1 /* 2 * Copyright (c) 2020, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <errno.h> 9 #include <string.h> 10 11 #include <arch_helpers.h> 12 #include <arch/aarch64/arch_features.h> 13 #include <bl31/bl31.h> 14 #include <common/debug.h> 15 #include <common/runtime_svc.h> 16 #include <lib/el3_runtime/context_mgmt.h> 17 #include <lib/smccc.h> 18 #include <lib/spinlock.h> 19 #include <lib/utils.h> 20 #include <plat/common/common_def.h> 21 #include <plat/common/platform.h> 22 #include <platform_def.h> 23 #include <services/ffa_svc.h> 24 #include <services/spmd_svc.h> 25 #include <smccc_helpers.h> 26 #include "spmd_private.h" 27 28 /******************************************************************************* 29 * SPM Core context information. 30 ******************************************************************************/ 31 static spmd_spm_core_context_t spm_core_context[PLATFORM_CORE_COUNT]; 32 33 /******************************************************************************* 34 * SPM Core attribute information read from its manifest. 35 ******************************************************************************/ 36 static spmc_manifest_attribute_t spmc_attrs; 37 38 /******************************************************************************* 39 * SPM Core entry point information. Discovered on the primary core and reused 40 * on secondary cores. 41 ******************************************************************************/ 42 static entry_point_info_t *spmc_ep_info; 43 44 /******************************************************************************* 45 * SPM Core context on current CPU get helper. 46 ******************************************************************************/ 47 spmd_spm_core_context_t *spmd_get_context(void) 48 { 49 unsigned int linear_id = plat_my_core_pos(); 50 51 return &spm_core_context[linear_id]; 52 } 53 54 /******************************************************************************* 55 * SPM Core entry point information get helper. 56 ******************************************************************************/ 57 entry_point_info_t *spmd_spmc_ep_info_get(void) 58 { 59 return spmc_ep_info; 60 } 61 62 /******************************************************************************* 63 * Static function declaration. 64 ******************************************************************************/ 65 static int32_t spmd_init(void); 66 static int spmd_spmc_init(void *pm_addr); 67 static uint64_t spmd_ffa_error_return(void *handle, 68 int error_code); 69 static uint64_t spmd_smc_forward(uint32_t smc_fid, 70 bool secure_origin, 71 uint64_t x1, 72 uint64_t x2, 73 uint64_t x3, 74 uint64_t x4, 75 void *handle); 76 77 /******************************************************************************* 78 * This function takes an SPMC context pointer and performs a synchronous 79 * SPMC entry. 80 ******************************************************************************/ 81 uint64_t spmd_spm_core_sync_entry(spmd_spm_core_context_t *spmc_ctx) 82 { 83 uint64_t rc; 84 85 assert(spmc_ctx != NULL); 86 87 cm_set_context(&(spmc_ctx->cpu_ctx), SECURE); 88 89 /* Restore the context assigned above */ 90 cm_el1_sysregs_context_restore(SECURE); 91 #if SPMD_SPM_AT_SEL2 92 cm_el2_sysregs_context_restore(SECURE); 93 #endif 94 cm_set_next_eret_context(SECURE); 95 96 /* Enter SPMC */ 97 rc = spmd_spm_core_enter(&spmc_ctx->c_rt_ctx); 98 99 /* Save secure state */ 100 cm_el1_sysregs_context_save(SECURE); 101 #if SPMD_SPM_AT_SEL2 102 cm_el2_sysregs_context_save(SECURE); 103 #endif 104 105 return rc; 106 } 107 108 /******************************************************************************* 109 * This function returns to the place where spmd_spm_core_sync_entry() was 110 * called originally. 111 ******************************************************************************/ 112 __dead2 void spmd_spm_core_sync_exit(uint64_t rc) 113 { 114 spmd_spm_core_context_t *ctx = spmd_get_context(); 115 116 /* Get current CPU context from SPMC context */ 117 assert(cm_get_context(SECURE) == &(ctx->cpu_ctx)); 118 119 /* 120 * The SPMD must have initiated the original request through a 121 * synchronous entry into SPMC. Jump back to the original C runtime 122 * context with the value of rc in x0; 123 */ 124 spmd_spm_core_exit(ctx->c_rt_ctx, rc); 125 126 panic(); 127 } 128 129 /******************************************************************************* 130 * Jump to the SPM Core for the first time. 131 ******************************************************************************/ 132 static int32_t spmd_init(void) 133 { 134 spmd_spm_core_context_t *ctx = spmd_get_context(); 135 uint64_t rc; 136 137 VERBOSE("SPM Core init start.\n"); 138 ctx->state = SPMC_STATE_RESET; 139 140 rc = spmd_spm_core_sync_entry(ctx); 141 if (rc != 0ULL) { 142 ERROR("SPMC initialisation failed 0x%llx\n", rc); 143 return 0; 144 } 145 146 ctx->state = SPMC_STATE_IDLE; 147 VERBOSE("SPM Core init end.\n"); 148 149 return 1; 150 } 151 152 /******************************************************************************* 153 * Loads SPMC manifest and inits SPMC. 154 ******************************************************************************/ 155 static int spmd_spmc_init(void *pm_addr) 156 { 157 spmd_spm_core_context_t *spm_ctx = spmd_get_context(); 158 uint32_t ep_attr; 159 int rc; 160 161 /* Load the SPM Core manifest */ 162 rc = plat_spm_core_manifest_load(&spmc_attrs, pm_addr); 163 if (rc != 0) { 164 WARN("No or invalid SPM Core manifest image provided by BL2\n"); 165 return rc; 166 } 167 168 /* 169 * Ensure that the SPM Core version is compatible with the SPM 170 * Dispatcher version. 171 */ 172 if ((spmc_attrs.major_version != FFA_VERSION_MAJOR) || 173 (spmc_attrs.minor_version > FFA_VERSION_MINOR)) { 174 WARN("Unsupported FFA version (%u.%u)\n", 175 spmc_attrs.major_version, spmc_attrs.minor_version); 176 return -EINVAL; 177 } 178 179 VERBOSE("FFA version (%u.%u)\n", spmc_attrs.major_version, 180 spmc_attrs.minor_version); 181 182 VERBOSE("SPM Core run time EL%x.\n", 183 SPMD_SPM_AT_SEL2 ? MODE_EL2 : MODE_EL1); 184 185 /* Validate the SPMC ID, Ensure high bit is set */ 186 if (((spmc_attrs.spmc_id >> SPMC_SECURE_ID_SHIFT) & 187 SPMC_SECURE_ID_MASK) == 0U) { 188 WARN("Invalid ID (0x%x) for SPMC.\n", spmc_attrs.spmc_id); 189 return -EINVAL; 190 } 191 192 /* Validate the SPM Core execution state */ 193 if ((spmc_attrs.exec_state != MODE_RW_64) && 194 (spmc_attrs.exec_state != MODE_RW_32)) { 195 WARN("Unsupported %s%x.\n", "SPM Core execution state 0x", 196 spmc_attrs.exec_state); 197 return -EINVAL; 198 } 199 200 VERBOSE("%s%x.\n", "SPM Core execution state 0x", 201 spmc_attrs.exec_state); 202 203 #if SPMD_SPM_AT_SEL2 204 /* Ensure manifest has not requested AArch32 state in S-EL2 */ 205 if (spmc_attrs.exec_state == MODE_RW_32) { 206 WARN("AArch32 state at S-EL2 is not supported.\n"); 207 return -EINVAL; 208 } 209 210 /* 211 * Check if S-EL2 is supported on this system if S-EL2 212 * is required for SPM 213 */ 214 if (!is_armv8_4_sel2_present()) { 215 WARN("SPM Core run time S-EL2 is not supported.\n"); 216 return -EINVAL; 217 } 218 #endif /* SPMD_SPM_AT_SEL2 */ 219 220 /* Initialise an entrypoint to set up the CPU context */ 221 ep_attr = SECURE | EP_ST_ENABLE; 222 if ((read_sctlr_el3() & SCTLR_EE_BIT) != 0ULL) { 223 ep_attr |= EP_EE_BIG; 224 } 225 226 SET_PARAM_HEAD(spmc_ep_info, PARAM_EP, VERSION_1, ep_attr); 227 assert(spmc_ep_info->pc == BL32_BASE); 228 229 /* 230 * Populate SPSR for SPM Core based upon validated parameters from the 231 * manifest. 232 */ 233 if (spmc_attrs.exec_state == MODE_RW_32) { 234 spmc_ep_info->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM, 235 SPSR_E_LITTLE, 236 DAIF_FIQ_BIT | 237 DAIF_IRQ_BIT | 238 DAIF_ABT_BIT); 239 } else { 240 241 #if SPMD_SPM_AT_SEL2 242 static const uint32_t runtime_el = MODE_EL2; 243 #else 244 static const uint32_t runtime_el = MODE_EL1; 245 #endif 246 spmc_ep_info->spsr = SPSR_64(runtime_el, 247 MODE_SP_ELX, 248 DISABLE_ALL_EXCEPTIONS); 249 } 250 251 /* Initialise SPM Core context with this entry point information */ 252 cm_setup_context(&spm_ctx->cpu_ctx, spmc_ep_info); 253 254 /* Reuse PSCI affinity states to mark this SPMC context as off */ 255 spm_ctx->state = AFF_STATE_OFF; 256 257 INFO("SPM Core setup done.\n"); 258 259 /* Register init function for deferred init. */ 260 bl31_register_bl32_init(&spmd_init); 261 262 return 0; 263 } 264 265 /******************************************************************************* 266 * Initialize context of SPM Core. 267 ******************************************************************************/ 268 int spmd_setup(void) 269 { 270 void *spmc_manifest; 271 int rc; 272 273 spmc_ep_info = bl31_plat_get_next_image_ep_info(SECURE); 274 if (spmc_ep_info == NULL) { 275 WARN("No SPM Core image provided by BL2 boot loader.\n"); 276 return -EINVAL; 277 } 278 279 /* Under no circumstances will this parameter be 0 */ 280 assert(spmc_ep_info->pc != 0ULL); 281 282 /* 283 * Check if BL32 ep_info has a reference to 'tos_fw_config'. This will 284 * be used as a manifest for the SPM Core at the next lower EL/mode. 285 */ 286 spmc_manifest = (void *)spmc_ep_info->args.arg0; 287 if (spmc_manifest == NULL) { 288 ERROR("Invalid or absent SPM Core manifest.\n"); 289 return -EINVAL; 290 } 291 292 /* Load manifest, init SPMC */ 293 rc = spmd_spmc_init(spmc_manifest); 294 if (rc != 0) { 295 WARN("Booting device without SPM initialization.\n"); 296 } 297 298 return rc; 299 } 300 301 /******************************************************************************* 302 * Forward SMC to the other security state 303 ******************************************************************************/ 304 static uint64_t spmd_smc_forward(uint32_t smc_fid, 305 bool secure_origin, 306 uint64_t x1, 307 uint64_t x2, 308 uint64_t x3, 309 uint64_t x4, 310 void *handle) 311 { 312 uint32_t secure_state_in = (secure_origin) ? SECURE : NON_SECURE; 313 uint32_t secure_state_out = (!secure_origin) ? SECURE : NON_SECURE; 314 315 /* Save incoming security state */ 316 cm_el1_sysregs_context_save(secure_state_in); 317 #if SPMD_SPM_AT_SEL2 318 cm_el2_sysregs_context_save(secure_state_in); 319 #endif 320 321 /* Restore outgoing security state */ 322 cm_el1_sysregs_context_restore(secure_state_out); 323 #if SPMD_SPM_AT_SEL2 324 cm_el2_sysregs_context_restore(secure_state_out); 325 #endif 326 cm_set_next_eret_context(secure_state_out); 327 328 SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4, 329 SMC_GET_GP(handle, CTX_GPREG_X5), 330 SMC_GET_GP(handle, CTX_GPREG_X6), 331 SMC_GET_GP(handle, CTX_GPREG_X7)); 332 } 333 334 /******************************************************************************* 335 * Return FFA_ERROR with specified error code 336 ******************************************************************************/ 337 static uint64_t spmd_ffa_error_return(void *handle, int error_code) 338 { 339 SMC_RET8(handle, FFA_ERROR, 340 FFA_TARGET_INFO_MBZ, error_code, 341 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 342 FFA_PARAM_MBZ, FFA_PARAM_MBZ); 343 } 344 345 /******************************************************************************* 346 * This function handles all SMCs in the range reserved for FFA. Each call is 347 * either forwarded to the other security state or handled by the SPM dispatcher 348 ******************************************************************************/ 349 uint64_t spmd_smc_handler(uint32_t smc_fid, 350 uint64_t x1, 351 uint64_t x2, 352 uint64_t x3, 353 uint64_t x4, 354 void *cookie, 355 void *handle, 356 uint64_t flags) 357 { 358 spmd_spm_core_context_t *ctx = spmd_get_context(); 359 bool secure_origin; 360 int32_t ret; 361 uint32_t input_version; 362 363 /* Determine which security state this SMC originated from */ 364 secure_origin = is_caller_secure(flags); 365 366 INFO("SPM: 0x%x 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx 0x%llx\n", 367 smc_fid, x1, x2, x3, x4, SMC_GET_GP(handle, CTX_GPREG_X5), 368 SMC_GET_GP(handle, CTX_GPREG_X6), 369 SMC_GET_GP(handle, CTX_GPREG_X7)); 370 371 switch (smc_fid) { 372 case FFA_ERROR: 373 /* 374 * Check if this is the first invocation of this interface on 375 * this CPU. If so, then indicate that the SPM Core initialised 376 * unsuccessfully. 377 */ 378 if (secure_origin && (ctx->state == SPMC_STATE_RESET)) { 379 spmd_spm_core_sync_exit(x2); 380 } 381 382 return spmd_smc_forward(smc_fid, secure_origin, 383 x1, x2, x3, x4, handle); 384 break; /* not reached */ 385 386 case FFA_VERSION: 387 input_version = (uint32_t)(0xFFFFFFFF & x1); 388 /* 389 * If caller is secure and SPMC was initialized, 390 * return FFA_VERSION of SPMD. 391 * If caller is non secure and SPMC was initialized, 392 * return SPMC's version. 393 * Sanity check to "input_version". 394 */ 395 if ((input_version & FFA_VERSION_BIT31_MASK) || 396 (ctx->state == SPMC_STATE_RESET)) { 397 ret = FFA_ERROR_NOT_SUPPORTED; 398 } else if (!secure_origin) { 399 ret = MAKE_FFA_VERSION(spmc_attrs.major_version, spmc_attrs.minor_version); 400 } else { 401 ret = MAKE_FFA_VERSION(FFA_VERSION_MAJOR, FFA_VERSION_MINOR); 402 } 403 404 SMC_RET8(handle, ret, FFA_TARGET_INFO_MBZ, FFA_TARGET_INFO_MBZ, 405 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 406 FFA_PARAM_MBZ, FFA_PARAM_MBZ); 407 break; /* not reached */ 408 409 case FFA_FEATURES: 410 /* 411 * This is an optional interface. Do the minimal checks and 412 * forward to SPM Core which will handle it if implemented. 413 */ 414 415 /* 416 * Check if x1 holds a valid FFA fid. This is an 417 * optimization. 418 */ 419 if (!is_ffa_fid(x1)) { 420 return spmd_ffa_error_return(handle, 421 FFA_ERROR_NOT_SUPPORTED); 422 } 423 424 /* Forward SMC from Normal world to the SPM Core */ 425 if (!secure_origin) { 426 return spmd_smc_forward(smc_fid, secure_origin, 427 x1, x2, x3, x4, handle); 428 } 429 430 /* 431 * Return success if call was from secure world i.e. all 432 * FFA functions are supported. This is essentially a 433 * nop. 434 */ 435 SMC_RET8(handle, FFA_SUCCESS_SMC32, x1, x2, x3, x4, 436 SMC_GET_GP(handle, CTX_GPREG_X5), 437 SMC_GET_GP(handle, CTX_GPREG_X6), 438 SMC_GET_GP(handle, CTX_GPREG_X7)); 439 440 break; /* not reached */ 441 442 case FFA_ID_GET: 443 /* 444 * Returns the ID of the calling FFA component. 445 */ 446 if (!secure_origin) { 447 SMC_RET8(handle, FFA_SUCCESS_SMC32, 448 FFA_TARGET_INFO_MBZ, FFA_NS_ENDPOINT_ID, 449 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 450 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 451 FFA_PARAM_MBZ); 452 } 453 454 SMC_RET8(handle, FFA_SUCCESS_SMC32, 455 FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id, 456 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 457 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 458 FFA_PARAM_MBZ); 459 460 break; /* not reached */ 461 462 case FFA_RX_RELEASE: 463 case FFA_RXTX_MAP_SMC32: 464 case FFA_RXTX_MAP_SMC64: 465 case FFA_RXTX_UNMAP: 466 case FFA_MSG_RUN: 467 /* This interface must be invoked only by the Normal world */ 468 if (secure_origin) { 469 return spmd_ffa_error_return(handle, 470 FFA_ERROR_NOT_SUPPORTED); 471 } 472 473 /* Fall through to forward the call to the other world */ 474 475 case FFA_PARTITION_INFO_GET: 476 case FFA_MSG_SEND: 477 case FFA_MSG_SEND_DIRECT_REQ_SMC32: 478 case FFA_MSG_SEND_DIRECT_REQ_SMC64: 479 case FFA_MSG_SEND_DIRECT_RESP_SMC32: 480 case FFA_MSG_SEND_DIRECT_RESP_SMC64: 481 case FFA_MEM_DONATE_SMC32: 482 case FFA_MEM_DONATE_SMC64: 483 case FFA_MEM_LEND_SMC32: 484 case FFA_MEM_LEND_SMC64: 485 case FFA_MEM_SHARE_SMC32: 486 case FFA_MEM_SHARE_SMC64: 487 case FFA_MEM_RETRIEVE_REQ_SMC32: 488 case FFA_MEM_RETRIEVE_REQ_SMC64: 489 case FFA_MEM_RETRIEVE_RESP: 490 case FFA_MEM_RELINQUISH: 491 case FFA_MEM_RECLAIM: 492 case FFA_SUCCESS_SMC32: 493 case FFA_SUCCESS_SMC64: 494 /* 495 * TODO: Assume that no requests originate from EL3 at the 496 * moment. This will change if a SP service is required in 497 * response to secure interrupts targeted to EL3. Until then 498 * simply forward the call to the Normal world. 499 */ 500 501 return spmd_smc_forward(smc_fid, secure_origin, 502 x1, x2, x3, x4, handle); 503 break; /* not reached */ 504 505 case FFA_MSG_WAIT: 506 /* 507 * Check if this is the first invocation of this interface on 508 * this CPU from the Secure world. If so, then indicate that the 509 * SPM Core initialised successfully. 510 */ 511 if (secure_origin && (ctx->state == SPMC_STATE_RESET)) { 512 spmd_spm_core_sync_exit(0); 513 } 514 515 /* Fall through to forward the call to the other world */ 516 517 case FFA_MSG_YIELD: 518 /* This interface must be invoked only by the Secure world */ 519 if (!secure_origin) { 520 return spmd_ffa_error_return(handle, 521 FFA_ERROR_NOT_SUPPORTED); 522 } 523 524 return spmd_smc_forward(smc_fid, secure_origin, 525 x1, x2, x3, x4, handle); 526 break; /* not reached */ 527 528 default: 529 WARN("SPM: Unsupported call 0x%08x\n", smc_fid); 530 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 531 } 532 } 533