd_spm_core_context_t *ctx = spmd_get_context(); 109 110 /* Get current CPU context from SPMC context */ 111 assert(cm_get_context(SECURE) == &(ctx->cpu_ctx)); 112 113 /* 114 * The SPMD must have initiated the original request through a 115 * synchronous entry into SPMC. Jump back to the original C runtime 116 * context with the value of rc in x0; 117 */ 118 spmd_spm_core_exit(ctx->c_rt_ctx, rc); 119 120 panic(); 121 } 122 123 /******************************************************************************* 124 * Jump to the SPM Core for the first time. 125 ******************************************************************************/ 126 static int32_t spmd_init(void) 127 { 128 spmd_spm_core_context_t *ctx = spmd_get_context(); 129 uint64_t rc; 130 131 VERBOSE("SPM Core init start.\n"); 132 ctx->state = SPMC_STATE_RESET; 133 134 rc = spmd_spm_core_sync_entry(ctx); 135 if (rc != 0ULL) { 136 ERROR("SPMC initialisation failed 0x%llx\n", rc); 137 return 0; 138 } 139 140 ctx->state = SPMC_STATE_IDLE; 141 VERBOSE("SPM Core init end.\n"); 142 143 return 1; 144 } 145 146 /******************************************************************************* 147 * Loads SPMC manifest and inits SPMC. 148 ******************************************************************************/ 149 static int spmd_spmc_init(void *rd_base, size_t rd_size) 150 { 151 spmd_spm_core_context_t *spm_ctx = spmd_get_context(); 152 uint32_t ep_attr; 153 int rc; 154 155 /* Load the SPM Core manifest */ 156 rc = plat_spm_core_manifest_load(&spmc_attrs, rd_base, rd_size); 157 if (rc != 0) { 158 WARN("No or invalid SPM Core manifest image provided by BL2\n"); 159 return rc; 160 } 161 162 /* 163 * Ensure that the SPM Core version is compatible with the SPM 164 * Dispatcher version. 165 */ 166 if ((spmc_attrs.major_version != SPCI_VERSION_MAJOR) || 167 (spmc_attrs.minor_version > SPCI_VERSION_MINOR)) { 168 WARN("Unsupported SPCI version (%u.%u)\n", 169 spmc_attrs.major_version, spmc_attrs.minor_version); 170 return -EINVAL; 171 } 172 173 VERBOSE("SPCI version (%u.%u).\n", spmc_attrs.major_version, 174 spmc_attrs.minor_version); 175 176 VERBOSE("SPM Core run time EL%x.\n", 177 SPMD_SPM_AT_SEL2 ? MODE_EL2 : MODE_EL1); 178 179 /* Validate the SPMC ID, Ensure high bit is set */ 180 if (((spmc_attrs.spmc_id >> SPMC_SECURE_ID_SHIFT) & 181 SPMC_SECURE_ID_MASK) == 0U) { 182 WARN("Invalid ID (0x%x) for SPMC.\n", spmc_attrs.spmc_id); 183 return -EINVAL; 184 } 185 186 /* Validate the SPM Core execution state */ 187 if ((spmc_attrs.exec_state != MODE_RW_64) && 188 (spmc_attrs.exec_state != MODE_RW_32)) { 189 WARN("Unsupported SPM Core execution state 0x%x.\n", 190 spmc_attrs.exec_state); 191 return -EINVAL; 192 } 193 194 VERBOSE("SPM Core execution state 0x%x.\n", spmc_attrs.exec_state); 195 196 #if SPMD_SPM_AT_SEL2 197 /* Ensure manifest has not requested AArch32 state in S-EL2 */ 198 if (spmc_attrs.exec_state == MODE_RW_32) { 199 WARN("AArch32 state at S-EL2 is not supported.\n"); 200 return -EINVAL; 201 } 202 203 /* 204 * Check if S-EL2 is supported on this system if S-EL2 205 * is required for SPM 206 */ 207 if (!is_armv8_4_sel2_present()) { 208 WARN("SPM Core run time S-EL2 is not supported.\n"); 209 return -EINVAL; 210 } 211 #endif /* SPMD_SPM_AT_SEL2 */ 212 213 /* Initialise an entrypoint to set up the CPU context */ 214 ep_attr = SECURE | EP_ST_ENABLE; 215 if ((read_sctlr_el3() & SCTLR_EE_BIT) != 0ULL) { 216 ep_attr |= EP_EE_BIG; 217 } 218 219 SET_PARAM_HEAD(spmc_ep_info, PARAM_EP, VERSION_1, ep_attr); 220 assert(spmc_ep_info->pc == BL32_BASE); 221 222 /* 223 * Populate SPSR for SPM Core based upon validated parameters from the 224 * manifest. 225 */ 226 if (spmc_attrs.exec_state == MODE_RW_32) { 227 spmc_ep_info->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM, 228 SPSR_E_LITTLE, 229 DAIF_FIQ_BIT | 230 DAIF_IRQ_BIT | 231 DAIF_ABT_BIT); 232 } else { 233 234 #if SPMD_SPM_AT_SEL2 235 static const uint32_t runtime_el = MODE_EL2; 236 #else 237 static const uint32_t runtime_el = MODE_EL1; 238 #endif 239 spmc_ep_info->spsr = SPSR_64(runtime_el, 240 MODE_SP_ELX, 241 DISABLE_ALL_EXCEPTIONS); 242 } 243 244 /* Initialise SPM Core context with this entry point information */ 245 cm_setup_context(&spm_ctx->cpu_ctx, spmc_ep_info); 246 247 /* Reuse PSCI affinity states to mark this SPMC context as off */ 248 spm_ctx->state = AFF_STATE_OFF; 249 250 INFO("SPM Core setup done.\n"); 251 252 /* Register init function for deferred init. */ 253 bl31_register_bl32_init(&spmd_init); 254 255 return 0; 256 } 257 258 /******************************************************************************* 259 * Initialize context of SPM Core. 260 ******************************************************************************/ 261 int spmd_setup(void) 262 { 263 int rc; 264 void *rd_base; 265 size_t rd_size; 266 uintptr_t rd_base_align; 267 uintptr_t rd_size_align; 268 269 spmc_ep_info = bl31_plat_get_next_image_ep_info(SECURE); 270 if (spmc_ep_info == NULL) { 271 WARN("No SPM Core image provided by BL2 boot loader.\n"); 272 return -EINVAL; 273 } 274 275 /* Under no circumstances will this parameter be 0 */ 276 assert(spmc_ep_info->pc != 0ULL); 277 278 /* 279 * Check if BL32 ep_info has a reference to 'tos_fw_config'. This will 280 * be used as a manifest for the SPM Core at the next lower EL/mode. 281 */ 282 if (spmc_ep_info->args.arg0 == 0U || spmc_ep_info->args.arg2 == 0U) { 283 ERROR("Invalid or absent SPM core manifest\n"); 284 panic(); 285 } 286 287 /* Obtain whereabouts of SPM Core manifest */ 288 rd_base = (void *) spmc_ep_info->args.arg0; 289 rd_size = spmc_ep_info->args.arg2; 290 291 rd_base_align = page_align((uintptr_t) rd_base, DOWN); 292 rd_size_align = page_align((uintptr_t) rd_size, UP); 293 294 /* Map the manifest in the SPMD translation regime first */ 295 VERBOSE("SPM core manifest base : 0x%lx\n", rd_base_align); 296 VERBOSE("SPM core manifest size : 0x%lx\n", rd_size_align); 297 rc = mmap_add_dynamic_region((unsigned long long) rd_base_align, 298 (uintptr_t) rd_base_align, 299 rd_size_align, 300 MT_RO_DATA); 301 if (rc != 0) { 302 ERROR("Error while mapping SPM core manifest (%d).\n", rc); 303 panic(); 304 } 305 306 /* Load manifest, init SPMC */ 307 rc = spmd_spmc_init(rd_base, rd_size); 308 if (rc != 0) { 309 int mmap_rc; 310 311 WARN("Booting device without SPM initialization.\n"); 312 313 mmap_rc = mmap_remove_dynamic_region(rd_base_align, 314 rd_size_align); 315 if (mmap_rc != 0) { 316 ERROR("Error while unmapping SPM core manifest (%d).\n", 317 mmap_rc); 318 panic(); 319 } 320 321 return rc; 322 } 323 324 return 0; 325 } 326 327 /******************************************************************************* 328 * Forward SMC to the other security state 329 ******************************************************************************/ 330 static uint64_t spmd_smc_forward(uint32_t smc_fid, 331 bool secure_origin, 332 uint64_t x1, 333 uint64_t x2, 334 uint64_t x3, 335 uint64_t x4, 336 void *handle) 337 { 338 uint32_t secure_state_in = (secure_origin) ? SECURE : NON_SECURE; 339 uint32_t secure_state_out = (!secure_origin) ? SECURE : NON_SECURE; 340 341 /* Save incoming security state */ 342 cm_el1_sysregs_context_save(secure_state_in); 343 #if SPMD_SPM_AT_SEL2 344 cm_el2_sysregs_context_save(secure_state_in); 345 #endif 346 347 /* Restore outgoing security state */ 348 cm_el1_sysregs_context_restore(secure_state_out); 349 #if SPMD_SPM_AT_SEL2 350 cm_el2_sysregs_context_restore(secure_state_out); 351 #endif 352 cm_set_next_eret_context(secure_state_out); 353 354 SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4, 355 SMC_GET_GP(handle, CTX_GPREG_X5), 356 SMC_GET_GP(handle, CTX_GPREG_X6), 357 SMC_GET_GP(handle, CTX_GPREG_X7)); 358 } 359 360 /******************************************************************************* 361 * Return SPCI_ERROR with specified error code 362 ******************************************************************************/ 363 static uint64_t spmd_spci_error_return(void *handle, int error_code) 364 { 365 SMC_RET8(handle, SPCI_ERROR, 366 SPCI_TARGET_INFO_MBZ, error_code, 367 SPCI_PARAM_MBZ, SPCI_PARAM_MBZ, SPCI_PARAM_MBZ, 368 SPCI_PARAM_MBZ, SPCI_PARAM_MBZ); 369 } 370 371 /******************************************************************************* 372 * This function handles all SMCs in the range reserved for SPCI. Each call is 373 * either forwarded to the other security state or handled by the SPM dispatcher 374 ******************************************************************************/ 375 uint64_t spmd_smc_handler(uint32_t smc_fid, 376 uint64_t x1, 377 uint64_t x2, 378 uint64_t x3, 379 uint64_t x4, 380 void *cookie, 381 void *handle, 382 uint64_t flags) 383 { 384 spmd_spm_core_context_t *ctx = spmd_get_context(); 385 bool secure_origin; 386 int32_t ret; 387 388 /* Determine which security state this SMC originated from */ 389 secure_origin = is_caller_secure(flags); 390 391 INFO("SPM: 0x%x 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx\n", 392 smc_fid, x1, x2, x3, x4, SMC_GET_GP(handle, CTX_GPREG_X5), 393 SMC_GET_GP(handle, CTX_GPREG_X6), 394 SMC_GET_GP(handle, CTX_GPREG_X7)); 395 396 switch (smc_fid) { 397 case SPCI_ERROR: 398 /* 399 * Check if this is the first invocation of this interface on 400 * this CPU. If so, then indicate that the SPM Core initialised 401 * unsuccessfully. 402 */ 403 if (secure_origin && (ctx->state == SPMC_STATE_RESET)) { 404 spmd_spm_core_sync_exit(x2); 405 } 406 407 return spmd_smc_forward(smc_fid, secure_origin, 408 x1, x2, x3, x4, handle); 409 break; /* not reached */ 410 411 case SPCI_VERSION: 412 /* 413 * TODO: This is an optimization that the version information 414 * provided by the SPM Core manifest is returned by the SPM 415 * dispatcher. It might be a better idea to simply forward this 416 * call to the SPM Core and wash our hands completely. 417 */ 418 ret = MAKE_SPCI_VERSION(spmc_attrs.major_version, 419 spmc_attrs.minor_version); 420 SMC_RET8(handle, SPCI_SUCCESS_SMC32, SPCI_TARGET_INFO_MBZ, ret, 421 SPCI_PARAM_MBZ, SPCI_PARAM_MBZ, SPCI_PARAM_MBZ, 422 SPCI_PARAM_MBZ, SPCI_PARAM_MBZ); 423 break; /* not reached */ 424 425 case SPCI_FEATURES: 426 /* 427 * This is an optional interface. Do the minimal checks and 428 * forward to SPM Core which will handle it if implemented. 429 */ 430 431 /* 432 * Check if x1 holds a valid SPCI fid. This is an 433 * optimization. 434 */ 435 if (!is_spci_fid(x1)) { 436 return spmd_spci_error_return(handle, 437 SPCI_ERROR_NOT_SUPPORTED); 438 } 439 440 /* Forward SMC from Normal world to the SPM Core */ 441 if (!secure_origin) { 442 return spmd_smc_forward(smc_fid, secure_origin, 443 x1, x2, x3, x4, handle); 444 } 445 446 /* 447 * Return success if call was from secure world i.e. all 448 * SPCI functions are supported. This is essentially a 449 * nop. 450 */ 451 SMC_RET8(handle, SPCI_SUCCESS_SMC32, x1, x2, x3, x4, 452 SMC_GET_GP(handle, CTX_GPREG_X5), 453 SMC_GET_GP(handle, CTX_GPREG_X6), 454 SMC_GET_GP(handle, CTX_GPREG_X7)); 455 456 break; /* not reached */ 457 458 case SPCI_ID_GET: 459 /* 460 * Returns the ID of the calling SPCI component. 461 */ 462 if (!secure_origin) { 463 SMC_RET8(handle, SPCI_SUCCESS_SMC32, 464 SPCI_TARGET_INFO_MBZ, SPCI_NS_ENDPOINT_ID, 465 SPCI_PARAM_MBZ, SPCI_PARAM_MBZ, 466 SPCI_PARAM_MBZ, SPCI_PARAM_MBZ, 467 SPCI_PARAM_MBZ); 468 } 469 470 SMC_RET8(handle, SPCI_SUCCESS_SMC32, 471 SPCI_TARGET_INFO_MBZ, spmc_attrs.spmc_id, 472 SPCI_PARAM_MBZ, SPCI_PARAM_MBZ, 473 SPCI_PARAM_MBZ, SPCI_PARAM_MBZ, 474 SPCI_PARAM_MBZ); 475 476 break; /* not reached */ 477 478 case SPCI_RX_RELEASE: 479 case SPCI_RXTX_MAP_SMC32: 480 case SPCI_RXTX_MAP_SMC64: 481 case SPCI_RXTX_UNMAP: 482 case SPCI_MSG_RUN: 483 /* This interface must be invoked only by the Normal world */ 484 if (secure_origin) { 485 return spmd_spci_error_return(handle, 486 SPCI_ERROR_NOT_SUPPORTED); 487 } 488 489 /* Fall through to forward the call to the other world */ 490 491 case SPCI_PARTITION_INFO_GET: 492 case SPCI_MSG_SEND: 493 case SPCI_MSG_SEND_DIRECT_REQ_SMC32: 494 case SPCI_MSG_SEND_DIRECT_REQ_SMC64: 495 case SPCI_MSG_SEND_DIRECT_RESP_SMC32: 496 case SPCI_MSG_SEND_DIRECT_RESP_SMC64: 497 case SPCI_MEM_DONATE_SMC32: 498 case SPCI_MEM_DONATE_SMC64: 499 case SPCI_MEM_LEND_SMC32: 500 case SPCI_MEM_LEND_SMC64: 501 case SPCI_MEM_SHARE_SMC32: 502 case SPCI_MEM_SHARE_SMC64: 503 case SPCI_MEM_RETRIEVE_REQ_SMC32: 504 case SPCI_MEM_RETRIEVE_REQ_SMC64: 505 case SPCI_MEM_RETRIEVE_RESP: 506 case SPCI_MEM_RELINQUISH: 507 case SPCI_MEM_RECLAIM: 508 case SPCI_SUCCESS_SMC32: 509 case SPCI_SUCCESS_SMC64: 510 /* 511 * TODO: Assume that no requests originate from EL3 at the 512 * moment. This will change if a SP service is required in 513 * response to secure interrupts targeted to EL3. Until then 514 * simply forward the call to the Normal world. 515 */ 516 517 return spmd_smc_forward(smc_fid, secure_origin, 518 x1, x2, x3, x4, handle); 519 break; /* not reached */ 520 521 case SPCI_MSG_WAIT: 522 /* 523 * Check if this is the first invocation of this interface on 524 * this CPU from the Secure world. If so, then indicate that the 525 * SPM Core initialised successfully. 526 */ 527 if (secure_origin && (ctx->state == SPMC_STATE_RESET)) { 528 spmd_spm_core_sync_exit(0); 529 } 530 531 /* Fall through to forward the call to the other world */ 532 533 case SPCI_MSG_YIELD: 534 /* This interface must be invoked only by the Secure world */ 535 if (!secure_origin) { 536 return spmd_spci_error_return(handle, 537 SPCI_ERROR_NOT_SUPPORTED); 538 } 539 540 return spmd_smc_forward(smc_fid, secure_origin, 541 x1, x2, x3, x4, handle); 542 break; /* not reached */ 543 544 default: 545 WARN("SPM: Unsupported call 0x%08x\n", smc_fid); 546 return spmd_spci_error_return(handle, SPCI_ERROR_NOT_SUPPORTED); 547 } 548 } 549