1 /* 2 * Copyright (c) 2020-2021, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 #include <errno.h> 9 #include <inttypes.h> 10 #include <stdint.h> 11 #include <string.h> 12 13 #include <arch_helpers.h> 14 #include <arch/aarch64/arch_features.h> 15 #include <bl31/bl31.h> 16 #include <bl31/interrupt_mgmt.h> 17 #include <common/debug.h> 18 #include <common/runtime_svc.h> 19 #include <lib/el3_runtime/context_mgmt.h> 20 #include <lib/smccc.h> 21 #include <lib/spinlock.h> 22 #include <lib/utils.h> 23 #include <plat/common/common_def.h> 24 #include <plat/common/platform.h> 25 #include <platform_def.h> 26 #include <services/ffa_svc.h> 27 #include <services/spmd_svc.h> 28 #include <smccc_helpers.h> 29 #include "spmd_private.h" 30 31 /******************************************************************************* 32 * SPM Core context information. 33 ******************************************************************************/ 34 static spmd_spm_core_context_t spm_core_context[PLATFORM_CORE_COUNT]; 35 36 /******************************************************************************* 37 * SPM Core attribute information read from its manifest. 38 ******************************************************************************/ 39 static spmc_manifest_attribute_t spmc_attrs; 40 41 /******************************************************************************* 42 * SPM Core entry point information. Discovered on the primary core and reused 43 * on secondary cores. 44 ******************************************************************************/ 45 static entry_point_info_t *spmc_ep_info; 46 47 /******************************************************************************* 48 * SPM Core context on CPU based on mpidr. 49 ******************************************************************************/ 50 spmd_spm_core_context_t *spmd_get_context_by_mpidr(uint64_t mpidr) 51 { 52 int core_idx = plat_core_pos_by_mpidr(mpidr); 53 54 if (core_idx < 0) { 55 ERROR("Invalid mpidr: %" PRIx64 ", returned ID: %d\n", mpidr, core_idx); 56 panic(); 57 } 58 59 return &spm_core_context[core_idx]; 60 } 61 62 /******************************************************************************* 63 * SPM Core context on current CPU get helper. 64 ******************************************************************************/ 65 spmd_spm_core_context_t *spmd_get_context(void) 66 { 67 return spmd_get_context_by_mpidr(read_mpidr()); 68 } 69 70 /******************************************************************************* 71 * SPM Core ID getter. 72 ******************************************************************************/ 73 uint16_t spmd_spmc_id_get(void) 74 { 75 return spmc_attrs.spmc_id; 76 } 77 78 /******************************************************************************* 79 * Static function declaration. 80 ******************************************************************************/ 81 static int32_t spmd_init(void); 82 static int spmd_spmc_init(void *pm_addr); 83 static uint64_t spmd_ffa_error_return(void *handle, 84 int error_code); 85 static uint64_t spmd_smc_forward(uint32_t smc_fid, 86 bool secure_origin, 87 uint64_t x1, 88 uint64_t x2, 89 uint64_t x3, 90 uint64_t x4, 91 void *handle); 92 93 /******************************************************************************* 94 * This function takes an SPMC context pointer and performs a synchronous 95 * SPMC entry. 96 ******************************************************************************/ 97 uint64_t spmd_spm_core_sync_entry(spmd_spm_core_context_t *spmc_ctx) 98 { 99 uint64_t rc; 100 101 assert(spmc_ctx != NULL); 102 103 cm_set_context(&(spmc_ctx->cpu_ctx), SECURE); 104 105 /* Restore the context assigned above */ 106 #if SPMD_SPM_AT_SEL2 107 cm_el2_sysregs_context_restore(SECURE); 108 #else 109 cm_el1_sysregs_context_restore(SECURE); 110 #endif 111 cm_set_next_eret_context(SECURE); 112 113 /* Enter SPMC */ 114 rc = spmd_spm_core_enter(&spmc_ctx->c_rt_ctx); 115 116 /* Save secure state */ 117 #if SPMD_SPM_AT_SEL2 118 cm_el2_sysregs_context_save(SECURE); 119 #else 120 cm_el1_sysregs_context_save(SECURE); 121 #endif 122 123 return rc; 124 } 125 126 /******************************************************************************* 127 * This function returns to the place where spmd_spm_core_sync_entry() was 128 * called originally. 129 ******************************************************************************/ 130 __dead2 void spmd_spm_core_sync_exit(uint64_t rc) 131 { 132 spmd_spm_core_context_t *ctx = spmd_get_context(); 133 134 /* Get current CPU context from SPMC context */ 135 assert(cm_get_context(SECURE) == &(ctx->cpu_ctx)); 136 137 /* 138 * The SPMD must have initiated the original request through a 139 * synchronous entry into SPMC. Jump back to the original C runtime 140 * context with the value of rc in x0; 141 */ 142 spmd_spm_core_exit(ctx->c_rt_ctx, rc); 143 144 panic(); 145 } 146 147 /******************************************************************************* 148 * Jump to the SPM Core for the first time. 149 ******************************************************************************/ 150 static int32_t spmd_init(void) 151 { 152 spmd_spm_core_context_t *ctx = spmd_get_context(); 153 uint64_t rc; 154 155 VERBOSE("SPM Core init start.\n"); 156 157 /* Primary boot core enters the SPMC for initialization. */ 158 ctx->state = SPMC_STATE_ON_PENDING; 159 160 rc = spmd_spm_core_sync_entry(ctx); 161 if (rc != 0ULL) { 162 ERROR("SPMC initialisation failed 0x%" PRIx64 "\n", rc); 163 return 0; 164 } 165 166 ctx->state = SPMC_STATE_ON; 167 168 VERBOSE("SPM Core init end.\n"); 169 170 return 1; 171 } 172 173 /******************************************************************************* 174 * spmd_secure_interrupt_handler 175 * Enter the SPMC for further handling of the secure interrupt by the SPMC 176 * itself or a Secure Partition. 177 ******************************************************************************/ 178 static uint64_t spmd_secure_interrupt_handler(uint32_t id, 179 uint32_t flags, 180 void *handle, 181 void *cookie) 182 { 183 spmd_spm_core_context_t *ctx = spmd_get_context(); 184 gp_regs_t *gpregs = get_gpregs_ctx(&ctx->cpu_ctx); 185 unsigned int linear_id = plat_my_core_pos(); 186 int64_t rc; 187 188 /* Sanity check the security state when the exception was generated */ 189 assert(get_interrupt_src_ss(flags) == NON_SECURE); 190 191 /* Sanity check the pointer to this cpu's context */ 192 assert(handle == cm_get_context(NON_SECURE)); 193 194 /* Save the non-secure context before entering SPMC */ 195 cm_el1_sysregs_context_save(NON_SECURE); 196 #if SPMD_SPM_AT_SEL2 197 cm_el2_sysregs_context_save(NON_SECURE); 198 #endif 199 200 /* Convey the event to the SPMC through the FFA_INTERRUPT interface. */ 201 write_ctx_reg(gpregs, CTX_GPREG_X0, FFA_INTERRUPT); 202 write_ctx_reg(gpregs, CTX_GPREG_X1, 0); 203 write_ctx_reg(gpregs, CTX_GPREG_X2, 0); 204 write_ctx_reg(gpregs, CTX_GPREG_X3, 0); 205 write_ctx_reg(gpregs, CTX_GPREG_X4, 0); 206 write_ctx_reg(gpregs, CTX_GPREG_X5, 0); 207 write_ctx_reg(gpregs, CTX_GPREG_X6, 0); 208 write_ctx_reg(gpregs, CTX_GPREG_X7, 0); 209 210 /* Mark current core as handling a secure interrupt. */ 211 ctx->secure_interrupt_ongoing = true; 212 213 rc = spmd_spm_core_sync_entry(ctx); 214 if (rc != 0ULL) { 215 ERROR("%s failed (%" PRId64 ") on CPU%u\n", __func__, rc, linear_id); 216 } 217 218 ctx->secure_interrupt_ongoing = false; 219 220 cm_el1_sysregs_context_restore(NON_SECURE); 221 #if SPMD_SPM_AT_SEL2 222 cm_el2_sysregs_context_restore(NON_SECURE); 223 #endif 224 cm_set_next_eret_context(NON_SECURE); 225 226 SMC_RET0(&ctx->cpu_ctx); 227 } 228 229 /******************************************************************************* 230 * Loads SPMC manifest and inits SPMC. 231 ******************************************************************************/ 232 static int spmd_spmc_init(void *pm_addr) 233 { 234 cpu_context_t *cpu_ctx; 235 unsigned int core_id; 236 uint32_t ep_attr, flags; 237 int rc; 238 239 /* Load the SPM Core manifest */ 240 rc = plat_spm_core_manifest_load(&spmc_attrs, pm_addr); 241 if (rc != 0) { 242 WARN("No or invalid SPM Core manifest image provided by BL2\n"); 243 return rc; 244 } 245 246 /* 247 * Ensure that the SPM Core version is compatible with the SPM 248 * Dispatcher version. 249 */ 250 if ((spmc_attrs.major_version != FFA_VERSION_MAJOR) || 251 (spmc_attrs.minor_version > FFA_VERSION_MINOR)) { 252 WARN("Unsupported FFA version (%u.%u)\n", 253 spmc_attrs.major_version, spmc_attrs.minor_version); 254 return -EINVAL; 255 } 256 257 VERBOSE("FFA version (%u.%u)\n", spmc_attrs.major_version, 258 spmc_attrs.minor_version); 259 260 VERBOSE("SPM Core run time EL%x.\n", 261 SPMD_SPM_AT_SEL2 ? MODE_EL2 : MODE_EL1); 262 263 /* Validate the SPMC ID, Ensure high bit is set */ 264 if (((spmc_attrs.spmc_id >> SPMC_SECURE_ID_SHIFT) & 265 SPMC_SECURE_ID_MASK) == 0U) { 266 WARN("Invalid ID (0x%x) for SPMC.\n", spmc_attrs.spmc_id); 267 return -EINVAL; 268 } 269 270 /* Validate the SPM Core execution state */ 271 if ((spmc_attrs.exec_state != MODE_RW_64) && 272 (spmc_attrs.exec_state != MODE_RW_32)) { 273 WARN("Unsupported %s%x.\n", "SPM Core execution state 0x", 274 spmc_attrs.exec_state); 275 return -EINVAL; 276 } 277 278 VERBOSE("%s%x.\n", "SPM Core execution state 0x", 279 spmc_attrs.exec_state); 280 281 #if SPMD_SPM_AT_SEL2 282 /* Ensure manifest has not requested AArch32 state in S-EL2 */ 283 if (spmc_attrs.exec_state == MODE_RW_32) { 284 WARN("AArch32 state at S-EL2 is not supported.\n"); 285 return -EINVAL; 286 } 287 288 /* 289 * Check if S-EL2 is supported on this system if S-EL2 290 * is required for SPM 291 */ 292 if (!is_armv8_4_sel2_present()) { 293 WARN("SPM Core run time S-EL2 is not supported.\n"); 294 return -EINVAL; 295 } 296 #endif /* SPMD_SPM_AT_SEL2 */ 297 298 /* Initialise an entrypoint to set up the CPU context */ 299 ep_attr = SECURE | EP_ST_ENABLE; 300 if ((read_sctlr_el3() & SCTLR_EE_BIT) != 0ULL) { 301 ep_attr |= EP_EE_BIG; 302 } 303 304 SET_PARAM_HEAD(spmc_ep_info, PARAM_EP, VERSION_1, ep_attr); 305 306 /* 307 * Populate SPSR for SPM Core based upon validated parameters from the 308 * manifest. 309 */ 310 if (spmc_attrs.exec_state == MODE_RW_32) { 311 spmc_ep_info->spsr = SPSR_MODE32(MODE32_svc, SPSR_T_ARM, 312 SPSR_E_LITTLE, 313 DAIF_FIQ_BIT | 314 DAIF_IRQ_BIT | 315 DAIF_ABT_BIT); 316 } else { 317 318 #if SPMD_SPM_AT_SEL2 319 static const uint32_t runtime_el = MODE_EL2; 320 #else 321 static const uint32_t runtime_el = MODE_EL1; 322 #endif 323 spmc_ep_info->spsr = SPSR_64(runtime_el, 324 MODE_SP_ELX, 325 DISABLE_ALL_EXCEPTIONS); 326 } 327 328 /* Set an initial SPMC context state for all cores. */ 329 for (core_id = 0U; core_id < PLATFORM_CORE_COUNT; core_id++) { 330 spm_core_context[core_id].state = SPMC_STATE_OFF; 331 332 /* Setup an initial cpu context for the SPMC. */ 333 cpu_ctx = &spm_core_context[core_id].cpu_ctx; 334 cm_setup_context(cpu_ctx, spmc_ep_info); 335 336 /* 337 * Pass the core linear ID to the SPMC through x4. 338 * (TF-A implementation defined behavior helping 339 * a legacy TOS migration to adopt FF-A). 340 */ 341 write_ctx_reg(get_gpregs_ctx(cpu_ctx), CTX_GPREG_X4, core_id); 342 } 343 344 /* Register power management hooks with PSCI */ 345 psci_register_spd_pm_hook(&spmd_pm); 346 347 /* Register init function for deferred init. */ 348 bl31_register_bl32_init(&spmd_init); 349 350 INFO("SPM Core setup done.\n"); 351 352 /* 353 * Register an interrupt handler routing secure interrupts to SPMD 354 * while the NWd is running. 355 */ 356 flags = 0; 357 set_interrupt_rm_flag(flags, NON_SECURE); 358 rc = register_interrupt_type_handler(INTR_TYPE_S_EL1, 359 spmd_secure_interrupt_handler, 360 flags); 361 if (rc != 0) { 362 panic(); 363 } 364 365 return 0; 366 } 367 368 /******************************************************************************* 369 * Initialize context of SPM Core. 370 ******************************************************************************/ 371 int spmd_setup(void) 372 { 373 void *spmc_manifest; 374 int rc; 375 376 spmc_ep_info = bl31_plat_get_next_image_ep_info(SECURE); 377 if (spmc_ep_info == NULL) { 378 WARN("No SPM Core image provided by BL2 boot loader.\n"); 379 return -EINVAL; 380 } 381 382 /* Under no circumstances will this parameter be 0 */ 383 assert(spmc_ep_info->pc != 0ULL); 384 385 /* 386 * Check if BL32 ep_info has a reference to 'tos_fw_config'. This will 387 * be used as a manifest for the SPM Core at the next lower EL/mode. 388 */ 389 spmc_manifest = (void *)spmc_ep_info->args.arg0; 390 if (spmc_manifest == NULL) { 391 ERROR("Invalid or absent SPM Core manifest.\n"); 392 return -EINVAL; 393 } 394 395 /* Load manifest, init SPMC */ 396 rc = spmd_spmc_init(spmc_manifest); 397 if (rc != 0) { 398 WARN("Booting device without SPM initialization.\n"); 399 } 400 401 return rc; 402 } 403 404 /******************************************************************************* 405 * Forward SMC to the other security state 406 ******************************************************************************/ 407 static uint64_t spmd_smc_forward(uint32_t smc_fid, 408 bool secure_origin, 409 uint64_t x1, 410 uint64_t x2, 411 uint64_t x3, 412 uint64_t x4, 413 void *handle) 414 { 415 unsigned int secure_state_in = (secure_origin) ? SECURE : NON_SECURE; 416 unsigned int secure_state_out = (!secure_origin) ? SECURE : NON_SECURE; 417 418 /* Save incoming security state */ 419 #if SPMD_SPM_AT_SEL2 420 if (secure_state_in == NON_SECURE) { 421 cm_el1_sysregs_context_save(secure_state_in); 422 } 423 cm_el2_sysregs_context_save(secure_state_in); 424 #else 425 cm_el1_sysregs_context_save(secure_state_in); 426 #endif 427 428 /* Restore outgoing security state */ 429 #if SPMD_SPM_AT_SEL2 430 if (secure_state_out == NON_SECURE) { 431 cm_el1_sysregs_context_restore(secure_state_out); 432 } 433 cm_el2_sysregs_context_restore(secure_state_out); 434 #else 435 cm_el1_sysregs_context_restore(secure_state_out); 436 #endif 437 cm_set_next_eret_context(secure_state_out); 438 439 SMC_RET8(cm_get_context(secure_state_out), smc_fid, x1, x2, x3, x4, 440 SMC_GET_GP(handle, CTX_GPREG_X5), 441 SMC_GET_GP(handle, CTX_GPREG_X6), 442 SMC_GET_GP(handle, CTX_GPREG_X7)); 443 } 444 445 /******************************************************************************* 446 * Return FFA_ERROR with specified error code 447 ******************************************************************************/ 448 static uint64_t spmd_ffa_error_return(void *handle, int error_code) 449 { 450 SMC_RET8(handle, (uint32_t) FFA_ERROR, 451 FFA_TARGET_INFO_MBZ, (uint32_t)error_code, 452 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 453 FFA_PARAM_MBZ, FFA_PARAM_MBZ); 454 } 455 456 /******************************************************************************* 457 * spmd_check_address_in_binary_image 458 ******************************************************************************/ 459 bool spmd_check_address_in_binary_image(uint64_t address) 460 { 461 assert(!check_uptr_overflow(spmc_attrs.load_address, spmc_attrs.binary_size)); 462 463 return ((address >= spmc_attrs.load_address) && 464 (address < (spmc_attrs.load_address + spmc_attrs.binary_size))); 465 } 466 467 /****************************************************************************** 468 * spmd_is_spmc_message 469 *****************************************************************************/ 470 static bool spmd_is_spmc_message(unsigned int ep) 471 { 472 return ((ffa_endpoint_destination(ep) == SPMD_DIRECT_MSG_ENDPOINT_ID) 473 && (ffa_endpoint_source(ep) == spmc_attrs.spmc_id)); 474 } 475 476 /****************************************************************************** 477 * spmd_handle_spmc_message 478 *****************************************************************************/ 479 static int spmd_handle_spmc_message(unsigned long long msg, 480 unsigned long long parm1, unsigned long long parm2, 481 unsigned long long parm3, unsigned long long parm4) 482 { 483 VERBOSE("%s %llx %llx %llx %llx %llx\n", __func__, 484 msg, parm1, parm2, parm3, parm4); 485 486 return -EINVAL; 487 } 488 489 /******************************************************************************* 490 * This function handles all SMCs in the range reserved for FFA. Each call is 491 * either forwarded to the other security state or handled by the SPM dispatcher 492 ******************************************************************************/ 493 uint64_t spmd_smc_handler(uint32_t smc_fid, 494 uint64_t x1, 495 uint64_t x2, 496 uint64_t x3, 497 uint64_t x4, 498 void *cookie, 499 void *handle, 500 uint64_t flags) 501 { 502 unsigned int linear_id = plat_my_core_pos(); 503 spmd_spm_core_context_t *ctx = spmd_get_context(); 504 bool secure_origin; 505 int32_t ret; 506 uint32_t input_version; 507 508 /* Determine which security state this SMC originated from */ 509 secure_origin = is_caller_secure(flags); 510 511 VERBOSE("SPM(%u): 0x%x 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 512 " 0x%" PRIx64 " 0x%" PRIx64 " 0x%" PRIx64 "\n", 513 linear_id, smc_fid, x1, x2, x3, x4, 514 SMC_GET_GP(handle, CTX_GPREG_X5), 515 SMC_GET_GP(handle, CTX_GPREG_X6), 516 SMC_GET_GP(handle, CTX_GPREG_X7)); 517 518 switch (smc_fid) { 519 case FFA_ERROR: 520 /* 521 * Check if this is the first invocation of this interface on 522 * this CPU. If so, then indicate that the SPM Core initialised 523 * unsuccessfully. 524 */ 525 if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) { 526 spmd_spm_core_sync_exit(x2); 527 } 528 529 return spmd_smc_forward(smc_fid, secure_origin, 530 x1, x2, x3, x4, handle); 531 break; /* not reached */ 532 533 case FFA_VERSION: 534 input_version = (uint32_t)(0xFFFFFFFF & x1); 535 /* 536 * If caller is secure and SPMC was initialized, 537 * return FFA_VERSION of SPMD. 538 * If caller is non secure and SPMC was initialized, 539 * return SPMC's version. 540 * Sanity check to "input_version". 541 */ 542 if ((input_version & FFA_VERSION_BIT31_MASK) || 543 (ctx->state == SPMC_STATE_RESET)) { 544 ret = FFA_ERROR_NOT_SUPPORTED; 545 } else if (!secure_origin) { 546 ret = MAKE_FFA_VERSION(spmc_attrs.major_version, 547 spmc_attrs.minor_version); 548 } else { 549 ret = MAKE_FFA_VERSION(FFA_VERSION_MAJOR, 550 FFA_VERSION_MINOR); 551 } 552 553 SMC_RET8(handle, (uint32_t)ret, FFA_TARGET_INFO_MBZ, 554 FFA_TARGET_INFO_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ, 555 FFA_PARAM_MBZ, FFA_PARAM_MBZ, FFA_PARAM_MBZ); 556 break; /* not reached */ 557 558 case FFA_FEATURES: 559 /* 560 * This is an optional interface. Do the minimal checks and 561 * forward to SPM Core which will handle it if implemented. 562 */ 563 564 /* Forward SMC from Normal world to the SPM Core */ 565 if (!secure_origin) { 566 return spmd_smc_forward(smc_fid, secure_origin, 567 x1, x2, x3, x4, handle); 568 } 569 570 /* 571 * Return success if call was from secure world i.e. all 572 * FFA functions are supported. This is essentially a 573 * nop. 574 */ 575 SMC_RET8(handle, FFA_SUCCESS_SMC32, x1, x2, x3, x4, 576 SMC_GET_GP(handle, CTX_GPREG_X5), 577 SMC_GET_GP(handle, CTX_GPREG_X6), 578 SMC_GET_GP(handle, CTX_GPREG_X7)); 579 580 break; /* not reached */ 581 582 case FFA_ID_GET: 583 /* 584 * Returns the ID of the calling FFA component. 585 */ 586 if (!secure_origin) { 587 SMC_RET8(handle, FFA_SUCCESS_SMC32, 588 FFA_TARGET_INFO_MBZ, FFA_NS_ENDPOINT_ID, 589 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 590 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 591 FFA_PARAM_MBZ); 592 } 593 594 SMC_RET8(handle, FFA_SUCCESS_SMC32, 595 FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id, 596 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 597 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 598 FFA_PARAM_MBZ); 599 600 break; /* not reached */ 601 602 case FFA_SECONDARY_EP_REGISTER_SMC64: 603 if (secure_origin) { 604 ret = spmd_pm_secondary_ep_register(x1); 605 606 if (ret < 0) { 607 SMC_RET8(handle, FFA_ERROR_SMC64, 608 FFA_TARGET_INFO_MBZ, ret, 609 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 610 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 611 FFA_PARAM_MBZ); 612 } else { 613 SMC_RET8(handle, FFA_SUCCESS_SMC64, 614 FFA_TARGET_INFO_MBZ, FFA_PARAM_MBZ, 615 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 616 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 617 FFA_PARAM_MBZ); 618 } 619 } 620 621 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 622 break; /* Not reached */ 623 624 case FFA_SPM_ID_GET: 625 if (MAKE_FFA_VERSION(1, 1) > FFA_VERSION_COMPILED) { 626 return spmd_ffa_error_return(handle, 627 FFA_ERROR_NOT_SUPPORTED); 628 } 629 /* 630 * Returns the ID of the SPMC or SPMD depending on the FF-A 631 * instance where this function is invoked 632 */ 633 if (!secure_origin) { 634 SMC_RET8(handle, FFA_SUCCESS_SMC32, 635 FFA_TARGET_INFO_MBZ, spmc_attrs.spmc_id, 636 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 637 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 638 FFA_PARAM_MBZ); 639 } 640 SMC_RET8(handle, FFA_SUCCESS_SMC32, 641 FFA_TARGET_INFO_MBZ, SPMD_DIRECT_MSG_ENDPOINT_ID, 642 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 643 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 644 FFA_PARAM_MBZ); 645 646 break; /* not reached */ 647 648 case FFA_MSG_SEND_DIRECT_REQ_SMC32: 649 if (secure_origin && spmd_is_spmc_message(x1)) { 650 ret = spmd_handle_spmc_message(x3, x4, 651 SMC_GET_GP(handle, CTX_GPREG_X5), 652 SMC_GET_GP(handle, CTX_GPREG_X6), 653 SMC_GET_GP(handle, CTX_GPREG_X7)); 654 655 SMC_RET8(handle, FFA_SUCCESS_SMC32, 656 FFA_TARGET_INFO_MBZ, ret, 657 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 658 FFA_PARAM_MBZ, FFA_PARAM_MBZ, 659 FFA_PARAM_MBZ); 660 } else { 661 /* Forward direct message to the other world */ 662 return spmd_smc_forward(smc_fid, secure_origin, 663 x1, x2, x3, x4, handle); 664 } 665 break; /* Not reached */ 666 667 case FFA_MSG_SEND_DIRECT_RESP_SMC32: 668 if (secure_origin && spmd_is_spmc_message(x1)) { 669 spmd_spm_core_sync_exit(0ULL); 670 } else { 671 /* Forward direct message to the other world */ 672 return spmd_smc_forward(smc_fid, secure_origin, 673 x1, x2, x3, x4, handle); 674 } 675 break; /* Not reached */ 676 677 case FFA_RX_RELEASE: 678 case FFA_RXTX_MAP_SMC32: 679 case FFA_RXTX_MAP_SMC64: 680 case FFA_RXTX_UNMAP: 681 case FFA_PARTITION_INFO_GET: 682 #if MAKE_FFA_VERSION(1, 1) <= FFA_VERSION_COMPILED 683 case FFA_NOTIFICATION_BITMAP_CREATE: 684 case FFA_NOTIFICATION_BITMAP_DESTROY: 685 case FFA_NOTIFICATION_BIND: 686 case FFA_NOTIFICATION_UNBIND: 687 case FFA_NOTIFICATION_SET: 688 case FFA_NOTIFICATION_GET: 689 case FFA_NOTIFICATION_INFO_GET: 690 case FFA_NOTIFICATION_INFO_GET_SMC64: 691 #endif 692 /* 693 * Above calls should not be forwarded from Secure world to 694 * Normal world. 695 * 696 * Fall through to forward the call to the other world 697 */ 698 case FFA_MSG_RUN: 699 /* This interface must be invoked only by the Normal world */ 700 701 if (secure_origin) { 702 return spmd_ffa_error_return(handle, 703 FFA_ERROR_NOT_SUPPORTED); 704 } 705 706 /* Fall through to forward the call to the other world */ 707 case FFA_MSG_SEND: 708 case FFA_MSG_SEND_DIRECT_REQ_SMC64: 709 case FFA_MSG_SEND_DIRECT_RESP_SMC64: 710 case FFA_MEM_DONATE_SMC32: 711 case FFA_MEM_DONATE_SMC64: 712 case FFA_MEM_LEND_SMC32: 713 case FFA_MEM_LEND_SMC64: 714 case FFA_MEM_SHARE_SMC32: 715 case FFA_MEM_SHARE_SMC64: 716 case FFA_MEM_RETRIEVE_REQ_SMC32: 717 case FFA_MEM_RETRIEVE_REQ_SMC64: 718 case FFA_MEM_RETRIEVE_RESP: 719 case FFA_MEM_RELINQUISH: 720 case FFA_MEM_RECLAIM: 721 case FFA_SUCCESS_SMC32: 722 case FFA_SUCCESS_SMC64: 723 /* 724 * TODO: Assume that no requests originate from EL3 at the 725 * moment. This will change if a SP service is required in 726 * response to secure interrupts targeted to EL3. Until then 727 * simply forward the call to the Normal world. 728 */ 729 730 return spmd_smc_forward(smc_fid, secure_origin, 731 x1, x2, x3, x4, handle); 732 break; /* not reached */ 733 734 case FFA_MSG_WAIT: 735 /* 736 * Check if this is the first invocation of this interface on 737 * this CPU from the Secure world. If so, then indicate that the 738 * SPM Core initialised successfully. 739 */ 740 if (secure_origin && (ctx->state == SPMC_STATE_ON_PENDING)) { 741 spmd_spm_core_sync_exit(0ULL); 742 } 743 744 /* Fall through to forward the call to the other world */ 745 case FFA_INTERRUPT: 746 case FFA_MSG_YIELD: 747 /* This interface must be invoked only by the Secure world */ 748 if (!secure_origin) { 749 return spmd_ffa_error_return(handle, 750 FFA_ERROR_NOT_SUPPORTED); 751 } 752 753 return spmd_smc_forward(smc_fid, secure_origin, 754 x1, x2, x3, x4, handle); 755 break; /* not reached */ 756 757 case FFA_NORMAL_WORLD_RESUME: 758 if (secure_origin && ctx->secure_interrupt_ongoing) { 759 spmd_spm_core_sync_exit(0ULL); 760 } else { 761 return spmd_ffa_error_return(handle, FFA_ERROR_DENIED); 762 } 763 break; /* Not reached */ 764 765 default: 766 WARN("SPM: Unsupported call 0x%08x\n", smc_fid); 767 return spmd_ffa_error_return(handle, FFA_ERROR_NOT_SUPPORTED); 768 } 769 } 770