Age | Commit message (Collapse) | Author |
|
Trusted Services was updated to export little-endian UUID in the SP
manifest (see link below). Change the SP manifest processing to get in
sync with this.
Link: https://review.trustedfirmware.org/c/TS/trusted-services/+/15511
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
Change-Id: Iac0f719b16f046791318822ec64acc1c12e54d67
|
|
Handle FFA_MEM_PERM_GET and FFA_MEM_PERM_SET interfaces for enabling
SPs to query and set the access rights of their memory regions. These
interfaces are only permitted in the initialization phase thus a new
state variable is being introduced in sp_session. SPs indicate the end
of their initialization phase through the FFA_MSG_WAIT interface.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I7ffeaca978ed8ba3586c85d46f7f49aef9c300e5
|
|
If the input file of ta_bin_to_c.py is not in ELF format, handle the
file as a binary format SP.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Ifdab9fd03b5799e6d47b371993617edfd5caaebb
|
|
Add support for loading raw binary format SPs as the generic format
FF-A SPs. Distinguishing between the binary format SPs and the legacy
ELF SPs is based on the legacy-elf-format property in the manifest.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I4f603146f51178c2d8cc22367d61007b7d217920
|
|
Memory regions flagged as load relative will make the SPMC treat their
base address field as an offset relative to the load address of the SP
binary. The main use case of this feature is to set the access rights
for the sections of the SP binary. Load relative regions can be marked
as "no bits" for requesting new pages from the SPMC instead of setting
access rights for already mapped pages.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I5d904415a54de1b7e7681cc92910d65a940c8cdf
|
|
Forward the load address of a TA/SP from ldelf to the user_ta_ctx
structure to allow OP-TEE core to access it.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I0e3e0ca421c72e6e335a4ac189b8c9c00ab1bb84
|
|
A following commit, related to the StMM functionality needs to read
the current page attributes before modifying them.
So let's add a function to retrieve the current attributes.
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
Reviewed-by: Jens Wiklander <jens.wiklander@linaro.org>
Acked-by: Etienne Carriere <etienne.carriere@linaro.org>
(cherry picked from commit e051401ef5ab84626d84745f8112f484b850be5c)
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I1d2c09e0a8c1e405dfd638f6c28e7192fe2c2378
|
|
The OP-TEE driver in Linux can use FF-A as a transport method, in this
case the OP-TEE specific messages are encapsulated into FF-A calls. The
protocol of this encapsulation has changed over time, currently our code
is only compatible with an early WIP version of this protocol.
This patch adds compatibility with the first stable version, which was
released in Linux v5.16.
This patch only consists of backporting changes to our branch, the
original modifications were all made by
Jens Wiklander <jens.wiklander@linaro.org>
in this PR: https://github.com/OP-TEE/optee_os/pull/4509
Change-Id: I4120abf9042c53b739e8ab289b5bfe68e58a30fc
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
The FFA_PARTITION_INFO_GET call should return IDs of all partitions when
called with nil argument. However, currently it doesn't add OP-TEE's ID
to the list, which acts as a logical partition in S-EL1. Fix this.
Change-Id: Id63de962eee8e48fcae0c5303fd4a78a3a426cb0
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
Register secondary core or execution context entry point.
FFA_SECONDARY_EP_REGISTER is handled by the SPMD if called by an S-EL1
SPMC at secure physical FF-A instance. It is handled by an S-EL2 SPMC
if called by a SP at secure virtual FF-A instance.
After this change optee_os is only compatible with TF-A v2.6 or higher.
Change-Id: Ib300b9ccb729ab6918c81bc3f0ab88921ffa2ca9
Signed-off-by: Olivier Deprez <olivier.deprez@arm.com>
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
When successfully calling ffa_mem_retrieve() the tx buffer wasn't
properly set to tx_buf_is_mine = false. This resulted in not being able
to release the rx-buffer later.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: Iae225c2d2a5a8c51723feebf8ddf62aa18147326
|
|
Enable using the 64-bit version of the FF-A direct request and response
calls. This doesn't need any additional changes in the SPMC, since the
handling code already uses 64-bit arguments.
Change-Id: Ib32c5875be3ef8af288300124169e25445316271
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
When adding a new memory share to the SPMC, the same sp_shared_mem
object was added to two different linked lists causing the next
pointers to be incorrect.
This is fixed by removing the linked list from the sp_session.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: I9815e5f8add911cb525dbbc6a6b01534d2d65451
|
|
optee requires 3MB CVM memory to include SecurePartition's
into it's image.
Also increased optee core heap size to 131072
from its default value to fit openAMP and smm-gateway
in SEL0.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I13cef42bfe3816fa04809e99a2c5678193951488
|
|
These changes are to add corstone1000 platform to optee
core.
arch/arm/plat-vexpress is taken as a reference to make
these changes.
Signed-off-by: Vishnu Banavath <vishnu.banavath@arm.com>
Change-Id: I8e312103a826717fa9a9cea9467a3f17d022e6d9
|
|
The device memory caching property was not properly set causing it to
fail on the C1000 platform. The SE proxy SP would hang when trying to
access the memory region without any error message, causing the whole
platform to hang.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: I64c598ec893663a5ede92ff356a6f890daace6c2
|
|
SPs in trusted-services now can be build without OP-TEE's SP dev kit
thus removing SP dev kit and related makefile changes. This patch
reverts the following commits:
commit be434f46df87 ("sp: Add support for building 32 bit SP dev kit")
commit b26393bb112e ("sp: Adding optee_ prefix to the SP devkit interface")
commit 3aee34ce689d ("sp: Fixing in-tree SP build errors")
commit 7466c4082d7f ("sp: Fix not linking .sp_head section")
commit ac7f4110cee2 ("sp: Add first version of SP build support")
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: I9aa38bb87b294ad075aa64a2a1bd1b02aab01949
|
|
Add supported for defining memory regions in the manifest file.
The device tree bidings are based on the hafnium bindings:
https://trustedfirmware-a.readthedocs.io/en/latest/components/ffa-manifest-binding.html#memory-regions
An extra bit (bit3) as the none secure memory bit.
dts:
memory-regions {
compatible = "arm,ffa-manifest-memory-regions";
test {
/* Armv8 A Foundation Platform values */
base-address = <0x00000000 0x83000000>;
pages-count = <1>;
attributes = <0xb>; /* read-write none-secure*/
};
};
The memory can be retrieve as followed:
struct region {
char name[16];
uintptr_t location;
size_t size;
};
struct region * d = NULL;
d = (struct device_region*) init_info->nvp[2].value;
DMSG("device region 0 va=%p name=%s", d[0].location, d[0].name);
Signed-off-by: Jelle <jelle.sels@arm.com>
Change-Id: I740633eff4640ff7e1427c2336f46ab056eaf6b4
|
|
Error checking during SP initialization (sp_init_uuid()) was lacking.
As a result an out of CORE HEAP situation resulted in a panic. This was
due to lack of memory in the inflate() function of zlib.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: I287e2e2dd507feb45991b32ed264b3b6ad6fcd39
|
|
In case of having a large binary with multiple early TAs the linking
step of all_objs.o could fail because the offset cannot fit into the
adr instruction's +-1MB range. By replacing the adr instruction with
the adr_l macro this range is now extended to +-4GB.
Signed-off-by: Imre Kis <imre.kis@arm.com>
Change-Id: Id8a1d29dcb98a8ea423e3040bb155c521435bd4c
|
|
This adds recipes to the relevant Makefiles for building SP dev kits
for 32 bit targets. This patch is the first step in 32 bit FF-A SP
enablement, and further patches targeting the SPMC and other components
will be needed to make it useful.
sp_entry_a32.S has been derived from ta/arch/arm/ta_entry_a32.S
Signed-off-by: Andrew Beggs <andrew.beggs@arm.com>
Change-Id: Ie36ad3d52bee09109dcef2c7f3f3fa949ce464da
|
|
A strict-aliasing rules warning was generated due to a pointer which was
created to pass the device_regions to the SP.
Fix it by doing some more implicit casting.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: I2f15e14e17eb4c3cf4f498c75bb844e2d939ae41
|
|
Pass the device regions info to the SPs as part of the ffa_init_info
struct. ffa_init_info is moved from the stack to a dedicated page.
This to not fill the stack to much and also to give us the opportunity
to remove the page later.
The region addresses can be found in a SP with the following sample
code:
void __noreturn sp_main(struct ffa_init_info *init_info) {
struct device_region * d = NULL;
d = (struct device_region*) init_info->nvp[0].value;
DMSG("device region 0 va=%p name=%s", d[0].location, d[0].name);
Check-patch gives warnings one the error messages. They are kept
explicit long.
https://www.kernel.org/doc/html/v4.10/process/coding-style.html#breaking-long-lines-and-strings
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: If6a6314e9ffa152b27b960701f6607d7e1ceba96
|
|
The argument passed by the SPMD in x1 is the HW_CONFIG DT address from
TF-A. However, this should't be used by the SPMC, all relevant
information should be passed in the SPMC manifest. Also, the HW_CONFIG
DT is in a TZC controlled DRAM area, which is not configured for secure
access by TF-A. This commit modifies the boot argument handling to
ignore this parameter, in the future the SPMD might be revised to not
pass it at all.
Change-Id: Ia38f18d813a6c8e500c849fe58130cada38a5eb1
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
The paged_init_primary() function expects a valid DT address if an
external DT is used, and zero otherwise. For the latter case currently
PADDR_INVALID is passed, which is incorrect. Fix the bug in this commit.
Change-Id: I1b84608a5d2c720217eae867560b8d00ffee6a48
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
When having CFG_TRUSTED_SERVICE=y use an absolute path for the device
tree path. The build can be configured to use the dts outputed by the
Trusted Services build.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: Idfb995c56e1d50e4e7b5bb0772c41189ae864880
|
|
This commit adds support for parsing TF-A SP packages. The packages
should be loaded from the FIP by BL2, and the load addresses described
in the SPMC manifest. The executable image in the SP packages should be
a S-EL0 SP ELF, which can be loaded by ldelf. The images are represented
by a new TA/SP store backend, which can be enabled using the CFG_FIP_SP
option.
Change-Id: Iac3349210b23c19fc47dd952b2ec55cdeabd23e2
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
Small improvements and cleanup of DT handling functions and prepares
for adding the FIP SP storage backend.
Change-Id: Ie61a33f43302b3d717fa8c9ff821c49acf39e38f
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
Using OP-TEE as SPMC needs the SPMD component enabled in TF-A. However
this will pass different boot arguments to OP-TEE than opteed. This
commit enables handling the arguments passed by the SPMD.
Change-Id: Ie6d2e8be004b0b242617bdd57804c2179087d964
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
The SMCCC v1.2 section 5.3 defines how RFC 4122 UUIDs should be
represented in SMC calls. The 16 byte UUID is represented as a single
128-bit value, and this value is mapped to the argument registers:
- w0 = Bytes 0...3 with byte 0 in the low-order bits
- w1 = Bytes 4...7 with byte 4 in the low-order bits
- w2 = Bytes 8...11 with byte 8 in the low-order bits
- w3 = Bytes 12...15 with byte 12 in the low-order bits
For example "aabbccdd-eeff-4099-8877-665544332211" UUID string should
be mapped as w0=0xddccbbaa, w1=0x9940ffee, w2=0x55667788, w3=0x11223344.
The FFA_PARTITION_INFO_GET function syntax refers to this convention for
representing the UUID parameter, but uses w1-w4 instead of w0-w3.
This commit fixes the current implementation to get aligned with the
specification.
Change-Id: Id90450d5cf55e16f82b6cc896d9e6708c8d8ffb6
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
When releasing FF-A shared memory regions, the sp_shared_mem objects
where freed incorrect in a for each loop.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: I9c7456d2aa554b5a0ac2ccb5dc7cb520caf7a546
|
|
ffa_get_current_endpoint was not defined for none SP builds.
Implement it to return FFA_NW_ID
Also fix undefined reference to `thread_sp_smc_entry'
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: Ib37853d9ee15dd2e468b476a488f2157751f0bd1
|
|
Load the device memory properties from the device tree and use this to
map the device memory.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: I8a8256cd61bb2c1ed956ab492ce465b205c1a4b4
|
|
SPs may need access to device memory regions. This patch extends the
vm_map function to allow for memory to be mapped as device memory.
Currently the configuration of the device memory regions has to be done
in code. This wil be replaced by the manifest file in the future.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: Id58e0fb4825b58faebf1fa92c835dcb10293b2c9
|
|
When using FF-A on FVP platform the secondary core init was done by
invoking PSCI_CPU_ON function from OP-TEE. However, this relied on
changes in TF-A which were available on a prototype branch, but were
not merged into upstream TF-A.
This commit changes the secondary core init method to get aligned with
upstream TF-A v2.4. The new method is to invoke FFA_MSG_SEND_DIRECT_REQ
to send the entry point information to the SPMD.
Change-Id: I7952bd09fe82d2c080bb859faf3d8326a39e3bcc
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
In order to avoid possible collisions between the
files/variables/functions of the SP devkit and the user code 'optee_'
prefix is included in the names of all externally accessible resource.
Change-Id: I0cd24c0f8a250ce63c3866774a8366c449d3ce49
Signed-off-by: Imre Kis <imre.kis@arm.com>
|
|
Removing dependency on non-existing sp library and aligning the
SP build system with the new user TA build system methods.
Change-Id: I60fbb498fa2e91d09d54a074e6995ceefd617f6c
Signed-off-by: Imre Kis <imre.kis@arm.com>
|
|
When sharing memory, the SPMC was checking that the endpoint was a SP.
This was incorrect as the memory can also be shared with the SPMC. This
is done when using TA when CFG_CORE_FFA is enabled resulting in the TA
open_session failing.
Fix it by also checking for the SPMC when sharing memory.
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
Change-Id: I426cfd5e666d60f692f3b7fe47608f149afcf4d0
|
|
When building Secure Partitions, the final binary must start with the
.sp_head section which contains the sp_head struct. Since there is no
reference to this in the code, there might be issues that it is not
linked into the binary. This commit modifies the linker script to force
including this symbol.
Change-Id: I28d50a3d49a3e2bec27ee1f023867276e6f79404
Signed-off-by: Balint Dobszay <balint.dobszay@arm.com>
|
|
The entry point and the makefile based build system provides an
environment for prototyping secure partitions. Currently only 64 bit
build is supported.
The files in the sp directory are derived from files in the ta
directory:
ta/arch/arm/link.mk -> sp/arch/arm/link.mk
ta/arch/arm/ta.ld.S -> sp/arch/arm/sp.ld.S
ta/arch/arm/user_ta_header.c -> sp/arch/arm/sp_header.c
ta/mk/build-user-ta.mk -> sp/mk/build-sp.mk
ta/mk/ta_dev_kit.mk -> sp/mk/sp_dev_kit.mk
ta/ta.mk -> sp/sp.mk
Change-Id: I899774db9cc8a76a40d70972ba5bf409d95f652c
Signed-off-by: Imre Kis <imre.kis@arm.com>
|
|
Memory shared between two SP was being mapped as NS memory.
This was only discovered when changing fvp setting -C bp.secure_memory
from 0 to 1.
When creating a new ffa_mobj object during the process of handling a
FFA_MEM_SHARE message we pass CORE_MEM_NON_SEC or CORE_MEM_SEC.
This value is being used by ffa_matches to check if the memory needs to
be mapped in secure or in none secure memory.
Change-Id: Id7237e017be19e01c7e4c25d43c84a14844b9a2f
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
|
|
Make sure that we cannot detect or communicate with a SP after it
has panicked. We also remove all of its memory sharings.
Change-Id: I41008ccf01b22be4e59f6eeaf9ae896d5c1f439b
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
|
|
Allow SPs to free release shared memory that they acquired via the
FFA_MEM_RELINQUISH message and for a SP to release a shared memory area
by using the FFA_MEM_RECLAIM message.
Change-Id: I6b641c8e516b483b190b47b9bce233fe0518ddea
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
|
|
Change-Id: I94b4e0f5e14d9dea9f75208876cb186f0dd0143b
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
|
|
Add the possibility to run SPs (pseudo SP) in S-EL1. S-EL1 SPs are
needed as a temporary solution to translate S-EL0 SP request into
OP-TEE. S-EL1 SP proxy can be added. In these we can use OP-TEE api's
and forward them to the S-EL0 SP. This will result that we ca always use
FF-A commands for communicating with S-EL0 SP.
The code is based on the pseudo ta code.
Change-Id: Ib23bd91387e6b43bbed4ae73c9ac6810cc05dfee
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
|
|
To be able to handle FFA_MEM_RETRIEVE_REQ messages we need to add
some extra handling when a FFA_MEM_SHARE message is received and
handle the FFA_MEM_RETRIEVE_REQ itself.
When receiving a FFA_MEM_SHARE FF-A message:
The whole tx buffer (mem_transaction_descr) is stored. A
shared_mem object is created, which stores a pointer to the
mem_transaction_descr object and a list of sp_shared_mem objects.
This shared_mem is added to the mem_shares list. The mem_shares
list contains all shared_mem objects and can be used to retrieve any
memory object.
sp_shared_mem objects describe the link between a SP and a
mem_accsess_descr object. It has a pointer to the main
mem_transaction_descr and the mem_access_descr object for the specific
SP.
When receiving a FFA_MEM_RETRIEVE_REQ message we iterate over all
sp_shared_mem object of the calling SP and compare the passed handle
with the handle in the access_descr object.
The found sp_shared_mem object contains all needed data to check if the
request is valid, map the memory regions and the needed data to return
a FFA_MEM_RETRIEVE_RESP message.
ffa_mem_retrieve is partially implemented. We map the physical memory into
the SPs memory area. At the moment all memory is mapped as R/W memory.
We don't take the Flags and the Memory access permissions into account.
We also map the whole memory and ignore the memory range specified in
the retrieve message.
We have two checkpatch warnings: Missing a blank line after
declarations. This is due to using internal OP-TEE macro's to define
lists.
Change-Id: I26945e1ff5fc80efc9236ebc3150450f51054d86
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
|
|
Change-Id: I88186cd1be4fd8a253960c1f03d2c4f4daaf6252
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
|
|
Add the possibility for a SP to share memory with a different SP.
When doing so the virtual address is translate into the physical
address, which is then used to map the buffers.
Change-Id: I3bc4cef5b6761f2ee482fda7bf5e241c2f0a1213
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
|
|
Add support for sharing memory between the NW world and a SP.
SP to SP sharing is not supported at the moment.
Change-Id: I21fcaab58c5b3e3fc82b4897f342386530594190
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
|
|
FFA_RXTX_MAP_64 and FFA_RXTX_MAP_32 are now supported for SPs.
Instead of always using the NS world rxtx buffers when interacting with
the buffers, a buffer will be selected based on which endpoint the
command came from.
To be able to have access to the SP buffer, we need to temporary map the
buffers. This is done by using the tee_ta_push_current_session
functions.
Change-Id: I4eda492cf15001f11751e1c99a8ad151d7d1871e
Signed-off-by: Jelle Sels <jelle.sels@arm.com>
|